summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2024-03-03 10:18:29 +0100
committerGitHub <noreply@github.com>2024-03-03 10:18:29 +0100
commit408951688bdc9888c162d43f62e036aed50b119a (patch)
treed3eefb08a3c8da4c550d1fc273cc80c74bb84469 /docs
parent62b36a812a922ad6fc17f636bba029e463f35d49 (diff)
parent9493803d36df789c508df9d199f502cc6945282e (diff)
downloadvyos-documentation-408951688bdc9888c162d43f62e036aed50b119a.tar.gz
vyos-documentation-408951688bdc9888c162d43f62e036aed50b119a.zip
Merge pull request #1295 from mkorobeinikov/master
Update the article
Diffstat (limited to 'docs')
-rw-r--r--docs/_static/images/keypairs.pngbin0 -> 49718 bytes
-rw-r--r--docs/_static/images/sg.pngbin0 -> 31817 bytes
-rw-r--r--docs/_static/images/traffic.pngbin0 -> 36786 bytes
-rw-r--r--docs/automation/index.rst4
-rw-r--r--docs/automation/terraform/index.rst18
-rw-r--r--docs/automation/terraform/terraformAWS.rst579
-rw-r--r--docs/automation/vyos-terraform.rst1036
7 files changed, 599 insertions, 1038 deletions
diff --git a/docs/_static/images/keypairs.png b/docs/_static/images/keypairs.png
new file mode 100644
index 00000000..7e772ae9
--- /dev/null
+++ b/docs/_static/images/keypairs.png
Binary files differ
diff --git a/docs/_static/images/sg.png b/docs/_static/images/sg.png
new file mode 100644
index 00000000..8be51e1f
--- /dev/null
+++ b/docs/_static/images/sg.png
Binary files differ
diff --git a/docs/_static/images/traffic.png b/docs/_static/images/traffic.png
new file mode 100644
index 00000000..74002b16
--- /dev/null
+++ b/docs/_static/images/traffic.png
Binary files differ
diff --git a/docs/automation/index.rst b/docs/automation/index.rst
index ecabff7a..48e83a96 100644
--- a/docs/automation/index.rst
+++ b/docs/automation/index.rst
@@ -8,11 +8,11 @@ VyOS Automation
.. toctree::
- :maxdepth: 1
+ :maxdepth: 2
vyos-api
vyos-ansible
- vyos-terraform
+ terraform/index
vyos-napalm
vyos-netmiko
vyos-salt
diff --git a/docs/automation/terraform/index.rst b/docs/automation/terraform/index.rst
new file mode 100644
index 00000000..9a51df91
--- /dev/null
+++ b/docs/automation/terraform/index.rst
@@ -0,0 +1,18 @@
+##############
+VyOS Terraform
+##############
+
+
+ * Nornir
+ * startup scripts
+
+
+.. toctree::
+ :maxdepth: 1
+ :caption: Content
+
+ terraformAWS
+# terraformAZ
+# terraformvSphere
+# terraformGoogle
+
diff --git a/docs/automation/terraform/terraformAWS.rst b/docs/automation/terraform/terraformAWS.rst
new file mode 100644
index 00000000..c81fe906
--- /dev/null
+++ b/docs/automation/terraform/terraformAWS.rst
@@ -0,0 +1,579 @@
+:lastproofread: 2024-01-11
+
+.. _vyos-terraform:
+
+Terraform for VyOS
+==================
+
+VyOS supports development infrastructure via Terraform and provisioning via Ansible.
+Terraform allows you to automate the process of deploying instances on many cloud and virtual platforms.
+In this article, we will look at using terraforms to deploy vyos on platforms - AWS, AZURE, and vSphere.
+More detailed about what is Terraform you can write using the link_.
+
+Need to install_ Terraform
+
+Structure of files in the standard Terraform project:
+
+.. code-block:: none
+
+ .
+ ├── main.tf # The main script
+ ├── version.tf # File for the changing version of Terraform.
+ ├── variables.tf # The file of all variables in "main.tf"
+ └── terraform.tfvars # The value of all variables (passwords, login, ip adresses and so on)
+
+
+General commands that we will use for running Terraform scripts
+
+
+.. code-block:: none
+
+ #cd /<your folder> # go to the Terrafom project
+ #terraform init # install all addons and provider (aws az and so on)
+ #terraform plan # show wtah is changing
+ #terraform apply # run script
+ #yes # apply running
+
+
+Deploying vyos in the AWS cloud
+-------------------------------
+With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the AWS cloud. If necessary, the infrastructure can be removed using terraform.
+Also we will make provisioning using Ansible.
+
+
+.. image:: /_static/images/aws.png
+ :width: 50%
+ :align: center
+ :alt: Network Topology Diagram
+
+In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible.
