ovh / terraform-ovh-commons Goto Github PK

View Code? Open in Web Editor NEW

53.0 45.0 15.0 1.98 MB

This repo contains commons resources to interact with OVH Public Cloud using Terraform.

Home Page: https://www.ovh.com

License: Other

Makefile 0.01% HCL 2.89% Shell 0.17% Smarty 1.41% HTML 95.29% CSS 0.22% JavaScript 0.02%

terraform ovh openstack ovh-openstack

terraform-ovh-commons's Introduction

Terraforming OVH Public Cloud

This repo contains commons resources to interact with OVH Public Cloud using Terraform.

Description

We provide a step-by-step guide on how to use Terraform with OVH Public Cloud.

This is mainly for learning purpose but the use case presented can be used to deploy real infrastructures. Here, we'll deploy a web application on multiple nodes and multiple regions to be able to address important loads and provide redundancy on two separated datacenters. We'll use hugo, a static blog generator, to keep it simple.

Journey

Introduction: Terraform basics

Terraforming OVH Public Cloud resources

From test to production environments

Moving forward with Terraform best practices

WIP: Versionning
WIP: Workspace

Scalling and rolling upgrade, let the magic happen

WIP: Scale Up/Down
WIP: Rolling Upgrade

Schema

License

The 3-Clause BSD License. See LICENSE for full details.

terraform-ovh-commons's People

Contributors

Stargazers

Watchers

Forkers

audthefraud pilgrimstack bloublou2014 l3dlp-sandbox bioharz sebihiy mytheine pgaxatte communityus-branch shmileee wbensalah akkibharath bertrandlt mdautrey

terraform-ovh-commons's Issues

Timeout when creating secgroup from Terraform

I keep receiving 504 HTTP errors when trying to create security groups:

* openstack_networking_secgroup_v2.sg_fronts: 1 error(s) occurred:

* openstack_networking_secgroup_v2.sg_fronts: Expected HTTP response code [201 202] when accessing [POST https://network.compute.gra1.cloud.ovh.net/v2.0/security-groups], but got 504 instead
<html><body><h1>504 Gateway Time-out</h1>
The server didn't respond in time.
</body></html>

Here is my terraform sample:

resource "openstack_networking_secgroup_v2" "sg_fronts" {
  name     = "sg_fronts"
  provider = "openstack.ovh"
}

I don't think there is anything weird here. (I'm provisioning this on GRA1)

Anything special I should now?

`allow egress traffic worldwide` already exists by default

This rule does not seem necessary since there already rules to allow output traffix for IPv4 and IPv6.

# allow egress traffic worldwide
resource "openstack_networking_secgroup_rule_v2" "egress_instances" {
  direction         = "egress"
  ethertype         = "IPv4"
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = "${openstack_networking_secgroup_v2.sg.id}"
}

It causes an error:

openstack_networking_secgroup_rule_v2.egress_instances: Expected HTTP response code [201 202] when accessing [POST https://network.compute.gra5.cloud.ovh.net/v2.0/security-group-rules], but got 409 instead
{"NeutronError": {"message": "Security group rule already exists. Rule id is c18ad3d4-2307-4817-83e0-ded305e90f78.", "type": "SecurityGroupRuleExists", "detail": ""}}

Can't configure provider

I have created all key and secret on https://eu.api.kimsufi.com/createToken/ (masked here)

Simple test:


provider ovh {
  endpoint = "kimsufi-eu"
  application_key    = "XXXXXXXXXXXXXX"
  application_secret = "XXXXXXXXXXXXXXXXXXXXXXXX"
  consumer_key       = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}


terraform apply

Error: kimsufi-eu must be one of map[string]string{"kimsufi-ca":"https://ca.api.kimsufi.com/1.0", "kimsufi-eu":"https://eu.api.kimsufi.com/1.0", "ovh-ca":"https://ca.api.ovh.com/1.0", "ovh-eu":"https://eu.api.ovh.com/1.0", "ovh-us":"https://api.us.ovhcloud.com/1.0", "runabove-ca":"https://api.runabove.com/1.0", "soyoustart-ca":"https://ca.api.soyoustart.com/1.0", "soyoustart-eu":"https://eu.api.soyoustart.com/1.0"} endpoints


  on main.tf line 9, in provider "ovh":
   9: provider ovh {

alias doesn't work with openstack provider version 1.51

Terraform openstack provider version = 1.51 doesn't support alias parameter declaration.
See this https://devops.stackexchange.com/questions/17444/terraforms-openstack-provider-error-one-of-auth-url-or-cloud-must-be-spec for further details

