cleanup repository

2025-06-11 15:07:19 +02:00 · 2025-06-11 15:07:19 +02:00 · 2a81c11c8a
commit 2a81c11c8a
parent 6a5f928648
8 changed files with 139 additions and 157 deletions
--- a/00-provider.tf
+++ b/00-provider.tf
@ -13,13 +13,13 @@ terraform {
  required_providers {
    stackit = {
      source  = "stackitcloud/stackit"
-      version = "0.47.0"
+      version = "0.55.0"
    }
  }
 }
 # Configure the STACKIT Provider
 provider "stackit" {
-  region                = "eu01"
+  default_region        = "eu01"
  service_account_token = var.STACKIT_SERVICE_ACCOUNT_TOKEN
 }
--- a/01-config.tf
+++ b/01-config.tf
@ -1,43 +1,3 @@
 /*
 Copyright 2023 Schwarz IT KG <markus.brunsch@mail.schwarz>
 Copyright 2024-2025 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
 Use of this source code is governed by an MIT-style
 license that can be found in the LICENSE file or at
 https://opensource.org/licenses/MIT.
 */
 #
 # Custom User Settings
 #
 # STACKIT Availability Zone
 variable "zone" {
  type        = string
  description = ""
  default     = "eu01-m"
 }
 # STACKIT VM Flavor
 variable "flavor" {
  type        = string
  description = ""
  default     = "c1.2"
 }
 # Local VPC Subnet to create STACKIT Network
 variable "LOCAL_SUBNET" {
  type        = string
  description = ""
  default     = "10.0.0.0/24"
 }
 ############################################
 #
 # System Settings (do not edit)
 #
 # STACKIT Service Account Token
 variable "STACKIT_SERVICE_ACCOUNT_TOKEN" {
  type        = string
@ -54,13 +14,7 @@ variable "debian_image" {
  default = "b641bf53-4dd4-4ba9-a1ff-9739920fbe73"
 }
-resource "random_shuffle" "az" {
+resource "stackit_key_pair" "admin_keypair" {
-  input        = ["eu01-1", "eu01-2", "eu01-3"]
+  name       = "admin-keypair"
-  result_count = 1
+  public_key = file("~/.ssh/id_rsa.pub")
 }
 # SSH Key Pair
 resource "stackit_key_pair" "admin-keypair" {
  name       = "brunsch-keypair"
  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUswz82ZkG2G/2ZYZjo1/Q3srmqcB0zIwpO9GD1X7baH41QEKRY3FGb7KpD6gU1zEKcQYDI8cSmF9ICN51GgRD/+P+B4b59S/z5KUQ10H5QaeFGxBIKxgcWmSGFTMhamMmn/8nG+vI4HEHWSEgpiOQ1vjRDboncW2ac4EH+eZkk2dJAYPWcQorPTW89cRYzaBrhLO+3gpCEyK9Ke4Tf3emnCilYbS+g/qQqo67qR7tW3lYYpJbAEm/ARQhVeyP5mYhOYXwMkiaBOqQ7Wgip0Gc6p9KbGS5ZOe04bhomDJqgK88N03xgGo2st2mbVAKBDpE4kcwxNF08jIeA7UGQ8Si1YJ/vfchTE+dRWwTf5GuB2/Kh/CqaOM8Tb2yFGMPVobeg7EIJd+d5OteX4/9entwXIWkPLtQdWsTubTsSM+eVbgVJ5cv62LkhD8bpm2cEDrvuFWrCO0A2q3KEdlUa2alK8yhgez8mzIgEPDfOcB0SZoQMvilVYVGqnlkriwB9jKRb3WXhqksv8UaPyfE3rlIKAdXEmaWpTNOhsk4RrMjiivSm6L+p/oqwntRE6rqug+jHLqXwfbxwwMl0ouF0GPm2pFdPo4Ki6VE3JBEo71t//GugCHbFb7bRdHEHxKvfTcpIywz3MlDkHWsQKMCRDacpED/i3Snt9Mwxr2ApNli4Q=="
 }
--- a/03-network.tf
+++ b/03-network.tf
@ -1,12 +1,3 @@
 /*
 Copyright 2023 Schwarz IT KG <markus.brunsch@mail.schwarz>
 Copyright 2024-2025 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
 Use of this source code is governed by an MIT-style
 license that can be found in the LICENSE file or at
 https://opensource.org/licenses/MIT.
 */
 # Create vNET Network
 resource "stackit_network" "default" {
  project_id       = var.STACKIT_PROJECT_ID
--- a/04-master.tf
+++ b/04-master.tf
@ -1,12 +1,3 @@
 /*
 Copyright 2023 Schwarz IT KG <markus.brunsch@mail.schwarz>
 Copyright 2024-2025 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
 Use of this source code is governed by an MIT-style
 license that can be found in the LICENSE file or at
 https://opensource.org/licenses/MIT.