+
+
+Preparation steps for deploying VyOS on AWS
+-------------------------------------------
+
+How to create a single instance and install your configuration using Terraform+Ansible+AWS
+Step by step:
+
+AWS
+
+
+1.1 Create an account with AWS and get your "access_key", "secret key"
+
+1.2 Create a key pair_ and download your .pem key
+
+.. image:: /_static/images/keypairs.png
+ :width: 50%
+ :align: center
+ :alt: Network Topology Diagram
+
+1.3 Create a security group_ for the new VyOS instance and open all traffic
+
+.. image:: /_static/images/sg.png
+ :width: 50%
+ :align: center
+ :alt: Network Topology Diagram
+
+
+.. image:: /_static/images/traffic.png
+ :width: 50%
+ :align: center
+ :alt: Network Topology Diagram
+
+Terraform
+
+
+2.1 Create a0 UNIX or Windows instance
+
+2.2 Download and install Terraform
+
+2.3 Create the folder for example /root/awsterraform
+
+.. code-block:: none
+
+ mkdir /root/awsterraform
+
+2.4 Copy all files into your Terraform project "/root/awsterraform" (vyos.tf, var.tf, terraform.tfvars,version.tf), more detailed see `Structure of files Terrafom for AWS`_
+
+2.5 Type the commands :
+
+.. code-block:: none
+
+ #cd /<your folder>
+ #terraform init
+
+
+Ansible
+
+
+3.1 Create a UNIX instance whenever you want (local, cloud, and so on)
+
+3.2 Download and install Ansible
+
+3.3 Create the folder for example /root/aws/
+
+3.4 Copy all files into your Ansible project "/root/aws/" (ansible.cfg, instance.yml, mykey.pem and "all"), more detailed see `Structure of files Ansible for AWS`_
+
+mykey.pem you have to get using step 1.2
+
+
+Start
+
+
+4.1 Type the commands on your Terrafom instance:
+
+.. code-block:: none
+
+ #cd /<your folder>
+ #terraform plan
+ #terraform apply
+ #yes
+
+
+Start creating an AWS instance and check the result
+---------------------------------------------------
+
+.. code-block:: none
+
+ root@localhost:~/awsterraform# terraform apply
+
+ Terraform used the selected providers to generate the following execution plan.
+ Resource actions are indicated with the following symbols:
+ + create
+
+ Terraform will perform the following actions:
+
+ # aws_instance.myVyOSec2 will be created
+ + resource "aws_instance" "myVyOSec2" {
+ + ami = "ami-************62c2d"
+ + arn = (known after apply)
+ + associate_public_ip_address = (known after apply)
+ + availability_zone = (known after apply)
+ + cpu_core_count = (known after apply)
+ + cpu_threads_per_core = (known after apply)
+ + disable_api_stop = (known after apply)
+ + disable_api_termination = (known after apply)
+ + ebs_optimized = (known after apply)
+ + get_password_data = false
+ + host_id = (known after apply)
+ + host_resource_group_arn = (known after apply)
+ + iam_instance_profile = (known after apply)
+ + id = (known after apply)
+ + instance_initiated_shutdown_behavior = (known after apply)
+ + instance_lifecycle = (known after apply)
+ + instance_state = (known after apply)
+ + instance_type = "t2.micro"
+ + ipv6_address_count = (known after apply)
+ + ipv6_addresses = (known after apply)
+ + key_name = "awsterraform"
+ + monitoring = (known after apply)
+ + outpost_arn = (known after apply)
+ + password_data = (known after apply)
+ + placement_group = (known after apply)
+ + placement_partition_number = (known after apply)
+ + primary_network_interface_id = (known after apply)
+ + private_dns = (known after apply)
+ + private_ip = (known after apply)
+ + public_dns = (known after apply)
+ + public_ip = (known after apply)
+ + secondary_private_ips = (known after apply)
+ + security_groups = [
+ + "awsterraformsg",
+ ]
+ + source_dest_check = true
+ + spot_instance_request_id = (known after apply)
+ + subnet_id = (known after apply)
+ + tags = {
+ + "name" = "VyOS System"
+ }
+ + tags_all = {
+ + "name" = "VyOS System"
+ }
+ + tenancy = (known after apply)
+ + user_data = (known after apply)
+ + user_data_base64 = (known after apply)
+ + user_data_replace_on_change = false
+ + vpc_security_group_ids = (known after apply)
+ }
+
+ # local_file.ip will be created
+ + resource "local_file" "ip" {
+ + content = (known after apply)
+ + content_base64sha256 = (known after apply)
+ + content_base64sha512 = (known after apply)
+ + content_md5 = (known after apply)
+ + content_sha1 = (known after apply)
+ + content_sha256 = (known after apply)
+ + content_sha512 = (known after apply)
+ + directory_permission = "0777"
+ + file_permission = "0777"
+ + filename = "ip.txt"
+ + id = (known after apply)
+ }
+
+ # null_resource.SSHconnection1 will be created
+ + resource "null_resource" "SSHconnection1" {
+ + id = (known after apply)
+ }
+
+ # null_resource.SSHconnection2 will be created
+ + resource "null_resource" "SSHconnection2" {
+ + id = (known after apply)
+ }
+
+ Plan: 4 to add, 0 to change, 0 to destroy.
+
+ Changes to Outputs:
+ + my_IP = (known after apply)
+
+ Do you want to perform these actions?
+ Terraform will perform the actions described above.
+ Only 'yes' will be accepted to approve.
+
+ Enter a value: yes
+
+ aws_instance.myVyOSec2: Creating...
+ aws_instance.myVyOSec2: Still creating... [10s elapsed]
+ aws_instance.myVyOSec2: Still creating... [20s elapsed]
+ aws_instance.myVyOSec2: Still creating... [30s elapsed]
+ aws_instance.myVyOSec2: Still creating... [40s elapsed]
+ aws_instance.myVyOSec2: Creation complete after 44s [id=i-09edfca15aac2fe0a]
+ null_resource.SSHconnection1: Creating...
+ null_resource.SSHconnection2: Creating...
+ null_resource.SSHconnection1: Provisioning with 'file'...
+ null_resource.SSHconnection2: Provisioning with 'remote-exec'...
+ null_resource.SSHconnection2 (remote-exec): Connecting to remote host via SSH...
