![[NCP] Terraform을 활용한 NCP(VPC) - Server(2), LB(1), Auto scaling Group(1), NAS(1) 구성](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FkKHuE%2FbtrdInH2a6o%2FJkDSJW19tUrEkGSw9Mxp41%2Fimg.png)
728x90
반응형
개요
Terraform을 활용에 VPC버전에서 NCP의 Server, LB , NAS 생성과 Server에는 Apache를 설치하는 코드입니다. NAS는 생성과 동시에 mount를 하여 서버접속시 바로 이용할 수 있을 수 있습니다. 아키텍처는 다음과 같습니다.
[main.tf]
provider "ncloud" {
support_vpc = true
access_key = var.access_key
secret_key = var.secret_key
region = var.region
}
resource "ncloud_login_key" "key" {
key_name = var.login_key_name
}
data "ncloud_root_password" "rootpwd" {
count = "2"
server_instance_no = ncloud_server.server[count.index].id
private_key = ncloud_login_key.key.private_key
}
data "ncloud_vpc" "selected" {
id = "7917"
}
resource "ncloud_network_acl" "nacl" {
vpc_no = data.ncloud_vpc.selected.id
name = "terr-acl"
description = "for test"
}
resource "ncloud_subnet" "subnet" {
count = "2"
vpc_no = data.ncloud_vpc.selected.id
subnet = var.subnets[count.index]
zone = var.zones
network_acl_no = ncloud_network_acl.nacl.id
subnet_type = var.subnet_types[count.index]
name = var.subnet_names[count.index]
usage_type = var.subnet_usage[count.index]
}
resource "ncloud_init_script" "init" {
name = "httpd-install"
content = "#!/bin/bash\nyum -y install httpd\nsystemctl enable --now httpd\necho $HOSTNAME >> /var/www/html/index.html"
}
resource "ncloud_access_control_group" "acg" {
name = "terra-acg"
description = "description"
vpc_no = data.ncloud_vpc.selected.id
}
resource "ncloud_access_control_group_rule" "acg-rule" {
access_control_group_no = ncloud_access_control_group.acg.id
inbound {
protocol = "TCP"
ip_block = "0.0.0.0/0"
port_range = "22"
description = "accept 22 port"
}
inbound {
protocol = "TCP"
ip_block = "0.0.0.0/0"
port_range = "80"
description = "accept 80 port"
}
outbound {
protocol = "TCP"
ip_block = "0.0.0.0/0"
port_range = "1-65535"
description = "accept 1-65535 port"
}
}
resource "ncloud_network_interface" "nic" {
count = "2"
name = "terra-nic-${count.index+1}"
subnet_no = ncloud_subnet.subnet[0].id
private_ip = var.ni_pi[count.index]
access_control_groups = [ncloud_access_control_group.acg.id]
}
resource "ncloud_server" "server" {
count = "2"
subnet_no = ncloud_subnet.subnet[0].id
name = "ncloud-terraform-test-vm-${count.index+1}"
server_image_product_code = var.server_image_product_code
server_product_code = var.server_product_code
description = "terraform-vm-${count.index+1} is best tip!!"
login_key_name = ncloud_login_key.key.key_name
init_script_no = ncloud_init_script.init.id
network_interface {
network_interface_no = ncloud_network_interface.nic[count.index].id
order = 0
}
}
resource "ncloud_public_ip" "pi" {
count = "2"
server_instance_no = ncloud_server.server[count.index].id
description = "terra-IP"
}
resource "ncloud_nas_volume" "nas" {
volume_name_postfix = var.nasname
volume_size = "500"
volume_allotment_protocol_type = "NFS"
server_instance_no_list = [ncloud_server.server[0].id, ncloud_server.server[1].id]
}
#LB Targetgroup
resource "ncloud_lb_target_group" "tg" {
name = "terra-tg"
vpc_no = data.ncloud_vpc.selected.id
protocol = "HTTP"
target_type = "VSVR"
port = 80
description = "for test"
health_check {
protocol = "HTTP"
http_method = "GET"
port = 80
url_path = "/"
cycle = 30
up_threshold = 2
down_threshold = 2
}
algorithm_type = "RR"
}
#LB targetgorup attachment
resource "ncloud_lb_target_group_attachment" "att" {
target_group_no = ncloud_lb_target_group.tg.id
target_no_list = [ncloud_server.server[0].id, ncloud_server.server[1].id]
}
#LB
resource "ncloud_lb" "lb" {
name = "jslee-LB"
network_type = "PUBLIC"
type = "APPLICATION"
subnet_no_list = [ncloud_subnet.subnet[1].id]
}
resource "ncloud_lb_listener" "listener" {
load_balancer_no = ncloud_lb.lb.id
protocol = "HTTP"
port = 80
target_group_no = ncloud_lb_target_group.tg.id
}
#Auto scaling - launch_configuration
resource "ncloud_launch_configuration" "lc" {
name = "jslee-lc"
