From 232ec45aecd6283f680a065fe9f83f8c813101f3 Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Tue, 24 May 2022 13:37:13 +0200
Subject: [PATCH] example for three hosts behind LB

---
 README.md                                  |  4 ++-
 three-web-hosts/.terraform.lock.hcl        | 24 ++++++++++++++++
 three-web-hosts/README.md                  |  5 ++++
 three-web-hosts/firewall.tf                | 33 ++++++++++++++++++++++
 three-web-hosts/loadbalancer.tf            | 24 ++++++++++++++++
 three-web-hosts/network.tf                 | 17 +++++++++++
 three-web-hosts/output.tf                  | 20 +++++++++++++
 three-web-hosts/provider.tf                |  3 ++
 three-web-hosts/secret.auto.tfvars.example |  1 +
 three-web-hosts/server.tf                  | 14 +++++++++
 three-web-hosts/ssh.tf                     |  4 +++
 three-web-hosts/terraform.tf               | 10 +++++++
 three-web-hosts/user-data.yaml.tpl         | 18 ++++++++++++
 three-web-hosts/variables.tf               | 24 ++++++++++++++++
 14 files changed, 200 insertions(+), 1 deletion(-)
 create mode 100644 three-web-hosts/.terraform.lock.hcl
 create mode 100644 three-web-hosts/README.md
 create mode 100644 three-web-hosts/firewall.tf
 create mode 100644 three-web-hosts/loadbalancer.tf
 create mode 100644 three-web-hosts/network.tf
 create mode 100644 three-web-hosts/output.tf
 create mode 100644 three-web-hosts/provider.tf
 create mode 100644 three-web-hosts/secret.auto.tfvars.example
 create mode 100644 three-web-hosts/server.tf
 create mode 100644 three-web-hosts/ssh.tf
 create mode 100644 three-web-hosts/terraform.tf
 create mode 100644 three-web-hosts/user-data.yaml.tpl
 create mode 100644 three-web-hosts/variables.tf

diff --git a/README.md b/README.md
index 6f304ec..99fd66c 100644
--- a/README.md
+++ b/README.md
@@ -14,4 +14,6 @@
 
 ## terraform templates
 
-`single-host/` contains play for a simple test VM
+`single-host/` contains templates for a simple test VM
+
+`three-web-hosts/`  contains templates for three webservers behind a load balancer
diff --git a/three-web-hosts/.terraform.lock.hcl b/three-web-hosts/.terraform.lock.hcl
new file mode 100644
index 0000000..4b0f544
--- /dev/null
+++ b/three-web-hosts/.terraform.lock.hcl
@@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hetznercloud/hcloud" {
+  version     = "1.33.2"
+  constraints = "1.33.2"
+  hashes = [
+    "h1:3Hx8p9LbcnHfBhy3nT7+unlc5rwkiSZjLt9SVQOSpB8=",
+    "zh:0a5d0f332d7dfe77fa27301094af98a185aabfb9f56d71b81936e03211e4d66f",
+    "zh:0e047859ee7296f335881933ccf8ce8c07aa47bef56d5449a81b85a2d9dac93a",
+    "zh:1d3d0896f518df9e245c3207ed231e528f5dcfe628508e7c3ceba4a2bfefaa7a",
+    "zh:1d7a31c8c490512896ce327ab220e950f1a2e30ee83cc2e58e69bbbfbbb87e72",
+    "zh:67cbb2492683cb22f6c54f26bee72aec140c8dd2d0881b2815d2ef80959fc751",
+    "zh:771062815e662979204ac2dc91c34c893f27670d67e02370e48124483d3c9838",
+    "zh:957ebb146898cd059c0cc8b4c32e574b61041d8b6a11cd854b3cc1d3baaeb3a9",
+    "zh:95dbd8634000b979213cb97b5d869cad78299ac994d0665d150c8dafc1390429",
+    "zh:a21b22b2e9d835e1b8b3b7e0b41a4d199171d62e9e9be78c444c700e96b31316",
+    "zh:aead1ba50640a51f20d574374f2c6065d9bfa4eea5ef044d1475873c33e58239",