+ null_resource.SSHconnection2 (remote-exec): Host: 10.217.80.104
+ null_resource.SSHconnection2 (remote-exec): User: root
+ null_resource.SSHconnection2 (remote-exec): Password: true
+ null_resource.SSHconnection2 (remote-exec): Private key: false
+ null_resource.SSHconnection2 (remote-exec): Certificate: false
+ null_resource.SSHconnection2 (remote-exec): SSH Agent: false
+ null_resource.SSHconnection2 (remote-exec): Checking Host Key: false
+ null_resource.SSHconnection2 (remote-exec): Target Platform: unix
+ local_file.ip: Creating...
+ local_file.ip: Creation complete after 0s [id=e8e91f2e24579cd28b92e2d152c0c24c3bf4b52c]
+ null_resource.SSHconnection2 (remote-exec): Connected!
+ null_resource.SSHconnection1: Creation complete after 0s [id=7070868940858935600]
+
+ null_resource.SSHconnection2 (remote-exec): PLAY [integration of terraform and ansible] ************************************
+
+ null_resource.SSHconnection2 (remote-exec): TASK [Wait 300 seconds, but only start checking after 60 seconds] **************
+ null_resource.SSHconnection2: Still creating... [10s elapsed]
+ null_resource.SSHconnection2: Still creating... [20s elapsed]
+ null_resource.SSHconnection2: Still creating... [30s elapsed]
+ null_resource.SSHconnection2: Still creating... [40s elapsed]
+ null_resource.SSHconnection2: Still creating... [50s elapsed]
+ null_resource.SSHconnection2: Still creating... [1m0s elapsed]
+ null_resource.SSHconnection2 (remote-exec): ok: [54.144.84.120]
+
+ null_resource.SSHconnection2 (remote-exec): TASK [Configure general settings for the vyos hosts group] *********************
+ null_resource.SSHconnection2: Still creating... [1m10s elapsed]
+ null_resource.SSHconnection2 (remote-exec): changed: [54.144.84.120]
+
+ null_resource.SSHconnection2 (remote-exec): PLAY RECAP *********************************************************************
+ null_resource.SSHconnection2 (remote-exec): 54.144.84.120 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
+
+ null_resource.SSHconnection2: Creation complete after 1m16s [id=4902256962410024771]
+
+ Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
+
+ Outputs:
+
+ my_IP = "54.144.84.120"
+
+
+
+After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition.
+If you need to delete the instance please type the command:
+
+.. code-block:: none
+
+ #terraform destroy
+
+
+Troubleshooting
+---------------
+
+1. Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/.
+Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location).
+Make sure that you have opened access to the instance in the security group.
+
+2. Terraform doesn't connect via SSH to your Ansible instance: you have to check the correct login and password in the part of the file vyos. tf
+
+.. code-block:: none
+
+ connection {
+ type = "ssh"
+ user = "root" # open root access using login and password on your Ansible
+ password = var.password # check password in the file terraform.tfvars isn't empty
+ host = var.host # check the correct IP address of your Ansible host
+ }
+
+
+Make sure that Ansible is pinging from Terrafom.
+
+Structure of files Terrafom for AWS
+-----------------------------------
+
+.. code-block:: none
+
+ .
+ ├── vyos.tf # The main script
+ ├── var.tf # File for the changing version of Terraform.
+ ├── versions.tf # The file of all variables in "vyos.tf"
+ └── terraform.tfvars # The value of all variables (passwords, login, ip adresses and so on)
+
+
+
+File contents of Terrafom for AWS
+---------------------------------
+
+vyos.tf
+
+.. code-block:: none
+
+
+ ##############################################################################
+ # Build an VyOS VM from the Marketplace
+ # To finde nessesery AMI image_ in AWS
+ #
+ # In the script vyos.tf we'll use default values (you can chang it as you need)
+ # AWS Region = "us-east-1"
+ # AMI = "standard AMI of VyOS from AWS Marketplace"
+ # Size of VM = "t2.micro"
+ # AWS Region = "us-east-1"
+ # After deploying the AWS instance and getting an IP address, the IP address is copied into the file
+ #"ip.txt" and copied to the Ansible node for provisioning.
+ ##############################################################################
+
+ provider "aws" {
+ access_key = var.access
+ secret_key = var.secret
+ region = var.region
+ }
+
+ variable "region" {
+ default = "us-east-1"
+ description = "AWS Region"
+ }
+
+ variable "ami" {
+ default = "ami-**************3b3" # ami image please enter your details
+ description = "Amazon Machine Image ID for VyOS"
+ }
+
+ variable "type" {
+ default = "t2.micro"
+ description = "Size of VM"
+ }
+
+ # my resource for VyOS
+
+ resource "aws_instance" "myVyOSec2" {
+ ami = var.ami
+ key_name = "awsterraform" # Please enter your details from 1.2 of Preparation steps for deploying VyOS on AWS
+ security_groups = ["awsterraformsg"] # Please enter your details from 1.3 of Preparation steps for deploying VyOS on AWS
+ instance_type = var.type
+ tags = {
+ name = "VyOS System"
+ }
+ }
+
+ ##############################################################################
+ # specific variable (to getting type "terraform plan"):
+ # aws_instance.myVyOSec2.public_ip - the information about public IP address
+ # of our instance, needs for provisioning and ssh connection from Ansible
+ ##############################################################################
+
+ output "my_IP"{
+ value = aws_instance.myVyOSec2.public_ip
+ }
+
+ ##############################################################################
+ #
+ # IP of aws instance copied to a file ip.txt in local system Terraform
+ # ip.txt looks like:
+ # cat ./ip.txt
+ # ххх.ххх.ххх.ххх
+ ##############################################################################
+
+ resource "local_file" "ip" {
+ content = aws_instance.myVyOSec2.public_ip
+ filename = "ip.txt"
+ }
+
+ #connecting to the Ansible control node using SSH connection
+
+ ##############################################################################
+ # Steps "SSHconnection1" and "SSHconnection2" need to get file ip.txt from the terraform node and start remotely the playbook of Ansible.
