gadmin/vagrant
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ajout opentofu

Browse Source
This commit is contained in:
root
2025-12-18 09:23:17 +01:00
parent de465435f1
commit 5272d8efc1
9 changed files with 327 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -1,6 +1,6 @@
# vagrant
le 2025-11-25 13h30 - ps
le 2025-12-18 9h30 - ps
Ce dépôt héberge des **Vagrantfile** dont :
* **dns** : Vagrantfile pour 2 serveurs **Bind9** (1 maitre et un esclave), tests **goss** chainés
@@ -25,6 +25,7 @@ Ce dépôt héberge des **Vagrantfile** dont :
* **lldap2** : Vagrantfile pour serveur LDAP en mode service **lldap** - integration pour Proxmox
* **minione** : Vagrantfile pour Opennebula All In One
* **netbox** : Vagrantfile pour Netbox dockerisée
* **opentofu** : sccript d'installation de **OpenTofu** et d'utilisation avec **bpg/proxmox**
* **rundeck** : Vagrantfile + playbook pour installation avec Mariadb
* **samba-ad-dc** : Vagrantfile + playbook pour **Samba 4.17 ad-dc** sur **Debian 12 Bookworm**
* **wazuh** : Vagrantfile + playbook pour serveur **wazuh** 4.10 et client Debian

3
opentofu/credential.auto.tfvars Normal file
View File

@@ -0,0 +1,3 @@
proxmox_endpoint = "https://px2.sio.lan:8006/"
proxmox_api_token = "tofuer@pve!tofu=123456c0-xxxx-yyyy-zzzz-abcdef37eb7a"

48
opentofu/crtoken.sh Normal file
View File

@@ -0,0 +1,48 @@
#!/bin/bash
#
#
tfR=TofuUser
tfU=tofuer
tk=tofu
pveum role add "${tfR}" -privs "\
Datastore.Allocate \
Datastore.AllocateSpace \
Datastore.Audit \
Pool.Allocate \
Pool.Audit \
Sys.Audit \
Sys.Console \
Sys.Modify \
Sys.Syslog \
VM.Allocate \
VM.Audit \
VM.Clone \
VM.Config.CDROM \
VM.Config.Cloudinit \
VM.Config.CPU \
VM.Config.Disk \
VM.Config.HWType \
VM.Config.Memory \
VM.Config.Network \
VM.Config.Options \
VM.Console \
VM.Migrate \
VM.GuestAgent.Audit \
VM.GuestAgent.FileRead \
VM.GuestAgent.FileWrite \
VM.GuestAgent.FileSystemMgmt \
VM.GuestAgent.Unrestricted \
VM.PowerMgmt \
Mapping.Audit \
Mapping.Use \
SDN.Audit \
SDN.Use"
pveum user add "${tfU}@pve" --password 'Azerty1+-'
pveum aclmod / -user "${tfU}@pve" -role "${tfR}"
pveum user token add "${tfU}@pve" "$tk" -expire 0 -privsep 0 -comment "Tofu token"|tee "tk-${tk}.txt"

20
opentofu/inst-toku.sh Normal file
View File

@@ -0,0 +1,20 @@
#!§bin/bash
#echo "Installation d'OpenTofu
#
## Download the installer script:
curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh
## Alternatively: wget --secure-protocol=TLSv1_2 --https-only https://get.opentofu.org/install-opentofu.sh -O install-opentofu.sh
#
# # Give it execution permissions:
chmod +x install-opentofu.sh
#
# Please inspect the downloaded script
#
# Run the installer:
./install-opentofu.sh --install-method deb
#
# Remove the installer:
rm -f install-opentofu.sh
tofu version
#

