Skip to main content
Skip table of contents

đź“„Exemple d'infrastructure as a code via Terraform

Installation terraform

https://developer.hashicorp.com/terraform/install

Création d’un environnement

  1. Créer un répertoire de travail
    Créez un dossier dédié pour votre projet Terraform.

  2. Ajouter les fichiers de configuration
    Placez dans ce dossier les fichiers source contenant le code Terraform à déployer (par exemple : main.tf, variables.tf, etc.).

  3. Initialiser l’environnement Terraform
    Exécutez la commande suivante dans le répertoire contenant le fichier main.tf :

Exemples de fichiers Terraform

main.tf : définition des variables et des providers

CODE 
# Main config
terraform {
 	required_providers {
      vcd = {
      source = "vmware/vcd"
    }   
  }
}

variable "vcd_user" {
    type = string
    description = "VCD User"
    # sensitive = true
}
variable "vcd_password" {
    type = string
    description = "VCD Password"
    # sensitive variable are not displayed in standard output
    # sensitive = true
}

variable "vcd_url" { type = string  }
variable "vcd_allow_unverified_ssl" {
    type = bool
    description = "skip ssl certificate verification"
    default = false
}

variable "vcd_tenant_name"  { type = string }

provider "vcd" {
  user                 = var.vcd_user
  password             = var.vcd_password
  org                  = var.vcd_tenant_name
  url                  = var.vcd_url
  max_retry_timeout    = 500
  allow_unverified_ssl = var.vcd_allow_unverified_ssl
}

variables.tfvars ( stockage des variables et des secrets

CODE 
vcd_url = "https://portail.cloud.sigma.fr/api"
vcd_allow_unverified_ssl = true
vcd_user = "mon user" 
vcd_password = "mon password"
vcd_tenant_name = "mon tenant"
#### Il ne faut jamais reproduire cet exemple
#### NE PAS stocker de secrets dans un fichier de variables
#### Préférer l'utilisation d'HASHICORP vault (ou autre)  https://docs.gitlab.com/ee/ci/secrets/

Ne pas reproduire l’exemple ci-dessous dans un environnement réel.

  • Ne stockez jamais de secrets (mots de passe, clĂ©s API, tokens, etc.) dans un fichier de variables Terraform.

  • PrĂ©fĂ©rez l’utilisation d’une solution sĂ©curisĂ©e de gestion des secrets, comme HashiCorp Vault, ou tout autre outil Ă©quivalent. https://docs.gitlab.com/ee/ci/secrets/

iac.tf le fichier contenant le code de création de quelques composants

CODE 

 #sélection du  catalogue d'images et de 2 templates
data "vcd_catalog" "catalogue_linux" {
  name  = "SIGMA-LINUX"
  org = "CATALOGUE"
}
data "vcd_catalog_vapp_template" "catalogue_linux_Rocky8" {
  catalog_id = data.vcd_catalog.catalogue_linux.id
  name = "Rocky-8.x"
}
data "vcd_catalog_vapp_template" "catalogue_linux_Alma9" {
  catalog_id = data.vcd_catalog.catalogue_linux.id
  name = "Alma-9.x"
}

#initialisation de l'environnement réseau
data "vcd_vdc_group" "vdcgroup" {
  name = "${var.vcd_tenant_name}_VdcGroup"
}

data "vcd_nsxt_edgegateway" "vcd_edgegateway" {
  owner_id = data.vcd_vdc_group.vdcgroup.id
  name = "nan-w01-p-${var.vcd_tenant_name}-t1-01"
}


#Création de 3x Networks
resource "vcd_network_routed_v2" "networkA" {
  name         = "MyNetworkAsCodeA"
  edge_gateway_id = data.vcd_nsxt_edgegateway.vcd_edgegateway.id
  gateway      = "100.10.0.1"
  prefix_length = 24
  static_ip_pool {
    start_address = "100.10.0.152"
    end_address   = "100.10.0.200"
  }
  dns1 = "8.8.8.8"
  dns2 = "1.1.1.1"
}

resource "vcd_network_routed_v2" "networkB" {
  name         = "MyNetworkAsCodeB"
  edge_gateway_id = data.vcd_nsxt_edgegateway.vcd_edgegateway.id
  gateway      = "100.11.0.1"
  prefix_length = 24
  static_ip_pool {
    start_address = "100.11.0.152"
    end_address   = "100.11.0.200"
  }
  dns1 = "8.8.8.8"
  dns2 = "1.1.1.1"

}

resource "vcd_network_routed_v2" "networkC" {
  name         = "MyNetworkAsCodeC"
  edge_gateway_id = data.vcd_nsxt_edgegateway.vcd_edgegateway.id
  gateway      = "100.12.0.1"
  prefix_length = 24
  static_ip_pool {
    start_address = "100.12.0.152"
    end_address   = "100.12.0.200"
  }
  dns1 = "8.8.8.8"
  dns2 = "1.1.1.1"
}


#Création de 3x VMs
resource "vcd_vm" "vm_as_code_vmA" {
 vapp_template_id = data.vcd_catalog_vapp_template.catalogue_linux_Alma9.id
 name =          "vmascodeVMA"
 computer_name = "vmascodeVMA"
 storage_profile = "simple_standard_v1"
 org = var.vcd_tenant_name
 vdc	= "nan-az-1"
 security_tags =  ["internet_access"]
 network {
  name = vcd_network_routed_v2.networkA.name
  type = "org"
  ip_allocation_mode = "POOL"
 }
}

resource "vcd_vm" "vm_as_code_vmB" {
 vapp_template_id = data.vcd_catalog_vapp_template.catalogue_linux_Alma9.id
 name =          "vmascodeVMB"
 computer_name = "vmascodeVMB"
 storage_profile = "simple_standard_v1"
 org = var.vcd_tenant_name
 vdc	= "nan-az-1"
 security_tags =  ["internet_access"]
 network {
  name = vcd_network_routed_v2.networkB.name
  type = "org"
  ip_allocation_mode = "POOL"
  }
  # customization {
    # enabled                             = true
    # allow_local_admin_password          = true
    # must_change_password_on_first_login	= false
    # auto_generate_password              = true
	# force 								= true
  # }
}

resource "vcd_vm" "vm_as_code_vmC" {
 vapp_template_id = data.vcd_catalog_vapp_template.catalogue_linux_Rocky8.id
 name =          "vmascodeVMC"
 computer_name = "vmascodeVMC"
 storage_profile = "simple_standard_v1"
 org = var.vcd_tenant_name
 vdc	= "nan-az-1"
 security_tags =  ["internet_access"]
  network {
   name = vcd_network_routed_v2.networkC.name
   type = "org"
   ip_allocation_mode = "POOL"
  }
}

Exécuter

Contrôler la validité syntaxique de la configuration.

CODE 
terraform plan -var-file variables.tfvars

Exécuter le code

CODE 
terraform apply -var-file variables.tfvars

Détruire l’infrastructure

CODE 
terraform destroy -var-file variables.tfvars
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close