Terraform Multicloud Infrastructure
This repository contains Terraform code to provision infrastructure across multiple clouds, including Azure and Oracle Cloud.
Prerequisites
-
Oracle and Azure Paid Accounts: Necessary to set up their respective Terraform providers.
-
Oracle Provider Setup: Follow the instructions here. This setup uses the SDK and CLI options.
-
Azure Provider Setup: Review the
variables.tf
file for variables starting with 'az_' and set their values in an environment file. Watch this video for guidance.
- Ensure environment variables follow the format:
export TF_VAR_az_client_id="someclientid"
-
Compartment ID for Oracle: In Oracle, create a new compartment beyond the default and export its ID to the environment (e.g.,
export TF_VAR_oci_compartment_id="your_compartment_id"
).
-
SSH Key Pair: Create an SSH key pair for the servers and add its public key path to the
ssh_key
variable in variables.tf
(or export it to the environment).
-
SSL Certificate for Load Balancers: Place your SSL certificate files in
~/ssl
, which should contain ca.txt
, certificate.txt
, cert.pfx
, and private.txt
. Export the cert.pfx
SSL password to the environment, as needed by Azure's application gateway.
-
Software Requirements: Ensure Terraform CLI , Node.js and tsc are installed, the latter for advanced VPN configuration since it's unsupported by the OCI provider.
Installation
git clone https://github.com/Moody-san/terraform-multicloud-infra.git
cd terraform-multicloud-infra
Usage
terraform init
terraform plan
terraform apply
Configuration
Edit the server.tf file to easily scale up and down on Oracle and Azure Cloud
Optional Configuration
-
Disable Azure Resources: Comment out
azureresources.tf
and its references in server.tf
if Azure is not needed.
-
VM Instance Type: To provision regular VMs instead of spot instances in Azure, comment the appropriate lines in the compute module file as indicated by the comments.
-
VPN Setup: Comment out
vpn.tf
if a VPN between the clouds is not required. Our use case for the VPN was to synchronize MariaDB and reuse Jenkins, Argo, and Bastion servers.
-
Automated Inventory: Comment out
inventory.tf
if not required . This uses inventory module to automatically setup inventory for ansible repositories mentioned in additional resources.
Additional Resources
Demo
https://www.youtube.com/watch?v=HC4oogjLf64
Presentation
https://docs.google.com/presentation/d/1peuU2K6cA1b9EeZd8g-iz_ve9KucFXQJLtqBe5yV294/edit?usp=sharing
Todo
- Set up a jenkins controller that will watch terraform repository for infrastructure changes based on commits and update the deployed resources . Will have to use remote backend for state files for this .
- Better more modular code with mockups for validating modules
- Distributing the galera cluster across cloud kinda makes one cloud read only in case vpn is down , so instead either use an entirely different cloud for database or use 2 galera clusters (each on a different cloud) which remain in sync .