variables
Declaro una variable en tf como:
variable "ami_id" {
description = "ID de la AMI"
default = "ami-XXXX"
}
La implemento en el recurso:
resource "aws_instance" "nginx-server" {
ami = var.ami_id
}
En otro archivo de variables le doy un valor
ami_id = "ami-0440d3b780d96b29d"
Ejemplo
Definimos las variables:
variable "image_id" {
description = "ID de la imagen de la vm"
default = "ubuntu-minimal-2210-kinetic-amd64-v20230126"
}
variable "instance_type" {
description = "Tipo de instancia en GCE"
default = "n1-standard-1"
}
variable "server_name" {
description = "Nombre del servidor web"
default = "webserver"
}
variable "environment" {
description = "Ambiente"
default = "test"
}
Implementamos las variables en main.tf
resource "google_compute_instance" "nginx-server" {
project = "sils-keeper-infra"
name = var.server_name
machine_type = var.instance_type
zone = "us-central1-a"
tags = ["nginx", "http-server"]
labels = {
environment = var.environment
owner = "julian_sanchez"
team = "sre"
project = "sils-keeper-infra"
}
boot_disk {
initialize_params {
image = var.image_id
}
}
network_interface {
network = "default"
access_config {}
}
metadata_startup_script = <<EOF
#!/bin/bash
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
| sudo tee /etc/apt/preferences.d/99nginx
sudo apt update
sudo apt install nginx
sudo systemctl enable nginx
sudo systemctl start nginx
EOF
metadata = {
ssh-keys = "${var.server_name}-ssh: ${file("nginx-server.key.pub")}"
}
}
output "public_ip" {
description = "Dirección IP pública de la instancia GCP"
value = google_compute_instance.nginx-server.network_interface[0].access_config[0].nat_ip
}
resource "google_compute_firewall" "ssh" {
name = "allow-ssh"
project = "sils-keeper-infra"
description = "Allow SSH for DevOps team ${var.description}"
allow {
ports = ["22"]
protocol = "tcp"
}
direction = "INGRESS"
network = "default"
priority = 1000
source_ranges = ["0.0.0.0/0"]
target_tags = ["nginx"]
}
resource "google_compute_firewall" "http" {
name = "allow-http"
project = "sils-keeper-infra"
description = "Allow HTTP for DevOps team ${var.description}"
allow {
ports = ["80"]
protocol = "tcp"
}
direction = "INGRESS"
network = "default"
priority = 1000
source_ranges = ["0.0.0.0/0"]
target_tags = ["nginx"]
}
resource "google_compute_firewall" "nginx-egress-all" {
name = "nginx-egress-all"
project = "sils-keeper-infra"
network = "default"
direction = "EGRESS"
allow {
protocol = "all"
}
destination_ranges = ["0.0.0.0/0"]
description = "Allow all outbound traffic ${var.description}"
target_tags = ["nginx"]
}
variable "image_id" {
description = "ID de la imagen de la vm"
default = "ubuntu-minimal-2210-kinetic-amd64-v20230126"
}
variable "instance_type" {
description = "Tipo de instancia en GCE"
default = "n1-standard-1"
}
variable "server_name" {
description = "Nombre del servidor web"
default = "nginx-server"
}
variable "environment" {
description = "Ambiente"
default = "test"
}
variable "description" {
description = "tags de descripción del ownership"
default = "- env: test, owner: julian sanchez"
}
terraform planterraform apply- Limpiamos con
terraform destroy