diff --git a/cloud/.gitignore b/cloud/.gitignore
index 06ddc876..f50f50f8 100644
--- a/cloud/.gitignore
+++ b/cloud/.gitignore
@@ -6,5 +6,5 @@
**/terraform.*
# OpenStack clouds
-clouds.yaml
-secure.yaml
+**/clouds.yaml
+**/secure.yaml
diff --git a/cloud/ansible/openstack/roles/create_net/tasks/main.yaml b/cloud/ansible/openstack/roles/create_net/tasks/main.yaml
index c372d8bb..0d8b9449 100644
--- a/cloud/ansible/openstack/roles/create_net/tasks/main.yaml
+++ b/cloud/ansible/openstack/roles/create_net/tasks/main.yaml
@@ -1,33 +1,33 @@
- name: Create security group
openstack.cloud.security_group:
cloud: "{{ cloud }}"
- name: sg-tpot-any
- description: tpot any-any
+ name: sg-tpot-ansible
+ description: Security Group for T-Pot
- name: Add rules to security group
openstack.cloud.security_group_rule:
cloud: "{{ cloud }}"
- security_group: sg-tpot-any
+ security_group: sg-tpot-ansible
remote_ip_prefix: 0.0.0.0/0
- name: Create network
openstack.cloud.network:
cloud: "{{ cloud }}"
- name: network-tpot
+ name: network-tpot-ansible
- name: Create subnet
openstack.cloud.subnet:
cloud: "{{ cloud }}"
- network_name: network-tpot
- name: subnet-tpot
+ network_name: network-tpot-ansible
+ name: subnet-tpot-ansible
cidr: 192.168.0.0/24
dns_nameservers:
- - 1.1.1.1
- - 8.8.8.8
+ - 100.125.4.25
+ - 100.125.129.199
- name: Create router
openstack.cloud.router:
cloud: "{{ cloud }}"
- name: router-tpot
+ name: router-tpot-ansible
interfaces:
- - subnet-tpot
+ - subnet-tpot-ansible
diff --git a/cloud/ansible/openstack/roles/create_vm/tasks/main.yaml b/cloud/ansible/openstack/roles/create_vm/tasks/main.yaml
index 71ad71e7..d7810a0d 100644
--- a/cloud/ansible/openstack/roles/create_vm/tasks/main.yaml
+++ b/cloud/ansible/openstack/roles/create_vm/tasks/main.yaml
@@ -11,10 +11,10 @@
boot_from_volume: yes
volume_size: "{{ volume_size }}"
key_name: "{{ key_name }}"
- timeout: 200
+ auto_ip: yes
flavor: "{{ flavor }}"
- security_groups: sg-tpot-any
- network: network-tpot
+ security_groups: sg-tpot-ansible
+ network: network-tpot-ansible
register: tpot
- name: Add instance to inventory
diff --git a/cloud/terraform/README.md b/cloud/terraform/README.md
index b8e19900..8aaf2c5a 100644
--- a/cloud/terraform/README.md
+++ b/cloud/terraform/README.md
@@ -37,12 +37,13 @@ This can easily be extended to support other [Terraform providers](https://regis
### Open Telekom Cloud (OTC)
* ECS instance:
- * s2.medium.8 (1 vCPU, 8 GB RAM)
+ * s3.medium.8 (1 vCPU, 8 GB RAM)
* 128 GB disk
* Debian 10
* Public EIP
* Security Group
-* Network, Subnet, Router (= Virtual Private Cloud [VPC])
+ * All TCP/UDP ports are open to the Internet
+* Virtual Private Cloud (VPC) and Subnet
## Prerequisites
@@ -90,11 +91,13 @@ In `aws/variables.tf`, you can change the additional variables:
### Open Telekom Cloud (OTC)
In `otc/variables.tf`, you can change the additional variables:
+* `ecs_flavor`
+* `ecs_disk_size`
* `availability_zone`
-* `flavor`
* `key_pair` - Specify an existing SSH key pair
-* `volume_size`
-Furthermore you can configure the naming of the created infrastructure (per default everything gets prefixed with "tpot-", e.g. "tpot-router").
