Merge pull request #20 from LombardiDaniel/main

Example: VMs cluster with a simple (HAProxy) L4 LoadBalancer

Author: lfpicoloto1

.gitignore

@@ -1,4 +1,5 @@
 .terraform/
 terraform.tfstate
 .terraform.lock.hcl
-terraform.tfstate.backup
+terraform.tfstate.backup
+*.tfvars

advanced/private-vms-with-lb-bastion/main.tf

@@ -0,0 +1,142 @@
+terraform {
+  required_providers {
+    mgc = {
+      source  = "magalucloud/mgc"
+      version = "0.29.2"
+    }
+  }
+}
+
+module "network" {
+  source = "./modules/network"
+
+  api_key = var.api_key
+
+  project_name      = var.project_name
+  allowed_tcp_ports = var.allowed_tcp_ports
+  allowed_udp_ports = var.allowed_udp_ports
+  lb_tcp_ports      = var.lb_tcp_ports
+  lb_udp_ports      = var.lb_udp_ports
+}
+
+resource "mgc_ssh_keys" "ssh_keys" {
+  name = "${var.project_name}-ssh-key"
+  key  = var.ssh_key
+}
+
+locals {
+  cluster_majority = floor(0.5 + (var.cluster_size + 1) / 2)
+  cluster_minority = var.cluster_size - local.cluster_majority
+}
+
+resource "mgc_virtual_machine_instances" "cluster_lb" {
+  name = "${var.project_name}-lb"
+  machine_type = {
+    name = var.lb_machine_type
+  }
+  image = {
+    name = "cloud-debian-12 LTS"
+  }
+  network = {
+    # vpc = {
+    #   id = module.network.vpc_id
+    # }
+    associate_public_ip = true
+    delete_public_ip    = true
+    interface = {
+      security_groups = [
+        { id = module.network.lb_sec_group_id },
+        { id = module.network.ssh_sec_group_id },
+      ]
+    }
+  }
+
+  ssh_key_name = mgc_ssh_keys.ssh_keys.name
+}
+
+resource "mgc_virtual_machine_instances" "node_instances" {
+  count = var.cluster_size
+  name  = "${var.project_name}-node-${count.index}"
+  machine_type = {
+    name = var.nodes_machine_type
+  }
+  image = {
+    name = "cloud-debian-12 LTS"
+  }
+  network = {
+    # vpc = {
+    #   id = module.network.vpc_id
+    # }
+    associate_public_ip = false
+    delete_public_ip    = false
+    interface = {
+      security_groups = [
+        { id = module.network.nodes_sec_group_id },
+        { id = module.network.lb_sec_group_id },
+        { id = module.network.ssh_sec_group_id },
+      ]
+    }
+  }
+
+  ssh_key_name = mgc_ssh_keys.ssh_keys.name
+}
+
+resource "null_resource" "provision_lb" {
+  provisioner "remote-exec" {
+    inline = [
+      "sudo apt-get update",
+      "sudo apt-get install haproxy -y",
+      "sudo bash -c 'echo \"ENABLED=1\" >> /etc/default/haproxy'"
+    ]
+  }
+
+  provisioner "file" {
+    content = <<-EOT
+%{for port in var.lb_tcp_ports[*]~}
+frontend tcp_${port}_in
+  bind *:${port}
+  default_backend tcp_${port}_out
+%{endfor~}
+
+%{for port in var.lb_udp_ports[*]~}
+frontend udp_${port}_in
+  bind *:${port}
+  default_backend udp_${port}_out
+%{endfor~}
+
+%{for port in var.lb_tcp_ports[*]~}
+backend tcp_${port}_out
+  mode tcp
+  %{for node in mgc_virtual_machine_instances.node_instances[*]~}
+  server ${node.name} ${node.network.private_address}:${port} check
+  %{endfor~}
+
+%{endfor~}
+
+%{for port in var.lb_udp_ports[*]~}
+backend udp_${port}_out
+  mode udp
+  %{for node in mgc_virtual_machine_instances.node_instances[*]~}
+  server ${node.name} ${node.network.private_address}:${port} check
+  %{endfor~}
+
+%{endfor~}
+EOT
+    # destination = "/etc/haproxy/haproxy.cfg"
+    destination = "/home/debian/haproxy.cfg"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo mv /home/debian/haproxy.cfg /etc/haproxy/haproxy.cfg",
+      "sudo service haproxy restart",
+    ]
+  }
+
+  connection {
+    type        = "ssh"
+    user        = "debian"
+    private_key = file(var.ssh_private_key_path)
+    host        = mgc_virtual_machine_instances.cluster_lb.network.public_address
+  }
+}