+    "zh:cefabd0a78af40ea5cd08e1ca436c753df9b1c6496eb27281b755a2de1f167ab",
+    "zh:d98cffc5206b9a7550a23e13031a6f53566bd1ed3bf65314bc55ef12404d49ce",
+    "zh:dddaaf95b6aba701153659feff12c7bce6acc78362cb5ff8321a1a1cbf780cd9",
+    "zh:fd662b483250326a1bfbe5684c22c5083955a43e0773347eea35cd4c2cfe700e",
+  ]
+}
diff --git a/three-web-hosts/README.md b/three-web-hosts/README.md
new file mode 100644
index 0000000..8389765
--- /dev/null
+++ b/three-web-hosts/README.md
@@ -0,0 +1,5 @@
+# Sets up three web servers behind a load balancer
+
+* Copy secret.auto.tfvars.example to secret.auto.tfvars
+* Set up your API key in secret.auto.tfvars
+* `terraform init` && `terraform plan` && `terraform apply`
diff --git a/three-web-hosts/firewall.tf b/three-web-hosts/firewall.tf
new file mode 100644
index 0000000..d1317b5
--- /dev/null
+++ b/three-web-hosts/firewall.tf
@@ -0,0 +1,33 @@
+resource "hcloud_firewall" "single-firewall" {
+  name = "single-firewall"
+  rule {
+    direction = "in"
+    protocol  = "icmp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "22"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "80"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+}
+
diff --git a/three-web-hosts/loadbalancer.tf b/three-web-hosts/loadbalancer.tf
new file mode 100644
index 0000000..3cfd4b2
--- /dev/null
+++ b/three-web-hosts/loadbalancer.tf
@@ -0,0 +1,24 @@
+resource "hcloud_load_balancer" "three_web_load_balancer" {
+  name               = "three-web-load-balancer"
+  load_balancer_type = "lb11"
+  location           = var.location
+}
+
+resource "hcloud_load_balancer_network" "three_web_load_balancer_network" {
+  load_balancer_id = hcloud_load_balancer.three_web_load_balancer.id
+  subnet_id        = hcloud_network_subnet.three_web_private_subnet.id
+}
+
+resource "hcloud_load_balancer_target" "three_web_load_balancer_target" {
+  type             = "label_selector"
+  load_balancer_id = hcloud_load_balancer.three_web_load_balancer.id
+  label_selector   = "type=web"
+  use_private_ip   = true
+}
+
+resource "hcloud_load_balancer_service" "load_balancer_service" {
+    load_balancer_id = hcloud_load_balancer.three_web_load_balancer.id
+    protocol         = "http"
+    listen_port      = 80
+    destination_port = 80
+}
diff --git a/three-web-hosts/network.tf b/three-web-hosts/network.tf
new file mode 100644
index 0000000..7cb9b31
--- /dev/null
+++ b/three-web-hosts/network.tf
@@ -0,0 +1,17 @@
+resource "hcloud_network" "three_web_private" {
+  name     = "three_web_private"
+  ip_range = var.ip_range
+}
+
+resource "hcloud_server_network" "three_web_network" {
+  count     = var.instance_count
+  server_id = hcloud_server.web-server[count.index].id
+  subnet_id = hcloud_network_subnet.three_web_private_subnet.id
+}
+
+resource "hcloud_network_subnet" "three_web_private_subnet" {
+  network_id   = hcloud_network.three_web_private.id
+  type         = "cloud"
+  network_zone = "eu-central"
+  ip_range     = var.ip_range
+}
diff --git a/three-web-hosts/output.tf b/three-web-hosts/output.tf
new file mode 100644
index 0000000..cdbbf55
--- /dev/null
+++ b/three-web-hosts/output.tf
@@ -0,0 +1,20 @@
+output "lb_ip" {
+  description = "Load balancer IP address"
