Installation/Setup
The environment and accounts will be established by American Cloud engineers. Once complete the inital sign-in creds will be provided.
Create ACE directory and clone the repo using command
git clone https://github.com/American-Cloud/ACE-TF-Examples.git && cd ACE-TF-Examples
Setup the API environment varibles
- Sign into the ACE environment by navigating to
https://gateway00.americancloud.com:8443/client/#/dashboard. Be sure to add the provided domain.
- Generate and retrieve the API and Secret Keys
- Once generated add and run the following commands sequencially.
export CLOUDSTACK_API_URL="https://gateway00.americancloud.com:8443/client/api"
export CLOUDSTACK_API_KEY="<key>"
export CLOUDSTACK_SECRET_KEY="<secret>"
Add a SSH keypair to the ACE
For further description on generating SSH Keys Click Here.
- In the navigation select
SSH Key Pairs
- Select
Create A SSH Key Pair
- Fill in the required information. (The account field is optional and not required for American Cloud purposes.)
Setup the VPC or Non-VPC examples by running the repective bash script from within the directory.
./enable_non_vpc_example.sh
./enable_vpc_example.sh
- Using the preferred file editor, edit variables/ace.tfvars file after running the above bash scripts and add the keypair name.
keypair = "<keypair name here>" # Key pair created in UI. Provide name here.
Initialize TOFU by running the command Tofu init. The below readout should be displayed.
Initializing the backend...
Initializing provider plugins...
- Reusing previous version of american-cloud/cloudstack from the dependency lock file
- Using previously-installed american-cloud/cloudstack v0.4.2
OpenTofu has been successfully initialized!
You may now begin working with OpenTofu. Try running "tofu plan" to see
any changes that are required for your infrastructure. All OpenTofu commands
should now work.
If you ever set or change modules or backend configuration for OpenTofu,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Run the TOFU plan using the command
tofu plan -out example-tfplan -var-file variables/ace.tfvars
The following readout will be displayed identifying the resources to be built.
OpenTofu used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
+ create
OpenTofu will perform the following actions:
# cloudstack_egress_firewall.default_egress will be created
+ resource "cloudstack_egress_firewall" "default_egress" {
+ id = (known after apply)
+ managed = false
+ network_id = (known after apply)
+ parallelism = 2
+ rule {
+ cidr_list = [
+ "0.0.0.0/0",
]
+ icmp_code = (known after apply)
+ icmp_type = (known after apply)
+ ports = []
+ protocol = "all"
+ uuids = (known after apply)
}
}
# cloudstack_firewall.firewall-web will be created
+ resource "cloudstack_firewall" "firewall-web" {
+ id = (known after apply)
+ ip_address_id = (known after apply)
+ managed = false
+ parallelism = 2
+ rule {
+ cidr_list = [
+ "0.0.0.0/0",
]
+ icmp_code = (known after apply)
+ icmp_type = (known after apply)
+ ports = [
+ "2220",
]
+ protocol = "tcp"
+ uuids = (known after apply)
}
}
# cloudstack_instance.web_net_1[0] will be created
+ resource "cloudstack_instance" "web_net_1" {
+ display_name = "ACE-Test-net-1-web-0"
+ expunge = true
+ group = (known after apply)
+ id = (known after apply)
+ ip_address = (known after apply)
+ keypair = "silverbullet"
+ name = "ACE-Test-net-1-web-0"
+ network_id = (known after apply)
+ project = (known after apply)
+ root_disk_size = 20
+ service_offering = "ACE 2 vCPU 4GB Ram - z0"
+ start_vm = true
+ tags = {
+ "environment" = "staging"
+ "role" = "net-1-web"
}
+ template = "AC-OS-ubuntu-22.04-2023-11-15T15-39-13Z"
+ zone = "zone0"
}
# cloudstack_ipaddress.pub-ip will be created
+ resource "cloudstack_ipaddress" "pub-ip" {
+ id = (known after apply)
+ ip_address = (known after apply)
+ is_portable = false
+ is_source_nat = (known after apply)
+ network_id = (known after apply)
+ project = (known after apply)
+ tags = (known after apply)
+ zone = "zone0"
}
# cloudstack_network.ace-network-1 will be created
+ resource "cloudstack_network" "ace-network-1" {
+ acl_id = "none"
+ cidr = "10.0.1.0/24"
+ display_text = (known after apply)
+ endip = (known after apply)
+ gateway = (known after apply)
+ id = (known after apply)
+ name = "ace-network-1"
+ network_domain = (known after apply)
+ network_offering = "DefaultIsolatedNetworkOfferingWithSourceNatService"
+ project = (known after apply)
+ source_nat_ip_address = (known after apply)
+ source_nat_ip_id = (known after apply)
+ startip = (known after apply)
+ tags = (known after apply)
+ zone = "zone0"
}
# cloudstack_port_forward.web_net_1[0] will be created
+ resource "cloudstack_port_forward" "web_net_1" {
+ id = (known after apply)
+ ip_address_id = (known after apply)
+ managed = false
+ forward {
+ private_port = 22
+ protocol = "tcp"
+ public_port = 2220
+ uuid = (known after apply)
+ virtual_machine_id = (known after apply)
}
}
Plan: 6 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ pub_ip = (known after apply)
───────────────────────────────────────────────────────────────────────────────
Saved the plan to: example-tfplan
To perform exactly these actions, run the following command to apply:
tofu apply "example-tfplan"
Apply the TOFU plan
by running tofu apply example-tfplan.