+ ##############################################################################
+
+ resource "null_resource" "SSHconnection1" {
+ depends_on = [aws_instance.myVyOSec2]
+ connection {
+ type = "ssh"
+ user = "root"
+ password = var.password
+ host = var.host
+ }
+
+ #copying the ip.txt file to the Ansible control node from local system
+
+ provisioner "file" {
+ source = "ip.txt"
+ destination = "/root/aws/ip.txt" # The folder of your Ansible project
+ }
+ }
+
+ resource "null_resource" "SSHconnection2" {
+ depends_on = [aws_instance.myVyOSec2]
+ connection {
+ type = "ssh"
+ user = "root"
+ password = var.password
+ host = var.host
+ }
+ #command to run Ansible playbook on remote Linux OS
+ provisioner "remote-exec" {
+ inline = [
+ "cd /root/aws/",
+ "ansible-playbook instance.yml" # more detailed in "File contents of Ansible for AWS"
+ ]
+ }
+ }
+
+
+var.tf
+
+.. code-block:: none
+
+ variable "password" {
+ description = "pass for Ansible"
+ type = string
+ sensitive = true
+ }
+ variable "host"{
+ description = "The IP of my Ansible"
+ type = string
+ }
+ variable "access" {
+ description = "my access_key for AWS"
+ type = string
+ sensitive = true
+ }
+ variable "secret" {
+ description = "my secret_key for AWS"
+ type = string
+ sensitive = true
+ }
+
+versions.tf
+
+.. code-block:: none
+
+ terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 5.0"
+ }
+ }
+ }
+
+terraform.tfvars
+
+.. code-block:: none
+
+ password = "" # password for Ansible SSH
+ host = "" # IP of my Ansible
+ access = "" # access_key for AWS
+ secret = "" # secret_key for AWS
+
+
+Structure of files Ansible for AWS
+----------------------------------
+
+.. code-block:: none
+
+ .
+ ├── group_vars
+ └── all
+ ├── ansible.cfg
+ ├── mykey.pem
+ └── instance.yml
+
+
+File contents of Ansible for AWS
+--------------------------------
+
+ansible.cfg
+
+.. code-block:: none
+
+ [defaults]
+ inventory = /root/aws/ip.txt
+ host_key_checking= False
+ private_key_file = /root/aws/awsterraform.pem # check the name
+ remote_user=vyos
+
+mykey.pem
+
+.. code-block:: none
+
+ Copy your key.pem from AWS
+
+
+instance.yml
+
+
+
+.. code-block:: none
+
+ ##############################################################################
+ # About tasks:
+ # "Wait 300 seconds, but only start checking after 60 seconds" - try to make ssh connection every 60 seconds until 300 seconds
+ # "Configure general settings for the vyos hosts group" - make provisioning into AWS VyOS node
+ # You have to add all necessary cammans of VyOS under the block "lines:"
+ ##############################################################################
+
+
+ - name: integration of terraform and ansible
+ hosts: all
+ gather_facts: 'no'
+
+ tasks:
+
+ - name: "Wait 300 seconds, but only start checking after 60 seconds"
+ wait_for_connection:
+ delay: 60
+ timeout: 300
+
+ - name: "Configure general settings for the vyos hosts group"
+ vyos_config:
+ lines:
+ - set system name-server 8.8.8.8
+ save:
+ true
+
+
+all
+
+.. code-block:: none
+
+ ansible_connection: ansible.netcommon.network_cli
+ ansible_network_os: vyos.vyos.vyos
+ ansible_user: vyos
+
+Sourse files for AWS from GIT
+-----------------------------
+
+All files about the article can be found here_
+
+
+.. _link: https://developer.hashicorp.com/terraform/intro
+.. _install: https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
+.. _pair: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html
+.. _group: https://docs.aws.amazon.com/cli/latest/userguide/cli-services-ec2-sg.html
+.. _image: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
+.. _here: https://github.com/vyos/vyos-automation/tree/main/TerraformCloud/AWS_terraform_ansible_single_vyos_instance-main \ No newline at end of file
diff --git a/docs/automation/vyos-terraform.rst b/docs/automation/vyos-terraform.rst
deleted file mode 100644
index 75967202..00000000
--- a/docs/automation/vyos-terraform.rst
+++ /dev/null
@@ -1,1036 +0,0 @@
-:lastproofread: 2024-01-11
-
-.. _vyos-terraform:
-
-Terraform
-=========
-
-VyOS supports develop infrastructia via Terraform and provisioning via ansible.
-Need to install ``Terraform``
-
-Structure of files
-
-.. code-block:: none
-
- .
- ├── main.tf
- ├── version.tf
- ├── variables.tf
- └── terraform.tfvars
-
-Run Terraform
--------------
-
-.. code-block:: none
-
- #cd /your folder
- #terraform init
- #terraform plan
- #terraform apply
- #yes
-
-
-Deploying vyos in the AWS cloud
--------------------------------
-With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the AWS cloud. If necessary, the infrastructure can be removed using terraform.
-Also we will make provisioning using Ansible.
-
-Structure of files Terrafom
-
-.. code-block:: none
-
- .