114
opentofu/main.tf Normal file
View File

@@ -0,0 +1,114 @@
# Retrieve VM templates available in Proxmox that match the specified name
data "proxmox_virtual_environment_vms" "template" {
filter {
name = "name"
values = ["${var.vm_template}"] # The name of the template to clone from
}
}
# Create a cloud-init configuration file as a Proxmox snippet
resource "proxmox_virtual_environment_file" "cloud_config" {
content_type = "snippets" # Cloud-init files are stored as snippets in Proxmox
datastore_id = "local" # Local datastore used to store the snippet
node_name = var.node_name # The Proxmox node where the file will be uploaded
source_raw {
file_name = "vm.cloud-config.yaml" # The name of the snippet file
data = <<-EOF
#cloud-config
hostname: ${var.vm_name}
package_update: true
package_upgrade: true
packages:
- qemu-guest-agent # Ensures the guest agent is installed
users:
- default
- name: ${var.vm_user}
groups: sudo
shell: /bin/bash
ssh-authorized-keys:
- "${var.vm_user_sshkey}" # Inject user's SSH key
sudo: ALL=(ALL) NOPASSWD:ALL
runcmd:
- systemctl enable qemu-guest-agent
- systemctl start qemu-guest-agent
- echo "done" > /tmp/cloud-config.done
#- reboot # Reboot the VM after provisioning
EOF
}
}
# Define and provision a new VM by cloning the template and applying initialization
resource "proxmox_virtual_environment_vm" "vm" {
name = var.vm_name # VM name
node_name = var.node_name # Proxmox node to deploy the VM
tags = var.vm_tags # Optional VM tags for categorization
vm_id = var.vm_id
agent {
enabled = true # Enable the QEMU guest agent
}
stop_on_destroy = true # Ensure VM is stopped gracefully when destroyed
clone {
vm_id = data.proxmox_virtual_environment_vms.template.vms[0].vm_id # ID of the source template
node_name = data.proxmox_virtual_environment_vms.template.vms[0].node_name # Node of the source template
}
bios = var.vm_bios # BIOS type (e.g., seabios or ovmf)
machine = var.vm_machine # Machine type (e.g., q35)
cpu {
cores = var.vm_cpu # Number of CPU cores
type = "host" # Use host CPU type for best compatibility/performance
}
memory {
dedicated = var.vm_ram # RAM in MB
}
disk {
datastore_id = var.node_datastore # Datastore to hold the disk
interface = "scsi0" # Primary disk interface
size = 4 # Disk size in GB
}
initialization {
user_data_file_id = proxmox_virtual_environment_file.cloud_config.id # Link the cloud-init file
datastore_id = var.node_datastore
interface = "scsi1" # Separate interface for cloud-init
ip_config {
ipv4 {
address = var.vm_address # CIDR
gateway = var.vm_gateway # Get IP via DHCP
}
}
}
network_device {
bridge = "vmbr0" # Use the default bridge
#vlan_id = var.vm_vlan # VLAN tagging if used
}
operating_system {
type = "l26" # Linux 2.6+ kernel
}
vga {
type = "std" # Standard VGA type
}
lifecycle {
ignore_changes = [ # Ignore initialization section after first depoloyment for idempotency
initialization
]
}
}
# Output the assigned IP address of the VM after provisioning
#output "vm_ip" {
# value = proxmox_virtual_environment_vm.vm.ipv4_addresses[1][0] # Second network interface's first IP
# description = "VM IP"
#}

23
opentofu/provider.tf Normal file
View File

@@ -0,0 +1,23 @@
# Define the required Terraform provider block
terraform {
required_providers {
proxmox = {
source = "bpg/proxmox" # Use the community Proxmox provider from the bpg namespace
}
}
}
# Configure the Proxmox provider with API and SSH access
provider "proxmox" {
endpoint = var.proxmox_endpoint # Proxmox API URL (e.g., https://proxmox.local:8006/api2/json)
api_token = var.proxmox_api_token # API token for authentication (should have appropriate permissions)
insecure = true # Reject self-signed or invalid TLS certificates (set to true only in trusted/test environments)
# Optional SSH settings used for VM customization via SSH
ssh {
agent = true # Do not use the local SSH agent; use key file instead
# private_key = file("~/.ssh/id_ed25519") # Load SSH private key from the local file system
username = "root" # SSH username for connecting to the Proxmox host
}
}

