Lab 4 task 1

terraform/.gitignore

@@ -0,0 +1,40 @@
+# Created by https://www.toptal.com/developers/gitignore/api/terraform
+# Edit at https://www.toptal.com/developers/gitignore?templates=terraform
+
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# End of https://www.toptal.com/developers/gitignore/api/terraform

terraform/TF.md

@@ -0,0 +1,176 @@
+# Terraform...
+
+## Terraform applied changes
+
+Output of `terraform apply` on the first application:
+
+```
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with
+the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
+  # docker_container.nginx-server will be created
+  + resource "docker_container" "nginx-server" {
+      + attach                                      = false
+      + bridge                                      = (known after apply)
+      + command                                     = (known after apply)
+      + container_logs                              = (known after apply)
+      + container_read_refresh_timeout_milliseconds = 15000
+      + entrypoint                                  = (known after apply)
+      + env                                         = (known after apply)
+      + exit_code                                   = (known after apply)
+      + hostname                                    = (known after apply)
+      + id                                          = (known after apply)
+      + image                                       = (known after apply)
+      + init                                        = (known after apply)
+      + ipc_mode                                    = (known after apply)
+      + log_driver                                  = (known after apply)
+      + logs                                        = false
+      + must_run                                    = true
+      + name                                        = "nginx-server"
+      + network_data                                = (known after apply)
+      + read_only                                   = false
+      + remove_volumes                              = true
+      + restart                                     = "no"
+      + rm                                          = true
+      + runtime                                     = (known after apply)
+      + security_opts                               = (known after apply)
+      + shm_size                                    = (known after apply)
+      + start                                       = true
+      + stdin_open                                  = false
+      + stop_signal                                 = (known after apply)
+      + stop_timeout                                = (known after apply)
+      + tty                                         = false
+      + wait                                        = false
+      + wait_timeout                                = 60
+
+      + ports {
+          + external = 4321
+          + internal = 80
+          + ip       = "0.0.0.0"
+          + protocol = "tcp"
+        }
+    }
+
+  # docker_image.nginx will be created
+  + resource "docker_image" "nginx" {
+      + id           = (known after apply)
+      + image_id     = (known after apply)
+      + keep_locally = false
+      + name         = "nginx:latest"
+      + repo_digest  = (known after apply)
+    }
+
+Plan: 2 to add, 0 to change, 0 to destroy.
+
+Do you want to perform these actions?
+  Terraform will perform the actions described above.
+  Only 'yes' will be accepted to approve.
+
+  Enter a value: yes
+
+docker_image.nginx: Creating...
+docker_image.nginx: Still creating... [10s elapsed]
+docker_image.nginx: Still creating... [20s elapsed]
+docker_image.nginx: Still creating... [30s elapsed]
+docker_image.nginx: Creation complete after 32s [id=sha256:e4720093a3c1381245b53a5a51b417963b3c4472d3f47fc301930a4f3b17666anginx:latest]
+docker_container.nginx-server: Creating...
+docker_container.nginx-server: Creation complete after 1s [id=cb7069e2b267f455ed2e593fa78f6d2d030157d46da5b5bd873cccc0af36e1f4]
+
+Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
+```
+
+Note that since then there were some changes, such as an input variable for the container name,
+changes to image and container configuration.
+
+## Terraform state
+
+```
+$ terraform state list
+docker_container.nginx-server
+docker_image.nginx
+$ terraform state show docker_container.nginx-server
+# docker_container.nginx-server:
+resource "docker_container" "nginx-server" {
+    attach                                      = false
+    command                                     = [
+        "nginx",
+        "-g",
+        "daemon off;",
+    ]
+    container_read_refresh_timeout_milliseconds = 15000
+    cpu_shares                                  = 0
+    entrypoint                                  = [
+        "/docker-entrypoint.sh",
+    ]
+    env                                         = []
+    hostname                                    = "cb7069e2b267"
+    id                                          = "cb7069e2b267f455ed2e593fa78f6d2d030157d46da5b5bd873cccc0af36e1f4"
+    image                                       = "sha256:e4720093a3c1381245b53a5a51b417963b3c4472d3f47fc301930a4f3b17666a"
+    init                                        = false
+    ipc_mode                                    = "private"
+    log_driver                                  = "json-file"
+    logs                                        = false
+    max_retry_count                             = 0
+    memory                                      = 0
+    memory_swap                                 = 0
+    must_run                                    = true
+    name                                        = "nginx-server"
+    network_data                                = [
+        {
+            gateway                   = "172.17.0.1"
+            global_ipv6_address       = ""
+            global_ipv6_prefix_length = 0
+            ip_address                = "172.17.0.2"
+            ip_prefix_length          = 16
+            ipv6_gateway              = ""
+            mac_address               = "02:42:ac:11:00:02"
+            network_name              = "bridge"
+        },
+    ]
+    network_mode                                = "default"
+    privileged                                  = false
+    publish_all_ports                           = false
+    read_only                                   = false
+    remove_volumes                              = true
+    restart                                     = "no"
+    rm                                          = true
+    runtime                                     = "runc"
+    security_opts                               = []
+    shm_size                                    = 64
+    start                                       = true
+    stdin_open                                  = false
+    stop_signal                                 = "SIGQUIT"
+    stop_timeout                                = 0
+    tty                                         = false
+    wait                                        = false
+    wait_timeout                                = 60
+
+    ports {
+        external = 4321
+        internal = 80
+        ip       = "0.0.0.0"
+        protocol = "tcp"
+    }
+}
+$ terraform state show docker_image.nginx
+# docker_image.nginx:
+resource "docker_image" "nginx" {
+    id           = "sha256:e4720093a3c1381245b53a5a51b417963b3c4472d3f47fc301930a4f3b17666anginx:latest"
+    image_id     = "sha256:e4720093a3c1381245b53a5a51b417963b3c4472d3f47fc301930a4f3b17666a"
+    keep_locally = false
+    name         = "nginx:latest"
+    repo_digest  = "nginx@sha256:c26ae7472d624ba1fafd296e73cecc4f93f853088e6a9c13c0d52f6ca5865107"
+}
+$
+```
+
+## Outputs
+
+```
+container_id = "a6ee92fe32d9ba6f0f5f9ebe17e64f7b5bd128f60f781746fa29c90cd3a32512"
+image_id = "sha256:e4720093a3c1381245b53a5a51b417963b3c4472d3f47fc301930a4f3b17666anginx:latest"
+```