server_image_product_code = var.server_image_product_code
server_product_code = var.server_product_code
login_key_name = var.login_key_name
init_script_no = ncloud_init_script.init.id
}
#Auto scaling - auto_scaling_group
resource "ncloud_auto_scaling_group" "asg" {
name = "jslee-acg"
subnet_no = ncloud_subnet.subnet[0].id
access_control_group_no_list = [ncloud_access_control_group.acg.id]
launch_configuration_no = ncloud_launch_configuration.lc.id
min_size = 0
desired_capacity = 0
max_size = 3
target_group_list = [ncloud_lb_target_group.tg.target_group_no]
default_cooldown = "300"
health_check_type_code = "LOADB"
health_check_grace_period = "300"
wait_for_capacity_timeout = "0"
}
#auto_scaling_policy
resource "ncloud_auto_scaling_policy" "policy" {
count = "2"
name = var.auto_scaling_policy_name[count.index]
adjustment_type_code = "CHANG"
scaling_adjustment = var.scaling_adjustment[count.index]
auto_scaling_group_no = ncloud_auto_scaling_group.asg.auto_scaling_group_no
}
resource "null_resource" "ssh" {
count = "2"
connection {
type = "ssh"
host = ncloud_public_ip.pi[count.index].public_ip
user = "root"
port = 22
password = data.ncloud_root_password.rootpwd[count.index].root_password
}
provisioner "remote-exec" {
script = "./mount.sh"
}
provisioner "remote-exec" {
inline = [
"echo 'redhat' | passwd --stdin root",
"mount -t nfs ${var.nasserver}:/${ncloud_nas_volume.nas.name} /mnt/nas" ,
"df -h",
]
}
}
[variables.tf]
variable "access_key" { # export TF_VAR_access_key=...
default =
}
variable "secret_key" { # export TF_VAR_secret_key=...
default = "
}
variable "region" {
default = "KR"
}
variable "zones" {
default = "KR-2"
}
# centos- 7.3-64
variable "server_image_product_code" {
default = "SW.VSVR.OS.LNX64.CNTOS.0703.B050"
}
# HDD : CPU 2 ,Memory 4GB , Disk 50GB
variable "server_product_code" {
default = "SVR.VSVR.HICPU.C002.M004.NET.HDD.B050.G002"
}
variable "login_key_name" {
default = "terra-key"
}
variable "auto_scaling_policy_name" {
type = list
default = ["increase-policy", "decrease-policy"]
}
variable "scaling_adjustment" {
type = list
default = ["1", "-1"]
}
variable "subnets" {
type = list
default = ["192.168.20.0/24" , "192.168.30.0/24"]
}
variable "subnet_types" {
type = list
default = ["PUBLIC" , "PRIVATE"]
}
variable "subnet_names" {
type = list
default = ["terra-dev-pub" , "terra-dev-pri"]
}
variable "subnet_usage" {
type = list
default = ["GEN" , "LOADB"]
}
variable "ni_pi" {
type = list
default = ["192.168.20.6" , "192.168.20.7"]
}
variable "nasname" {
type = string
default = "jslee"
}
variable "nasserver" {
type = string
default = "169.254.82.80"
}
[version.tf]
terraform {
required_version = ">= 0.13"
required_providers {
ncloud = {
source = "terraform-providers/ncloud"
}
null = {
source = "hashicorp/null"
}
random = {
source = "hashicorp/random"
}
}
}
[mount.sh]
#!/bin/bash
yum -y install nfs-utils
systemctl start rpcbind.service
systemctl enable rpcbind.service
mkdir /mnt/nas
*확인 사항
- nasserver IP는 mount할 때 필요하기 때문에 NAS 생성을 해본 후 NAS IP를 변수파일에 적는 식으로 하였다.
- VPC에서 Server를 생성할 때 ACG를 지정해주고 싶으면, 먼저 NIC를 생성하고 NIC에 ACG를 붙인 후 그 NIC를 Server에 지정해주는 방법 밖에 없는 것 같다.
- Auto Scaling Group을 생성할 때 Target Group으로 지정해줘야 한다. 즉 Target Group 먼저 생성한 후, Autoscaling을 생성한다. (LB또한 마찬가지다.)
*참고
https://github.com/NaverCloudPlatform/terraform-provider-ncloud/tree/master/docs
GitHub - NaverCloudPlatform/terraform-provider-ncloud: Terraform NaverCloud provider
Terraform NaverCloud provider. Contribute to NaverCloudPlatform/terraform-provider-ncloud development by creating an account on GitHub.
github.com
728x90
728x90
'DevOps > Terraform' 카테고리의 다른 글
| [NCP] Terraform - 여러 유사한 개체 생성할 때 인수(count, for_each 인수) (0) | 2022.07.27 |
|---|---|
| [NCP] Terraform - time_sleep(sleep걸기) 사용 (0) | 2022.07.14 |
| [NCP] Terraform을 활용한 NCP (Classic) - Server (2), LB(1) 구성 (0) | 2021.08.31 |
| [NCP] Terraform에서 apply 할 시, Status: 500 Internal Server Error 오류 (1) | 2021.08.30 |
| Terraform의 provisioner(프로비저너)란? (1) | 2021.08.30 |