Updated to STACKIT provider
This commit is contained in:
		
							parent
							
								
									bbfdad1851
								
							
						
					
					
						commit
						6a0fa6c61e
					
				
					 6 changed files with 95 additions and 155 deletions
				
			
		
							
								
								
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							|  | @ -35,3 +35,4 @@ terraform.rc | ||||||
| .env | .env | ||||||
| .terraform.lock.hcl | .terraform.lock.hcl | ||||||
| conf.img | conf.img | ||||||
|  | pfsense.qcow2 | ||||||
|  |  | ||||||
|  | @ -11,20 +11,15 @@ https://opensource.org/licenses/MIT. | ||||||
| terraform { | terraform { | ||||||
|   required_version = ">= 0.14.0" |   required_version = ">= 0.14.0" | ||||||
|   required_providers { |   required_providers { | ||||||
|     openstack = { |     stackit = { | ||||||
|       source  = "terraform-provider-openstack/openstack" |       source = "stackitcloud/stackit" | ||||||
|       version = "3.0.0" |       version = "0.44.0" | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # Configure the OpenStack Provider | provider "stackit" { | ||||||
| provider "openstack" { |   default_region                = "eu01" | ||||||
|   user_name         = var.USERNAME |   service_account_token = var.STACKIT_SERVICE_ACCOUNT_TOKEN | ||||||
|   tenant_id         = var.TENANTID |   enable_beta_resources = true | ||||||
|   user_domain_name  = "portal_mvp" |  | ||||||
|   project_domain_id = "portal_mvp" |  | ||||||
|   password          = var.PASSWORD |  | ||||||
|   auth_url          = "https://keystone.api.iaas.eu01.stackit.cloud/v3/" |  | ||||||
|   region            = "RegionOne" |  | ||||||
| } | } | ||||||
|  |  | ||||||
							
								
								
									
										26
									
								
								01-config.tf
									
									
									
									
									
								
							
							
						
						
									
										26
									
								
								01-config.tf
									
									
									
									
									
