professional-service-best-practices/terraform-iaas-api-basic-ha-vrrp
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
1 commit 1 branch 0 tags 78 KiB
HCL 93.5%
Shell 6.5%
Find a file
Mauritz Uphoff 6a5f928648
All checks were successful
CI / Terraform Format & Validate (push) Successful in 14s
Details
CI / TruffleHog Secrets Scan (push) Successful in 55s
Details
Initial commit
2025-06-10 16:32:16 +02:00
.forgejo/workflows Initial commit 2025-06-10 16:32:16 +02:00
docs Initial commit 2025-06-10 16:32:16 +02:00
.gitignore Initial commit 2025-06-10 16:32:16 +02:00
00-provider.tf Initial commit 2025-06-10 16:32:16 +02:00
01-config.tf Initial commit 2025-06-10 16:32:16 +02:00
02-user_data Initial commit 2025-06-10 16:32:16 +02:00
03-network.tf Initial commit 2025-06-10 16:32:16 +02:00
04-master.tf Initial commit 2025-06-10 16:32:16 +02:00
05-backup.tf Initial commit 2025-06-10 16:32:16 +02:00
06-ha.tf Initial commit 2025-06-10 16:32:16 +02:00
example.env Initial commit 2025-06-10 16:32:16 +02:00
keepalive.conf Initial commit 2025-06-10 16:32:16 +02:00
README.md Initial commit 2025-06-10 16:32:16 +02:00

README.md

Basic HA Setup (VRRP)

Documentation on how to set up an active passive VRRP Cluster All the needed Commands use the STACKIT Cli.

Overview core components:

VRRP Sync between two Virtual Machines including Security Groups and Port Security setup (additional adresses)

Basic Network Config

Creation of a STACKIT Network where the VMs and NIC adapters will be placed.

NETWORKID=$(stackit network create --name demo --ipv4-dns-name-servers "1.1.1.1,8.8.8.8,9.9.9.9" --ipv4-prefix "10.1.2.0/24" -y -o json | jq -r .networkId)

Security Groups

Basic Security Group to allow VRRP & ICMP Traffic for failover

Create the Security Group:

SECGROUPID=$(stackit security-group create --name VRRP -y -o json | jq -r .id)

Create the Security Rules: Allow VRRP & ICMP for testing only

stackit security-group rule create --security-group-id $SECGROUPID --direction ingress --protocol-name icmp 
stackit security-group rule create --security-group-id $SECGROUPID --direction ingress --protocol-name vrrp

Network Adapters

We need three network interfaces. One for each server an the third for registering the internal vip address.

Network Interface for the VIP:

VIPNICID=$(stackit network-interface create --network-id $NETWORKID --name vipPort -y -o json | jq -r .id)

Get the (v)IP of the NIC:

VIPIP=$(stackit network-interface describe $VIPNICID --network-id $NETWORKID -o json | jq -r .ipv4)

Network Interface for the VMs:

NICID=$(stackit network-interface create --network-id $NETWORKID --allowed-addresses $VIPIP --name <nicName> --security-groups $SECGROUPID,<defaultSecGroupId> -y -o json | jq -r .id)

Set up the virtual Machines

Create two VMs with a Debian 12 as OS.

stackit server create --boot-volume-performance-class storage_premium_perf4 --boot-volume-size 32 --boot-volume-source-type image --boot-volume-source-id 03e19c6a-d73a-4ba9-96af-4bd03cf905d3 --keypair-name <sshKeyPair> --availability-zone eu01-1 --machine-type c1.2 --name <serverName> --network-interface-ids $NICID

External floating Addresses (HA)

To access the HA cluster from the Internet bind a Public IP to our vIP NIC adapter so the WAN ip is always pointed to the active replica.

stackit public-ip create --associated-resource-id $VIPNICID