- ├── vyos.tf
- └── var.tf
-
-File contents
--------------
-
-vyos.tf
-
-.. code-block:: none
-
- terraform {
- required_providers {
- aws = {
- source = "hashicorp/aws"
- version = "~> 5.0"
- }
- }
- }
-
- provider "aws" {
- access_key = var.access
- secret_key = var.secret
- region = var.region
- }
-
- variable "region" {
- default = "us-east-1"
- description = "AWS Region"
- }
-
- variable "ami" {
- default = "ami-**************" # ami image please enter your details
- description = "Amazon Machine Image ID for VyOS"
- }
-
- variable "type" {
- default = "t2.micro"
- description = "Size of VM"
- }
-
- # my resource for VyOS
-
- resource "aws_instance" "myVyOSec2" {
- ami = var.ami
- key_name = "mykeyname" # Please enter your details
- security_groups = ["my_sg"] # Please enter your details
- instance_type = var.type
- tags = {
- name = "VyOS System"
- }
- }
-
- output "my_IP"{
- value = aws_instance.myVyOSec2.public_ip
- }
-
-
- #IP of aws instance copied to a file ip.txt in local system Terraform
-
- resource "local_file" "ip" {
- content = aws_instance.myVyOSec2.public_ip
- filename = "ip.txt"
- }
-
- #connecting to the Ansible control node using SSH connection
-
- resource "null_resource" "SSHconnection1" {
- depends_on = [aws_instance.myVyOSec2]
- connection {
- type = "ssh"
- user = "root"
- password = var.password
- host = var.host
- }
- #copying the ip.txt file to the Ansible control node from local system
- provisioner "file" {
- source = "ip.txt"
- destination = "/root/aws/ip.txt" # The folder of your Ansible project
- }
- }
-
- resource "null_resource" "SSHconnection2" {
- depends_on = [aws_instance.myVyOSec2]
- connection {
- type = "ssh"
- user = "root"
- password = var.password
- host = var.host
- }
- #command to run Ansible playbook on remote Linux OS
- provisioner "remote-exec" {
- inline = [
- "cd /root/aws/",
- "ansible-playbook instance.yml"
- ]
- }
- }
-
-
-var.tf
-
-.. code-block:: none
-
- variable "password" {
- description = "pass for Ansible"
- type = string
- sensitive = true
- }
- variable "host"{
- description = "The IP of my Ansible"
- }
- variable "access" {
- description = "my access_key for AWS"
- type = string
- sensitive = true
- }
- variable "secret" {
- description = "my secret_key for AWS"
- type = string
- sensitive = true
- }
-
-
-Structure of files Ansible
-
-.. code-block:: none
-
- .
- ├── group_vars
- └── all
- ├── ansible.cfg
- ├── mykey.pem
- └── instance.yml
-
-
-File contents
--------------
-
-ansible.cfg
-
-.. code-block:: none
-
- [defaults]
- inventory = /root/aws/ip.txt
- host_key_checking= False
- private_key_file = /root/aws/mykey.pem
- remote_user=vyos
-
-mykey.pem
-
-.. code-block:: none
-
- -----BEGIN OPENSSH PRIVATE KEY-----
-
- Copy your key.pem from AWS
-
- -----END OPENSSH PRIVATE KEY-----
-
-instance.yml
-
-.. code-block:: none
-
- - name: integration of terraform and ansible
- hosts: all
- gather_facts: 'no'
-
- tasks:
-
- - name: "Wait 300 seconds, but only start checking after 60 seconds"
- wait_for_connection:
- delay: 60
- timeout: 300
-
- - name: "Configure general settings for the vyos hosts group"
- vyos_config:
- lines:
- - set system name-server 8.8.8.8
- save:
- true
-
-
-all
-
-.. code-block:: none
-
- ansible_connection: ansible.netcommon.network_cli
- ansible_network_os: vyos.vyos.vyos
- ansible_user: vyos
-
-AWS_terraform_ansible_single_vyos_instance
-------------------------------------------
-
-How to create a single instance and install your configuration using Terraform+Ansible+AWS
-Step by step:
-
-AWS
----
-
-1.1 Create an account with AWS and get your "access_key", "secret key"
-
-1.2 Create a key pair and download your .pem key
-
-1.3 Create a security group for the new VyOS instance
-
-Terraform
----------
-
-2.1 Create a UNIX or Windows instance
-
-2.2 Download and install Terraform
-
-2.3 Create the folder for example ../awsvyos/
-
-2.4 Copy all files into your Terraform project (vyos.tf, var.tf)
-2.4.1 Please type the information into the strings 22, 35, 36 of file "vyos.tf"
-
-2.5 Type the commands :
-
- #cd /your folder
-
- #terraform init
-
-Ansible
--------
-
-3.1 Create a UNIX instance
-
-3.2 Download and install Ansible
-
-3.3 Create the folder for example /root/aws/
-
-3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml, mykey.pem)
-
-mykey.pem you have to get using step 1.2
-
-Start
------
-
-4.1 Type the commands on your Terrafom instance:
-
- #cd /your folder
-
- #terraform plan
-
- #terraform apply
-
- #yes
-
-.. image:: /_static/images/aws.png
- :width: 80%
- :align: center
- :alt: Network Topology Diagram
-
-
-
-Deploying vyos in the Azure cloud
----------------------------------
-With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform.
-
-Structure of files Terrafom
-
-.. code-block:: none
-
- .
- ├── main.tf
- └── variables.tf
-
-File contents
--------------
-
-main.tf
-
-.. code-block:: none
-
- ##############################################################################
- # HashiCorp Guide to Using Terraform on Azure
- # This Terraform configuration will create the following:
- # Resource group with a virtual network and subnet
- # An VyOS server without ssh key (only login+password)
- ##############################################################################
-
- # Chouse a provider
-
- provider "azurerm" {
- features {}
- }
-
- # Create a resource group. In Azure every resource belongs to a
- # resource group.