advanced/private-vms-with-lb-bastion/modules/network/main.tf

@@ -0,0 +1,79 @@
+terraform {
+  required_providers {
+    mgc = {
+      source  = "magalucloud/mgc"
+      version = "0.29.2"
+    }
+  }
+}
+
+# resource "mgc_network_vpcs" "cluster_vpc" {
+#   name        = "${var.project_name}-vpc"
+#   description = "${var.project_name}-vpc"
+# }
+
+resource "mgc_network_security_groups" "ssh_sec_group" {
+  name = "${var.project_name}-ssh-sec-group"
+}
+
+resource "mgc_network_security_groups" "instances_sec_group" {
+  name = "${var.project_name}-workers-sec-group"
+}
+
+resource "mgc_network_security_groups" "lb_sec_group" {
+  name = "${var.project_name}-lb-sec-group"
+}
+
+resource "mgc_network_security_groups_rules" "allow_ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_max    = 22
+  port_range_min    = 22
+  protocol          = "tcp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = mgc_network_security_groups.ssh_sec_group.id
+}
+
+resource "mgc_network_security_groups_rules" "allow_tcp" {
+  for_each          = toset([for port in var.allowed_tcp_ports : tostring(port)])
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_max    = each.key
+  port_range_min    = each.key
+  protocol          = "tcp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = mgc_network_security_groups.instances_sec_group.id
+}
+
+resource "mgc_network_security_groups_rules" "allow_udp" {
+  for_each          = toset([for port in var.allowed_udp_ports : tostring(port)])
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_max    = each.key
+  port_range_min    = each.key
+  protocol          = "udp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = mgc_network_security_groups.instances_sec_group.id
+}
+
+resource "mgc_network_security_groups_rules" "allow_tcp_lb" {
+  for_each          = toset([for port in var.lb_tcp_ports : tostring(port)])
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_max    = each.key
+  port_range_min    = each.key
+  protocol          = "tcp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = mgc_network_security_groups.lb_sec_group.id
+}
+
+resource "mgc_network_security_groups_rules" "allow_udp_lb" {
+  for_each          = toset([for port in var.lb_udp_ports : tostring(port)])
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_max    = each.key
+  port_range_min    = each.key
+  protocol          = "tcp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = mgc_network_security_groups.lb_sec_group.id
+}

advanced/private-vms-with-lb-bastion/modules/network/outputs.tf

@@ -0,0 +1,15 @@
+# output "vpc_id" {
+#   value = mgc_network_vpcs.cluster_vpc.id
+# }
+
+output "nodes_sec_group_id" {
+  value = mgc_network_security_groups.instances_sec_group.id
+}
+
+output "lb_sec_group_id" {
+  value = mgc_network_security_groups.lb_sec_group.id
+}
+
+output "ssh_sec_group_id" {
+  value = mgc_network_security_groups.ssh_sec_group.id
+}

advanced/private-vms-with-lb-bastion/modules/network/providers.tf

@@ -0,0 +1,11 @@
+provider "mgc" {
+  alias   = "sudeste"
+  region  = "br-se1"
+  api_key = var.api_key
+}
+
+# provider "mgc" {
+#   alias = "nordeste"
+#   region = "br-ne1"
+#   api_key = var.api_key
+# }

advanced/private-vms-with-lb-bastion/modules/network/variables.tf

@@ -0,0 +1,28 @@
+variable "project_name" {
+  type = string
+}
+
+variable "allowed_udp_ports" {
+  type    = list(number)
+  default = []
+}
+
+variable "allowed_tcp_ports" {
+  type    = list(number)
+  default = []
+}
+
+variable "lb_tcp_ports" {
+  type    = list(number)
+  default = []
+}
+
+variable "lb_udp_ports" {
+  type    = list(number)
+  default = []
+}
+
+variable "api_key" {
+  description = "MGC_API_KEY"
+  type        = string
+}

advanced/private-vms-with-lb-bastion/outputs.tf

@@ -0,0 +1,63 @@
+output "cluster_info" {
+  value = <<-EOT
+Cluster:
+Cluter Size: ${var.cluster_size}
+Marjority: ${local.cluster_majority}
+Minority: ${local.cluster_minority}
+Bastion/LB IP: ${mgc_virtual_machine_instances.cluster_lb.network.public_address}
+EOT
+}
+
+resource "local_file" "hosts_ini" {
+  filename = var.hosts_ini_path
+  content  = <<-EOT
+[bastion]
+${mgc_virtual_machine_instances.cluster_lb.network.public_address}
+
+[nodes]
+%{for node in mgc_virtual_machine_instances.node_instances[*]~}
+${node.network.private_address} ansible_ssh_common_args="-J debian@${mgc_virtual_machine_instances.cluster_lb.network.public_address}"
+%{endfor~}
+
+[all]
+${mgc_virtual_machine_instances.cluster_lb.network.public_address}
+%{for node in mgc_virtual_machine_instances.node_instances[*]~}
+${node.network.private_address} ansible_ssh_common_args="-J debian@${mgc_virtual_machine_instances.cluster_lb.network.public_address}"
+%{endfor~}
+EOT
+}
+
+
+# output "haproxy_cfg" {
+#   value = <<-EOT
+# %{for port in var.lb_tcp_ports[*]~}
+# frontend tcp_${port}_in
+#   bind *:${port}
+#   default_backend tcp_${port}_out
+# %{endfor~}
+
+# %{for port in var.lb_udp_ports[*]~}
+# frontend udp_${port}_in
+#   bind *:${port}
+#   default_backend udp_${port}_out
+# %{endfor~}
+
+# %{for port in var.lb_tcp_ports[*]~}
+# backend tcp_${port}_out
+#   mode tcp
+#   %{for node in mgc_virtual_machine_instances.node_instances[*]~}
+#   server ${node.name} ${node.network.private_address}:${port} check
+#   %{endfor~}
+
+# %{endfor~}
+
+# %{for port in var.lb_udp_ports[*]~}
+# backend udp_${port}_out
+#   mode udp
+#   %{for node in mgc_virtual_machine_instances.node_instances[*]~}
+#   server ${node.name} ${node.network.private_address}:${port} check
+#   %{endfor~}
+
+# %{endfor~}
+# EOT
+# }

advanced/private-vms-with-lb-bastion/providers.tf

@@ -0,0 +1,13 @@
+provider "mgc" {
+  alias   = "sudeste"
+  region  = "br-se1"
+  api_key = var.api_key
+}
+
+# provider "mgc" {
+#   alias = "nordeste"
+#   region = "br-ne1"
+#   api_key = var.api_key
+# }
+
+provider "time" {}