diff --git a/src/homework/15-cloud-providers/15.2/readme.md b/src/homework/15-cloud-providers/15.2/readme.md index a2d58e7..486eb1f 100644 --- a/src/homework/15-cloud-providers/15.2/readme.md +++ b/src/homework/15-cloud-providers/15.2/readme.md @@ -24,7 +24,7 @@ ```terraform resource "yandex_iam_service_account" "os-service-account" { - name = "s3-service-account" + name = "os-service-account" } ``` @@ -87,19 +87,89 @@ resource "yandex_storage_object" "cute-cat-picture" { > 2. Создать группу ВМ в public подсети фиксированного размера с шаблоном LAMP и web-страничкой, содержащей ссылку на картинку из bucket: > - Создать Instance Group с 3 ВМ и шаблоном LAMP. Для LAMP рекомендуется использовать `image_id = fd827b91d99psvq5fjit`; -// todo +Для создания виртуальных машин будет использовано описание объекта [yandex_compute_instance_group](./terraform/lamp.tf). +Основные моменты: + +* Объявление, что в группе будет находиться ровно 3 виртуальные машины + + ```terraform + # inside os-lamp-group + scale_policy { + fixed_scale { + size = 3 + } + } + ``` + +* Для подключения группы к подсети необходимо, чтобы сервисному аккаунту была назначена роль `vpc.user`: + + ```terraform + resource "yandex_resourcemanager_folder_iam_member" "os-vpc-user" { + folder_id = var.yandex_folder_id + role = "vpc.user" + member = "serviceAccount:${yandex_iam_service_account.os-service-account.id}" + } + ``` + +* Для создания виртуальных маши необходимо, чтобы сервисному аккаунту была назначена роль `editor`: + +```terraform +resource "yandex_resourcemanager_folder_iam_member" "os-global-editor" { + folder_id = var.yandex_folder_id + role = "editor" + member = "serviceAccount:${yandex_iam_service_account.os-service-account.id}" +} +``` > - Для создания стартовой веб-страницы рекомендуется использовать раздел `user_data` в [meta_data](https://cloud.yandex.ru/docs/compute/concepts/vm-metadata); - -// todo - > - Разместить в стартовой веб-странице шаблонной ВМ ссылку на картинку из bucket; -// todo +В описании ключа `user_data` используется нотация [`cloud-init`](https://cloudinit.readthedocs.io/en/latest/reference/examples.html). +Таким образом, для начала необходимо создать файл конфигурации [cloud-config.yaml](./terraform/cloud-config.yaml) с содержимым: + +```yaml +--- +write_files: + - content: | + + + ... + + path: "/var/www/html/index.html" + owner: ubuntu:www-data + permissions: '0774' +``` + +Здесь в content расположено содержимое html-файла, которое будет показано при запросе к web-серверу. + +Затем, необходимо добавить чтение данного файла: + +```terraform +# inside os-lamp-group.instance_template +metadata = { + user-data = file("./cloud-config.yaml") +} +``` + +// TODO `[PERMISSION_DENIED] Permission denied to folder b1gktcsaacdrp521naiv, folder b1gktcsaacdrp521naiv` > - Настроить проверку состояния ВМ. -// todo +Для настройки проверки состояния ВМ необходимо в конфигурацию группы добавить объект `healthcheck`: + +```terraform +# inside os-lamp-group +health_check { + interval = 5 + timeout = 3 + healthy_threshold = 2 + unhealthy_threshold = 2 + http_options { + path = "/index.html" + port = 80 + } +} +``` > 3. Подключить группу к сетевому балансировщику: > - Создать сетевой балансировщик; diff --git a/src/homework/15-cloud-providers/15.2/terraform/cloud-config.yaml b/src/homework/15-cloud-providers/15.2/terraform/cloud-config.yaml new file mode 100644 index 0000000..678b063 --- /dev/null +++ b/src/homework/15-cloud-providers/15.2/terraform/cloud-config.yaml @@ -0,0 +1,23 @@ +--- +write_files: + - content: | + + + + + Cute cat image test + + +

You can see cute cat below

+
+ cute-cat +
+ + + path: "/var/www/html/index.html" + owner: ubuntu:www-data + permissions: '0774' diff --git a/src/homework/15-cloud-providers/15.2/terraform/lamp.tf b/src/homework/15-cloud-providers/15.2/terraform/lamp.tf new file mode 100644 index 0000000..a66f9cf --- /dev/null +++ b/src/homework/15-cloud-providers/15.2/terraform/lamp.tf @@ -0,0 +1,73 @@ +// Назначение ролей сервисному аккаунту +resource "yandex_resourcemanager_folder_iam_member" "os-vpc-user" { + folder_id = var.yandex_folder_id + role = "vpc.user" + member = "serviceAccount:${yandex_iam_service_account.os-service-account.id}" +} + +resource "yandex_resourcemanager_folder_iam_member" "os-global-editor" { + folder_id = var.yandex_folder_id + role = "editor" + member = "serviceAccount:${yandex_iam_service_account.os-service-account.id}" +} + +resource "yandex_compute_instance_group" "os-lamp-group" { + name = "os-lamp-group" + service_account_id = yandex_iam_service_account.os-service-account.id + deletion_protection = false + + allocation_policy { + zones = ["ru-central1-a"] + } + + deploy_policy { + max_expansion = 0 + max_unavailable = 1 + } + + scale_policy { + fixed_scale { + size = 3 + } + } + + instance_template { + boot_disk { + initialize_params { + image_id = "fd827b91d99psvq5fjit" # lamp-1579613975 + size = "10" + } + } + + network_interface { + subnet_ids = [yandex_vpc_subnet.os-subnet.id] + } + + resources { + cores = 2 + memory = 2 + } + + metadata = { + ssh-keys = "ubuntu:${file("~/.ssh/id_rsa.pub")}" + user-data = file("./cloud-config.yaml") + } + } + + health_check { + interval = 5 + timeout = 3 + healthy_threshold = 2 + unhealthy_threshold = 2 + http_options { + path = "/index.html" + port = 80 + } + } +} + +output "ips" { + value = { + internalLamp = yandex_compute_instance_group.os-lamp-group.instances.