-
- resource "azurerm_resource_group" "azure_vyos" {
- name = "${var.resource_group}"
- location = "${var.location}"
- }
-
- # The next resource is a Virtual Network.
-
- resource "azurerm_virtual_network" "vnet" {
- name = "${var.virtual_network_name}"
- location = "${var.location}"
- address_space = ["${var.address_space}"]
- resource_group_name = "${var.resource_group}"
- }
-
- # Build a subnet to run our VMs in.
-
- resource "azurerm_subnet" "subnet" {
- name = "${var.prefix}subnet"
- virtual_network_name = "${azurerm_virtual_network.vnet.name}"
- resource_group_name = "${var.resource_group}"
- address_prefixes = ["${var.subnet_prefix}"]
- }
-
- ##############################################################################
- # Build an VyOS VM from the Marketplace
- # To finde nessesery image use the command:
- #
- # az vm image list --offer vyos --all
- #
- # Now that we have a network, we'll deploy an VyOS server.
- # An Azure Virtual Machine has several components. In this example we'll build
- # a security group, a network interface, a public ip address, a storage
- # account and finally the VM itself. Terraform handles all the dependencies
- # automatically, and each resource is named with user-defined variables.
- ##############################################################################
-
-
- # Security group to allow inbound access on port 22 (ssh)
-
- resource "azurerm_network_security_group" "vyos-sg" {
- name = "${var.prefix}-sg"
- location = "${var.location}"
- resource_group_name = "${var.resource_group}"
-
- security_rule {
- name = "SSH"
- priority = 100
- direction = "Inbound"
- access = "Allow"
- protocol = "Tcp"
- source_port_range = "*"
- destination_port_range = "22"
- source_address_prefix = "${var.source_network}"
- destination_address_prefix = "*"
- }
- }
-
- # A network interface.
-
- resource "azurerm_network_interface" "vyos-nic" {
- name = "${var.prefix}vyos-nic"
- location = "${var.location}"
- resource_group_name = "${var.resource_group}"
-
- ip_configuration {
- name = "${var.prefix}ipconfig"
- subnet_id = "${azurerm_subnet.subnet.id}"
- private_ip_address_allocation = "Dynamic"
- public_ip_address_id = "${azurerm_public_ip.vyos-pip.id}"
- }
- }
-
- # Add a public IP address.
-
- resource "azurerm_public_ip" "vyos-pip" {
- name = "${var.prefix}-ip"
- location = "${var.location}"
- resource_group_name = "${var.resource_group}"
- allocation_method = "Dynamic"
- }
-
- # Build a virtual machine. This is a standard VyOS instance from Marketplace.
-
- resource "azurerm_virtual_machine" "vyos" {
- name = "${var.hostname}-vyos"
- location = "${var.location}"
- resource_group_name = "${var.resource_group}"
- vm_size = "${var.vm_size}"
-
- network_interface_ids = ["${azurerm_network_interface.vyos-nic.id}"]
- delete_os_disk_on_termination = "true"
-
- # To finde an information about the plan use the command:
- # az vm image list --offer vyos --all
-
- plan {
- publisher = "sentriumsl"
- name = "vyos-1-3"
- product = "vyos-1-2-lts-on-azure"
- }
-
- storage_image_reference {
- publisher = "${var.image_publisher}"
- offer = "${var.image_offer}"
- sku = "${var.image_sku}"
- version = "${var.image_version}"
- }
-
- storage_os_disk {
- name = "${var.hostname}-osdisk"
- managed_disk_type = "Standard_LRS"
- caching = "ReadWrite"
- create_option = "FromImage"
- }
-
- os_profile {
- computer_name = "${var.hostname}"
- admin_username = "${var.admin_username}"
- admin_password = "${var.admin_password}"
- }
-
- os_profile_linux_config {
- disable_password_authentication = false
- }
- }
-
- data "azurerm_public_ip" "example" {
- depends_on = ["azurerm_virtual_machine.vyos"]
- name = "vyos-ip"
- resource_group_name = "${var.resource_group}"
- }
- output "public_ip_address" {
- value = data.azurerm_public_ip.example.ip_address
- }
-
- # IP of AZ instance copied to a file ip.txt in local system
-
- resource "local_file" "ip" {
- content = data.azurerm_public_ip.example.ip_address
- filename = "ip.txt"
- }
-
- #Connecting to the Ansible control node using SSH connection
-
- resource "null_resource" "nullremote1" {
- depends_on = ["azurerm_virtual_machine.vyos"]
- connection {
- type = "ssh"
- user = "root"
- password = var.password
- host = var.host
- }
-
- # Copying the ip.txt file to the Ansible control node from local system
-
- provisioner "file" {
- source = "ip.txt"
- destination = "/root/az/ip.txt"
- }
- }
-
- resource "null_resource" "nullremote2" {
- depends_on = ["azurerm_virtual_machine.vyos"]
- connection {
- type = "ssh"
- user = "root"
- password = var.password
- host = var.host
- }
-
- # Command to run ansible playbook on remote Linux OS
-
- provisioner "remote-exec" {
-
- inline = [
- "cd /root/az/",
- "ansible-playbook instance.yml"
- ]
- }
- }
-
-
-
-variables.tf
-
-.. code-block:: none
-
- ##############################################################################
- # Variables File
- #
- # Here is where we store the default values for all the variables used in our
- # Terraform code.
- ##############################################################################
-
- variable "resource_group" {
- description = "The name of your Azure Resource Group."
