在 OVH 的 Openstack 上使用 Terraform 创建专用网络 [英] Private network creation with Terraform on OVH's Openstack

问题描述

我正在尝试使用 Terraform 在 OVH 的公共云上部署一些 Openstack 实例.关键是(目前)在两个网络上有两个实例.每个实例都应该有一个外部 IP 地址(这不是问题)和一个私有网络上的内部 IP 地址(这会给我带来麻烦).

I'm trying to deploy some Openstack instances on OVH's Public Cloud using Terraform. The point is (for now) to have two instances on two networks. Each instance should have an external IP address (which isn't a problem) and a internal IP address on a private network (which causes me troubles).

我的地形文件是:

resource "openstack_compute_keypair_v2" "keypair" {
  provider   = "openstack.ovh"
  name       = "jpin"
  public_key = "${file("~/.ssh/id_rsa.pub")}"
  region     = "GRA3"
}

resource "openstack_networking_network_v2" "network_1" {
  provider       = "openstack.ovh"
  name           = "network_1"
  admin_state_up = "true"
  region         = "GRA3"
}

resource "openstack_networking_subnet_v2" "subnet_1" {
  provider    = "openstack.ovh"
  name        = "subnet_1"
  network_id  = "${openstack_networking_network_v2.network_1.id}"
  cidr        = "192.168.199.0/24"
  ip_version  = 4
  region      = "GRA3"
  enable_dhcp = true
}

resource "openstack_networking_port_v2" "port_1" {
  provider       = "openstack.ovh"
  name           = "port_1"
  network_id     = "${openstack_networking_network_v2.network_1.id}"
  admin_state_up = "true"
  region         = "GRA3"

  fixed_ip {
    "subnet_id" = "${openstack_networking_subnet_v2.subnet_1.id}"
  }
}

resource "openstack_networking_port_v2" "port_2" {
  provider       = "openstack.ovh"
  name           = "port_2"
  network_id     = "${openstack_networking_network_v2.network_1.id}"
  admin_state_up = "true"
  region         = "GRA3"

  fixed_ip {
    "subnet_id" = "${openstack_networking_subnet_v2.subnet_1.id}"
  }
}

resource "openstack_compute_instance_v2" "instance_1" {
  provider        = "openstack.ovh"
  name            = "instance_1"
  security_groups = ["default"]
  region          = "GRA3"
  key_pair        = "${openstack_compute_keypair_v2.keypair.name}"
  flavor_name     = "s1-2"
  image_name      = "Debian 8 - Docker"

  network = [
    {
      name = "Ext-Net"
    },
    {
      port = "${openstack_networking_port_v2.port_1.id}"
    },
  ]
}

resource "openstack_compute_instance_v2" "instance_2" {
  provider        = "openstack.ovh"
  name            = "instance_2"
  security_groups = ["default"]
  region          = "GRA3"
  key_pair        = "${openstack_compute_keypair_v2.keypair.name}"
  flavor_name     = "s1-2"
  image_name      = "Debian 8 - Docker"

  network {
    port = "${openstack_networking_port_v2.port_2.id}"
  }
}

{
  name = "Ext-Net"
},

part 允许我将实例连接到外部世界.我的两个实例应该在 192.168.199.0/24 网络中有 IP 地址，但它们没有.他们没有 IP 地址，也没有路由来与此网络进行通信.但我知道他们有合适的 IP 地址:

part allows me to connect the instance to the outside world. My two instances should have IP addresses in the 192.168.199.0/24 network, but they don't. They don't have IP addresses nor routes to communicates into this network. But I know that they have the appropriate IP addresses :

在该屏幕截图中，instance_1 与外部连接良好(如预期的那样).instance_1 和 instance_2 都有一个私有 IP 地址.但是:

On that screenshot, instance_1 is well connected to the outside (as expected). instance_1 and instance_2 both have an private IP address. But :

root@instance-1:~# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:b1:7c:ae brd ff:ff:ff:ff:ff:ff
    inet 145.239.XXX.YY/32 brd 145.239.XXX.YY scope global eth0
       valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:6a:87:8e brd ff:ff:ff:ff:ff:ff

eth1 没有该 IP 地址(192.168.199.2 或 .3).并且没有到 192.168.199.0/24 子网的路由.

eth1 does not have that IP address (192.168.199.2 or .3). And there is no route to the 192.168.199.0/24 subnet.

推荐答案

几天后，一切正常.尽管提供者的支持人员说了什么，但它似乎是一个错误:我没有改变任何东西，它突然不知从何而来.

After a few days, everything worked. Despite what the provider's support is saying, it appears to be a bug : I didn't change anything and it worker suddenly out of nowhere.

几周后，我得到了以下代码:

After a few weeks, I ended up with the following code :

小心复制/粘贴，我的 compute_instance 在一个模块中，因此所有那些 var

Careful with copy/pasting, my compute_instance is in a module, thus all those var

resource "ovh_publiccloud_private_network" "network" {
  provider   = "ovh.ovh"
  project_id = "${var.tenant_id}"
  name       = "Private Network"
  regions    = "${values(var.regions)}"
}

resource "ovh_publiccloud_private_network_subnet" "subnet" {
  provider   = "ovh.ovh"
  project_id = "${var.tenant_id}"
  network_id = "${element(ovh_publiccloud_private_network.network.*.id, count.index)}"

  start   = FIRST_PRIVATE_IP
  end     = LAST_PRIVATE_IP
  network = PRIVATE_SUBNET

  count      = "${length(var.regions)}"
  region     = "${element(values(var.regions), count.index)}"
}

resource "openstack_compute_instance_v2" "compute_instance" {
  provider            = "openstack.ovh"
  region              = "${var.region_id}"
  key_pair            = "${var.keypair}"
  flavor_name         = "${var.instance_flavor}"
  image_name          = "${var.instance_image}"

  network = [
    {
      name = "Ext-Net"
    },
    {
      name        = "${var.private_network}"
      fixed_ip_v4 = MY_PRIVATE_IP
    },
  ]
}

我不再使用端口了.停止使用端口的选择与该问题无关.

I'm not using port anymore. The choice to stop using port isn't related to that issue.

从 Debian 9 开始，实例可能会尝试将私有接口配置为访问 Internet 的接口.这是行不通的.

Since Debian 9, the instance might try to configure the private interface as the interface to reach the Internet. Which won't work.

这篇关于在 OVH 的 Openstack 上使用 Terraform 创建专用网络的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！