								
							|  | @ -11,47 +11,35 @@ https://opensource.org/licenses/MIT. | ||||||
| # Custom User Settings | # Custom User Settings | ||||||
| # | # | ||||||
| 
 | 
 | ||||||
| # OpenStack Availability Zone | # STACKIT Availability Zone | ||||||
| variable "zone" { | variable "zone" { | ||||||
|   type        = string |   type        = string | ||||||
|   description = "" |   description = "" | ||||||
|   default     = "eu01-m" |   default     = "eu01-m" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # OpenStack VM Flavor | # STACKIT VM Flavor | ||||||
| variable "flavor" { | variable "flavor" { | ||||||
|   type        = string |   type        = string | ||||||
|   description = "" |   description = "" | ||||||
|   default     = "c1.2" |   default     = "c1.2" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # Local VPC Subnet to create OpenStack Network | # Local VPC Subnet to create Network | ||||||
| variable "LOCAL_SUBNET" { | variable "LOCAL_SUBNET" { | ||||||
|   type        = string |   type        = string | ||||||
|   description = "" |   description = "" | ||||||
|   default     = "10.0.0.0/24" |   default     = "10.0.0.0/24" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ############################################ | # STACKIT ProjectID | ||||||
| 
 | variable "STACKIT_PROJECT_ID" { | ||||||
| # |  | ||||||
| # System Settings (do not edit) |  | ||||||
| # |  | ||||||
| 
 |  | ||||||
| # OpenStack UAT Username |  | ||||||
| variable "USERNAME" { |  | ||||||
|   type        = string |   type        = string | ||||||
|   description = "" |   description = "" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # OpenStack Project ID | # STACKIT Service Account Token | ||||||
| variable "TENANTID" { | variable "STACKIT_SERVICE_ACCOUNT_TOKEN" { | ||||||
|   type        = string |  | ||||||
|   description = "" |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| # OpenStack UAT Password |  | ||||||
| variable "PASSWORD" { |  | ||||||
|   type        = string |   type        = string | ||||||
|   description = "" |   description = "" | ||||||
| } | } | ||||||
|  | @ -7,12 +7,30 @@ license that can be found in the LICENSE file or at | ||||||
| https://opensource.org/licenses/MIT. | https://opensource.org/licenses/MIT. | ||||||
| */ | */ | ||||||
| 
 | 
 | ||||||
| # Upload VPN Appliance Image to OpenStack | # Local copy of the Image  | ||||||
| resource "openstack_images_image_v2" "pfsense_image" { | resource "null_resource" "pfsense_image_file" { | ||||||
|   name             = "pfsense-2.7.2-amd64-image" |     triggers = { | ||||||
|   image_source_url = "https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2" |     always_run = timestamp() | ||||||
|   web_download     = true |   } | ||||||
|   container_format = "bare" | 
 | ||||||
|   disk_format      = "qcow2" |   provisioner "local-exec" { | ||||||
|   visibility       = "shared" |     command = "curl -o pfsense.qcow2 https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2" | ||||||
|  |   } | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | # Upload VPN Appliance Image to STACKIT | ||||||
|  | resource "stackit_image" "pfsense_image" { | ||||||
|  |   project_id       = var.STACKIT_PROJECT_ID | ||||||
|  |   name             = "pfsense-2.7.2-amd64-image" | ||||||
|  |   local_file_path  = "./pfsense.qcow2" | ||||||
|  |   disk_format      = "qcow2" | ||||||
|  |   depends_on       = [null_resource.pfsense_image_file] | ||||||
|  |   min_disk_size    = 10 | ||||||
|  |   min_ram          = 2 | ||||||
|  |   config = { | ||||||
|  |     uefi           = false | ||||||
|  |     cdrom_bus      = "scsi" | ||||||
|  |     disk_bus       = "scsi" | ||||||
|  |     secure_boot    = false | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -7,72 +7,42 @@ license that can be found in the LICENSE file or at | ||||||
| https://opensource.org/licenses/MIT. | https://opensource.org/licenses/MIT. | ||||||
| */ | */ | ||||||
| 
 | 
 | ||||||
| # Create vNET Networks | # Get vNET Networks | ||||||
| resource "openstack_networking_network_v2" "vpc_network" { | resource "stackit_network" "lan_network" { | ||||||
|   name           = "VPC Network" |   project_id         = var.STACKIT_PROJECT_ID | ||||||