+* `eip_size`
+
+... and some more, but these are the most relevant.
## Initialising
diff --git a/cloud/terraform/aws/main.tf b/cloud/terraform/aws/main.tf
index 533ee4bc..44185446 100644
--- a/cloud/terraform/aws/main.tf
+++ b/cloud/terraform/aws/main.tf
@@ -60,7 +60,7 @@ resource "aws_instance" "tpot" {
volume_size = 128
delete_on_termination = true
}
- user_data = templatefile("../cloud-init.yaml", {timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password})
- vpc_security_group_ids = [aws_security_group.tpot.id]
+ user_data = templatefile("../cloud-init.yaml", { timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password })
+ vpc_security_group_ids = [aws_security_group.tpot.id]
associate_public_ip_address = true
}
diff --git a/cloud/terraform/aws/variables.tf b/cloud/terraform/aws/variables.tf
index ba764aab..a59ed0eb 100644
--- a/cloud/terraform/aws/variables.tf
+++ b/cloud/terraform/aws/variables.tf
@@ -55,7 +55,7 @@ variable "ec2_ami" {
}
}
-# cloud-init configuration
+## cloud-init configuration ##
variable "timezone" {
default = "UTC"
}
@@ -63,20 +63,30 @@ variable "timezone" {
variable "linux_password" {
#default = "LiNuXuSeRPaSs#"
description = "Set a password for the default user"
+
+ validation {
+ condition = length(var.linux_password) > 0
+ error_message = "Please specify a password for the default user."
+ }
}
-# These will go in the generated tpot.conf file
+## These will go in the generated tpot.conf file ##
variable "tpot_flavor" {
- default = "STANDARD"
+ default = "STANDARD"
description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN, MEDICAL]"
}
variable "web_user" {
- default = "webuser"
+ default = "webuser"
description = "Set a username for the web user"
}
variable "web_password" {
#default = "w3b$ecret"
description = "Set a password for the web user"
+
+ validation {
+ condition = length(var.web_password) > 0
+ error_message = "Please specify a password for the web user."
+ }
}
diff --git a/cloud/terraform/aws/versions.tf b/cloud/terraform/aws/versions.tf
index a0de97d3..9ae9023e 100644
--- a/cloud/terraform/aws/versions.tf
+++ b/cloud/terraform/aws/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_version = ">= 0.13"
required_providers {
aws = {
- source = "hashicorp/aws"
+ source = "hashicorp/aws"
version = "3.26.0"
}
}
diff --git a/cloud/terraform/otc/.terraform.lock.hcl b/cloud/terraform/otc/.terraform.lock.hcl
index 0885519e..ce0226cc 100644
--- a/cloud/terraform/otc/.terraform.lock.hcl
+++ b/cloud/terraform/otc/.terraform.lock.hcl
@@ -2,38 +2,37 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/random" {
- version = "3.0.1"
- constraints = "~> 3.0.1"
+ version = "3.1.0"
+ constraints = "~> 3.1.0"
hashes = [
- "h1:SzM8nt2wzLMI28A3CWAtW25g3ZCm1O4xD0h3Ps/rU1U=",
- "zh:0d4f683868324af056a9eb2b06306feef7c202c88dbbe6a4ad7517146a22fb50",
- "zh:4824b3c7914b77d41dfe90f6f333c7ac9860afb83e2a344d91fbe46e5dfbec26",
- "zh:4b82e43712f3cf0d0cbc95b2cbcd409ba8f0dc7848fdfb7c13633c27468ed04a",
- "zh:78b3a2b860c3ebc973a794000015f5946eb59b82705d701d487475406b2612f1",
- "zh:88bc65197bd74ff408d147b32f0045372ae3a3f2a2fdd7f734f315d988c0e4a2",
- "zh:91bd3c9f625f177f3a5d641a64e54d4b4540cb071070ecda060a8261fb6eb2ef",
- "zh:a6818842b28d800f784e0c93284ff602b0c4022f407e4750da03f50b853a9a2c",
- "zh:c4a1a2b52abd05687e6cfded4a789dcd7b43e7a746e4d02dd1055370cf9a994d",
- "zh:cf65041bf12fc3bde709c1d267dbe94142bc05adcabc4feb17da3b12249132ac",
- "zh:e385e00e7425dda9d30b74ab4ffa4636f4b8eb23918c0b763f0ffab84ece0c5c",
+ "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=",
+ "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
+ "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