- default = "my_resource_group"
- }
-
- variable "prefix" {
- description = "This prefix will be included in the name of some resources."
- default = "vyos"
- }
-
- variable "hostname" {
- description = "Virtual machine hostname. Used for local hostname, DNS, and storage-related names."
- default = "vyos_terraform"
- }
-
- variable "location" {
- description = "The region where the virtual network is created."
- default = "centralus"
- }
-
- variable "virtual_network_name" {
- description = "The name for your virtual network."
- default = "vnet"
- }
-
- variable "address_space" {
- description = "The address space that is used by the virtual network. You can supply more than one address space. Changing this forces a new resource to be created."
- default = "10.0.0.0/16"
- }
-
- variable "subnet_prefix" {
- description = "The address prefix to use for the subnet."
- default = "10.0.10.0/24"
- }
-
- variable "storage_account_tier" {
- description = "Defines the storage tier. Valid options are Standard and Premium."
- default = "Standard"
- }
-
- variable "storage_replication_type" {
- description = "Defines the replication type to use for this storage account. Valid options include LRS, GRS etc."
- default = "LRS"
- }
-
- # The most chippers size
-
- variable "vm_size" {
- description = "Specifies the size of the virtual machine."
- default = "Standard_B1s"
- }
-
- variable "image_publisher" {
- description = "Name of the publisher of the image (az vm image list)"
- default = "sentriumsl"
- }
-
- variable "image_offer" {
- description = "Name of the offer (az vm image list)"
- default = "vyos-1-2-lts-on-azure"
- }
-
- variable "image_sku" {
- description = "Image SKU to apply (az vm image list)"
- default = "vyos-1-3"
- }
-
- variable "image_version" {
- description = "Version of the image to apply (az vm image list)"
- default = "1.3.3"
- }
-
- variable "admin_username" {
- description = "Administrator user name"
- default = "vyos"
- }
-
- variable "admin_password" {
- description = "Administrator password"
- default = "Vyos0!"
- }
-
- variable "source_network" {
- description = "Allow access from this network prefix. Defaults to '*'."
- default = "*"
- }
-
- variable "password" {
- description = "pass for Ansible"
- type = string
- sensitive = true
- }
- variable "host"{
- description = "IP of my Ansible"
- }
-
-
-Structure of files Ansible
-
-.. code-block:: none
-
- .
- ├── group_vars
- └── all
- ├── ansible.cfg
- └── instance.yml
-
-
-File contents
--------------
-
-ansible.cfg
-
-.. code-block:: none
-
- [defaults]
- inventory = /root/az/ip.txt
- host_key_checking= False
- remote_user=vyos
-
-
-instance.yml
-
-.. code-block:: none
-
- - name: integration of terraform and ansible
- hosts: all
- gather_facts: 'no'
-
- tasks:
-
- - name: "Wait 300 seconds, but only start checking after 60 seconds"
- wait_for_connection:
- delay: 60
- timeout: 300
-
- - name: "Configure general settings for the vyos hosts group"
- vyos_config:
- lines:
- - set system name-server 8.8.8.8
- save:
- true
-
-
-all
-
-.. code-block:: none
-
- ansible_connection: ansible.netcommon.network_cli
- ansible_network_os: vyos.vyos.vyos
-
- # user and password gets from terraform variables "admin_username" and "admin_password"
- ansible_user: vyos
- ansible_ssh_pass: Vyos0!
-
-
-Azure_terraform_ansible_single_vyos_instance
---------------------------------------------
-
-How to create a single instance and install your configuration using Terraform+Ansible+Azure
-Step by step:
-
-Azure
------
-
-1.1 Create an account with Azure
-
-Terraform
----------
-
-2.1 Create a UNIX or Windows instance
-
-2.2 Download and install Terraform
-
-2.3 Create the folder for example ../azvyos/
-
-2.4 Copy all files from my folder /Terraform into your Terraform project (main.tf, variables.tf)
-
-2.5 Login with Azure using the command
-
- #az login
-
-2.6 Type the commands :
-
- #cd /your folder
-
- #terraform init
-
-Ansible
--------
-
-3.1 Create a UNIX instance
-
-3.2 Download and install Ansible
-
-3.3 Create the folder for example /root/az/
-
-3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml and /group_vars)
-
-Start
------
-
-4.1 Type the commands on your Terrafom instance:
-
- #cd /your folder
-
- #terraform plan
-
- #terraform apply
-
- #yes
-
-
-
-Deploying vyos in the Vsphere infrastructia
--------------------------------------------
-With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the vSphere.
-
-Structure of files Terrafom
-
-.. code-block:: none
-
- .
