mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-01 07:42:40 +00:00
Fmt all the config files
Signed-off-by: Valentin Pichard <valentin.pichard@corp.ovh.com>
This commit is contained in:
parent
503cec4e5c
commit
baeb764181
|
@ -1,39 +1,39 @@
|
|||
# See https://cloud.google.com/compute/docs/load-balancing/network/example
|
||||
|
||||
provider "google" {
|
||||
region = "${var.region}"
|
||||
project = "${var.project_name}"
|
||||
region = "${var.region}"
|
||||
project = "${var.project_name}"
|
||||
credentials = "${file("${var.credentials_file_path}")}"
|
||||
}
|
||||
|
||||
resource "google_compute_http_health_check" "default" {
|
||||
name = "tf-www-basic-check"
|
||||
request_path = "/"
|
||||
check_interval_sec = 1
|
||||
healthy_threshold = 1
|
||||
name = "tf-www-basic-check"
|
||||
request_path = "/"
|
||||
check_interval_sec = 1
|
||||
healthy_threshold = 1
|
||||
unhealthy_threshold = 10
|
||||
timeout_sec = 1
|
||||
timeout_sec = 1
|
||||
}
|
||||
|
||||
resource "google_compute_target_pool" "default" {
|
||||
name = "tf-www-target-pool"
|
||||
instances = ["${google_compute_instance.www.*.self_link}"]
|
||||
name = "tf-www-target-pool"
|
||||
instances = ["${google_compute_instance.www.*.self_link}"]
|
||||
health_checks = ["${google_compute_http_health_check.default.name}"]
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "default" {
|
||||
name = "tf-www-forwarding-rule"
|
||||
target = "${google_compute_target_pool.default.self_link}"
|
||||
name = "tf-www-forwarding-rule"
|
||||
target = "${google_compute_target_pool.default.self_link}"
|
||||
port_range = "80"
|
||||
}
|
||||
|
||||
resource "google_compute_instance" "www" {
|
||||
count = 3
|
||||
|
||||
name = "tf-www-${count.index}"
|
||||
name = "tf-www-${count.index}"
|
||||
machine_type = "f1-micro"
|
||||
zone = "${var.region_zone}"
|
||||
tags = ["www-node"]
|
||||
zone = "${var.region_zone}"
|
||||
tags = ["www-node"]
|
||||
|
||||
disk {
|
||||
image = "ubuntu-os-cloud/ubuntu-1404-trusty-v20160602"
|
||||
|
@ -41,6 +41,7 @@ resource "google_compute_instance" "www" {
|
|||
|
||||
network_interface {
|
||||
network = "default"
|
||||
|
||||
access_config {
|
||||
# Ephemeral
|
||||
}
|
||||
|
@ -51,26 +52,28 @@ resource "google_compute_instance" "www" {
|
|||
}
|
||||
|
||||
provisioner "file" {
|
||||
source = "${var.install_script_src_path}"
|
||||
source = "${var.install_script_src_path}"
|
||||
destination = "${var.install_script_dest_path}"
|
||||
|
||||
connection {
|
||||
type = "ssh"
|
||||
user = "root"
|
||||
type = "ssh"
|
||||
user = "root"
|
||||
private_key = "${file("${var.private_key_path}")}"
|
||||
agent = false
|
||||
agent = false
|
||||
}
|
||||
}
|
||||
|
||||
provisioner "remote-exec" {
|
||||
connection {
|
||||
type = "ssh"
|
||||
user = "root"
|
||||
type = "ssh"
|
||||
user = "root"
|
||||
private_key = "${file("${var.private_key_path}")}"
|
||||
agent = false
|
||||
agent = false
|
||||
}
|
||||
|
||||
inline = [
|
||||
"chmod +x ${var.install_script_dest_path}",
|
||||
"sudo ${var.install_script_dest_path} ${count.index}"
|
||||
"sudo ${var.install_script_dest_path} ${count.index}",
|
||||
]
|
||||
}
|
||||
|
||||
|
@ -80,14 +83,14 @@ resource "google_compute_instance" "www" {
|
|||
}
|
||||
|
||||
resource "google_compute_firewall" "default" {
|
||||
name = "tf-www-firewall"
|
||||
name = "tf-www-firewall"
|
||||
network = "default"