 */
 # Create virtual Server
 resource "stackit_server" "example01" {
  project_id = var.STACKIT_PROJECT_ID
@ -20,7 +11,7 @@ resource "stackit_server" "example01" {
  }
  machine_type      = "c1.4"
  availability_zone = "eu01-1"
-  keypair_name      = stackit_key_pair.admin-keypair.name
+  keypair_name      = stackit_key_pair.admin_keypair.name
  depends_on        = [stackit_network_interface.example01]
 }
--- a/05-backup.tf
+++ b/05-backup.tf
@ -1,12 +1,3 @@
 /*
 Copyright 2023 Schwarz IT KG <markus.brunsch@mail.schwarz>
 Copyright 2024-2025 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
 Use of this source code is governed by an MIT-style
 license that can be found in the LICENSE file or at
 https://opensource.org/licenses/MIT.
 */
 # Create virtual Server
 resource "stackit_server" "example02" {
  project_id = var.STACKIT_PROJECT_ID
@ -20,7 +11,7 @@ resource "stackit_server" "example02" {
  }
  machine_type      = "c1.4"
  availability_zone = "eu01-2"
-  keypair_name      = stackit_key_pair.admin-keypair.name
+  keypair_name      = stackit_key_pair.admin_keypair.name
  depends_on        = [stackit_network_interface.example02]
 }
--- a/06-ha.tf
+++ b/06-ha.tf
@ -1,23 +1,3 @@
 /*
 Copyright 2023 Schwarz IT KG <markus.brunsch@mail.schwarz>
 Copyright 2024-2025 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
 Use of this source code is governed by an MIT-style
 license that can be found in the LICENSE file or at
 https://opensource.org/licenses/MIT.
 */
 # Create VIP Port
 #resource "terraform_data" "spoke-local-1" {
 #  provisioner "local-exec" {
 #    command = "curl --location 'https://iaas.api.eu01.stackit.cloud/v1alpha1/projects/${var.STACKIT_PROJECT_ID}/networks/${stackit_network.default.network_id}/virtual-ips' --header 'Content-Type: application/json' --header 'Authorization: Bearer ${var.STACKIT_SERVICE_ACCOUNT_TOKEN}' --data '{\"ip\":\"10.1.2.10\",\"labels\":{\"key\":\"sap\"},\"members\":[\"${stackit_network_interface.example01.network_interface_id}\",\"${stackit_network_interface.example02.network_interface_id}\"],\"name\":\"vip01\"}'"
 #  }
 #  depends_on = [ 
 #    stackit_network_interface.example01,
 #    stackit_network_interface.example02
 #  ]
 #}
 resource "stackit_network_interface" "vip01" {
  project_id = var.STACKIT_PROJECT_ID
  network_id = stackit_network.default.network_id
--- a/README.md
+++ b/README.md
@ -1,67 +1,24 @@
-# Basic HA Setup (VRRP)
+# Basic High Availability (HA) Setup Using VRRP
-Documentation on how to set up an active passive VRRP Cluster
+This guide provides step-by-step instructions for setting up a basic active/passive Virtual Router Redundancy Protocol (VRRP) high availability (HA) cluster using the STACKIT CLI. This configuration ensures one virtual machine (VM) acts as the active primary node while the other remains on standby as a failover.
 All the needed Commands use the STACKIT Cli.
-Overview core components:
+All operations below are performed using the STACKIT CLI.
-VRRP Sync between two Virtual Machines including Security Groups and Port Security setup (additional adresses)
+## Overview of Core Components
 ![](docs/ha.svg)
-![](docs/vip.svg)
+- Two virtual machines in an active/passive configuration.
 - VRRP synchronization between the nodes.
 - Security group rules for VRRP and ICMP traffic.
 - A dedicated internal virtual IP (vIP) bound to a shared NIC port.
 - Public IP binding for external access to HA endpoint.
-## Basic Network Config
+Diagrams:
 Creation of a STACKIT Network where the VMs and NIC adapters will be placed.
 ```bash
 NETWORKID=$(stackit network create --name demo --ipv4-dns-name-servers "1.1.1.1,8.8.8.8,9.9.9.9" --ipv4-prefix "10.1.2.0/24" -y -o json | jq -r .networkId) 
 ```
-## Security Groups
+- HA Traffic Flow:
-Basic Security Group to allow VRRP & ICMP Traffic for failover
+  ![](docs/ha.svg)
-**Create the Security Group**:
+- vIP Binding Concept:
 ```bash
 SECGROUPID=$(stackit security-group create --name VRRP -y -o json | jq -r .id)
 ```
-**Create the Security Rules**:
+  ![](docs/vip.svg)
 Allow VRRP & ICMP for testing only
 ```bash
 stackit security-group rule create --security-group-id $SECGROUPID --direction ingress --protocol-name icmp 
 stackit security-group rule create --security-group-id $SECGROUPID --direction ingress --protocol-name vrrp 
 ```
 ## Network Adapters
 We need three network interfaces.