8
opentofu/terraform.tfvars Normal file
View File

@@ -0,0 +1,8 @@
node_name = "px2" # Name of the Proxmox node where the VM will be deployed
vm_name = "infra4" # Desired name for the new virtual machine
vm_id = "2001" # Desired Id for the new virtual machine
vm_cpu = 1 # Number of CPU cores to allocate to the VM
vm_ram = 1024 # Amount of RAM in MB (2 GB)
#vm_vlan = 66 # VLAN ID for network segmentation
vm_address = "10.121.38.43/24"
vm_gateway = "10.121.38.254"

10
opentofu/token.txt Normal file
View File

@@ -0,0 +1,10 @@
┌──────────────┬─────────────────────────────────────────────────────┐
│ key │ value │
╞══════════════╪═════════════════════════════════════════════════════╡
│ full-tokenid │ tofuer@pve!tofu │
├──────────────┼─────────────────────────────────────────────────────┤
│ info │ {"comment":"Tofu token","expire":"0","privsep":"0"} │
├──────────────┼─────────────────────────────────────────────────────┤
│ value │ 4b1234c0-1239-4563-789c-abcdef12eb7a │
└──────────────┴─────────────────────────────────────────────────────┘

99
opentofu/variables.tf Normal file
View File

@@ -0,0 +1,99 @@
variable "proxmox_endpoint" {
description = "Proxmox URL endpoint"
type = string
}
variable "proxmox_api_token" {
description = "Proxmox API token"
type = string
sensitive = true
}
variable "node_name" {
description = "Proxmox host for the VM"
type = string
}
variable "node_datastore" {
description = "Datastore used for VM storage"
type = string
default = "local-lvm"
}
variable "vm_template" {
description = "Template of the VM"
type = string
#default = "ubuntu-cloud"
default = "Debian-12-Template"
}
variable "vm_name" {
description = "Hostname of the VM"
type = string
}
variable "vm_user" {
description = "Admin user of the VM"
type = string
default = "debian"
}
variable "vm_user_sshkey" {
description = "Admin user SSH key of the VM"
type = string
default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd97G/Uw3zlnhVByjpHZFw9FDa88phFUMtYfstTq7wYlUOJB2rdLPpU0bAjIpvpYmHOmBNseWYKaOT7EXNdxWPWJGuoen23tqdSzhnOV0LJz8zbCIA0Ykz/XOqRyJkq6qUw+L3atDxVC5pSSSY279yJtuQ2nmVld2KWDY4lnyZzZT5eQsrxCbT57hVMLCKcMKNb4QnYlLgnyHW8DyWHGG5GEWF9skFSPlmwY5s5H3OYg3u8ijuGjenjDTzLfRUzFltGJ2kBYbIn1iailArKpCiasmJyyja+YuYn3WwaNcl8Tpqa8eI52/LtOXDMwUKzvRJ6D6INEr/1duGYP/fQSEH root@ansible"
}
variable "vm_cpu" {
description = "Number of CPU cores of the VM"
type = number
default = 1
}
variable "vm_ram" {
description = "Number of RAM (MB) of the VM"
type = number
default = 1024
}
variable "vm_bios" {
description = "Type of BIOS used for the VM"
type = string
default = "ovmf"
}
variable "vm_machine" {
description = "Type of machine used for the VM"
type = string
default = "q35"
}
#variable "vm_vlan" {
# description = "VLAN of the VM"
# type = number
# #default = 66
#}
variable "vm_tags" {
description = "Tags for the VM"
type = list(any)
default = ["test"]
}
variable "vm_address" {
description = "IP v4 address for the VM - CIDR format"
type = string
# default = "q35"
}
variable "vm_gateway" {
description = "Gateway IP v4 address for the VM"
type = string
default = "10.121.38.254"
}
variable "vm_id" {
description = "VM identifier"
type = string
}