|
||||
|
||||
allow {
|
||||
protocol = "tcp"
|
||||
ports = ["80"]
|
||||
ports = ["80"]
|
||||
}
|
||||
|
||||
source_ranges = ["0.0.0.0/0"]
|
||||
target_tags = ["www-node"]
|
||||
target_tags = ["www-node"]
|
||||
}
|
||||
|
|
|
@ -12,25 +12,25 @@ variable "project_name" {
|
|||
|
||||
variable "credentials_file_path" {
|
||||
description = "Path to the JSON file used to describe your account credentials"
|
||||
default = "~/.gcloud/Terraform.json"
|
||||
default = "~/.gcloud/Terraform.json"
|
||||
}
|
||||
|
||||
variable "public_key_path" {
|
||||
description = "Path to file containing public key"
|
||||
default = "~/.ssh/gcloud_id_rsa.pub"
|
||||
default = "~/.ssh/gcloud_id_rsa.pub"
|
||||
}
|
||||
|
||||
variable "private_key_path" {
|
||||
description = "Path to file containing private key"
|
||||
default = "~/.ssh/gcloud_id_rsa"
|
||||
default = "~/.ssh/gcloud_id_rsa"
|
||||
}
|
||||
|
||||
variable "install_script_src_path" {
|
||||
description = "Path to install script within this repository"
|
||||
default = "scripts/install.sh"
|
||||
default = "scripts/install.sh"
|
||||
}
|
||||
|
||||
variable "install_script_dest_path" {
|
||||
description = "Path to put the install script on each destination resource"
|
||||
default = "/tmp/install.sh"
|
||||
default = "/tmp/install.sh"
|
||||
}
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
variable "project" {
|
||||
description = "Your project name"
|
||||
description = "Your project name"
|
||||
}
|
||||
|
||||
variable "region1" {
|
||||
description = "The desired region for the first network & VPN and project"
|
||||
description = "The desired region for the first network & VPN and project"
|
||||
}
|
||||
|
||||
variable "region2" {
|
||||
description = "The desired region for the second network & VPN"
|
||||
description = "The desired region for the second network & VPN"
|
||||
}
|
||||
|
|
|
@ -1,172 +1,182 @@
|
|||
# An example of how to connect two GCE networks with a VPN
|
||||
provider "google" {
|
||||
account_file = "${file("~/gce/account.json")}"
|
||||
project = "${var.project}"
|
||||
region = "${var.region1}"
|
||||
account_file = "${file("~/gce/account.json")}"
|
||||
project = "${var.project}"
|
||||
region = "${var.region1}"
|
||||
}
|
||||
|
||||
# Create the two networks we want to join. They must have seperate, internal
|
||||
# ranges.
|
||||
resource "google_compute_network" "network1" {
|
||||
name = "network1"
|
||||
ipv4_range = "10.120.0.0/16"
|
||||
name = "network1"
|
||||
ipv4_range = "10.120.0.0/16"
|
||||
}
|
||||
|
||||
resource "google_compute_network" "network2" {
|
||||
name = "network2"
|
||||
ipv4_range = "10.121.0.0/16"
|
||||
name = "network2"
|
||||
ipv4_range = "10.121.0.0/16"
|
||||
}
|
||||
|
||||
# Attach a VPN gateway to each network.
|
||||
resource "google_compute_vpn_gateway" "target_gateway1" {
|
||||
name = "vpn1"
|
||||
network = "${google_compute_network.network1.self_link}"
|
||||
region = "${var.region1}"
|
||||
name = "vpn1"
|
||||
network = "${google_compute_network.network1.self_link}"
|
||||
region = "${var.region1}"
|
||||
}
|
||||
|
||||
resource "google_compute_vpn_gateway" "target_gateway2" {
|
||||
name = "vpn2"
|
||||
network = "${google_compute_network.network2.self_link}"
|
||||
region = "${var.region2}"
|
||||
name = "vpn2"
|
||||
network = "${google_compute_network.network2.self_link}"
|
||||
region = "${var.region2}"
