~tieong/terraform-ovh

Updated gitmodules
Added copyright notices
Added deploy script

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~tieong/terraform-ovh
read/write
git@git.sr.ht:~tieong/terraform-ovh

You can also use your local clone with git send-email.

#Terraform-ovh-infrastructure

This project sets up my instances in the ovh-cloud.

It will automatically set up the domain names, certificates, private vlan, subnet , ssh key deployment and provision some instances for my desired infrastructure.

This configuration leverages the vrack technology of ovh. For more information see https://www.ovh.com/world/solutions/vrack/

terraform apply -var-file=env/production.tfvars

All of that in one command, and it is also easy to get rid of the whole infrastructure.

terraform destroy -var-file=env/production.tfvars

There's also a staging env.

#Infrastructure

#Objective

The objective is to create a virtual private cloud with one bastion host that is also a nat instance and the rest of the instances are behind it (filegator,git server, ci/cd server...).

On these instances I do an initial config thanks to cloud-init for the NAT mostly.

#Bastion host config

Just some config to set up the firewall so that it only allows ssh connection from my ip (thanks to api.ipify.org).

Iptables rules for the nat setup and the nginx reverse proxy setup with the letsencrypt certificates on.

#Private instances config

Set up the nat and the dns server to be used.

#Var file

See production.tfvars.sample and variables.tf for more information.

#Ansible

Once these instances are up, to further configure them I've made a python script that extract all the hosts ip from the terraform state file thanks to terraform output and put them in an ansible inventory file.

#Workflow

Linter, validation -> plan -> looks good? -> apply -> create an ansible inventory -> ansible playbook

terraform validate
terraform plan -var-file=production.tfvars
terraform apply -var-file=production.tfvars
python3 create_ansible_inventory.py
cp inventory ~/ansible-project/inventory
ansible-playbook -i inventory site.yml

#Notes

All the best practices that I've tried to apply for terraform, anti pattern to avoid, other tips and such are documented in the docs/notes.org file.