Skip to content
/ nEC-terraform-sample-setup Public

A sample terraform codebase for use with noris Enterprise Cloud

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

noris-network/nEC-terraform-sample-setup

BranchesTags

Repository files navigation

Terraform / OpenTofu with VMware Cloud Director sample setup

This example codebase shows a method of using Terraform / OpenTofu with VMware Cloud Director. Goal is, to devide the setup as much as possible for use with multiple teams as well as keeping the blast radius down to a minimum. This codebase doesn't use any modules, instead uses plain resources from the Terraform vCD provider. This also set an extremely low barrier to entry for newcomers to Terraform as well as this codebase.

Dependencies

The firewall part of the code depends on infrastructure as well as any departments. The department parts of the code depend on infrastructure.

This means, to setup a complete infrastructure using this code one has to run terraform/tofu in the follwing order:

  • ./infrastructure/
  • ./department_1/*
  • ./firewall/

Terraform Backend Examples

It is strongly suggested to configure a remote backend for the terraform state. The following are two examples.

State in GitLab

Storing the state in GitLab uses Terraform's http backend The GitLab terraform state feature is usually enabled by default.

Backend configuration for GitLab

terraform {
  backend "http" {
    address        = "https://gitlab.selfhosted.de/api/v4/projects/<GITLAB_PROJECT_ID>/terraform/state/<CUSTOM_STATE_NAME>"
    lock_address   = "https://gitlab.selfhosted.de/api/v4/projects/<GITLAB_PROJECT_ID>/terraform/state/<CUSTOM_STATE_NAME>/lock"
    unlock_address = "https://gitlab.selfhosted.de/api/v4/projects/<GITLAB_PROJECT_ID>/terraform/state/<CUSTOM_STATE_NAME>/lock"
    lock_method    = "POST"
    unlock_method  = "DELETE"
  }
}

State in selfhosted S3 Bucket

Storing the state in an S3 bucket uses Terraforms S3 backend

Create Bucket

Suggestion: Use s3cmd to create your S3 buckets.

Edit ~/.s3cfg

access_key = <access_key>
secret_key = <secret_key>
host_base = https://s3-storage.selfhosted.de
use_https = True
host_bucket = %(bucket).https://s3-storage.selfhosted.de
s3cmd -c ~/.s3cfg mb "<BUCKET_NAME>"

Backend configuration for S3 buckets

terraform {
  backend "s3" {
      bucket = "<BUCKET_NAME>"
      endpoints = {
          s3 = "https://s3-storage.selfhosted.de"
      }
      key = "<CUSTOM_STATE_NAME>.tfstate"

      access_key="<access_key>"
      secret_key="<secret_key>"

      region = "us-east-3" # Region validation will be skipped, mandatory parameter
      skip_credentials_validation = true
      skip_requesting_account_id = true
      skip_metadata_api_check = true
      skip_region_validation = true
      use_path_style = true
  }
}

This also needs to have AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY exported on the console.

Using OpenTufo / Terraform

Export Environment vars

Linux

! export VCD_API_TOKEN="<Cloud Director API Token>"

Windows

!$env:VCD_API_TOKEN = '<Cloud Director API Token>'

Run tofu

tofu init

This will initialise remote state, download modules and providers.

Make changes

Modify the Terraform code and apply the changes:

tofu plan -out tfplan
tofu apply tfplan

This will apply all needed changes to the infrastructure.

About

A sample terraform codebase for use with noris Enterprise Cloud

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages