Terraform install, create openStack servers with terraform and install self hosted gitlab and gitlab runners with Ansible - arashafazeli/bb-readme-tutorials GitHub Wiki

Terraform

Docs for install terraform

https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli

type TF commands

  • terraform init, creates a .terraform folder and terraform.lock file

  • terraform fmt: will format file if anything is wrong format

  • terraform plan: reads our tf files in folder. Show if we have invalid suntax and show a plan on what is to be done.

  • terraform apply: Will show a plan (again, same info as tf plan). Will prompt with: "Do you want to perform this action?" yes (y) Now terraform will start create image and container and will pull down docker image if needed To check this type docker ps and see if you have the new images.

  • curl http://localhost:8000

  • terraform destroy: to delete the instance. A plan will be presented. prompt, "Do you rally want to destroy all resources?" YES to destroy.

  • If multiple tf-files is in same folder. terraform will think it is same project

Openstack TF docs

https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs

  • Download openstack rc file (from, elastx, openstack)
  • copy password
  • source chasacademt-gg-openrc.sh
  • you will get prompt to type your openstack password
  • Auth-variables will be set from rc-file
  • Now type: terraform init
  • terraform apply
  • check that a compute instance will get created on the "plan"
  • "do you want to perform these actions?" YES
  • apply comleted
  • check if an instance was created in elastx, openstack gui.
  • To destroy this instance: terraform destroy. check elastx if the instance is removed.

Terraform self hosted Gitlab

Define required providers, in this case tell TF that we use OpenStack

terraform {
    required_version = ">= 0.14.0"
    required_providers {
        openstack = {
        source  = "terraform-provider-openstack/openstack"
        version = "~> 1.48.0"
        }
    }
}
Configure the OpenStack Provider
Gitlab infra setup

  • 1 router

  • 1 network

  • 1 network router interface

  • 1 keypair

  • 2 sec groups

  • 4 floating ips

  • 1 compute instance Gitlab

  • 2-3 compute instances gitlab ci runners

      provider "openstack" {}

  - router
      resource "openstack_networking_router_v2" "gitlab-router" {
          name = "gitlab-router"
          admin_state_ip = true
          external_network_id = openstack network list -f yaml, choose public network id
          (use id for excisiting router if you have one)
      }

  • command: terraform apply (see terraform plan) say yes

  • network & subnet resource "openstack_networking_network_v2" "gitlab-net" { name = "gitlab-net" admin_state_up = "true" }

          resource "openstack_networking_subnet_v2" "subnet-gitlab" {
          name       = "gitlab-subnet_1"
          network_id = "${openstack_networking_network_v2.gitlab-net.id}"
          cidr       = "192.168.199.0/24" (valid lan ip)
          ip_version = 4
      }

  • command: terraform apply, say yes

          resource "openstack_networking_router_interface_v2" "router_interface_1" {
          router_id = "${openstack_networking_router_v2.gitlab-router.id}" or if excisting router add only id(cli openstack router list -f yaml)
          subnet_id = "${openstack_networking_subnet_v2.gitlab-subnet_1.id}"
      }

  • command: terraform apply, say yes

  • keypair

  • create a key locally

  • cli, ssh-keygen -f my-keypair

  • two files has been created one private key and one public

  • cat my-keypair.pub, copy file paste to "public_key = public key"

          resource "openstack_compute_keypair_v2" "my-keypair" {
          name       = "my-keypair"
          public_key = (only example key) "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAjpC1hwiOCCmKEWxJ4qzTTsJbKzndLotBCz5PcwtUnflmU+gHJtWMZKpuEGVi29h0A/+ydKek1O18k10Ff+4tyFjiHDQAnOfgWf7+b1yK+qDip3X1C0UPMbwHlTfSGWLGZqd9LvEFx9k3h/M+VtMvwR1lJ9LUyTAImnNjWG7TaIPmui30HvM2UiFEmqkr4ijq45MyX2+fLIePLRIF61p4whjHAQYufqyno3BS48icQb4p6iVEZPo4AE2o9oIyQvj2mx4dk5Y8CgSETOZTYDOR3rU2fZTRDRgPJDH9FWvQjF5tA0p3d9CoWWd2s6GKKbfoUIi8R/Db1BSPJwkqB"
      }

  • command: terraform apply, say yes

Security groups
- sec group
    resource "openstack_networking_secgroup_v2" "secgroup_1" {
        name        = "secgroup_1"
        description = "Security group for Gitlab"
    }