|   description    = "Local Peering VPC Network" |   name               = "lan_network" | ||||||
|   admin_state_up = "true" |   ipv4_nameservers        = ["208.67.222.222", "9.9.9.9"] | ||||||
|  |   ipv4_prefix_length = 24 | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| resource "openstack_networking_network_v2" "wan_network" { | resource "stackit_network" "wan_network" { | ||||||
|   name           = "WAN Network" |   project_id         = var.STACKIT_PROJECT_ID | ||||||
|   description    = "Transfer Net for binding FloatingIPs" |   name               = "wan_network" | ||||||
|   admin_state_up = "true" |   ipv4_nameservers        = ["208.67.222.222", "9.9.9.9"] | ||||||
|  |   ipv4_prefix_length = 28 | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # Create Subnets | resource "stackit_network_interface" "nic_lan" { | ||||||
| resource "openstack_networking_subnet_v2" "vpc_subnet_1" { |   project_id         = var.STACKIT_PROJECT_ID | ||||||
|   name        = "vpc_subnet" |   network_id         = stackit_network.lan_network.network_id | ||||||
|   description = "Local VPC Network" |  | ||||||
|   network_id  = openstack_networking_network_v2.vpc_network.id |  | ||||||
|   cidr        = var.LOCAL_SUBNET |  | ||||||
|   ip_version  = 4 |  | ||||||
|   dns_nameservers = [ |  | ||||||
|     "208.67.222.222", |  | ||||||
|     "9.9.9.9", |  | ||||||
|   ] |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| resource "openstack_networking_subnet_v2" "wan_subnet_1" { | resource "stackit_network_interface" "nic_wan" { | ||||||
|   name        = "wan_subnet" |   project_id         = var.STACKIT_PROJECT_ID | ||||||
|   description = "WAN Network" |   network_id         = stackit_network.wan_network.network_id | ||||||
|   network_id  = openstack_networking_network_v2.wan_network.id |  | ||||||
|   cidr        = "100.96.96.0/25" |  | ||||||
|   ip_version  = 4 |  | ||||||
|   dns_nameservers = [ |  | ||||||
|     "208.67.222.222", |  | ||||||
|     "9.9.9.9", |  | ||||||
|   ] |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # Create OpenStack Router | resource "stackit_public_ip" "example" { | ||||||
| 
 |   project_id           = var.STACKIT_PROJECT_ID | ||||||
| resource "openstack_networking_router_v2" "vpc_router" { |   network_interface_id = stackit_network_interface.nic_wan.network_interface_id | ||||||
|   name        = "vpc_router" |  | ||||||
|   description = "VPC Router" |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| resource "openstack_networking_router_interface_v2" "vpc_router_interface_1" { |  | ||||||
|   router_id = openstack_networking_router_v2.vpc_router.id |  | ||||||
|   subnet_id = openstack_networking_subnet_v2.vpc_subnet_1.id |  | ||||||
| } |  | ||||||
| 
 | 
 | ||||||
| resource "openstack_networking_router_v2" "wan_router" { | # Get Subents | ||||||
|   name                = "wan_router" | #data "openstack_networking_subnet_v2" "vpc_subnet_1" { | ||||||
|   description         = "WAN Router" | #  network_id  = stackit_network.lan_network.network_id | ||||||
|   external_network_id = "970ace5c-458f-484a-a660-0903bcfd91ad" | #} | ||||||
| } |  | ||||||
| 
 | 
 | ||||||
| # Create Router interfaces | #data "openstack_networking_subnet_v2" "wan_subnet_1" { | ||||||
| resource "openstack_networking_router_interface_v2" "wan_router_interface_1" { | #  network_id  = stackit_network.wan_network.network_id | ||||||
|   router_id = openstack_networking_router_v2.wan_router.id | #} | ||||||
|   subnet_id = openstack_networking_subnet_v2.wan_subnet_1.id |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| # Create static routing entry for VPC Traffic to hit the pfSense instead of the default gateway |  | ||||||
| resource "openstack_networking_router_route_v2" "vpc_router_route_1" { |  | ||||||
|   depends_on       = [openstack_networking_router_interface_v2.vpc_router_interface_1] |  | ||||||
|   router_id        = openstack_networking_router_v2.vpc_router.id |  | ||||||
|   destination_cidr = "0.0.0.0/0" |  | ||||||
|   next_hop         = openstack_compute_instance_v2.instance_fw.network.1.fixed_ip_v4 |  | ||||||
| } |  | ||||||
|  | @ -7,68 +7,36 @@ license that can be found in the LICENSE file or at | ||||||
