diff options
7 files changed, 275 insertions, 0 deletions
diff --git a/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/Ansible/ansible.cfg b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/Ansible/ansible.cfg new file mode 100644 index 0000000..9cb2730 --- /dev/null +++ b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/Ansible/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +inventory = /root/google/ip.txt +host_key_checking= False +remote_user=vyos
\ No newline at end of file diff --git a/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/Ansible/group_vars/all b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/Ansible/group_vars/all new file mode 100644 index 0000000..d0f3f07 --- /dev/null +++ b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/Ansible/group_vars/all @@ -0,0 +1,4 @@ +ansible_connection: ansible.netcommon.network_cli +ansible_network_os: vyos.vyos.vyos +ansible_user: vyos +ansible_ssh_pass: vyos diff --git a/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/Ansible/instance.yml b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/Ansible/instance.yml new file mode 100644 index 0000000..ca5102e --- /dev/null +++ b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/Ansible/instance.yml @@ -0,0 +1,25 @@ +############################################################################## +# About tasks: +# "Wait 300 seconds, but only start checking after 60 seconds" - try to make ssh connection every 60 seconds until 300 seconds +# "Configure general settings for the VyOS hosts group" - make provisioning into google cloud VyOS node +# You have to add all necessary cammans of VyOS under the block "lines:" +############################################################################## + + +- name: integration of terraform and ansible + hosts: all + gather_facts: 'no' + + tasks: + + - name: "Wait 300 seconds, but only start checking after 60 seconds" + wait_for_connection: + delay: 60 + timeout: 300 + + - name: "Configure general settings for the VyOS hosts group" + vyos_config: + lines: + - set system name-server xxx.xxx.xxx.xxx + save: + true diff --git a/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/README.md b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/README.md new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/README.md diff --git a/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/terraform.tfvars b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/terraform.tfvars new file mode 100644 index 0000000..f94ab87 --- /dev/null +++ b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/terraform.tfvars @@ -0,0 +1,9 @@ +############################################################################## +# Must be filled in +############################################################################## + +zone = "us-west1-a" +gcp_auth_file = "/root/***/***.json" # path of your .json file +project_id = "" # the google project +password = "" # password for Ansible SSH +host = "" # IP of my Ansible diff --git a/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/var.tf b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/var.tf new file mode 100644 index 0000000..7f93178 --- /dev/null +++ b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/var.tf @@ -0,0 +1,79 @@ +variable "image" { + type = string + default = "projects/sentrium-public/global/images/vyos-1-3-5-20231222143039" +} + +variable "project_id" { + type = string +} + +variable "zone" { + type = string +} + +############################################################################## +# You can choose more chipper type than n2-highcpu-4 +############################################################################## + +variable "machine_type" { + type = string + default = "n2-highcpu-4" +} + +variable "networks" { + description = "The network name to attach the VM instance." + type = list(string) + default = ["default"] +} + +variable "sub_networks" { + description = "The sub network name to attach the VM instance." + type = list(string) + default = ["default"] +} + +variable "external_ips" { + description = "The external IPs assigned to the VM for public access." + type = list(string) + default = ["EPHEMERAL"] +} + +variable "enable_tcp_22" { + description = "Allow SSH traffic from the Internet" + type = bool + default = true +} + +variable "enable_udp_500_4500" { + description = "Allow IKE/IPSec traffic from the Internet" + type = bool + default = true +} + +variable "vyos_user_data" { + type = string + default = "" +} + +// Marketplace requires this variable name to be declared +variable "goog_cm_deployment_name" { + description = "VyOS Universal Router Deployment" + type = string + default = "vyos" +} + +# GCP authentication file +variable "gcp_auth_file" { + type = string + description = "GCP authentication file" +} + +variable "password" { + description = "pass for Ansible" + type = string + sensitive = true +} +variable "host"{ + description = "The IP of my Ansible" + type = string +} diff --git a/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/vyos.tf b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/vyos.tf new file mode 100644 index 0000000..1f91416 --- /dev/null +++ b/TerraformCloud/Google_terraform_ansible_single_vyos_instance-main/vyos.tf @@ -0,0 +1,154 @@ +############################################################################## +# Build an VyOS VM from the Marketplace +# +# After deploying the GCP instance and getting an IP address, the IP address is copied into the file +#"ip.txt" and copied to the Ansible node for provisioning. +############################################################################## + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" { + project = var.project_id + request_timeout = "60s" + credentials = file(var.gcp_auth_file) +} + +locals { + network_interfaces = [for i, n in var.networks : { + network = n, + subnetwork = length(var.sub_networks) > i ? element(var.sub_networks, i) : null + external_ip = length(var.external_ips) > i ? element(var.external_ips, i) : "NONE" + } + ] +} + +resource "google_compute_instance" "default" { + name = var.goog_cm_deployment_name + machine_type = var.machine_type + zone = var.zone + + metadata = { + enable-oslogin = "FALSE" + serial-port-enable = "TRUE" + user-data = var.vyos_user_data + } + boot_disk { + initialize_params { + image = var.image + } + } + + can_ip_forward = true + + dynamic "network_interface" { + for_each = local.network_interfaces + content { + network = network_interface.value.network + subnetwork = network_interface.value.subnetwork + nic_type = "GVNIC" + dynamic "access_config" { + for_each = network_interface.value.external_ip == "NONE" ? [] : [1] + content { + nat_ip = network_interface.value.external_ip == "EPHEMERAL" ? null : network_interface.value.external_ip + } + } + } + } +} + +resource "google_compute_firewall" "tcp_22" { + count = var.enable_tcp_22 ? 1 : 0 + + name = "${var.goog_cm_deployment_name}-tcp-22" + network = element(var.networks, 0) + + allow { + ports = ["22"] + protocol = "tcp" + } + + source_ranges = ["0.0.0.0/0"] + + target_tags = ["${var.goog_cm_deployment_name}-deployment"] +} + +resource "google_compute_firewall" "udp_500_4500" { + count = var.enable_udp_500_4500 ? 1 : 0 + + name = "${var.goog_cm_deployment_name}-udp-500-4500" + network = element(var.networks, 0) + +allow { + ports = ["500", "4500"] + protocol = "udp" +} + +source_ranges = ["0.0.0.0/0"] + + target_tags = ["${var.goog_cm_deployment_name}-deployment"] +} + +output "public_ip_address" { + value = google_compute_instance.default.network_interface[0].access_config[0].nat_ip +} + +############################################################################## +# +# IP of google instance copied to a file ip.txt in local system Terraform +# ip.txt looks like: +# cat ./ip.txt +# ххх.ххх.ххх.ххх +############################################################################## + +resource "local_file" "ip" { + content = google_compute_instance.default.network_interface[0].access_config[0].nat_ip + filename = "ip.txt" +} + +#connecting to the Ansible control node using SSH connection + +############################################################################## +# Steps "SSHconnection1" and "SSHconnection2" need to get file ip.txt from the terraform node and start remotely the playbook of Ansible. +############################################################################## + +resource "null_resource" "SSHconnection1" { +depends_on = ["google_compute_instance.default"] +connection { + type = "ssh" + user = "root" + password = var.password + host = var.host +} + +#copying the ip.txt file to the Ansible control node from local system + + provisioner "file" { + source = "ip.txt" + destination = "/root/google/ip.txt" # The folder of your Ansible project + } +} + +resource "null_resource" "SSHconnection2" { +depends_on = ["google_compute_instance.default"] +connection { + type = "ssh" + user = "root" + password = var.password + host = var.host +} + +#command to run Ansible playbook on remote Linux OS + +provisioner "remote-exec" { + inline = [ + "cd /root/google/", + "ansible-playbook instance.yml" # more detailed in "File contents of Ansible for google cloud" +] +} +} |