- rule
    resource "openstack_networking_secgroup_rule_v2" "secgroup_1_ssh" {
        direction         = "ingress"
        ethertype         = "IPv4"
        protocol          = "tcp"
        port_range_min    = 22
        port_range_max    = 22
        remote_ip_prefix  = "0.0.0.0/0"
        security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
    }

    resource "openstack_networking_secgroup_rule_v2" "secgroup_1_http" {
        direction         = "ingress"
        ethertype         = "IPv4"
        protocol          = "tcp"
        port_range_min    = 80
        port_range_max    = 80
        remote_ip_prefix  = "0.0.0.0/0"
        security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
    }


resource "openstack_networking_secgroup_v2" "secgroup_2" {
    name        = "secgroup_2"
    description = "Security group for Gitlab CI Runner"
}

resource "openstack_networking_secgroup_rule_v2" "secgroup_2_ssh" {
    direction         = "ingress"
    ethertype         = "IPv4"
    protocol          = "tcp"
    port_range_min    = 22
    port_range_max    = 22
    remote_ip_prefix  = "0.0.0.0/0"
    security_group_id = "${openstack_networking_secgroup_v2.secgroup_2.id}"
}
  • command: terraform apply, say yes
Floating ips

  • See name of public network: openstack network list -f yaml

      resource "openstack_networking_floatingip_v2" "gitlab-floatip-1" {
      pool = "elx-public1"
  }

  resource "openstack_networking_floatingip_v2" "gitlab-runner-floatip-1" {
      pool = "elx-public1"
  }

  resource "openstack_networking_floatingip_v2" "gitlab-runner-floatip-2" {
      pool = "elx-public1"
  }

  resource "openstack_networking_floatingip_v2" "gitlab-runner-floatip-3" {
      pool = "elx-public1"
  }

  • Command: terraform apply, say yes

compute instance Gitlab

  • This will create 1 server meant for gitlab and 3 meant for gitlab-runners

      resource "openstack_compute_instance_v2" "gitlab-server" {
      name            = "gitlab-server"
      image_name      = "debian-11-latest"
      flavor_name     = "v1-mini-1"
      key_pair        = "my-keypair"
      security_groups = ["secgroup_1"] (add sec group by name from above where it was written)

      network {
          name = "gitlab-net"
          fixed_ip_v4 = "192.168.199.4"
      }
  }

  resource "openstack_compute_instance_v2" "gitlab-runner-server-1" {
      name            = "gitlab-runner-server-1"
      image_name      = "debian-11-latest"
      flavor_name     = "v1-mini-1"
      key_pair        = "my-keypair"
      security_groups = ["secgroup_2"]

      network {
          name = "gitlab-net"
          fixed_ip_v4 = "192.168.199.5" (Creating a valid lan ip)
      }
  }

  resource "openstack_compute_instance_v2" "gitlab-runner-server-2" {
      name            = "gitlab-runner-server-2"
      image_name      = "debian-11-latest"
      flavor_name     = "v1-mini-1"
      key_pair        = "my-keypair"
      security_groups = ["secgroup_2"]

      network {
          name = "gitlab-net"
          fixed_ip_v4 = "192.168.199.6"
      }
  }

  resource "openstack_compute_instance_v2" "gitlab-runner-server-3" {
      name            = "gitlab-runner-server-3"
      image_name      = "debian-11-latest"
      flavor_name     = "v1-mini-1"
      key_pair        = "my-keypair"
      security_groups = ["secgroup_2"]

      network {
          name = "gitlab-net"
          fixed_ip_v4 = "192.168.199.7"
      }
  }

  • command: terraform apply, say yes

Associate floating ip

  • Here we connect floating ips to servers. Add floating ip names from above and add instance id (names) from above as well.

      resource "openstack_compute_floatingip_associate_v2" "fip_1" {
      floating_ip = "${openstack_networking_floatingip_v2.gitlab-floatip-1.address}"
      instance_id = "${openstack_compute_instance_v2.gitlab-server.id}"
  }

  resource "openstack_compute_floatingip_associate_v2" "fip_2" {
      floating_ip = "${openstack_networking_floatingip_v2.gitlab-runner-floatip-1.address}"
      instance_id = "${openstack_compute_instance_v2.gitlab-runner-server-1.id}"
  }

  resource "openstack_compute_floatingip_associate_v2" "fip_3" {
      floating_ip = "${openstack_networking_floatingip_v2.gitlab-runner-floatip-2.address}"
      instance_id = "${openstack_compute_instance_v2.gitlab-runner-server-2.id}"
  }

  resource "openstack_compute_floatingip_associate_v2" "fip_4" {
      floating_ip = "${openstack_networking_floatingip_v2.gitlab-runner-floatip-3.address}"
      instance_id = "${openstack_compute_instance_v2.gitlab-runner-server-3.id}"
  }

  • Command: terraform apply, say yes

Build error

  • If your run terraform destroy on the whole project and then terraform apply You will get error that it can't find network. however the network stuff has been created so try terraform apply one more time. Now the network stuff should be found.

  • If resource test server is removed and then type terraform apply. It will prompt you to remove your resource

resource "openstack_compute_instance_v2" "test-server" { name = "test-server" flavor_name = "v1_mini-1" image_name = "debian-11-latest" }