terraform/docker/inputs.tf

@@ -0,0 +1,5 @@
+variable "container_name" {
+  description = "Name to give to the docker container"
+  type        = string
+  default     = "unnamed-nginx-server"
+}

terraform/docker/main.tf

@@ -0,0 +1,25 @@
+terraform {
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "~> 3.0.1"
+    }
+  }
+}
+
+provider "docker" {}
+
+resource "docker_image" "nginx" {
+  name         = "nginx:latest"
+  keep_locally = true
+}
+
+resource "docker_container" "nginx-server" {
+  image = docker_image.nginx.image_id
+  name  = var.container_name
+  ports {
+    internal = 80
+    external = 4321
+  }
+  rm = true
+}

terraform/docker/outputs.tf

@@ -0,0 +1,9 @@
+output "container_id" {
+  description = "ID of the docker container"
+  value       = docker_container.nginx-server.id
+}
+
+output "image_id" {
+  description = "ID of the docker image"
+  value       = docker_image.nginx.id
+}

terraform/yandex_cloud/inputs.tf

@@ -0,0 +1,13 @@
+variable "yandex_cloud_id" {
+  type = string
+}
+
+variable "yandex_folder_id" {
+  type = string
+}
+
+variable "yandex_token" {
+  type        = string
+  description = "Obtain at https://oauth.yandex.com/authorize?response_type=token&client_id=1a6990aa636648e9b2ef855fa7bec2fb"
+  sensitive   = true
+}

terraform/yandex_cloud/main.tf

@@ -0,0 +1,64 @@
+terraform {
+  required_providers {
+    yandex = {
+      source  = "yandex-cloud/yandex"
+      version = "0.90.0"
+    }
+  }
+}
+
+provider "yandex" {
+  token     = var.yandex_token
+  cloud_id  = var.yandex_cloud_id
+  folder_id = var.yandex_folder_id
+}
+
+resource "yandex_compute_disk" "boot-disk-1" {
+  name     = "boot-disk-1"
+  type     = "network-hdd"
+  zone     = "ru-central1-a"
+  size     = "20"
+  image_id = "fd8t8vqitgjou20saanq"
+}
+
+resource "yandex_compute_instance" "vm-1" {
+  name = "terraform1"
+  zone = "ru-central1-a"
+
+  resources {
+    cores  = 2
+    memory = 2
+  }
+
+  boot_disk {
+    disk_id = yandex_compute_disk.boot-disk-1.id
+  }
+
+  network_interface {
+    subnet_id = yandex_vpc_subnet.subnet-1.id
+    nat       = true
+  }
+
+  metadata = {
+    ssh-keys = "ubuntu:${file("~/.ssh/id_rsa.pub")}"
+  }
+}
+
+resource "yandex_vpc_network" "network-1" {
+  name = "network1"
+}
+
+resource "yandex_vpc_subnet" "subnet-1" {
+  name           = "subnet1"
+  zone           = "ru-central1-a"
+  network_id     = yandex_vpc_network.network-1.id
+  v4_cidr_blocks = ["192.168.10.0/24"]
+}
+
+output "internal_ip_address_vm1" {
+  value = yandex_compute_instance.vm-1.network_interface.0.ip_address
+}
+
+output "external_ip_address_vm1" {
+  value = yandex_compute_instance.vm-1.network_interface.0.nat_ip_address
+}