 One for each server an the third for registering the internal vip address.
 **Network Interface for the VIP**:
 ```bash
 VIPNICID=$(stackit network-interface create --network-id $NETWORKID --name vipPort -y -o json | jq -r .id)
 ```
 **Get the (v)IP of the NIC**:
 ```bash
 VIPIP=$(stackit network-interface describe $VIPNICID --network-id $NETWORKID -o json | jq -r .ipv4)
 ```
 **Network Interface for the VMs**:
 ```bash
 NICID=$(stackit network-interface create --network-id $NETWORKID --allowed-addresses $VIPIP --name <nicName> --security-groups $SECGROUPID,<defaultSecGroupId> -y -o json | jq -r .id)
 ```
 ## Set up the virtual Machines
 Create two VMs with a Debian 12 as OS.
 ```bash
 stackit server create --boot-volume-performance-class storage_premium_perf4 --boot-volume-size 32 --boot-volume-source-type image --boot-volume-source-id 03e19c6a-d73a-4ba9-96af-4bd03cf905d3 --keypair-name <sshKeyPair> --availability-zone eu01-1 --machine-type c1.2 --name <serverName> --network-interface-ids $NICID
 ```
 ## External floating Addresses (HA)
 To access the HA cluster from the Internet bind a Public IP to our vIP NIC adapter so the WAN ip is always pointed to the active replica.
 ```bash
 stackit public-ip create --associated-resource-id $VIPNICID
 ```
--- a/STACKIT-CLI-GUIDE.md
+++ b/STACKIT-CLI-GUIDE.md
@ -0,0 +1,118 @@
 ## Step 1: Create a STACKIT Network
 Create a new network where the VMs and network interfaces will be deployed.
 ```bash
 NETWORKID=$(stackit network create \
  --name demo \
  --ipv4-dns-name-servers "1.1.1.1,8.8.8.8,9.9.9.9" \
  --ipv4-prefix "10.1.2.0/24" \
  -y -o json | jq -r .networkId)
 ```
 ---
 ## Step 2: Configure Security Groups
 Create a security group allowing VRRP and ICMP traffic between the two VMs.
 Create the security group:
 ```bash
 SECGROUPID=$(stackit security-group create \
  --name VRRP \
  -y -o json | jq -r .id)
 ```
 Add security rules:
 ```bash
 # Allow ICMP (for ping and monitoring)
 stackit security-group rule create \
  --security-group-id $SECGROUPID \
  --direction ingress \
  --protocol-name icmp
 # Allow VRRP protocol (protocol number 112)
 stackit security-group rule create \
  --security-group-id $SECGROUPID \
  --direction ingress \
  --protocol-name vrrp
 ```
 Note: Restrict these rules further in production environments by specifying source CIDRs or specific IPs.
 ---
 ## Step 3: Create Network Interfaces
 We will create:
 - A shared VIP interface (to bind the internal HA IP)
 - One interface for each VM with access to the VIP
 Create a shared network adapter for the virtual IP:
 ```bash
 VIPNICID=$(stackit network-interface create \
  --network-id $NETWORKID \
  --name vipPort \
  -y -o json | jq -r .id)
 ```
 Fetch the vIP address:
 ```bash
 VIPIP=$(stackit network-interface describe $VIPNICID \
  --network-id $NETWORKID \
  -o json | jq -r .ipv4)
 ```
 Create network interfaces for the VMs (replace <nicName> and <defaultSecGroupId> accordingly):
 ```bash
 NICID=$(stackit network-interface create \
  --network-id $NETWORKID \
  --allowed-addresses $VIPIP \
  --name <nicName> \
  --security-groups $SECGROUPID,<defaultSecGroupId> \
  -y -o json | jq -r .id)
 ```
 Repeat the step above to create a second NIC for the second VM.
 ---
 ## Step 4: Create the Virtual Machines
 Provision two virtual machines with attached network interfaces and required configuration.
 Sample command to create a VM (replace placeholders accordingly):
 ```bash
 stackit server create \
  --boot-volume-performance-class storage_premium_perf4 \
  --boot-volume-size 32 \
  --boot-volume-source-type image \
  --boot-volume-source-id 03e19c6a-d73a-4ba9-96af-4bd03cf905d3 \ # Debian 12 image ID
  --keypair-name <sshKeyPair> \
  --availability-zone eu01-1 \
  --machine-type c1.2 \
  --name <serverName> \
  --network-interface-ids $NICID
 ```
 Repeat the process to create the second VM with a different serverName and NIC ID.
 ---
 ## Step 5: Bind a Public IP (Optional — for external access)
 To allow access to your HA cluster from outside the private network, bind a public IP address to the shared VIP NIC.
 ```bash
 stackit public-ip create \
  --associated-resource-id $VIPNICID
 ```
 This ensures that regardless of which VM is active, the public IP always routes to the current primary node via the shared virtual IP.