diff --git a/examples/two-tier/main.tf b/examples/two-tier/main.tf index 6e550060..f3cb3e39 100644 --- a/examples/two-tier/main.tf +++ b/examples/two-tier/main.tf @@ -1,39 +1,39 @@ # See https://cloud.google.com/compute/docs/load-balancing/network/example provider "google" { - region = "${var.region}" - project = "${var.project_name}" + region = "${var.region}" + project = "${var.project_name}" credentials = "${file("${var.credentials_file_path}")}" } resource "google_compute_http_health_check" "default" { - name = "tf-www-basic-check" - request_path = "/" - check_interval_sec = 1 - healthy_threshold = 1 + name = "tf-www-basic-check" + request_path = "/" + check_interval_sec = 1 + healthy_threshold = 1 unhealthy_threshold = 10 - timeout_sec = 1 + timeout_sec = 1 } resource "google_compute_target_pool" "default" { - name = "tf-www-target-pool" - instances = ["${google_compute_instance.www.*.self_link}"] + name = "tf-www-target-pool" + instances = ["${google_compute_instance.www.*.self_link}"] health_checks = ["${google_compute_http_health_check.default.name}"] } resource "google_compute_forwarding_rule" "default" { - name = "tf-www-forwarding-rule" - target = "${google_compute_target_pool.default.self_link}" + name = "tf-www-forwarding-rule" + target = "${google_compute_target_pool.default.self_link}" port_range = "80" } resource "google_compute_instance" "www" { count = 3 - name = "tf-www-${count.index}" + name = "tf-www-${count.index}" machine_type = "f1-micro" - zone = "${var.region_zone}" - tags = ["www-node"] + zone = "${var.region_zone}" + tags = ["www-node"] disk { image = "ubuntu-os-cloud/ubuntu-1404-trusty-v20160602" @@ -41,6 +41,7 @@ resource "google_compute_instance" "www" { network_interface { network = "default" + access_config { # Ephemeral } @@ -51,26 +52,28 @@ resource "google_compute_instance" "www" { } provisioner "file" { - source = "${var.install_script_src_path}" + source = "${var.install_script_src_path}" destination = "${var.install_script_dest_path}" + connection { - type = "ssh" - user = "root" + type = "ssh" + user = "root" private_key = "${file("${var.private_key_path}")}" - agent = false + agent = false } } provisioner "remote-exec" { connection { - type = "ssh" - user = "root" + type = "ssh" + user = "root" private_key = "${file("${var.private_key_path}")}" - agent = false + agent = false } + inline = [ "chmod +x ${var.install_script_dest_path}", - "sudo ${var.install_script_dest_path} ${count.index}" + "sudo ${var.install_script_dest_path} ${count.index}", ] } @@ -80,14 +83,14 @@ resource "google_compute_instance" "www" { } resource "google_compute_firewall" "default" { - name = "tf-www-firewall" + name = "tf-www-firewall" network = "default" allow { protocol = "tcp" - ports = ["80"] + ports = ["80"] } source_ranges = ["0.0.0.0/0"] - target_tags = ["www-node"] + target_tags = ["www-node"] } diff --git a/examples/two-tier/variables.tf b/examples/two-tier/variables.tf index 65fb11bc..8bda6992 100644 --- a/examples/two-tier/variables.tf +++ b/examples/two-tier/variables.tf @@ -12,25 +12,25 @@ variable "project_name" { variable "credentials_file_path" { description = "Path to the JSON file used to describe your account credentials" - default = "~/.gcloud/Terraform.json" + default = "~/.gcloud/Terraform.json" } variable "public_key_path" { description = "Path to file containing public key" - default = "~/.ssh/gcloud_id_rsa.pub" + default = "~/.ssh/gcloud_id_rsa.pub" } variable "private_key_path" { description = "Path to file containing private key" - default = "~/.ssh/gcloud_id_rsa" + default = "~/.ssh/gcloud_id_rsa" } variable "install_script_src_path" { description = "Path to install script within this repository" - default = "scripts/install.sh" + default = "scripts/install.sh" } variable "install_script_dest_path" { description = "Path to put the install script on each destination resource" - default = "/tmp/install.sh" + default = "/tmp/install.sh" } diff --git a/examples/vpn/variables.tf b/examples/vpn/variables.tf index 20ada06b..574e13d3 100644 --- a/examples/vpn/variables.tf +++ b/examples/vpn/variables.tf @@ -1,11 +1,11 @@ variable "project" { - description = "Your project name" + description = "Your project name" } variable "region1" { - description = "The desired region for the first network & VPN and project" + description = "The desired region for the first network & VPN and project" } variable "region2" { - description = "The desired region for the second network & VPN" + description = "The desired region for the second