Once ran the resource changes will be displayed along with the Public IP to utilize when connecting to the instances.
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
Outputs:
pub_ip = "x.x.x.x"
- SSH into the machine using the following guidelines.
ssh -p 222X [email protected]
Note
The port number222XtheXis the index number of the server created.
In thevariables/ace.tfvarsyou will set thecountof how many servers to create. If the count is1, then the port number would be2220as the indexing count starts at0
In theVPCexample the port forwarding is only setup onweb_net_1instances. You will need to adjust VPC ACL rules to access instances on theweb_net_2, as well as putting a SSH private key on the instances you are port forwarding to, so that you can SSH fromweb_net_1instances toweb_net_2
Lastly use the following command to cleanup the environment
tofu plan --destroy -out example-tfplan -var-file variables/ace.tfvars
- A readout will display all resource changes that will take place once applied
OpenTofu used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
- destroy
OpenTofu will perform the following actions:
# cloudstack_egress_firewall.default_egress will be destroyed
- resource "cloudstack_egress_firewall" "default_egress" {
- id = "89ed85c4-50bc-4e18-91ae-dcfbc9db31c9" -> null
- managed = false -> null
- network_id = "89ed85c4-50bc-4e18-91ae-dcfbc9db31c9" -> null
- parallelism = 2 -> null
- rule {
- cidr_list = [
- "10.0.1.0/24",
] -> null
- icmp_code = 0 -> null
- icmp_type = 0 -> null
- ports = [] -> null
- protocol = "all" -> null
- uuids = {
- "all" = "1d297874-affe-4795-956a-f6f0e384e54e"
} -> null
}
}
# cloudstack_firewall.firewall-web will be destroyed
- resource "cloudstack_firewall" "firewall-web" {
- id = "7bf925eb-5a65-4ce3-8e04-7840334a73df" -> null
- ip_address_id = "7bf925eb-5a65-4ce3-8e04-7840334a73df" -> null
- managed = false -> null
- parallelism = 2 -> null
- rule {
- cidr_list = [
- "0.0.0.0/0",
] -> null
- icmp_code = 0 -> null
- icmp_type = 0 -> null
- ports = [
- "2220",
] -> null
- protocol = "tcp" -> null
- uuids = {
- "2220" = "77905ac1-7d8f-459e-b812-8ba8b02a7916"
} -> null
}
}
# cloudstack_instance.web_net_1[0] will be destroyed
- resource "cloudstack_instance" "web_net_1" {
- display_name = "ACE-Test-net-1-web-0" -> null
- expunge = true -> null
- id = "afd6d90e-fc30-416b-8e1e-c0d8ee912188" -> null
- ip_address = "10.0.1.244" -> null
- keypair = "silverbullet" -> null
- name = "ACE-Test-net-1-web-0" -> null
- network_id = "89ed85c4-50bc-4e18-91ae-dcfbc9db31c9" -> null
- root_disk_size = 20 -> null
- service_offering = "ACE 2 vCPU 4GB Ram - z0" -> null
- start_vm = true -> null
- tags = {
- "environment" = "staging"
- "role" = "net-1-web"
} -> null
- template = "AC-OS-ubuntu-22.04-2023-11-15T15-39-13Z" -> null
- zone = "zone0" -> null
}
# cloudstack_ipaddress.pub-ip will be destroyed
- resource "cloudstack_ipaddress" "pub-ip" {
- id = "7bf925eb-5a65-4ce3-8e04-7840334a73df" -> null
- ip_address = "172.252.211.166" -> null
- is_portable = false -> null
- is_source_nat = true -> null
- network_id = "89ed85c4-50bc-4e18-91ae-dcfbc9db31c9" -> null
- tags = {} -> null
- zone = "zone0" -> null
}
# cloudstack_network.ace-network-1 will be destroyed
- resource "cloudstack_network" "ace-network-1" {
- acl_id = "none" -> null
- cidr = "10.0.1.0/24" -> null
- display_text = "ace-network-1" -> null
- gateway = "10.0.1.1" -> null
- id = "89ed85c4-50bc-4e18-91ae-dcfbc9db31c9" -> null
- name = "ace-network-1" -> null
- network_domain = "cs260cloud.internal" -> null
- network_offering = "DefaultIsolatedNetworkOfferingWithSourceNatService" -> null
- tags = {} -> null
- zone = "zone0" -> null
}
# cloudstack_port_forward.web_net_1[0] will be destroyed
- resource "cloudstack_port_forward" "web_net_1" {
- id = "7bf925eb-5a65-4ce3-8e04-7840334a73df" -> null
- ip_address_id = "7bf925eb-5a65-4ce3-8e04-7840334a73df" -> null
- managed = false -> null
- forward {
- private_port = 22 -> null
- protocol = "tcp" -> null
- public_port = 2220 -> null
- uuid = "ed849b59-da71-4990-8563-fb8fee09036c" -> null
- virtual_machine_id = "afd6d90e-fc30-416b-8e1e-c0d8ee912188" -> null
}
}
Plan: 0 to add, 0 to change, 6 to destroy.
Changes to Outputs:
- pub_ip = "172.252.211.166" -> null
───────────────────────────────────────────────────────────────────────────────
Saved the plan to: example-tfplan
To perform exactly these actions, run the following command to apply:
tofu apply "example-tfplan"
- Next apply the plan
tofu apply example-tfplan
- Once complete a readout will display the changed resource
Apply complete! Resources: 0 added, 0 changed, 6 destroyed.