From 0a03f5bb81d8e15dfc30b699ec4c71cd3bef1e4f Mon Sep 17 00:00:00 2001 From: Arnaud Morin Date: Wed, 23 Mar 2022 23:56:51 +0100 Subject: [PATCH] Add last Signed-off-by: Arnaud Morin --- .gitignore | 1 + terraform/training/102.md | 13 +++- terraform/training/103.md | 57 ++++++++++++++++++ terraform/training/files/.gitignore | 4 ++ terraform/training/files/backend.tf.gpg | Bin 0 -> 1235 bytes terraform/training/files/frontend.tf.gpg | Bin 0 -> 1377 bytes terraform/training/files/install-nginx.sh.tpl | 19 ++++++ terraform/training/files/network.tf.gpg | Bin 0 -> 1156 bytes terraform/training/files/output.tf.gpg | Bin 0 -> 979 bytes terraform/training/files/provider.tf.gpg | Bin 0 -> 966 bytes 10 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 .gitignore create mode 100644 terraform/training/103.md create mode 100644 terraform/training/files/.gitignore create mode 100644 terraform/training/files/backend.tf.gpg create mode 100644 terraform/training/files/frontend.tf.gpg create mode 100644 terraform/training/files/install-nginx.sh.tpl create mode 100644 terraform/training/files/network.tf.gpg create mode 100644 terraform/training/files/output.tf.gpg create mode 100644 terraform/training/files/provider.tf.gpg diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1377554 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.swp diff --git a/terraform/training/102.md b/terraform/training/102.md index 4d83846..a57430e 100644 --- a/terraform/training/102.md +++ b/terraform/training/102.md @@ -53,6 +53,17 @@ Ajouter une resource output pour afficher l'url de votre serveur demo-flask: ```bash # Adaptez demo-flask avec le nom de votre serveur output "demo-flask-url" { - value = "${format("http://%s", openstack_compute_instance_v2.demo-flask.address)}" + value = "${format("http://%s", openstack_compute_instance_v2.demo-flask.address)}:8080" } ``` + +## Ajout d'une resource security group +Vous avez essayer d'ouvrir l'url ? Cela fonctionne-t-il ? + +Il vous manque sans doute quelques resources pour gerer les security groups rules: +``` +openstack_networking_secgroup_v2 +openstack_networking_secgroup_rule_v2 +``` + +N'oubliez pas que `demo-flask` ecoute par defaut sur le port 8080 ! diff --git a/terraform/training/103.md b/terraform/training/103.md new file mode 100644 index 0000000..c4b70f9 --- /dev/null +++ b/terraform/training/103.md @@ -0,0 +1,57 @@ +# Terraform 103 + +## Objectif + +Maintenant que vous avez les rudiments terraform, essayer de deployer `demo-flask` en backend avec `nginx` en frontend tout en utilisant une `floatin-ip` sur le frontend. + +``` + INTERNET + + │ + │ + │ + │ + │ + │ + │ + │ + ▼ + ┌───────────────────┐ + │ │ + │ FLOATING IP │ + │ │ +┌──────────┴───────────────────┴───────────┐ +│ │ +│ │ +│ │ +│ FRONTEND (NGINX) │ +│ │ +│ │ +│ │ +│ │ +└────────────────────┬─────────────────────┘ + │ + │ + │ + │ + │ + ▼ +┌──────────────────────────────────────────┐ +│ │ +│ │ +│ │ +│ │ +│ BACKEND (DEMO-FLASK) │ +│ │ +│ │ +│ │ +└──────────────────────────────────────────┘ +``` + +Pour vous aider, je vous donne un fichier d'installation de nginx (template terraform) en mode proxy + certificat https: + +[install-nginx.sh.tpl](files/install-nginx.sh.tpl) + + +## Solution +La solution est dans les fichiers `.tf.gpg` mais ils sont chiffres avec la clef GPG d'arnaud. Vous ne pouvez pas les dechiffrer, ils vous faut trouver la solution par vous meme. diff --git a/terraform/training/files/.gitignore b/terraform/training/files/.gitignore new file mode 100644 index 0000000..dce1191 --- /dev/null +++ b/terraform/training/files/.gitignore @@ -0,0 +1,4 @@ +*.tf +*.tfstate +.terraform.lock.hcl +.terraform diff --git a/terraform/training/files/backend.tf.gpg b/terraform/training/files/backend.tf.gpg new file mode 100644 index 0000000000000000000000000000000000000000..8a7346b60a253e0a9edf5d1e2dd2cd34a6ebbf52 GIT binary patch literal 1235 zcmV;^1T6c70t^E@;?z;sonGjr>Wo9moP09f9 zyuCKkVojBe>{=GY#wm{7#mI4B=`;(;2E2qLS!2rLB+;*c@vUXOBFyfv8DWI1DA>(K zQVs-d@h3F$qRfV4bA}0b%GG9Fh12RRi(!n~<{|z-|7h4=0Lz5Qqxc|`!EYvx!BO3*$O_~SRv>L z&ex9E1^+7c{`kC~-TtWq+^XkLAGTPukUh+S?5LnKzhvVEaFKRNxX3jU2Jkg_iV;oa>;^oM4P`yN~ zNAvc_#YIM1L7eMiT5S8NYUn%{u8D&ao4p{JoQ<~hFVdaAp5^V^MgBUshoUG19v)G5 zO1P0oD_^%4$9Y?>b+-f^$SHgkLy~g_G=uE-$}rdky%Dv0*}xIu1;c4Df6%}mwL=_~ z*A zGI{Q*XxDanhLygG`l^iM{*Y!FZTeggh--liEB2VVBR|#sZHdieqiBg1ZJQTLR<{rC zl+Juw`VenJ56c?q_4bt>Ju=>~;eZ|pvl}qsi9AxO+?BNhVBgmN)dLo7=07B))sDU< z%_`J{Hnu7^y2ZnG3-6j`HKPIN_#Cs53L0aCLz+v&d1IBT!ySV00Nz-HnX*p?6)&Nu zH6QYhsT_q?!r(_~P>SqMuonK$*|!m0Y0W?SPTa<;1pI zgH+wqHw=R*Tg7_;*bM;=e7AsbsoE}xG)Uuucqo?eSA*Z~q#`}VunpO4Yaf0Ff@yc} zkcEYz#WKiX9t?FoAUs}vCD28x3m9-FA;4Co15q(qTQ~WW%%>j2!