+  value = hcloud_load_balancer.three_web_load_balancer.ipv6
+}
+
+output "web_ips" {
+  description = "Test VM IP"
+  value = {
+    for server in hcloud_server.web-server :
+    server.name => server.ipv6_address
+  }
+}
+
+output "web_ipv4" {
+  description = "Test VM legacy IP"
+  value = {
+    for server in hcloud_server.web-server :
+    server.name => server.ipv4_address
+  }
+}
diff --git a/three-web-hosts/provider.tf b/three-web-hosts/provider.tf
new file mode 100644
index 0000000..d6551da
--- /dev/null
+++ b/three-web-hosts/provider.tf
@@ -0,0 +1,3 @@
+provider "hcloud" {
+  token   = var.hcloud_token
+}
diff --git a/three-web-hosts/secret.auto.tfvars.example b/three-web-hosts/secret.auto.tfvars.example
new file mode 100644
index 0000000..476433a
--- /dev/null
+++ b/three-web-hosts/secret.auto.tfvars.example
@@ -0,0 +1 @@
+hcloud_token = "tokitoki"
diff --git a/three-web-hosts/server.tf b/three-web-hosts/server.tf
new file mode 100644
index 0000000..3835d30
--- /dev/null
+++ b/three-web-hosts/server.tf
@@ -0,0 +1,14 @@
+resource "hcloud_server" "web-server" {
+  count       = var.instance_count
+  name        = "web-server-${count.index}"
+  image       = var.os_type
+  server_type = var.server_type
+  location    = var.location
+  labels      = {
+    type = "web"
+  }
+  ssh_keys    = [hcloud_ssh_key.default.id]
+  user_data   = templatefile("user-data.yaml.tpl",
+    {ssh_pubkey = file("../ssh-terraform-hetzner.pub")})
+  firewall_ids = [hcloud_firewall.single-firewall.id]
+}
diff --git a/three-web-hosts/ssh.tf b/three-web-hosts/ssh.tf
new file mode 100644
index 0000000..adb5056
--- /dev/null
+++ b/three-web-hosts/ssh.tf
@@ -0,0 +1,4 @@
+resource "hcloud_ssh_key" "default" {
+  name       = "terraform"
+  public_key = file("../ssh-terraform-hetzner.pub")
+}
diff --git a/three-web-hosts/terraform.tf b/three-web-hosts/terraform.tf
new file mode 100644
index 0000000..0085e70
--- /dev/null
+++ b/three-web-hosts/terraform.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "1.33.2"
+    }
+  }
+
+  required_version = ">= 1.1"
+}
diff --git a/three-web-hosts/user-data.yaml.tpl b/three-web-hosts/user-data.yaml.tpl
new file mode 100644
index 0000000..0710a37
--- /dev/null
+++ b/three-web-hosts/user-data.yaml.tpl
@@ -0,0 +1,18 @@
+#cloud-config
+users:
+  - name: "ansible"
+    groups: ["sudo"]
+    sudo: "ALL=(ALL) NOPASSWD:ALL"
+    shell: "/bin/bash"
+    ssh_authorized_keys:
+      - "${ssh_pubkey}"
+
+packages:
+  - nginx
+
+package_update: true
+package_upgrade: true
+
+runcmd:
+  - systemctl enable --now nginx
+  - echo "<h1>terraformed</h1>\nthis is $(hostname)" > /var/www/html/index.html
diff --git a/three-web-hosts/variables.tf b/three-web-hosts/variables.tf
new file mode 100644
index 0000000..6c89a44
--- /dev/null
+++ b/three-web-hosts/variables.tf
@@ -0,0 +1,24 @@
+variable "hcloud_token" {
+  sensitive = true
+  # default = <defined in secret.auto.tfvars>
+}
+
+variable "location" {
+  default = "nbg1"
+}
+
+variable "server_type" {
+  default = "cx11"
+}
+
+variable "os_type" {
+  default = "debian-11"
+}
+
+variable "instance_count" {
+  default = 3
+}
+
+variable "ip_range" {
+  default = "10.0.30.0/24"
+}