Various updates to examples

Originally submitted as part of hashicorp/terraform#12913 .
aliyun · Jul 7, 2017 · 854daff · 854daff
1 parent 6cd9982
commit 854daff
Show file tree

Hide file tree

Showing 25 changed files with 522 additions and 72 deletions.
diff --git a/examples/ecs-image/main.tf b/examples/ecs-image/main.tf
@@ -9,6 +9,39 @@ resource "alicloud_security_group" "group" {
   description = "New security group"
 }
 
+resource "alicloud_security_group_rule" "http-in" {
+  type = "ingress"
+  ip_protocol = "tcp"
+  nic_type = "internet"
+  policy = "accept"
+  port_range = "80/80"
+  priority = 1
+  security_group_id = "${alicloud_security_group.group.id}"
+  cidr_ip = "0.0.0.0/0"
+}
+
+resource "alicloud_security_group_rule" "https-in" {
+  type = "ingress"
+  ip_protocol = "tcp"
+  nic_type = "internet"
+  policy = "accept"
+  port_range = "443/443"
+  priority = 1
+  security_group_id = "${alicloud_security_group.group.id}"
+  cidr_ip = "0.0.0.0/0"
+}
+
+resource "alicloud_security_group_rule" "ssh-in" {
+  type = "ingress"
+  ip_protocol = "tcp"
+  nic_type = "internet"
+  policy = "accept"
+  port_range = "22/22"
+  priority = 1
+  security_group_id = "${alicloud_security_group.group.id}"
+  cidr_ip = "0.0.0.0/0"
+}
+
 
 resource "alicloud_disk" "disk" {
   availability_zone = "${var.availability_zones}"

