OpenTofu Übung
- Installation von OpenTofu
https://github.com/opentofu/opentofu/releases/
sudo dpkg -i tofu_*_amd64.deb
tofu version
- Verzeichnis erstellen
mkdir tofu
cd tofu
- vi /etc/hosts
172.20.41.1 controller
- clouds.yaml kopieren (ggf. aus Openstack-Dashboard runterladen)
- main.tf anlegen
- Initialisieren
tofu init
tofu plan
- Anwenden
tofu apply
(tofu destroy)
clouds.yaml
clouds:
mycloud:
auth:
auth_url: http://172.20.41.1:5000/v3
username: myusername
password: mypassword
project_name: AKKT-2510781000-ha
user_domain_name: Default
project_domain_name: Default
region_name: RegionOne
interface: public
identity_api_version: 3
main.tf
terraform {
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "~> 1.52.1"
}
}
}
provider "openstack" {
cloud = "mycloud"
}
resource "openstack_networking_network_v2" "private_net" {
name = "private-net"
}
resource "openstack_networking_subnet_v2" "private_subnet" {
name = "private-subnet"
network_id = openstack_networking_network_v2.private_net.id
cidr = "10.0.0.0/24"
ip_version = 4
gateway_ip = "10.0.0.254"
enable_dhcp = true
allocation_pool {
start = "10.0.0.1"
end = "10.0.0.200"
}
dns_nameservers = ["1.1.1.1", "8.8.8.8"]
}
data "openstack_networking_network_v2" "external_net" {
name = "provider"
}
resource "openstack_networking_router_v2" "router" {
name = "private-router"
external_network_id = data.openstack_networking_network_v2.external_net.id
}
resource "openstack_networking_router_interface_v2" "router_interface" {
router_id = openstack_networking_router_v2.router.id
subnet_id = openstack_networking_subnet_v2.private_subnet.id
}
data "openstack_images_image_v2" "ubuntu_image" {
name = "Ubuntu 24.04"
}
data "openstack_images_image_v2" "debian_image" {
name = "Debian 12"
}
resource "openstack_blockstorage_volume_v3" "ubuntu_volume" {
name = "ubuntu-vol"
size = 5
image_id = data.openstack_images_image_v2.ubuntu_image.id
}
resource "openstack_blockstorage_volume_v3" "debian_volume" {
name = "debian-vol"
size = 5
image_id = data.openstack_images_image_v2.debian_image.id
}
resource "openstack_compute_instance_v2" "ubuntu_vm" {
name = "ubuntu-vm"
flavor_name = "m1.medium"
key_pair = "nb4"
block_device {
uuid = openstack_blockstorage_volume_v3.ubuntu_volume.id
source_type = "volume"
destination_type = "volume"
boot_index = 0
delete_on_termination = true
}
network {
uuid = openstack_networking_network_v2.private_net.id
}
}
resource "openstack_compute_instance_v2" "debian_vm" {
name = "debian-vm"
flavor_name = "m1.medium"
key_pair = "nb4"
block_device {
uuid = openstack_blockstorage_volume_v3.debian_volume.id
source_type = "volume"
destination_type = "volume"
boot_index = 0
delete_on_termination = true
}
network {
uuid = openstack_networking_network_v2.private_net.id
}
}
resource "openstack_networking_floatingip_v2" "ubuntu_fip" {
pool = "provider"
}
resource "openstack_networking_floatingip_v2" "debian_fip" {
pool = "provider"
}
resource "openstack_compute_floatingip_associate_v2" "ubuntu_fip_assoc" {
depends_on = [openstack_networking_router_interface_v2.router_interface]
floating_ip = openstack_networking_floatingip_v2.ubuntu_fip.address
instance_id = openstack_compute_instance_v2.ubuntu_vm.id
}
resource "openstack_compute_floatingip_associate_v2" "debian_fip_assoc" {
depends_on = [openstack_networking_router_interface_v2.router_interface]
floating_ip = openstack_networking_floatingip_v2.debian_fip.address
instance_id = openstack_compute_instance_v2.debian_vm.id
}
data "openstack_networking_secgroup_v2" "default" {
name = "default"
}
resource "openstack_networking_secgroup_rule_v2" "default_ssh_ingress" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 22
port_range_max = 22
remote_ip_prefix = "0.0.0.0/0"
security_group_id = data.openstack_networking_secgroup_v2.default.id
}