|
||||
}
|
||||
|
||||
# Create an outward facing static IP for each VPN that will be used by the
|
||||
# other VPN to connect.
|
||||
resource "google_compute_address" "vpn_static_ip1" {
|
||||
name = "vpn-static-ip1"
|
||||
region = "${var.region1}"
|
||||
name = "vpn-static-ip1"
|
||||
region = "${var.region1}"
|
||||
}
|
||||
|
||||
resource "google_compute_address" "vpn_static_ip2" {
|
||||
name = "vpn-static-ip2"
|
||||
region = "${var.region2}"
|
||||
name = "vpn-static-ip2"
|
||||
region = "${var.region2}"
|
||||
}
|
||||
|
||||
# Forward IPSec traffic coming into our static IP to our VPN gateway.
|
||||
resource "google_compute_forwarding_rule" "fr1_esp" {
|
||||
name = "fr1-esp"
|
||||
region = "${var.region1}"
|
||||
ip_protocol = "ESP"
|
||||
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
||||
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||
name = "fr1-esp"
|
||||
region = "${var.region1}"
|
||||
ip_protocol = "ESP"
|
||||
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
||||
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "fr2_esp" {
|
||||
name = "fr2-esp"
|
||||
region = "${var.region2}"
|
||||
ip_protocol = "ESP"
|
||||
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
||||
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||
name = "fr2-esp"
|
||||
region = "${var.region2}"
|
||||
ip_protocol = "ESP"
|
||||
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
||||
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||
}
|
||||
|
||||
# The following two sets of forwarding rules are used as a part of the IPSec
|
||||
# protocol
|
||||
resource "google_compute_forwarding_rule" "fr1_udp500" {
|
||||
name = "fr1-udp500"
|
||||
region = "${var.region1}"
|
||||
ip_protocol = "UDP"
|
||||
port_range = "500"
|
||||
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
||||
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||
name = "fr1-udp500"
|
||||
region = "${var.region1}"
|
||||
ip_protocol = "UDP"
|
||||
port_range = "500"
|
||||
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
||||
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "fr2_udp500" {
|
||||
name = "fr2-udp500"
|
||||
region = "${var.region2}"
|
||||
ip_protocol = "UDP"
|
||||
port_range = "500"
|
||||
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
||||
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||
name = "fr2-udp500"
|
||||
region = "${var.region2}"
|
||||
ip_protocol = "UDP"
|
||||
port_range = "500"
|
||||
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
||||
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "fr1_udp4500" {
|
||||
name = "fr1-udp4500"
|
||||
region = "${var.region1}"
|
||||
ip_protocol = "UDP"
|
||||
port_range = "4500"
|
||||
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
||||
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||
name = "fr1-udp4500"
|
||||
region = "${var.region1}"
|
||||
ip_protocol = "UDP"
|
||||
port_range = "4500"
|
||||
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
||||
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "fr2_udp4500" {
|
||||
name = "fr2-udp4500"
|
||||
region = "${var.region2}"
|
||||
ip_protocol = "UDP"
|
||||
port_range = "4500"
|
||||
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
||||
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||
name = "fr2-udp4500"
|
||||
region = "${var.region2}"
|
||||
ip_protocol = "UDP"
|
||||
port_range = "4500"
|
||||
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
||||
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||
}
|
||||
|
||||
# Each tunnel is responsible for encrypting and decrypting traffic exiting
|
||||
# and leaving its associated gateway
|
||||
resource "google_compute_vpn_tunnel" "tunnel1" {
|
||||
name = "tunnel1"
|
||||
region = "${var.region1}"
|
||||
peer_ip = "${google_compute_address.vpn_static_ip2.address}"
|
||||
shared_secret = "a secret message"
|
||||
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||
depends_on = ["google_compute_forwarding_rule.fr1_udp500",
|
||||
"google_compute_forwarding_rule.fr1_udp4500",
|
||||
"google_compute_forwarding_rule.fr1_esp"]