- ├── main.tf
- ├── versions.tf
- ├── variables.tf
- └── terraform.tfvars
-
-File contents
--------------
-
-main.tf
-
-.. code-block:: none
-
- provider "vsphere" {
- user = var.vsphere_user
- password = var.vsphere_password
- vsphere_server = var.vsphere_server
- allow_unverified_ssl = true
- }
-
- data "vsphere_datacenter" "datacenter" {
- name = var.datacenter
- }
-
- data "vsphere_datastore" "datastore" {
- name = var.datastore
- datacenter_id = data.vsphere_datacenter.datacenter.id
- }
-
- data "vsphere_compute_cluster" "cluster" {
- name = var.cluster
- datacenter_id = data.vsphere_datacenter.datacenter.id
- }
-
- data "vsphere_resource_pool" "default" {
- name = format("%s%s", data.vsphere_compute_cluster.cluster.name, "/Resources/terraform") # set as you need
- datacenter_id = data.vsphere_datacenter.datacenter.id
- }
-
- data "vsphere_host" "host" {
- name = var.host
- datacenter_id = data.vsphere_datacenter.datacenter.id
- }
-
- data "vsphere_network" "network" {
- name = var.network_name
- datacenter_id = data.vsphere_datacenter.datacenter.id
- }
-
- ## Deployment of VM from Remote OVF
- resource "vsphere_virtual_machine" "vmFromRemoteOvf" {
- name = var.remotename
- datacenter_id = data.vsphere_datacenter.datacenter.id
- datastore_id = data.vsphere_datastore.datastore.id
- host_system_id = data.vsphere_host.host.id
- resource_pool_id = data.vsphere_resource_pool.default.id
- network_interface {
- network_id = data.vsphere_network.network.id
- }
- wait_for_guest_net_timeout = 2
- wait_for_guest_ip_timeout = 2
-
- ovf_deploy {
- allow_unverified_ssl_cert = true
- remote_ovf_url = var.url_ova
- disk_provisioning = "thin"
- ip_protocol = "IPv4"
- ip_allocation_policy = "dhcpPolicy"
- ovf_network_map = {
- "Network 1" = data.vsphere_network.network.id
- "Network 2" = data.vsphere_network.network.id
- }
- }
- vapp {
- properties = {
- "password" = "12345678",
- "local-hostname" = "terraform_vyos"
- }
- }
- }
-
- output "ip" {
- description = "default ip address of the deployed VM"
- value = vsphere_virtual_machine.vmFromRemoteOvf.default_ip_address
- }
-
- # IP of AZ instance copied to a file ip.txt in local system
-
- resource "local_file" "ip" {
- content = vsphere_virtual_machine.vmFromRemoteOvf.default_ip_address
- filename = "ip.txt"
- }
-
- #Connecting to the Ansible control node using SSH connection
-
- resource "null_resource" "nullremote1" {
- depends_on = ["vsphere_virtual_machine.vmFromRemoteOvf"]
- connection {
- type = "ssh"
- user = "root"
- password = var.ansiblepassword
- host = var.ansiblehost
-
- }
-
- # Copying the ip.txt file to the Ansible control node from local system
-
- provisioner "file" {
- source = "ip.txt"
- destination = "/root/vsphere/ip.txt"
- }
- }
-
- resource "null_resource" "nullremote2" {
- depends_on = ["vsphere_virtual_machine.vmFromRemoteOvf"]
- connection {
- type = "ssh"
- user = "root"
- password = var.ansiblepassword
- host = var.ansiblehost
- }
-
- # Command to run ansible playbook on remote Linux OS
-
- provisioner "remote-exec" {
-
- inline = [
- "cd /root/vsphere/",
- "ansible-playbook instance.yml"
- ]
- }
- }
-
-
-versions.tf
-
-.. code-block:: none
-
- # Copyright (c) HashiCorp, Inc.
- # SPDX-License-Identifier: MPL-2.0
-
- terraform {
- required_providers {
- vsphere = {
- source = "hashicorp/vsphere"
- version = "2.4.0"
- }
- }
- }
-
-variables.tf
-
-.. code-block:: none
-
- # Copyright (c) HashiCorp, Inc.
- # SPDX-License-Identifier: MPL-2.0
-
- variable "vsphere_server" {
- description = "vSphere server"
- type = string
- }
-
- variable "vsphere_user" {
- description = "vSphere username"
- type = string
- }
-
- variable "vsphere_password" {
- description = "vSphere password"
- type = string
- sensitive = true
- }
-
- variable "datacenter" {
- description = "vSphere data center"
- type = string
- }
-
- variable "cluster" {
- description = "vSphere cluster"
- type = string
- }
-
- variable "datastore" {
- description = "vSphere datastore"
- type = string
- }
-
- variable "network_name" {
- description = "vSphere network name"
- type = string
- }
-
- variable "host" {
- description = "name if yor host"
- type = string
- }
-
- variable "remotename" {
- description = "the name of you VM"
- type = string
- }
-
- variable "url_ova" {
- description = "the URL to .OVA file or cloude store"
- type = string
- }
-
- variable "ansiblepassword" {
- description = "Ansible password"
- type = string
- }
-
- variable "ansiblehost" {
- description = "Ansible host name or IP"
- type = string
- }
-
-terraform.tfvars
-
-.. code-block:: none
-
- vsphere_user = ""
- vsphere_password = ""
- vsphere_server = ""
- datacenter = ""
- datastore = ""
- cluster = ""
- network_name = ""
- host = ""
- url_ova = ""
- ansiblepassword = ""
- ansiblehost = ""
- remotename = ""
-
-Azure_terraform_ansible_single_vyos_instance
---------------------------------------------
-
-How to create a single instance and install your configuration using Terraform+Ansible+Vsphere
-Step by step:
-
-Vsphere
--------
-
-1.1 Collect all data in to file "terraform.tfvars" and create resources fo example "terraform"
-
-Terraform
----------
-
-2.1 Create a UNIX or Windows instance
-
-2.2 Download and install Terraform
-
-2.3 Create the folder for example ../vsphere/
-
-2.4 Copy all files from my folder /Terraform into your Terraform project
-
-2.5 Type the commands :
-
- #cd /your folder
-
- #terraform init
-
-
-Ansible
--------
-
-3.1 Create a UNIX instance
-
-3.2 Download and install Ansible
-
-3.3 Create the folder for example /root/vsphere/
-
-3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml and /group_vars)
-
-Start
------
-
-4.1 Type the commands on your Terrafom instance:
-
- #cd /your folder
-
- #terraform plan
-
- #terraform apply
-
- #yes
-