+ "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
+ "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
+ "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
+ "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
+ "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
+ "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
+ "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
+ "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
+ "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
]
}
provider "registry.terraform.io/opentelekomcloud/opentelekomcloud" {
- version = "1.22.5"
- constraints = "1.22.5"
+ version = "1.23.6"
+ constraints = "~> 1.23.4"
hashes = [
- "h1:H20WxSx+j2JyrqHAgqsrV3rMWEOEZVEQuA7upz/1IgY=",
- "zh:276ab06e7c011351fc5a803fea0321a9d12b1353bd43f5389f3bbf491e31fc41",
- "zh:3191dc598ea4e4c99d08a2b1a5f65710dbcc1a892b1f9dde7b52515f32028319",
- "zh:43db37c5fb6a886ce3bbc2aa730854476da7dd0340622ad874998041fa96f7a2",
- "zh:45f3e2677a4c35bd88d435c906224092e0dde17055a203b474da2eeacffbf9b7",
- "zh:504568581e561130fc0a9ceb6514e9664c67e3a89cd6c912f64c82f0a0305a30",
- "zh:5646c76cbe710fd0acde409cdcfb352dd53a282c0207e46e33ac5714d0eaa0b9",
- "zh:578b0f5d43f156f86ca6a63604da6e968f035d0b4bf6ccfc83db284fd31057f6",
- "zh:784459b8350dc650f01e6866bcec0632e8b5a8733d81e6ed53bc8cc1254abb92",
- "zh:970aa873a81994cddf84279b255d3f51a4138b23cb9162707cefb84042451bfc",
- "zh:e892b8b6225a46067586b8e54a7102ac1b0fc296b4851dab3d4cc185de538d66",
- "zh:f8c4699eebe99ac93d9cdccfcc809a5bd3d6c238be136d5a26c4e812ef30ec32",
+ "h1:B/1Md957jWaDgFqsJDzmJc75KwL0eC/PCVuZ8HV5xSc=",
+ "zh:1aa79010869d082157fb44fc83c3bff4e40938ec0ca916f704d974c7f7ca39e4",
+ "zh:3155b8366828ce50231f69962b55df1e2261ed63c44bb64e2c950dd68769df1b",
+ "zh:4a909617aa96a6d8aead14f56996ad94e0a1cae9d28e8df1ddae19c2095ed337",
+ "zh:4f71046719632b4b90f88d29d8ba88915ee6ad66cd9d7ebe84a7459013e5003a",
+ "zh:67e4d10b2db79ad78ae2ec8d9dfac53c4721028f97f4436a7aa45e80b1beefd3",
+ "zh:7f12541fc5a3513e5522ff2bd5fee17d1e67bfe64f9ef59d03863fc7389e12ce",
+ "zh:86fadabfc8307cf6084a412ffc9c797ec94932d08bc663a3fcebf98101e951f6",
+ "zh:98744b39c2bfe3e8e6f929f750a689971071b257f3f066f669f93c8e0b76d179",
+ "zh:c363d41debb060804e2c6bd9cb50b4e8daa37362299e3ea74e187265cd85f2ca",
]
}
diff --git a/cloud/terraform/otc/main.tf b/cloud/terraform/otc/main.tf
index 7a002b03..86e38e1e 100644
--- a/cloud/terraform/otc/main.tf
+++ b/cloud/terraform/otc/main.tf
@@ -14,24 +14,18 @@ resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_1" {
security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
}
-resource "opentelekomcloud_networking_network_v2" "network_1" {
- name = var.network_name
+resource "opentelekomcloud_vpc_v1" "vpc_1" {
+ name = var.vpc_name
+ cidr = var.vpc_cidr
}
-resource "opentelekomcloud_networking_subnet_v2" "subnet_1" {
- name = var.subnet_name
- network_id = opentelekomcloud_networking_network_v2.network_1.id
- cidr = "192.168.0.0/24"
- dns_nameservers = ["1.1.1.1", "8.8.8.8"]
-}
+resource "opentelekomcloud_vpc_subnet_v1" "subnet_1" {
+ name = var.subnet_name
+ cidr = var.subnet_cidr
+ vpc_id = opentelekomcloud_vpc_v1.vpc_1.id
-resource "opentelekomcloud_networking_router_v2" "router_1" {
- name = var.router_name
-}
-
-resource "opentelekomcloud_networking_router_interface_v2" "router_interface_1" {
- router_id = opentelekomcloud_networking_router_v2.router_1.id
- subnet_id = opentelekomcloud_networking_subnet_v2.subnet_1.id
+ gateway_ip = var.subnet_gateway_ip
+ dns_list = ["100.125.4.25", "100.125.129.199"]
}
resource "random_id" "tpot" {
@@ -39,33 +33,35 @@ resource "random_id" "tpot" {
prefix = var.ecs_prefix
}