|
||||
name = "tunnel1"
|
||||
region = "${var.region1}"
|
||||
peer_ip = "${google_compute_address.vpn_static_ip2.address}"
|
||||
shared_secret = "a secret message"
|
||||
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||
|
||||
depends_on = ["google_compute_forwarding_rule.fr1_udp500",
|
||||
"google_compute_forwarding_rule.fr1_udp4500",
|
||||
"google_compute_forwarding_rule.fr1_esp",
|
||||
]
|
||||
}
|
||||
|
||||
resource "google_compute_vpn_tunnel" "tunnel2" {
|
||||
name = "tunnel2"
|
||||
region = "${var.region2}"
|
||||
peer_ip = "${google_compute_address.vpn_static_ip1.address}"
|
||||
shared_secret = "a secret message"
|
||||
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||
depends_on = ["google_compute_forwarding_rule.fr2_udp500",
|
||||
"google_compute_forwarding_rule.fr2_udp4500",
|
||||
"google_compute_forwarding_rule.fr2_esp"]
|
||||
name = "tunnel2"
|
||||
region = "${var.region2}"
|
||||
peer_ip = "${google_compute_address.vpn_static_ip1.address}"
|
||||
shared_secret = "a secret message"
|
||||
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||
|
||||
depends_on = ["google_compute_forwarding_rule.fr2_udp500",
|
||||
"google_compute_forwarding_rule.fr2_udp4500",
|
||||
"google_compute_forwarding_rule.fr2_esp",
|
||||
]
|
||||
}
|
||||
|
||||
# Each route tells the associated network to send all traffic in the dest_range
|
||||
# through the VPN tunnel
|
||||
resource "google_compute_route" "route1" {
|
||||
name = "route1"
|
||||
network = "${google_compute_network.network1.name}"
|
||||
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}"
|
||||
dest_range = "${google_compute_network.network2.ipv4_range}"
|
||||
priority = 1000
|
||||
name = "route1"
|
||||
network = "${google_compute_network.network1.name}"
|
||||
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}"
|
||||
dest_range = "${google_compute_network.network2.ipv4_range}"
|
||||
priority = 1000
|
||||
}
|
||||
|
||||
resource "google_compute_route" "route2" {
|
||||
name = "route2"
|
||||
network = "${google_compute_network.network2.name}"
|
||||
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel2.self_link}"
|
||||
dest_range = "${google_compute_network.network1.ipv4_range}"
|
||||
priority = 1000
|
||||
name = "route2"
|
||||
network = "${google_compute_network.network2.name}"
|
||||
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel2.self_link}"
|
||||
dest_range = "${google_compute_network.network1.ipv4_range}"
|
||||
priority = 1000
|
||||
}
|
||||
|
||||
# We want to allow the two networks to communicate, so we need to unblock
|
||||
# them in the firewall
|
||||
resource "google_compute_firewall" "network1-allow-network1" {
|
||||
name = "network1-allow-network1"
|
||||
network = "${google_compute_network.network1.name}"
|
||||
source_ranges = ["${google_compute_network.network1.ipv4_range}"]
|
||||
allow {
|
||||
protocol = "tcp"
|
||||
}
|
||||
allow {
|
||||
protocol = "udp"
|
||||
}
|
||||
allow {
|
||||
protocol = "icmp"
|
||||
}
|
||||
name = "network1-allow-network1"
|
||||
network = "${google_compute_network.network1.name}"
|
||||
source_ranges = ["${google_compute_network.network1.ipv4_range}"]
|
||||
|
||||
allow {
|
||||
protocol = "tcp"
|
||||
}
|
||||
|
||||
allow {
|
||||
protocol = "udp"
|
||||
}
|
||||
|
||||
allow {
|
||||
protocol = "icmp"
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_firewall" "network1-allow-network2" {
|
||||
name = "network1-allow-network2"
|
||||
network = "${google_compute_network.network1.name}"
|
||||
source_ranges = ["${google_compute_network.network2.ipv4_range}"]
|
||||
allow {
|
||||
protocol = "tcp"
|
||||
}
|
||||
allow {
|
||||
protocol = "udp"
|
||||
}
|
||||
allow {
|
||||
protocol = "icmp"
|
||||
}
|
||||
name = "network1-allow-network2"
|
||||
network = "${google_compute_network.network1.name}"
|
||||
source_ranges = ["${google_compute_network.network2.ipv4_range}"]
|
||||
|
||||
allow {
|
||||
protocol = "tcp"
|
||||
}
|
||||
|
||||
allow {
|
||||
protocol = "udp"
|
||||
}
|
||||
|
||||
allow {
|
||||
protocol = "icmp"
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user