$r+iI6JNKhxj-r xrK?qHIrtQvP$_hr9^#Af7xs5Qi^!|$_<`TaG9(`6!Od0<^~kb3_#O4Em?wo}WJ3S| literal 0 HcmV?d00001 diff --git a/terraform/training/files/frontend.tf.gpg b/terraform/training/files/frontend.tf.gpg new file mode 100644 index 0000000000000000000000000000000000000000..5d5985644b2d6f9f1fa9222a899cad641d6f6644 GIT binary patch literal 1377 zcmV-n1)lna0t^E(xqye`p4PlBu#yaz4(u^ktLL5f&rwY-%>J$ z5RjgHa&!f06E6d;KIhe%lMP1;WSv9Mp;a168ek1;ya$NT33}agt&5i?WF;OU>UV0O zSKaAUU@|CO_{V&qm{*=I%a6mS&Q#9lD*1ifBIF1ILInGHg1Y7;N+1z#!uhWf!j_1 zj@g+-f5P_9H(Jh!CK9atSgk>0f+9dxwEbmATnIzHe4ozE7qCc3fU^ByRu?($8^>^v zF@@k%S90<%u{2%-JokF}E5SR+@Gv93~&><#eJE8-HuHr7J)zmSK6>8s-=hDeJ1z^tw`6MJ8eVy83FsiK3N$t1M8 zo~oWtRnQNbhG=3a3WjWY*#;X3SY79z6dFS*J2Jz3(?iaIN^08Nx-NubZB-F*ko}mj z2|S)l+7rx1*_o&TEEq}zJ zV7>&buzSt|bdebp`8}SHWi8LqfV8*hv&EHb%RLdhF|fM+7+P41R@)B3S=chT=Nsz- z1+FXuQtT1lE~dvG!I({nsSr44e63T0UGpMpNIE-9sJ!T~YR!P*L#kSeuXYZP1GHj5 zQF<}m&QASBU48V0lyW%94=9g4H=HJ(-Si|kyhzJugK z6g36tPR=F@)yIfThp7AtlLcu!8&SeB?-2-B8B9jwLCXro3LM><9Iv_ z$ahbO#@p~*>0Nb?t&WAdno$H5Z3YOc91$5F^C-9gtW)Pgf zyn#w%J^k9D@a{v8re^`kSr?%km_P z{4N91gaaetVCa!j$Ih-~Ax8IhF9xkDR3MYMPzvg_a?S|M&%Bkl^*G(bpE&??dq(fM z2rJVF|1BZ)*8yA1BLIVtO&s_@zuOehxHM=byusD9WhpWh8&^%lg)fzKaddFcV&g~% j=OmC}UToKQk)HRqh4Ud*$yBGs_Gy#Y))MS(L-B%kh2orD literal 0 HcmV?d00001 diff --git a/terraform/training/files/install-nginx.sh.tpl b/terraform/training/files/install-nginx.sh.tpl new file mode 100644 index 0000000..7d709bd --- /dev/null +++ b/terraform/training/files/install-nginx.sh.tpl @@ -0,0 +1,19 @@ +#!/bin/bash +apt-get update +apt-get install -y nginx python3-certbot-nginx certbot +cat < /etc/nginx/sites-enabled/default +server { + listen 80; + server_name ${frontend}.xip.opensteak.fr; + listen [::]:80; + access_log /var/log/nginx/reverse-access.log; + error_log /var/log/nginx/reverse-error.log; + location / { proxy_pass http://${backend}:8080; } +} +EOF + +systemctl restart nginx + +# certbot +certbot run --agree-tos --register-unsafely-without-email --non-interactive --nginx --redirect --domain ${frontend}.xip.opensteak.fr + diff --git a/terraform/training/files/network.tf.gpg b/terraform/training/files/network.tf.gpg new file mode 100644 index 0000000000000000000000000000000000000000..6ab2a47531d0cc3db0a5ad7b42a85731b7d92ce9 GIT binary patch literal 1156 zcmV-~1bh310t^E`j_>z{6T|7fyO)647W zs1gsAyy!gXidXvB0aS}rrBnM_fbk4Sg*_hdW`YA};u8Edn;!WguCwW)P|=k35WH`b zp_@V{9v%;|T!If4A@Us{!0@G0b!t`&Xz2fEveVl7;okdqt zhJqb|z?