diff --git a/examples/ecs-nat/README.md b/examples/ecs-nat/README.md
@@ -0,0 +1,33 @@
+### Configure NAT instance Example
+
+In the Virtual Private Cloud（VPC） environment, to enable multiple back-end intranet hosts to provide services externally with a limited number of EIPs, map the ports on the EIP-bound host to the back-end intranet hosts.
+
+### Get up and running
+
+* Planning phase
+
+		terraform plan 
+
+* Apply phase
+
+		terraform apply 
+		
+		Get the outputs:
+		+ nat_instance_eip_address = 123.56.19.238
+		+ nat_instance_private_ip = 10.1.1.57
+		+ worker_instance_private_ip = 10.1.1.56
+
+* Apply phase
+
+        + login the vm: ssh root@123.56.19.238|Test123456
+        + Run the "iptables -t nat -nvL" command to check the result
+        
+          | prot | in |   source    |  destination   |                          |
+          | ---- | -- | ----------- | -------------- | ------------------------ |
+          | tcp  | *  | 0.0.0.0/0   |  10.1.1.57     |  tcp dpt:80 to:10.1.1.56
+          | all  | *  | 10.1.1.0/24 |  0.0.0.0/0     |  to:10.1.1.57
+        
+
+* Destroy 
+
+		terraform destroy
diff --git a/examples/ecs-nat/main.tf b/examples/ecs-nat/main.tf
@@ -0,0 +1,98 @@
+resource "alicloud_vpc" "main" {
+  cidr_block = "${var.vpc_cidr}"
+}
+
+resource "alicloud_vswitch" "main" {
+  vpc_id = "${alicloud_vpc.main.id}"
+  cidr_block = "${var.vswitch_cidr}"
+  availability_zone = "${var.zone}"
+  depends_on = ["alicloud_vpc.main"]
+}
+
+resource "alicloud_route_entry" "entry" {
+  router_id = "${alicloud_vpc.main.router_id}"
+  route_table_id = "${alicloud_vpc.main.router_table_id}"
+  destination_cidrblock = "0.0.0.0/0"
+  nexthop_type = "Instance"
+  nexthop_id = "${alicloud_instance.nat.id}"
+}
+
+resource "alicloud_instance" "nat" {
+  image_id = "${var.image}"
+  instance_type = "${var.instance_nat_type}"
+  availability_zone = "${var.zone}"
+  security_groups = ["${alicloud_security_group.group.id}"]
+  vswitch_id = "${alicloud_vswitch.main.id}"
+  instance_name = "nat"
+  io_optimized = "optimized"
+  system_disk_category = "cloud_efficiency"
+  password= "${var.instance_pwd}"
+
+  depends_on = ["alicloud_instance.worker"]
+  user_data = "${data.template_file.shell.rendered}"
+
+  tags {
+    Name = "ecs-nat"
+  }
+}
+
+data "template_file" "shell" {
+  template = "${file("userdata.sh")}"
+
+  vars {
+      worker_private_ip = "${alicloud_instance.worker.private_ip}"
+      vswitch_cidr = "${var.vswitch_cidr}"
+  }
+}
+
+resource "alicloud_instance" "worker" {
+  image_id = "${var.image}"
+  instance_type = "${var.instance_worker_type}"
+  availability_zone = "${var.zone}"
+  security_groups = ["${alicloud_security_group.group.id}"]
+  vswitch_id = "${alicloud_vswitch.main.id}"
+  instance_name = "worker"
+  io_optimized = "optimized"
+  system_disk_category = "cloud_efficiency"
+  password= "${var.instance_pwd}"
+
+  tags {
+    Name = "ecs-worker"
+  }
+}
+
+resource "alicloud_eip" "eip" {
+}
+
+resource "alicloud_eip_association" "attach" {
+  allocation_id = "${alicloud_eip.eip.id}"
+  instance_id = "${alicloud_instance.nat.id}"
+}
+
+resource "alicloud_security_group" "group" {
+  name = "terraform-test-group"
+  description = "New security group"
+  vpc_id = "${alicloud_vpc.main.id}"
+}
+
+resource "alicloud_security_group_rule" "allow_in" {
+  security_group_id = "${alicloud_security_group.group.id}"
+  type = "ingress"
+  cidr_ip= "0.0.0.0/0"
+  policy = "accept"
+  ip_protocol= "all"
+  nic_type= "intranet"
+  port_range= "-1/-1"
+  priority= 1
+}
+
+resource "alicloud_security_group_rule" "allow_out" {
+  security_group_id = "${alicloud_security_group.group.id}"
+  type = "egress"
+  cidr_ip= "0.0.0.0/0"
+  policy = "accept"
+  ip_protocol= "all"
+  nic_type= "intranet"
+  port_range= "-1/-1"
+  priority= 1
+}
diff --git a/examples/ecs-nat/outputs.tf b/examples/ecs-nat/outputs.tf
@@ -0,0 +1,19 @@
+output "nat_instance_id" {
+  value = "${alicloud_instance.nat.id}"
+}
+
+output "nat_instance_private_ip" {
+  value = "${alicloud_instance.nat.private_ip}"
+}
+
+output "nat_instance_eip_address" {
+  value = "${alicloud_eip.eip.ip_address}"
+}
+
+output "worker_instance_id" {
+  value = "${alicloud_instance.worker.id}"
+}
+
+output "worker_instance_private_ip" {
+  value = "${alicloud_instance.worker.private_ip}"
+}
diff --git a/examples/ecs-nat/userdata.sh b/examples/ecs-nat/userdata.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+PostRouting=${vswitch_cidr}
+SourceRouting=`ifconfig eth0|grep inet|awk '{print $2}'|tr -d 'addr:'`
+echo ${worker_private_ip}>> /etc/sysctl.conf
+echo 'net.ipv4.ip_forward=1'>> /etc/sysctl.conf
+sysctl -p
+iptables -t nat -I POSTROUTING -s $PostRouting -j SNAT --to-source $SourceRouting
+iptables -t nat -I PREROUTING -d $SourceRouting -p tcp --dport 80 -j DNAT --to ${worker_private_ip}
diff --git a/examples/ecs-nat/variables.tf b/examples/ecs-nat/variables.tf
@@ -0,0 +1,27 @@
+variable "vpc_cidr" {
+  default = "10.1.0.0/21"
+}
+
+variable "vswitch_cidr" {
+  default = "10.1.1.0/24"
+}
+
+variable "zone" {
+  default = "cn-beijing-c"
+}
+
+variable "image" {
+  default = "ubuntu_140405_64_40G_cloudinit_20161115.vhd"
+}
+
+variable "instance_nat_type" {
+  default = "ecs.n1.small"
+}
+
+variable "instance_worker_type" {
+  default = "ecs.s2.large"
+}
+
+variable "instance_pwd" {
+  default = "Test123456"
+}
diff --git a/examples/ecs-slb/README.md b/examples/ecs-slb/README.md
@@ -15,4 +15,4 @@ The example launches ECS, disk, and attached the disk on ECS. It also creates an
 
 * Destroy 
 
-		terraform destroy
+		terraform destroy
diff --git a/examples/ecs-slb/main.tf b/examples/ecs-slb/main.tf
@@ -3,33 +3,59 @@ resource "alicloud_security_group" "group" {
   description = "New security group"
 }
 