*.network_interface.0.ip_address + } +} diff --git a/src/homework/15-cloud-providers/15.2/terraform/main.tf b/src/homework/15-cloud-providers/15.2/terraform/main.tf index b77a792..f09fc61 100644 --- a/src/homework/15-cloud-providers/15.2/terraform/main.tf +++ b/src/homework/15-cloud-providers/15.2/terraform/main.tf @@ -14,57 +14,17 @@ provider "yandex" { zone = "ru-central1-a" } +resource "yandex_vpc_network" "os-network" { + name = "os-network" +} + +resource "yandex_vpc_subnet" "os-subnet" { + name = "os-subnet" + zone = "ru-central1-a" + network_id = yandex_vpc_network.os-network.id + v4_cidr_blocks = ["192.168.10.0/24"] +} + resource "yandex_iam_service_account" "os-service-account" { - name = "s3-service-account" + name = "os-service-account" } - -// Назначение роли сервисному аккаунту -resource "yandex_resourcemanager_folder_iam_member" "os-editor" { - folder_id = var.yandex_folder_id - role = "storage.editor" - member = "serviceAccount:${yandex_iam_service_account.os-service-account.id}" -} - -// Создание статического ключа доступа -resource "yandex_iam_service_account_static_access_key" "os-static-key" { - service_account_id = yandex_iam_service_account.os-service-account.id - description = "static access key for object storage" -} - -// Создание бакета с использованием ключа -resource "yandex_storage_bucket" "os-netology-bucket" { - access_key = yandex_iam_service_account_static_access_key.os-static-key.access_key - secret_key = yandex_iam_service_account_static_access_key.os-static-key.secret_key - bucket = "os-netology-bucket" - - anonymous_access_flags { - read = true - list = false - } -} - -resource "yandex_storage_object" "cute-cat-picture" { - bucket = yandex_storage_bucket.os-netology-bucket.bucket - access_key = yandex_iam_service_account_static_access_key.os-static-key.access_key - secret_key = yandex_iam_service_account_static_access_key.os-static-key.secret_key - key = "cute-cat" - source = "./static/cute_cat.jpg" - content_type = "image/jpg" - acl = "public-read" -} - -output "os" { - value = { - "staticUrl": "https://${yandex_storage_bucket.os-netology-bucket.bucket}.storage.yandexcloud.net/${yandex_storage_object.cute-cat-picture.key}" - } -} - -#resource "yandex_vpc_network" "network-vpc" { -# name = "network-vpc" -#} - -#output "ips" { -# value = { -# -# } -#} diff --git a/src/homework/15-cloud-providers/15.2/terraform/object_storage.tf b/src/homework/15-cloud-providers/15.2/terraform/object_storage.tf new file mode 100644 index 0000000..5dcef58 --- /dev/null +++ b/src/homework/15-cloud-providers/15.2/terraform/object_storage.tf @@ -0,0 +1,40 @@ +// Назначение роли сервисному аккаунту +resource "yandex_resourcemanager_folder_iam_member" "os-editor" { + folder_id = var.yandex_folder_id + role = "storage.editor" + member = "serviceAccount:${yandex_iam_service_account.os-service-account.id}" +} + +// Создание статического ключа доступа +resource "yandex_iam_service_account_static_access_key" "os-static-key" { + service_account_id = yandex_iam_service_account.os-service-account.id + description = "static access key for object storage" +} + +// Создание бакета с использованием ключа +resource "yandex_storage_bucket" "os-netology-bucket" { + access_key = yandex_iam_service_account_static_access_key.os-static-key.access_key + secret_key = yandex_iam_service_account_static_access_key.os-static-key.secret_key + bucket = "os-netology-bucket" + + anonymous_access_flags { + read = true + list = false + } +} + +resource "yandex_storage_object" "cute-cat-picture" { + bucket = yandex_storage_bucket.os-netology-bucket.bucket + access_key = yandex_iam_service_account_static_access_key.os-static-key.access_key + secret_key = yandex_iam_service_account_static_access_key.os-static-key.secret_key + key = "cute-cat" + source = "./static/cute_cat.jpg" + content_type = "image/jpg" + acl = "public-read" +} + +output "os" { + value = { + "staticUrl": "https://${yandex_storage_bucket.os-netology-bucket.bucket}.storage.yandexcloud.net/${yandex_storage_object.cute-cat-picture.key}" + } +}