Wrong Prefix/Subnet for IPv6 set

By default Openstack uses a prefix length of /56 on OVH instances.
This results in OVH instances cannot reach each other via IPv6.

According to OVH support the prefered prefix-lenght for IPv6 should be /128 and not /56.

destroyed backend container step 4

At the fourth step, since the backend container created at the third step is not anymore in the main.tf, terraform destroy it at the apply.

Missing journey steps

In README you can find 5 steps missing in the repository:

Creating your first instance
Advanced instance setings
Secure your instances
Multiple environments, manage modules
Deploy a multi-region architecture

List of available openstack resources?

Is there somewhere a list of resources of the openstack provider which are usable against the Public Cloud?

Thanks a lot!

Often bugs applying the plan

Hi there, thank you for this awesome repository and for supporting Terraform.

During my tests, I realized that twice in three (or maybe more...), the application of a plan leads to the following error:

Error applying plan:

1 error(s) occurred:

* openstack_compute_instance_v2.node__docker_swarms__0__instance: 1 error(s) occurred:

* openstack_compute_instance_v2.node__docker_swarms__0__instance: Error waiting for instance ([...]) to become ready: unexpected state 'ERROR', wanted target 'ACTIVE'

That also leads to the enclosed errors in the UI:

I am testing a quite simple inventory:

resource "openstack_compute_keypair_v2" "node__docker_swarms__0__20180827T164805482826__keypair" {
  name       = "node__docker_swarms__0__20180827T164805482826__keypair"
  provider   = "openstack.ovh"
  public_key = "${file("${var.ssh_keys_path}/ssh_key.pub")}"
  region     = "${var.keypair_region}"
}

resource "openstack_compute_instance_v2" "node__docker_swarms__0__instance" {
  flavor_name = "${var.instance_flavor_name}"
  image_name  = "${var.instance_image_name}"
  key_pair    = "${openstack_compute_keypair_v2.node__docker_swarms__0__20180827T164805482826__keypair.name}"
  name        = "node__docker_swarms__0__instance"
  provider    = "openstack.ovh"
  region      = "${var.instance_region}"

  connection {
    private_key = "${file("${var.ssh_keys_path}/ssh_key")}"
    user        = "${var.instance_connection_user}"
    timeout     = "${var.instance_connection_timeout}"
  }

  network {
    name = "${var.instance_network_name}"
  }

  provisioner "remote-exec" {
    inline = [
      "sudo apt-get -y update",
      "sudo apt-get -y upgrade",
      "sudo apt-get -y install python3",
      "sudo ln -sf /usr/bin/python3 /usr/bin/python",
    ]
  }
}

With this var file:

variable "instance_connection_timeout" {
    type = "string"
    default = "~> 1.5"
}

variable "instance_connection_user" {
    type = "string"
    default = "ubuntu"
}

variable "instance_flavor_name" {
    type = "string"
    default = "s1-2"
}

variable "instance_image_name" {
    type = "string"
    default = "Ubuntu 16.04"
}

variable "instance_network_name" {
    type = "string"
    default = "Ext-Net"
}

variable "instance_region" {
    type = "string"
    default = "UK1"
}

variable "keypair_region" {
    type = "string"
    default = "UK1"
}

variable "keystone_password_path" {
    type = "string"
    default = "/in/openstack/keystone_password.txt"
}

variable "openrc_path" {
    type = "string"
    default = "/in/openstack/openrc.sh"
}

variable "provider_domain_name" {
    type = "string"
    default = "default"
}

variable "ssh_keys_path" {
    type = "string"
    default = "/out/playbooks/docker_swarms/hosts/0"
}