在OVH的Openstack上使用Terraform创建专用网络 [英] Private network creation with Terraform on OVH's Openstack

问题描述

我正在尝试使用Terraform在OVH的公有云上部署一些Openstack实例.关键是(目前)在两个网络上有两个实例.每个实例都应该有一个外部IP地址(这不是问题)和一个专用网络上的内部IP地址(这会给我带来麻烦).

I'm trying to deploy some Openstack instances on OVH's Public Cloud using Terraform. The point is (for now) to have two instances on two networks. Each instance should have an external IP address (which isn't a problem) and a internal IP address on a private network (which causes me troubles).

我的Terraform文件是:

My terraform file is :

resource "openstack_compute_keypair_v2" "keypair" {
  provider   = "openstack.ovh"
  name       = "jpin"
  public_key = "${file("~/.ssh/id_rsa.pub")}"
  region     = "GRA3"
}

resource "openstack_networking_network_v2" "network_1" {
  provider       = "openstack.ovh"
  name           = "network_1"
  admin_state_up = "true"
  region         = "GRA3"
}

resource "openstack_networking_subnet_v2" "subnet_1" {
  provider    = "openstack.ovh"
  name        = "subnet_1"
  network_id  = "${openstack_networking_network_v2.network_1.id}"
  cidr        = "192.168.199.0/24"
  ip_version  = 4
  region      = "GRA3"
  enable_dhcp = true
}

resource "openstack_networking_port_v2" "port_1" {
  provider       = "openstack.ovh"
  name           = "port_1"
  network_id     = "${openstack_networking_network_v2.network_1.id}"
  admin_state_up = "true"
  region         = "GRA3"

  fixed_ip {
    "subnet_id" = "${openstack_networking_subnet_v2.subnet_1.id}"
  }
}

resource "openstack_networking_port_v2" "port_2" {
  provider       = "openstack.ovh"
  name           = "port_2"
  network_id     = "${openstack_networking_network_v2.network_1.id}"
  admin_state_up = "true"
  region         = "GRA3"

  fixed_ip {
    "subnet_id" = "${openstack_networking_subnet_v2.subnet_1.id}"
  }
}

resource "openstack_compute_instance_v2" "instance_1" {
  provider        = "openstack.ovh"
  name            = "instance_1"
  security_groups = ["default"]
  region          = "GRA3"
  key_pair        = "${openstack_compute_keypair_v2.keypair.name}"
  flavor_name     = "s1-2"
  image_name      = "Debian 8 - Docker"

  network = [
    {
      name = "Ext-Net"
    },
    {
      port = "${openstack_networking_port_v2.port_1.id}"
    },
  ]
}

resource "openstack_compute_instance_v2" "instance_2" {
  provider        = "openstack.ovh"
  name            = "instance_2"
  security_groups = ["default"]
  region          = "GRA3"
  key_pair        = "${openstack_compute_keypair_v2.keypair.name}"
  flavor_name     = "s1-2"
  image_name      = "Debian 8 - Docker"

  network {
    port = "${openstack_networking_port_v2.port_2.id}"
  }
}

The

{
  name = "Ext-Net"
},

part允许我将实例连接到外部世界.我的两个实例应该在192.168.199.0/24网络中具有IP地址，但没有.他们没有IP地址，也没有路由来与该网络进行通信.但我知道它们具有适当的IP地址:

part allows me to connect the instance to the outside world. My two instances should have IP addresses in the 192.168.199.0/24 network, but they don't. They don't have IP addresses nor routes to communicates into this network. But I know that they have the appropriate IP addresses :

在该屏幕截图上，instance_1已很好地连接到外部(如预期的那样). instance_1和instance_2都有一个专用IP地址.但是:

On that screenshot, instance_1 is well connected to the outside (as expected). instance_1 and instance_2 both have an private IP address. But :

root@instance-1:~# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:b1:7c:ae brd ff:ff:ff:ff:ff:ff
    inet 145.239.XXX.YY/32 brd 145.239.XXX.YY scope global eth0
       valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:6a:87:8e brd ff:ff:ff:ff:ff:ff

eth1没有该IP地址(192.168.199.2或.3).而且没有到192.168.199.0/24子网的路由.

eth1 does not have that IP address (192.168.199.2 or .3). And there is no route to the 192.168.199.0/24 subnet.

推荐答案

几天后，一切正常.尽管提供者的支持在说什么，但这似乎是一个错误:我什么都没做，它的工作人员突然变得茫然无措.

After a few days, everything worked. Despite what the provider's support is saying, it appears to be a bug : I didn't change anything and it worker suddenly out of nowhere.

编辑:几周后，我得到了以下代码:

After a few weeks, I ended up with the following code :

注意复制/粘贴，我的compute_instance在模块中，因此所有这些var

Careful with copy/pasting, my compute_instance is in a module, thus all those var

resource "ovh_publiccloud_private_network" "network" {
  provider   = "ovh.ovh"
  project_id = "${var.tenant_id}"
  name       = "Private Network"
  regions    = "${values(var.regions)}"
}

resource "ovh_publiccloud_private_network_subnet" "subnet" {
  provider   = "ovh.ovh"
  project_id = "${var.tenant_id}"
  network_id = "${element(ovh_publiccloud_private_network.network.*.id, count.index)}"

  start   = FIRST_PRIVATE_IP
  end     = LAST_PRIVATE_IP
  network = PRIVATE_SUBNET

  count      = "${length(var.regions)}"
  region     = "${element(values(var.regions), count.index)}"
}

resource "openstack_compute_instance_v2" "compute_instance" {
  provider            = "openstack.ovh"
  region              = "${var.region_id}"
  key_pair            = "${var.keypair}"
  flavor_name         = "${var.instance_flavor}"
  image_name          = "${var.instance_image}"

  network = [
    {
      name = "Ext-Net"
    },
    {
      name        = "${var.private_network}"
      fixed_ip_v4 = MY_PRIVATE_IP
    },
  ]
}

我不再使用端口.选择停止使用端口与该问题无关.

I'm not using port anymore. The choice to stop using port isn't related to that issue.

自Debian 9起，该实例可能尝试将专用接口配置为可访问Internet的接口.哪个行不通.

Since Debian 9, the instance might try to configure the private interface as the interface to reach the Internet. Which won't work.

这篇关于在OVH的Openstack上使用Terraform创建专用网络的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！