professional-service-best-practices/terraform-iaas-api-basic-ha-vrrp
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
terraform-iaas-api-basic-ha.../README.md
Mauritz Uphoff 6a5f928648
All checks were successful
CI / Terraform Format & Validate (push) Successful in 14s
Details
CI / TruffleHog Secrets Scan (push) Successful in 55s
Details
Initial commit
2025-06-10 16:32:16 +02:00

67 lines
No EOL
2.3 KiB
Markdown
Raw Blame History

# Basic HA Setup (VRRP)
Documentation on how to set up an active passive VRRP Cluster
All the needed Commands use the STACKIT Cli.
Overview core components:
VRRP Sync between two Virtual Machines including Security Groups and Port Security setup (additional adresses)
![](docs/ha.svg)
![](docs/vip.svg)
## Basic Network Config
Creation of a STACKIT Network where the VMs and NIC adapters will be placed.
```bash
NETWORKID=$(stackit network create --name demo --ipv4-dns-name-servers "1.1.1.1,8.8.8.8,9.9.9.9" --ipv4-prefix "10.1.2.0/24" -y -o json | jq -r .networkId)
```
## Security Groups
Basic Security Group to allow VRRP & ICMP Traffic for failover
**Create the Security Group**:
```bash
SECGROUPID=$(stackit security-group create --name VRRP -y -o json | jq -r .id)
```
**Create the Security Rules**:
Allow VRRP & ICMP for testing only
```bash
stackit security-group rule create --security-group-id $SECGROUPID --direction ingress --protocol-name icmp
stackit security-group rule create --security-group-id $SECGROUPID --direction ingress --protocol-name vrrp
```
## Network Adapters
We need three network interfaces.
One for each server an the third for registering the internal vip address.
**Network Interface for the VIP**:
```bash
VIPNICID=$(stackit network-interface create --network-id $NETWORKID --name vipPort -y -o json | jq -r .id)
```
**Get the (v)IP of the NIC**:
```bash
VIPIP=$(stackit network-interface describe $VIPNICID --network-id $NETWORKID -o json | jq -r .ipv4)
```
**Network Interface for the VMs**:
```bash
NICID=$(stackit network-interface create --network-id $NETWORKID --allowed-addresses $VIPIP --name <nicName> --security-groups $SECGROUPID,<defaultSecGroupId> -y -o json | jq -r .id)
```
## Set up the virtual Machines
Create two VMs with a Debian 12 as OS.
```bash
stackit server create --boot-volume-performance-class storage_premium_perf4 --boot-volume-size 32 --boot-volume-source-type image --boot-volume-source-id 03e19c6a-d73a-4ba9-96af-4bd03cf905d3 --keypair-name <sshKeyPair> --availability-zone eu01-1 --machine-type c1.2 --name <serverName> --network-interface-ids $NICID
```
## External floating Addresses (HA)
To access the HA cluster from the Internet bind a Public IP to our vIP NIC adapter so the WAN ip is always pointed to the active replica.
```bash
stackit public-ip create --associated-resource-id $VIPNICID
```
Reference in a new issue View git blame Copy permalink