&38plE$=Si%Ke&Da&I4mdWH(ACL0qx_(52+nt!rdb&JfrhJ_Ip+e$V{gWP z3a@O&*@`}GspSma_&ame;#nuF2@xK{yDHBV0KOsu+=U^oR&B>dhZkx7SI5W{47_Bu zo?cKWCMhe;KsSW}3QB6=r0gRf>usH6z5qkb~lRY0H zbP2YLwl}IzTF>+|=;AiS=ob4nq=Fc-;?eH>`aIES)(awmd z%he&pdDn#`h+hpr-(azUvjFTdhqK~G(OZBW15C-M*8=5>{buug{;^kkrC_$!+{h=D zp03j-h3*$~vG$7}PWvnVdP~&8=xi~oVeMt+`=`uINWnxl0<^!e%Kj21w(_e02 zRjbZWT56M%vHWbm6tM@7Tno=6p)Hb{rmVX;dLFv+rzotJW>=oOs!%lO9$s1l-pQlt9ujysiQS`38s2G`kXv znO4$L#LrDk9Bh52_!E^ WeNMM6cjG#OFqj}Mbz;8LPUvHdrbBoD literal 0 HcmV?d00001 diff --git a/terraform/training/files/output.tf.gpg b/terraform/training/files/output.tf.gpg new file mode 100644 index 0000000000000000000000000000000000000000..86ca9deb4ab09ca457694bf1de7aa8d803970c0c GIT binary patch literal 979 zcmV;^11$W70t^E|2NWx1w zbQGfOc2z^~J!GgngS!DKn~IO3z58}J%4kw*qNpxQ%weU0^u6ZltNw)iyX!q`;n;!L zt4TFAIo1n{)Zy%@bSAdosk)r+PIwbkg=bx+)OCg^6PrhFRb)sG@t{VO!7=AW9$wVrr>K$#rTSX^5x;ATA(13UdCZmKVoP7?t!Mz*q%-*v5 z2SAdG=&yh-TrNGWYG^6ApX?LVS5E`1{&^eBKcrlG{6z)FqCYe+@5rfU`tKJh6Z>LP zs;;{1&}+)?(sro5oY}w3p_3kM8LR z1+kPr9gqUu9qv!Zg@#u+Zzzah&vSYERwSNdnUqL)A+Zk6`RavnnB)0V$AH33m8GwZ&3Riv0bqj z4-n<1kiD#>e=IPTz6H)7s}dekq3cPG^s{ex{q`0}mMzsh*ase+2R50rDHC|_tJd}m2P-3T0cbI4aJkqQPQ&kdd>FuItcZ?L`fJfid9gxV%^ z4aDCzjQxdb8!)r2v~?!*p7YgmuamG3mBwX{L5%;NiDsAZ#wr_lno)t>IIT1Wm7`vM z_nymb1A4cjXDpLj0WF4rw*xQq-~a^MatA)@o>qYfiyks-q-)mOGPrdTw4tY+J^3?p B-$4KX literal 0 HcmV?d00001 diff --git a/terraform/training/files/provider.tf.gpg b/terraform/training/files/provider.tf.gpg new file mode 100644 index 0000000000000000000000000000000000000000..b448ac0eddc05a87c141860ba991e3213ae7cd3a GIT binary patch literal 966 zcmV;%13CPK0t^E)5d?mw=Dmx1FE4B&D+^sFIemX zMr$f63XwLDnh)f-wLvl0VX3S-Ov9354IzCt_fQ(NF*oFu6^T2-eHbDIbq2S z0>~#B&9DF0kYWP`5P)sW9oPH2NeJXR{PN3a(0NRXXntuY7M3w_BYZ-nThTt~RW88B zaYtY(t;}mqdH#u|zalCiZmN2|*$6q8@}&SI0H)xNr#U|aYyV$>$w)wkr`P%`jeFrv z!<=mzK>$n&;vTy0l|LsQNx1p}4JtS&tVNqXaN4x5S>a%!Mv@ry@WPIlNC_TRRRoa% ze?6qzh}V5JFc&owSya=YyQx<9ABSIa?zV;z|%XEjmgy7fSY$ zdwlToZ=$O5ni56sfdGX83qm)J)OYVTf5pzrxRjLVF1lxHerktcT(nD;)Rn0@9`dU0jDGteHi@T{=sUKe^bA%?8L7D!;;` z&9FrIh9A7T)?2gV9>9wS_As#9C@}^$>#mUwOqU2%!tFQ*cO>eBz=B6_&!O)tqeVP!=OH_mEd!EIyY ou^goknbYz#YO}Dmg1sxhe`e}0s`oiTnk^~zDamvrshwe(nDY|QKmY&$ literal 0 HcmV?d00001