| https://opensource.org/licenses/MIT. | https://opensource.org/licenses/MIT. | ||||||
| */ | */ | ||||||
| 
 | 
 | ||||||
| # Create root Volume | resource "stackit_volume" "pfsense_vol" { | ||||||
| resource "openstack_blockstorage_volume_v3" "fw_root_volume" { |   project_id        = var.STACKIT_PROJECT_ID | ||||||
|   name              = "pfsense-2.7.2-root" |   name              = "pfsense-2.7.2-root" | ||||||
|   description       = "Root Volume" |   availability_zone = var.zone | ||||||
|   size              = 16 |   size              = 16 | ||||||
|   image_id          = openstack_images_image_v2.pfsense_image.id |   performance_class = "storage_premium_perf4" | ||||||
|  |   source = { | ||||||
|  |     id = stackit_image.pfsense_image.image_id | ||||||
|  |     type = "image" | ||||||
|  |   }  | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | resource "stackit_server" "pfsense_Server" { | ||||||
|  |   project_id = var.STACKIT_PROJECT_ID | ||||||
|  |   name       = "pfSense" | ||||||
|  |   boot_volume = { | ||||||
|  |     source_type = "volume" | ||||||
|  |     source_id   = stackit_volume.pfsense_vol.volume_id | ||||||
|  |   } | ||||||
|   availability_zone = var.zone |   availability_zone = var.zone | ||||||
|   volume_type       = "storage_premium_perf4" |   machine_type      = var.flavor | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # Create virtual Server | resource "stackit_server_network_interface_attach" "nic-attachment-lan" { | ||||||
| resource "openstack_compute_instance_v2" "instance_fw" { |   project_id           = var.STACKIT_PROJECT_ID | ||||||
|   name              = "pfSense" # Server name |   server_id            = stackit_server.pfsense_Server.server_id | ||||||
|   flavor_name       = var.flavor |   network_interface_id = stackit_network_interface.nic_lan.network_interface_id | ||||||
|   availability_zone = var.zone |  | ||||||
| 
 |  | ||||||
|   block_device { |  | ||||||
|     uuid                  = openstack_blockstorage_volume_v3.fw_root_volume.id |  | ||||||
|     source_type           = "volume" |  | ||||||
|     destination_type      = "volume" |  | ||||||
|     boot_index            = 0 |  | ||||||
|     delete_on_termination = true |  | ||||||
|   } |  | ||||||
| 
 |  | ||||||
|   network { |  | ||||||
|     port = openstack_networking_port_v2.wan_port_1.id |  | ||||||
|   } |  | ||||||
| 
 |  | ||||||
|   network { |  | ||||||
|     port = openstack_networking_port_v2.vpc_port_1.id |  | ||||||
|   } |  | ||||||
| 
 |  | ||||||
| } | } | ||||||
| 
 | resource "stackit_server_network_interface_attach" "nic-attachment-wan" { | ||||||
| # Network Ports |   project_id           = var.STACKIT_PROJECT_ID | ||||||
| resource "openstack_networking_port_v2" "wan_port_1" { |   server_id            = stackit_server.pfsense_Server.server_id | ||||||
|   name                  = "FW WAN Port" |   network_interface_id = stackit_network_interface.nic_wan.network_interface_id | ||||||
|   network_id            = openstack_networking_network_v2.wan_network.id |  | ||||||
|   admin_state_up        = "true" |  | ||||||
|   port_security_enabled = "false" |  | ||||||
|   fixed_ip { |  | ||||||
|     subnet_id = openstack_networking_subnet_v2.wan_subnet_1.id |  | ||||||
|   } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| resource "openstack_networking_port_v2" "vpc_port_1" { |  | ||||||
|   name                  = "FW VPC Port" |  | ||||||
|   network_id            = openstack_networking_network_v2.vpc_network.id |  | ||||||
|   admin_state_up        = "true" |  | ||||||
|   port_security_enabled = "false" |  | ||||||
|   fixed_ip { |  | ||||||
|     subnet_id = openstack_networking_subnet_v2.vpc_subnet_1.id |  | ||||||
|   } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| # Add FloatingIP |  | ||||||
| resource "openstack_networking_floatingip_v2" "fip" { |  | ||||||
|   pool = "floating-net" |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| resource "openstack_networking_floatingip_associate_v2" "fip" { |  | ||||||
|   floating_ip = openstack_networking_floatingip_v2.fip.address |  | ||||||
|   port_id     = openstack_networking_port_v2.wan_port_1.id |  | ||||||
| } | } | ||||||
		Loading…
	
		Reference in a new issue
	
	 StackedDane
						StackedDane