+resource "alicloud_security_group_rule" "http-in" {
+  type = "ingress"
+  ip_protocol = "tcp"
+  nic_type = "internet"
+  policy = "accept"
+  port_range = "80/80"
+  priority = 1
+  security_group_id = "${alicloud_security_group.group.id}"
+  cidr_ip = "0.0.0.0/0"
+}
+
+resource "alicloud_security_group_rule" "https-in" {
+  type = "ingress"
+  ip_protocol = "tcp"
+  nic_type = "internet"
+  policy = "accept"
+  port_range = "443/443"
+  priority = 1
+  security_group_id = "${alicloud_security_group.group.id}"
+  cidr_ip = "0.0.0.0/0"
+}
+
+resource "alicloud_security_group_rule" "ssh-in" {
+  type = "ingress"
+  ip_protocol = "tcp"
+  nic_type = "internet"
+  policy = "accept"
+  port_range = "22/22"
+  priority = 1
+  security_group_id = "${alicloud_security_group.group.id}"
+  cidr_ip = "0.0.0.0/0"
+}
+
 resource "alicloud_instance" "instance" {
   instance_name = "${var.short_name}-${var.role}-${format(var.count_format, count.index+1)}"
   host_name = "${var.short_name}-${var.role}-${format(var.count_format, count.index+1)}"
   image_id = "${var.image_id}"
   instance_type = "${var.ecs_type}"
   count = "${var.count}"
-  availability_zone = "${var.availability_zones}"
   security_groups = ["${alicloud_security_group.group.*.id}"]
-
   internet_charge_type = "${var.internet_charge_type}"
   internet_max_bandwidth_out = "${var.internet_max_bandwidth_out}"
-
   io_optimized = "${var.io_optimized}"
-
   password = "${var.ecs_password}"
-
   allocate_public_ip = "${var.allocate_public_ip}"
-
+  availability_zone = ""
   instance_charge_type = "PostPaid"
   system_disk_category = "cloud_efficiency"
 
-
   tags {
     role = "${var.role}"
     dc = "${var.datacenter}"
   }
-
 }
 
 resource "alicloud_slb" "instance" {

diff --git a/examples/ecs-userdata/main.tf b/examples/ecs-userdata/main.tf
@@ -11,27 +11,38 @@ resource "alicloud_vswitch" "vsw" {
 }
 
 resource "alicloud_security_group" "sg" {
-	name = "tf-sg"
-	description = "sg"
-	vpc_id = "${alicloud_vpc.default.id}"
+  name = "tf-sg"
+  description = "sg"
+  vpc_id = "${alicloud_vpc.default.id}"
+}
+
+resource "alicloud_security_group_rule" "allow_ssh" {
+  security_group_id = "${alicloud_security_group.sg.id}"
+  type = "ingress"
+  cidr_ip= "0.0.0.0/0"
+  policy = "accept"
+  ip_protocol= "tcp"
+  port_range= "22/22"
+  priority= 1
 }
 
 resource "alicloud_instance" "website" {
-	# cn-beijing
-	availability_zone = "${var.zone}"
-	vswitch_id = "${alicloud_vswitch.vsw.id}"
-	image_id = "${var.image}"
-
-	# series II
-	instance_type = "${var.ecs_type}"
-	io_optimized = "optimized"
-	system_disk_category = "cloud_efficiency"
-
-	internet_charge_type = "PayByTraffic"
-	internet_max_bandwidth_out = 5
-	allocate_public_ip = true
-	security_groups = ["${alicloud_security_group.sg.id}"]
-	instance_name = "test_foo"
-
-	user_data = "${file("userdata.sh")}"
+  # cn-beijing
+  availability_zone = "${var.zone}"
+  vswitch_id = "${alicloud_vswitch.vsw.id}"
+  image_id = "${var.image}"
+
+  # series II
+  instance_type = "${var.ecs_type}"
+  io_optimized = "optimized"
+  system_disk_category = "cloud_efficiency"
+
+  internet_charge_type = "PayByTraffic"
+  internet_max_bandwidth_out = 5
+  allocate_public_ip = true
+  security_groups = ["${alicloud_security_group.sg.id}"]
+  instance_name = "tf_website"
+  password= "${var.password}"
+
+  user_data = "${file("userdata.sh")}"
 }
diff --git a/examples/ecs-userdata/outputs.tf b/examples/ecs-userdata/outputs.tf
@@ -1,7 +1,8 @@
-output "hostname" {
-  value = "${alicloud_instance.website.instance_name}"
-}
 
 output "ecs_id" {
   value = "${alicloud_instance.website.id}"
+}
+
+output "ecs_public_ip" {
+  value = "${alicloud_instance.website.public_ip}"
 }
diff --git a/examples/ecs-userdata/variables.tf b/examples/ecs-userdata/variables.tf
@@ -10,6 +10,10 @@ variable "zone" {
   default = "cn-beijing-b"
 }
 
+variable "password" {
+  default = "Test123456"
+}
+
 variable "image" {
   default = "ubuntu_140405_32_40G_cloudinit_20161115.vhd"
 }