-resource "opentelekomcloud_compute_instance_v2" "ecs_1" {
+resource "opentelekomcloud_ecs_instance_v1" "ecs_1" {
+ name = random_id.tpot.b64_std
+ image_id = data.opentelekomcloud_images_image_v2.debian.id
+ flavor = var.ecs_flavor
+ vpc_id = opentelekomcloud_vpc_v1.vpc_1.id
+
+ nics {
+ network_id = opentelekomcloud_vpc_subnet_v1.subnet_1.id
+ }
+
+ system_disk_size = var.ecs_disk_size
+ security_groups = [opentelekomcloud_networking_secgroup_v2.secgroup_1.id]
availability_zone = var.availability_zone
- name = random_id.tpot.b64_std
- flavor_name = var.flavor
- key_pair = var.key_pair
- security_groups = [opentelekomcloud_networking_secgroup_v2.secgroup_1.name]
- user_data = templatefile("../cloud-init.yaml", {timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password})
+ key_name = var.key_pair
+ user_data = templatefile("../cloud-init.yaml", { timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password })
+}
- network {
- name = opentelekomcloud_networking_network_v2.network_1.name
+resource "opentelekomcloud_vpc_eip_v1" "eip_1" {
+ publicip {
+ type = "5_bgp"
}
-
- block_device {
- uuid = data.opentelekomcloud_images_image_v2.debian.id
- source_type = "image"
- volume_size = var.volume_size
- destination_type = "volume"
- delete_on_termination = "true"
+ bandwidth {
+ name = "bandwidth-${random_id.tpot.b64_std}"
+ size = var.eip_size
+ share_type = "PER"
}
-
- depends_on = [opentelekomcloud_networking_router_interface_v2.router_interface_1]
}
-resource "opentelekomcloud_networking_floatingip_v2" "floatip_1" {
-}
-
-resource "opentelekomcloud_compute_floatingip_associate_v2" "fip_2" {
- floating_ip = opentelekomcloud_networking_floatingip_v2.floatip_1.address
- instance_id = opentelekomcloud_compute_instance_v2.ecs_1.id
+resource "opentelekomcloud_compute_floatingip_associate_v2" "fip_1" {
+ floating_ip = opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address
+ instance_id = opentelekomcloud_ecs_instance_v1.ecs_1.id
}
diff --git a/cloud/terraform/otc/outputs.tf b/cloud/terraform/otc/outputs.tf
index 2ec77c27..96cc7922 100644
--- a/cloud/terraform/otc/outputs.tf
+++ b/cloud/terraform/otc/outputs.tf
@@ -1,11 +1,11 @@
output "Admin_UI" {
- value = "https://${opentelekomcloud_networking_floatingip_v2.floatip_1.address}:64294"
+ value = "https://${opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address}:64294"
}
output "SSH_Access" {
- value = "ssh -p 64295 linux@${opentelekomcloud_networking_floatingip_v2.floatip_1.address}"
+ value = "ssh -p 64295 linux@${opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address}"
}
output "Web_UI" {
- value = "https://${opentelekomcloud_networking_floatingip_v2.floatip_1.address}:64297"
+ value = "https://${opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address}:64297"
}
diff --git a/cloud/terraform/otc/provider.tf b/cloud/terraform/otc/provider.tf
index 9dac3e37..462028fa 100644
--- a/cloud/terraform/otc/provider.tf
+++ b/cloud/terraform/otc/provider.tf
@@ -1,3 +1,3 @@
provider "opentelekomcloud" {
- cloud = "open-telekom-cloud"
+ cloud = "open-telekom-cloud"
}
diff --git a/cloud/terraform/otc/variables.tf b/cloud/terraform/otc/variables.tf
index 47e0df5b..e70c89eb 100644
--- a/cloud/terraform/otc/variables.tf
+++ b/cloud/terraform/otc/variables.tf
@@ -1,4 +1,4 @@
-# cloud-init configuration
+## cloud-init configuration ##
variable "timezone" {
default = "UTC"
}
@@ -6,66 +6,93 @@ variable "timezone" {
variable "linux_password" {
#default = "LiNuXuSeRPaSs#"
description = "Set a password for the default user"
+
+ validation {
+ condition = length(var.linux_password) > 0
+ error_message = "Please specify a password for the default user."
