From be4001f6c02db630db0aa10e340ae6967e59ef82 Mon Sep 17 00:00:00 2001 From: brigitte Date: Thu, 4 Dec 2025 09:40:53 +0100 Subject: [PATCH] * --- terraform/environments/dev/main.tf | 14 +++ terraform/environments/dev/variables.tf | 14 ++- terraform/modules/compute/main.tf | 126 +++++++++++------------- terraform/modules/compute/outputs.tf | 36 +++---- terraform/modules/compute/variables.tf | 21 ++-- terraform/modules/iam/main.tf | 29 +++++- terraform/modules/iam/outputs.tf | 13 ++- terraform/modules/iam/variables.tf | 7 +- terraform/modules/network/outputs.tf | 4 +- 9 files changed, 155 insertions(+), 109 deletions(-) diff --git a/terraform/environments/dev/main.tf b/terraform/environments/dev/main.tf index ec8f309..a45ecf4 100644 --- a/terraform/environments/dev/main.tf +++ b/terraform/environments/dev/main.tf @@ -25,4 +25,18 @@ module "network" { backend_cidr = var.backend_cidr database_cidr = var.database_cidr ssh_source_ranges = var.ssh_source_ranges +} + +module "compute" { + source = "../../modules/compute" + instance_type = var.instance_type + zone = var.zone + frontend_subnet_id = module.network.subnets.frontend + backend_subnet_id = module.network.subnets.backend + database_subnet_id = module.network.subnets.database +} + +module "iam" { + source = "../../modules/iam" + project_id = var.project_id } \ No newline at end of file diff --git a/terraform/environments/dev/variables.tf b/terraform/environments/dev/variables.tf index 64dc820..8dd429c 100644 --- a/terraform/environments/dev/variables.tf +++ b/terraform/environments/dev/variables.tf @@ -39,5 +39,17 @@ variable "ssh_source_ranges" { variable "project_id" { description = "ID du projet" type = string - default = "fourth-palisade-478713-i3" + default = "fourth-palisade-478713-i3 " +} + +variable "instance_type" { + description = "type de l'instance" + type = string + default = "e2-small" +} + +variable "zone" { + description = "Nom de la zone" + type = string + default = "europe-west9-b" } \ No newline at end of file diff --git a/terraform/modules/compute/main.tf b/terraform/modules/compute/main.tf index 8fb034a..306f3c3 100644 --- a/terraform/modules/compute/main.tf +++ b/terraform/modules/compute/main.tf @@ -21,88 +21,72 @@ # - Tags : database, ssh # - OS Login enabled -resource "google_compute_instance" "frontend" { -name = "frontend" -machine_type = var.instance_type -zone = var.zone +resource "google_compute_instance" "vm_frontend" { + name = "vm-frontend" + machine_type = var.instance_type + zone = var.zone + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + size = 10 + } + } -boot_disk { -initialize_params { -image = "debian-cloud/debian-11" -size = 10 -} + network_interface { + access_config {} # IP publique + subnetwork = var.frontend_subnet_id + } + + tags = ["frontend", "ssh"] + + metadata = { + enable-oslogin = "TRUE" + } } +resource "google_compute_instance" "vm_backend" { + name = "vm-backend" + machine_type = var.instance_type + zone = var.zone -network_interface { -subnetwork = var.frontend_subnet_id + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + size = 10 + } + } + network_interface { + subnetwork = var.backend_subnet_id + } -access_config {} + tags = ["backend", "ssh"] + + metadata = { + enable-oslogin = "TRUE" + } } +resource "google_compute_instance" "vm_database" { + name = "vm-database" + machine_type = var.instance_type + zone = var.zone -metadata = { -enable-oslogin = "TRUE" -} + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + size = 20 + } + } + network_interface { + subnetwork = var.database_subnet_id + } -tags = ["frontend", "ssh"] -} + tags = ["database", "ssh"] - -resource "google_compute_instance" "backend" { -name = "backend" -machine_type = var.instance_type -zone = var.zone - - -boot_disk { -initialize_params { -image = "debian-cloud/debian-11" -size = 10 -} -} - - -network_interface { -subnetwork = var.backend_subnet_id -} - - -metadata = { -enable-oslogin = "TRUE" -} - - -tags = ["backend", "ssh"] -} - - -resource "google_compute_instance" "database" { -name = "database" -machine_type = var.instance_type -zone = var.zone - - -boot_disk { -initialize_params { -image = "debian-cloud/debian-11" -size = 20 -} -} - - -network_interface { -subnetwork = var.database_subnet_id -} - - -metadata = { -enable-oslogin = "TRUE" -} - - -tags = ["database", "ssh"] + metadata = { + enable-oslogin = "TRUE" + } } \ No newline at end of file diff --git a/terraform/modules/compute/outputs.tf b/terraform/modules/compute/outputs.tf index 26a0294..e685448 100644 --- a/terraform/modules/compute/outputs.tf +++ b/terraform/modules/compute/outputs.tf @@ -3,30 +3,22 @@ # 2. L'IP publique du frontend # 3. Les noms des instances -output "frontend_internal_ip" { - value = google_compute_instance.frontend.network_interface[0].network_ip +output "ip_internes" { + value = { + frontend = google_compute_instance.vm_frontend.network_interface[0].network_ip + backend = google_compute_instance.vm_backend.network_interface[0].network_ip + database = google_compute_instance.vm_database.network_interface[0].network_ip + } } - -output "backend_internal_ip" { - value = google_compute_instance.backend.network_interface[0].network_ip +output "ip_public_frontend" { + value = google_compute_instance.vm_frontend.network_interface[0].access_config[0].nat_ip } - -output "database_internal_ip" { - value = google_compute_instance.database.network_interface[0].network_ip +output "nom_instances" { + value = { + frontend = google_compute_instance.vm_frontend.name + backend = google_compute_instance.vm_backend.name + database = google_compute_instance.vm_database.name + } } - - -output "frontend_public_ip" { - value = google_compute_instance.frontend.network_interface[0].access_config[0].nat_ip -} - - -output "instance_names" { - value = [ - google_compute_instance.frontend.name, - google_compute_instance.backend.name, - google_compute_instance.database.name - ] -} \ No newline at end of file diff --git a/terraform/modules/compute/variables.tf b/terraform/modules/compute/variables.tf index a605992..07ab6ea 100644 --- a/terraform/modules/compute/variables.tf +++ b/terraform/modules/compute/variables.tf @@ -6,25 +6,26 @@ # - database_subnet_id variable "instance_type" { -type = string + description = "type de l'instance" + type = string } - variable "zone" { -type = string + description = "Nom de la zone" + type = string } - variable "frontend_subnet_id" { -type = string + description = "id du frontend" + type = string } - variable "backend_subnet_id" { -type = string + description = "id du backend" + type = string } - variable "database_subnet_id" { -type = string -} \ No newline at end of file + description = "id du database" + type = string +} diff --git a/terraform/modules/iam/main.tf b/terraform/modules/iam/main.tf index a4b77c1..f8f6316 100644 --- a/terraform/modules/iam/main.tf +++ b/terraform/modules/iam/main.tf @@ -2,4 +2,31 @@ # 1. Un compte de service pour Terraform # 2. Une clé pour ce compte de service # 3. Les rôles IAM nécessaires -# 4. La configuration OS Login avec votre clé SSH \ No newline at end of file +# 4. La configuration OS Login avec votre clé SSH + +resource "google_service_account" "service_account" { + account_id = "terraform" + display_name = "terraform" +} + +resource "google_service_account_key" "mykey" { + service_account_id = google_service_account.service_account.name + public_key_type = "TYPE_X509_PEM_FILE" +} + +resource "google_project_iam_binding" "custom_service_account" { + project = var.project_id + role = "roles/view" + + members = [ + "serviceAccount:${google_service_account.service_account.email}", + ] +} + +data "google_client_openid_userinfo" "me" { +} + +resource "google_os_login_ssh_public_key" "cache" { + user = data.google_client_openid_userinfo.me.email + key = file("~/.ssh/id_ed25519") +} \ No newline at end of file diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf index c73acc0..69edc49 100644 --- a/terraform/modules/iam/outputs.tf +++ b/terraform/modules/iam/outputs.tf @@ -1,3 +1,14 @@ # À vous d'exposer : # 1. L'email du compte de service -# 2. La clé du compte de service (sensitive = true) \ No newline at end of file +# 2. La clé du compte de service (sensitive = true) + +output "email" { + description = "Service account email." + value = google_service_account.service_account.email +} + +output "key" { + description = "Service account key." + sensitive = true + value = google_service_account.service_account.key +} \ No newline at end of file diff --git a/terraform/modules/iam/variables.tf b/terraform/modules/iam/variables.tf index 5ac1614..a0b734d 100644 --- a/terraform/modules/iam/variables.tf +++ b/terraform/modules/iam/variables.tf @@ -1,2 +1,7 @@ # À vous de définir : -# - project_id (string) \ No newline at end of file +# - project_id (string) + +variable "project_id" { + description = "ID du projet" + type = string +} \ No newline at end of file diff --git a/terraform/modules/network/outputs.tf b/terraform/modules/network/outputs.tf index 078bc94..2191456 100644 --- a/terraform/modules/network/outputs.tf +++ b/terraform/modules/network/outputs.tf @@ -2,11 +2,11 @@ # 1. L'ID du VPC # 2. Les IDs des sous-réseaux sous forme de map -output "vpc_terraform_output" { +output "vpc" { value = google_compute_network.vpc_terraform.id } -output "list_id" { +output "subnets" { value = { frontend = google_compute_subnetwork.subnet_frontend.id backend = google_compute_subnetwork.subnet_backend.id