network & VPN" } diff --git a/examples/vpn/vpn.tf b/examples/vpn/vpn.tf index 23fa8a02..d9f86cbc 100644 --- a/examples/vpn/vpn.tf +++ b/examples/vpn/vpn.tf @@ -1,172 +1,182 @@ # An example of how to connect two GCE networks with a VPN provider "google" { - account_file = "${file("~/gce/account.json")}" - project = "${var.project}" - region = "${var.region1}" + account_file = "${file("~/gce/account.json")}" + project = "${var.project}" + region = "${var.region1}" } # Create the two networks we want to join. They must have seperate, internal # ranges. resource "google_compute_network" "network1" { - name = "network1" - ipv4_range = "10.120.0.0/16" + name = "network1" + ipv4_range = "10.120.0.0/16" } resource "google_compute_network" "network2" { - name = "network2" - ipv4_range = "10.121.0.0/16" + name = "network2" + ipv4_range = "10.121.0.0/16" } # Attach a VPN gateway to each network. resource "google_compute_vpn_gateway" "target_gateway1" { - name = "vpn1" - network = "${google_compute_network.network1.self_link}" - region = "${var.region1}" + name = "vpn1" + network = "${google_compute_network.network1.self_link}" + region = "${var.region1}" } resource "google_compute_vpn_gateway" "target_gateway2" { - name = "vpn2" - network = "${google_compute_network.network2.self_link}" - region = "${var.region2}" + name = "vpn2" + network = "${google_compute_network.network2.self_link}" + region = "${var.region2}" } # Create an outward facing static IP for each VPN that will be used by the # other VPN to connect. resource "google_compute_address" "vpn_static_ip1" { - name = "vpn-static-ip1" - region = "${var.region1}" + name = "vpn-static-ip1" + region = "${var.region1}" } resource "google_compute_address" "vpn_static_ip2" { - name = "vpn-static-ip2" - region = "${var.region2}" + name = "vpn-static-ip2" + region = "${var.region2}" } # Forward IPSec traffic coming into our static IP to our VPN gateway. resource "google_compute_forwarding_rule" "fr1_esp" { - name = "fr1-esp" - region = "${var.region1}" - ip_protocol = "ESP" - ip_address = "${google_compute_address.vpn_static_ip1.address}" - target = "${google_compute_vpn_gateway.target_gateway1.self_link}" + name = "fr1-esp" + region = "${var.region1}" + ip_protocol = "ESP" + ip_address = "${google_compute_address.vpn_static_ip1.address}" + target = "${google_compute_vpn_gateway.target_gateway1.self_link}" } resource "google_compute_forwarding_rule" "fr2_esp" { - name = "fr2-esp" - region = "${var.region2}" - ip_protocol = "ESP" - ip_address = "${google_compute_address.vpn_static_ip2.address}" - target = "${google_compute_vpn_gateway.target_gateway2.self_link}" + name = "fr2-esp" + region = "${var.region2}" + ip_protocol = "ESP" + ip_address = "${google_compute_address.vpn_static_ip2.address}" + target = "${google_compute_vpn_gateway.target_gateway2.self_link}" } # The following two sets of forwarding rules are used as a part of the IPSec # protocol resource "google_compute_forwarding_rule" "fr1_udp500" { - name = "fr1-udp500" - region = "${var.region1}" - ip_protocol = "UDP" - port_range = "500" - ip_address = "${google_compute_address.vpn_static_ip1.address}" - target = "${google_compute_vpn_gateway.target_gateway1.self_link}" + name = "fr1-udp500" + region = "${var.region1}" + ip_protocol = "UDP" + port_range = "500" + ip_address = "${google_compute_address.vpn_static_ip1.address}" + target = "${google_compute_vpn_gateway.target_gateway1.self_link}" } resource "google_compute_forwarding_rule" "fr2_udp500" { - name = "fr2-udp500" - region = "${var.region2}" - ip_protocol = "UDP" - port_range = "500" - ip_address = "${google_compute_address.vpn_static_ip2.address}" - target = "${google_compute_vpn_gateway.target_gateway2.self_link}" + name = "fr2-udp500" + region = "${var.region2}" + ip_protocol = "UDP" + port_range = "500" + ip_address = "${google_compute_address.vpn_static_ip2.address}" + target = "${google_compute_vpn_gateway.target_gateway2.self_link}" } resource "google_compute_forwarding_rule" "fr1_udp4500" { - name = "fr1-udp4500" - region = "${var.region1}" - ip_protocol = "UDP" - port_range = "4500" - ip_address = "${google_compute_address.vpn_static_ip1.address}" - target = "${google_compute_vpn_gateway.target_gateway1.self_link}" + name = "fr1-udp4500" + region = "${var.region1}" + ip_protocol = "UDP" + port_range = "4500" + ip_address = "${google_compute_address.vpn_static_ip1.address}" + target = "${google_compute_vpn_gateway.target_gateway1.self_link}" } resource "google_compute_forwarding_rule" "fr2_udp4500" { - name = "fr2-udp4500" - region = "${var.region2}" - ip_protocol = "UDP" - port_range = "4500" - ip_address = "${google_compute_address.vpn_static_ip2.address}" - target = "${google_compute_vpn_gateway.target_gateway2.self_link}" + name = "fr2-udp4500" + region = "${var.region2}" + ip_protocol = "UDP" + port_range = "4500" + ip_address = "${google_compute_address.vpn_static_ip2.address}" + target = "${google_compute_vpn_gateway.target_gateway2.self_link}" } # Each tunnel is responsible for encrypting and decrypting traffic exiting # and leaving its associated gateway resource "google_compute_vpn_tunnel" "tunnel1" { - name = "tunnel1" - region = "${var.region1}" - peer_ip = "${google_compute_address.vpn_static_ip2.address}" - shared_secret = "a secret message" - target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway1.self_link}" - depends_on = ["google_compute_forwarding_rule.fr1_udp500", - "google_compute_forwarding_rule.fr1_udp4500", - "google_compute_forwarding_rule.fr1_esp"] + name = "tunnel1" + region = "${var.region1}" + peer_ip = "${google_compute_address.vpn_static_ip2.address}" + shared_secret = "a secret message" + target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway1.self_link}" + + depends_on = ["google_compute_forwarding_rule.fr1_udp500", + "google_compute_forwarding_rule.fr1_udp4500", + "google_compute_forwarding_rule.fr1_esp", + ] } resource "google_compute_vpn_tunnel" "tunnel2" { - name = "tunnel2" - region = "${var.region2}" - peer_ip = "${google_compute_address.vpn_static_ip1.address}" - shared_secret = "a secret message" - target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway2.self_link}" - depends_on = ["google_compute_forwarding_rule.fr2_udp500", - "google_compute_forwarding_rule.fr2_udp4500", - "google_compute_forwarding_rule.fr2_esp"] + name = "tunnel2" + region = "${var.region2}" + peer_ip = "${google_compute_address.vpn_static_ip1.address}" + shared_secret = "a secret message" + target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway2.self_link}" + + depends_on = ["google_compute_forwarding_rule.fr2_udp500", + "google_compute_forwarding_rule.fr2_udp4500", + "google_compute_forwarding_rule.fr2_esp", + ] } # Each route tells the associated network to send all traffic in the dest_range # through the VPN tunnel resource "google_compute_route" "route1" { - name = "route1" - network = "${google_compute_network.network1.name}" - next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}" - dest_range = "${google_compute_network.network2.ipv4_range}" - priority = 1000 + name = "route1" + network = "${google_compute_network.network1.name}" + next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}" + dest_range = "${google_compute_network.network2.ipv4_range}" + priority = 1000 } resource "google_compute_route" "route2" { - name = "route2" - network = "${google_compute_network.network2.name}" - next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel2.self_link}" - dest_range = "${google_compute_network.network1.ipv4_range}" - priority = 1000 + name = "route2" + network = "${google_compute_network.network2.name}" + next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel2.self_link}" + dest_range = "${google_compute_network.network1.ipv4_range}" + priority = 1000 } # We want to allow the two networks to communicate, so we need to unblock # them in the firewall resource "google_compute_firewall" "network1-allow-network1" { - name = "network1-allow-network1" - network = "${google_compute_network.network1.name}" - source_ranges = ["${google_compute_network.network1.ipv4_range}"] - allow { - protocol = "tcp" - } - allow { - protocol = "udp" - } - allow { - protocol = "icmp" - } + name = "network1-allow-network1" + network = "${google_compute_network.network1.name}" + source_ranges = ["${google_compute_network.network1.ipv4_range}"] + + allow { + protocol = "tcp" + } + + allow { + protocol = "udp" + } + + allow { + protocol = "icmp" + } } resource "google_compute_firewall" "network1-allow-network2" { - name = "network1-allow-network2" - network = "${google_compute_network.network1.name}" - source_ranges = ["${google_compute_network.network2.ipv4_range}"] - allow { - protocol = "tcp" - } - allow { - protocol = "udp" - } - allow { - protocol = "icmp" - } + name = "network1-allow-network2" + network = "${google_compute_network.network1.name}" + source_ranges = ["${google_compute_network.network2.ipv4_range}"] + + allow { + protocol = "tcp" + } + + allow { + protocol = "udp" + } + + allow { + protocol = "icmp" + } }