diff --git a/app.tf b/app.tf new file mode 100644 index 00000000..fd61e7d5 --- /dev/null +++ b/app.tf @@ -0,0 +1,77 @@ +resource "yandex_alb_target_group" "web" { + name = "web" + target { + ip_address = yandex_compute_instance.app02.network_interface.0.ip_address + subnet_id = yandex_vpc_subnet.subnet-app02.id + } + + target { + ip_address = yandex_compute_instance.app01.network_interface.0.ip_address + subnet_id = yandex_vpc_subnet.subnet-app01.id + } +} + +resource "yandex_compute_instance" "app01" { + name = "app-01" + allow_stopping_for_update = true + platform_id = "standard-v2" + zone = "ru-central1-a" + + resources { + cores = 2 + core_fraction = 20 + memory = 2 + } + + boot_disk { + initialize_params { + image_id = "fd830gae25ve4glajdsj" + size = 10 + } + } + + network_interface { + subnet_id = yandex_vpc_subnet.subnet-app01.id + security_group_ids = [yandex_vpc_security_group.private-group.id, yandex_vpc_security_group.bastion-group.id] + } + + metadata = { + user-data = file("./meta.yml") + } + + scheduling_policy { + preemptible = true + } +} + +resource "yandex_compute_instance" "app02" { + name = "app-02" + allow_stopping_for_update = true + platform_id = "standard-v2" + zone = "ru-central1-b" + + resources { + cores = 2 + core_fraction = 20 + memory = 2 + } + + boot_disk { + initialize_params { + image_id = "fd830gae25ve4glajdsj" + size = 10 + } + } + + network_interface { + subnet_id = yandex_vpc_subnet.subnet-app02.id + security_group_ids = [yandex_vpc_security_group.private-group.id, yandex_vpc_security_group.bastion-group.id] + } + metadata = { + user-data = file("./meta.yml") + } + + scheduling_policy { + preemptible = true + } +} \ No newline at end of file diff --git a/app01.tfold b/app01.tfold new file mode 100644 index 00000000..f3a2c437 --- /dev/null +++ b/app01.tfold @@ -0,0 +1,36 @@ +resource "yandex_alb_target_group" "web" { + name = "web_group" + target { + ip_address = yandex_compute_instance.app-01.network_interface.0.ip_address + subnet_id = yandex_vpc_subnet.subnet-app-01.id + } +} + +resource "yandex_compute_instance" "app-01" { + name = "app-01" + allow_stopping_for_update = true + platform_id = "standard-v2" + zone = "ru-central1-a" + + resources { + cores = 2 + core_fraction = 20 + memory = 2 + } + + boot_disk { + initialize_params { + image_id = "fd830gae25ve4glajdsj" + size = 10 + } + } + + network_interface { + subnet_id = "${yandex_vpc_subnet.subnet-app01.id}" + nat = true + } + + metadata = { + user-data = file("./meta.yml") + } +} \ No newline at end of file diff --git a/bastion.tf b/bastion.tf new file mode 100644 index 00000000..befce4fe --- /dev/null +++ b/bastion.tf @@ -0,0 +1,33 @@ +resource "yandex_compute_instance" "bastion" { + name = "bastion" + hostname = "bastion" + platform_id = "standard-v2" + zone = "ru-central1-d" + + resources { + cores = 2 + memory = 1 + core_fraction = 5 + } + + boot_disk { + initialize_params { + image_id = "fd830gae25ve4glajds" + size = 10 + } + } + + network_interface { + subnet_id = yandex_vpc_subnet.subnet-public.id + nat = true + security_group_ids = [yandex_vpc_security_group.private-group.id, yandex_vpc_security_group.bastion-group.id] + } + + metadata = { + user-data = file("./meta.yml") + } + + scheduling_policy { + preemptible = true + } +} \ No newline at end of file diff --git a/elasticsearch.tf b/elasticsearch.tf new file mode 100644 index 00000000..517b25eb --- /dev/null +++ b/elasticsearch.tf @@ -0,0 +1,31 @@ +resource "yandex_compute_instance" "elasticsearch" { + name = "elasticsearch" + hostname = "elasticsearch" + platform_id = "standard-v2" + zone = "ru-central1-a" + + resources { + cores = 2 + core_fraction = 20 + memory = 6 + } + + boot_disk { + initialize_params { + image_id = "fd830gae25ve4glajdsj" + size = 10 + } + } + + network_interface { + subnet_id = yandex_vpc_subnet.subnet-private.id + security_group_ids = [yandex_vpc_security_group.private-group.id] + } + metadata = { + user-data = file("./meta.yml") + } + + scheduling_policy { + preemptible = true + } +} \ No newline at end of file diff --git a/kibana.tf b/kibana.tf new file mode 100644 index 00000000..d78faf2e --- /dev/null +++ b/kibana.tf @@ -0,0 +1,34 @@ +resource "yandex_compute_instance" "kibana" { + name = "kibana" + hostname = "kibana" + platform_id = "standard-v2" + zone = "ru-central1-d" + allow_stopping_for_update = true + + resources { + cores = 2 + core_fraction = 20 + memory = 2 + } + + boot_disk { + initialize_params { + image_id = "fd830gae25ve4glajds" + size = 10 + } + } + + network_interface { + subnet_id = yandex_vpc_subnet.subnet-public.id + nat = true + security_group_ids = [yandex_vpc_security_group.private-group.id, yandex_vpc_security_group.kibana.id] + } + + metadata = { + user-data = file("./meta.yml") + } + scheduling_policy { + preemptible = true + } +} + diff --git a/main.tf b/main.tf new file mode 100644 index 00000000..29de1967 --- /dev/null +++ b/main.tf @@ -0,0 +1,15 @@ +terraform { + required_providers { + yandex = { + source = "yandex-cloud/yandex" + } + } + required_version = ">= 0.13" +} + +provider "yandex" { + token = "" + cloud_id = "" + folder_id = "" + zone = "" +} diff --git a/meta.yml b/meta.yml new file mode 100644 index 00000000..6340f60f --- /dev/null +++ b/meta.yml @@ -0,0 +1,8 @@ +#cloud-config +users: +- name: sadmin + groups: sudo + shell: /bin/bash + sudo: ['ALL=(ALL) NOPASSWD:ALL'] + ssh-authorized-keys: + - ssh-ed25519 diff --git a/networks.tf b/networks.tf new file mode 100644 index 00000000..abc3cd5a --- /dev/null +++ b/networks.tf @@ -0,0 +1,127 @@ +resource "yandex_vpc_network" "network-1" { + name = "network-1" +} + +#Сеть для app01 +resource "yandex_vpc_subnet" "subnet-app01" { + name = "subnet-app01" + zone = "ru-central1-a" + v4_cidr_blocks = ["192.168.1.0/24"] + network_id = "${yandex_vpc_network.network-1.id}" +} + +#Сеть для app02 +resource "yandex_vpc_subnet" "subnet-app02" { + name = "subnet-app02" + zone = "ru-central1-b" + v4_cidr_blocks = ["192.168.2.0/24"] + network_id = "${yandex_vpc_network.network-1.id}" +} +#private +resource "yandex_vpc_subnet" "subnet-private" { + name = "subnet-private" + zone = "ru-central1-a" + v4_cidr_blocks = ["192.168.3.0/24"] + network_id = "${yandex_vpc_network.network-1.id}" +} + +#public +resource "yandex_vpc_subnet" "subnet-public" { + name = "subnet-public" + zone = "ru-central1-d" + v4_cidr_blocks = ["192.168.4.0/24"] + network_id = "${yandex_vpc_network.network-1.id}" +} + +resource "yandex_vpc_gateway" "gateway" { + name = "gateway" + shared_egress_gateway {} +} + +resource "yandex_vpc_route_table" "routetable" { + network_id = yandex_vpc_network.network-1.id + + static_route { + destination_prefix = "0.0.0.0/0" + gateway_id = yandex_vpc_gateway.gateway.id + } +} + +resource "yandex_alb_http_router" "http-router" { + name = "http-router" +} + +resource "yandex_alb_backend_group" "backend-group" { + name = "backend-group" + + http_backend { + name = "backend" + weight = 1 + port = 80 + target_group_ids = [yandex_alb_target_group.web.id] + + load_balancing_config { + panic_threshold = 90 + } + + healthcheck { + timeout = "15s" + interval = "2s" + healthy_threshold = 10 + unhealthy_threshold = 15 + http_healthcheck { + path = "/" + } + } + } +} + +resource "yandex_alb_virtual_host" "virtual-host" { + name = "virtual-host" + http_router_id = yandex_alb_http_router.http-router.id + route { + name = "root-path" + http_route { + http_match { + path { + prefix = "/" + } + } + http_route_action { + backend_group_id = yandex_alb_backend_group.backend-group.id + timeout = "3s" + } + } + } +} + +resource "yandex_alb_load_balancer" "load-balancer" { + name = "load-balancer" + network_id = yandex_vpc_network.network-1.id + security_group_ids = [yandex_vpc_security_group.public-load-balancer-group.id] + + allocation_policy { + location { + zone_id = "ru-central1-a" + subnet_id = yandex_vpc_subnet.subnet-private.id + } + } + + listener { + name = "listener" + + endpoint { + address { + external_ipv4_address { + } + } + ports = [80] + } + + http { + handler { + http_router_id = yandex_alb_http_router.http-router.id + } + } + } +} diff --git a/securitygroup.tf b/securitygroup.tf new file mode 100644 index 00000000..0f9347d3 --- /dev/null +++ b/securitygroup.tf @@ -0,0 +1,122 @@ +resource "yandex_vpc_security_group" "private-group" { + name = "private-group" + network_id = yandex_vpc_network.network-1.id + + ingress { + protocol = "ANY" + v4_cidr_blocks = [ + "192.168.1.0/24", + "192.168.2.0/24", + "192.168.3.0/24", + "192.168.4.0/24" + ] + } + + egress { + protocol = "ANY" + v4_cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "yandex_vpc_security_group" "public-load-balancer-group" { + name = "public-load-balancer-group" + network_id = yandex_vpc_network.network-1.id + + ingress { + protocol = "ANY" + v4_cidr_blocks = ["0.0.0.0/0"] + predefined_target = "loadbalancer_healthchecks" + } + + ingress { + protocol = "TCP" + v4_cidr_blocks = ["0.0.0.0/0"] + port = 80 + } + + egress { + protocol = "ANY" + v4_cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "yandex_vpc_security_group" "bastion-group" { + name = "bastion-group" + network_id = yandex_vpc_network.network-1.id + + ingress { + protocol = "TCP" + v4_cidr_blocks = ["0.0.0.0/0"] + port = 22 + } + + ingress { + protocol = "ICMP" + v4_cidr_blocks = ["0.0.0.0/0"] + } + + egress { + protocol = "ANY" + v4_cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "yandex_vpc_security_group" "zabbix" { + name = "zabbix" + network_id = yandex_vpc_network.network-1.id + + ingress { + protocol = "TCP" + v4_cidr_blocks = ["0.0.0.0/0"] + port = 10051 + } + + ingress { + protocol = "TCP" + v4_cidr_blocks = ["0.0.0.0/0"] + port = 10050 + } + + ingress { + protocol = "TCP" + v4_cidr_blocks = ["0.0.0.0/0"] + port = 8080 + } + + ingress { + protocol = "ICMP" + v4_cidr_blocks = ["0.0.0.0/0"] + } + + egress { + protocol = "ANY" + v4_cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "yandex_vpc_security_group" "kibana" { + name = "kibana" + network_id = yandex_vpc_network.network-1.id + + ingress { + protocol = "TCP" + v4_cidr_blocks = ["0.0.0.0/0"] + port = 5601 + } + + ingress { + protocol = "TCP" + v4_cidr_blocks = ["0.0.0.0/0"] + port = 8080 + } + + ingress { + protocol = "ICMP" + v4_cidr_blocks = ["0.0.0.0/0"] + } + + egress { + protocol = "ANY" + v4_cidr_blocks = ["0.0.0.0/0"] + } +} \ No newline at end of file diff --git a/zabbix.tf b/zabbix.tf new file mode 100644 index 00000000..9b826e9a --- /dev/null +++ b/zabbix.tf @@ -0,0 +1,35 @@ +resource "yandex_compute_instance" "zabbix" { + name = "zabbix" + hostname = "zabbix" + allow_stopping_for_update = true + platform_id = "standard-v2" + zone = "ru-central1-d" + + + resources { + cores = 2 + core_fraction = 20 + memory = 2 + } + + boot_disk { + initialize_params { + image_id ="fd830gae25ve4glajds" + size = 10 + } + } + + network_interface { + subnet_id = yandex_vpc_subnet.subnet-public.id + nat = true + security_group_ids = [yandex_vpc_security_group.zabbix.id, yandex_vpc_security_group.private-group.id] + } + + metadata = { + user-data = file("./meta.yml") + } + + scheduling_policy { + preemptible = true + } +}