+ }
}
-# Cloud resources name configuration
+## Security Group ##
variable "secgroup_name" {
- default = "tpot-secgroup"
+ default = "sg-tpot"
}
variable "secgroup_desc" {
- default = "T-Pot Security Group"
+ default = "Security Group for T-Pot"
}
-variable "network_name" {
- default = "tpot-network"
+## Virtual Private Cloud ##
+variable "vpc_name" {
+ default = "vpc-tpot"
}
+variable "vpc_cidr" {
+ default = "192.168.0.0/16"
+}
+
+## Subnet ##
variable "subnet_name" {
- default = "tpot-subnet"
+ default = "subnet-tpot"
}
-variable "router_name" {
- default = "tpot-router"
+variable "subnet_cidr" {
+ default = "192.168.0.0/24"
}
+variable "subnet_gateway_ip" {
+ default = "192.168.0.1"
+}
+
+## Elastic Cloud Server ##
variable "ecs_prefix" {
default = "tpot-"
}
-# ECS configuration
-variable "availability_zone" {
- default = "eu-de-03"
- description = "Select an availability zone"
+variable "ecs_flavor" {
+ default = "s3.medium.8"
}
-variable "flavor" {
- default = "s3.medium.8"
- description = "Select a compute flavor"
+variable "ecs_disk_size" {
+ default = "128"
+}
+
+variable "availability_zone" {
+ default = "eu-de-03"
}
variable "key_pair" {
#default = ""
description = "Specify your SSH key pair"
+
+ validation {
+ condition = length(var.key_pair) > 0
+ error_message = "Please specify a Key Pair."
+ }
}
-variable "volume_size" {
- default = "128"
- description = "Set the volume size"
+## Elastic IP ##
+variable "eip_size" {
+ default = "100"
}
-# These will go in the generated tpot.conf file
+## These will go in the generated tpot.conf file ##
variable "tpot_flavor" {
- default = "STANDARD"
+ default = "STANDARD"
description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN, MEDICAL]"
}
variable "web_user" {
- default = "webuser"
+ default = "webuser"
description = "Set a username for the web user"
}
variable "web_password" {
#default = "w3b$ecret"
description = "Set a password for the web user"
+
+ validation {
+ condition = length(var.web_password) > 0
+ error_message = "Please specify a password for the web user."
+ }
}
diff --git a/cloud/terraform/otc/versions.tf b/cloud/terraform/otc/versions.tf
index 5d973281..d5a6ae2a 100644
--- a/cloud/terraform/otc/versions.tf
+++ b/cloud/terraform/otc/versions.tf
@@ -2,12 +2,12 @@ terraform {
required_version = ">= 0.13"
required_providers {
opentelekomcloud = {
- source = "opentelekomcloud/opentelekomcloud"
- version = "1.22.5"
+ source = "opentelekomcloud/opentelekomcloud"
+ version = "~> 1.23.4"
}
random = {
- source = "hashicorp/random"
- version = "~> 3.0.1"
+ source = "hashicorp/random"
+ version = "~> 3.1.0"
}
}
}