professional-service-best-practices/terraform-iaas-api-basic-ha-vrrp
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
terraform-iaas-api-basic-ha.../STACKIT-CLI-GUIDE.md
Mauritz Uphoff 2a81c11c8a
All checks were successful
CI / TruffleHog Secrets Scan (push) Successful in 7s
Details
CI / Terraform Format & Validate (push) Successful in 7s
Details
cleanup repository
2025-06-11 15:07:19 +02:00

2.9 KiB
Raw Permalink Blame History

Step 1: Create a STACKIT Network

Create a new network where the VMs and network interfaces will be deployed.

NETWORKID=$(stackit network create \
  --name demo \
  --ipv4-dns-name-servers "1.1.1.1,8.8.8.8,9.9.9.9" \
  --ipv4-prefix "10.1.2.0/24" \
  -y -o json | jq -r .networkId)

Step 2: Configure Security Groups

Create a security group allowing VRRP and ICMP traffic between the two VMs.

Create the security group:

SECGROUPID=$(stackit security-group create \
  --name VRRP \
  -y -o json | jq -r .id)

Add security rules:

# Allow ICMP (for ping and monitoring)
stackit security-group rule create \
  --security-group-id $SECGROUPID \
  --direction ingress \
  --protocol-name icmp

# Allow VRRP protocol (protocol number 112)
stackit security-group rule create \
  --security-group-id $SECGROUPID \
  --direction ingress \
  --protocol-name vrrp

Note: Restrict these rules further in production environments by specifying source CIDRs or specific IPs.

Step 3: Create Network Interfaces

We will create:

  • A shared VIP interface (to bind the internal HA IP)
  • One interface for each VM with access to the VIP

Create a shared network adapter for the virtual IP:

VIPNICID=$(stackit network-interface create \
  --network-id $NETWORKID \
  --name vipPort \
  -y -o json | jq -r .id)

Fetch the vIP address:

VIPIP=$(stackit network-interface describe $VIPNICID \
  --network-id $NETWORKID \
  -o json | jq -r .ipv4)

Create network interfaces for the VMs (replace and accordingly):

NICID=$(stackit network-interface create \
  --network-id $NETWORKID \
  --allowed-addresses $VIPIP \
  --name <nicName> \
  --security-groups $SECGROUPID,<defaultSecGroupId> \
  -y -o json | jq -r .id)

Repeat the step above to create a second NIC for the second VM.

Step 4: Create the Virtual Machines

Provision two virtual machines with attached network interfaces and required configuration.

Sample command to create a VM (replace placeholders accordingly):

stackit server create \
  --boot-volume-performance-class storage_premium_perf4 \
  --boot-volume-size 32 \
  --boot-volume-source-type image \
  --boot-volume-source-id 03e19c6a-d73a-4ba9-96af-4bd03cf905d3 \ # Debian 12 image ID
  --keypair-name <sshKeyPair> \
  --availability-zone eu01-1 \
  --machine-type c1.2 \
  --name <serverName> \
  --network-interface-ids $NICID

Repeat the process to create the second VM with a different serverName and NIC ID.

Step 5: Bind a Public IP (Optional — for external access)

To allow access to your HA cluster from outside the private network, bind a public IP address to the shared VIP NIC.

stackit public-ip create \
  --associated-resource-id $VIPNICID

This ensures that regardless of which VM is active, the public IP always routes to the current primary node via the shared virtual IP.