Terraform VM Deployment
-
Hi,
I am trying to follow along the Terraform tutorial from the URL bellow
[https://xen-orchestra.com/blog/virtops1-xen-orchestra-terraform-provider/](link url)Could anyone please tell me if I need to install terraform in a VM on the xcp-ng cluster or does it need to be installed on the xcp-ng hypervisor or the Xen Orchestra VM?
I have never used any automation tool before and I an wanted to experiment with it all.
Thank you
-
It doesn't matter where Terraform is installed as long it can query Xen Orchestra API
-
@olivierlambert said in Terraform VM Deployment:
It doesn't matter where Terraform is installed as long it can query Xen Orchestra API
@olivierlambert what are the requirement to be able to query the XO API?
Does it need to be on same network? Can it be on my windows pc in office away from the Datacentre? -
Any JSON-RPC call, ideally in HTTPS (port 443). That's it.
I have no knowledge on Terraform install outside Linux.
-
@olivierlambert said in Terraform VM Deployment:
I have no knowledge on Terraform install outside Linux.
I just saw that terraform had a free cloud account for less that 5 users and I was thinking of registering, will it work?
Currently xcp-ng or Xen Orchestra has no access to the outside world as I use a vpn connection to access the system.
Can you please correct me if I am wrong.
If I want to use terraform outsite of the datacentre, I need to open port 443 to Xen Orchestra
If I run Terraform in a VM on xcp-ng, I don't need to open any port and use Terraform localy.Is my understanding correct?
Is there a simple script I can run to see if I can access the Xen Orchestra API?Thank you
-
I think that would be correct, but let me invoke the Terraform specialist here, @ddelnano
-
I just saw that terraform had a free cloud account for less that 5 users and I was thinking of registering, will it work?
Terraform cloud would work if your XO deployment was publicly accessible. I highly advise against this because if your XO deployment were compromised an attacker has access to your entire infrastructure.
If you were to do this I would make sure all of your user's have strong passwords and if Hashicorp has documented public IPs that you only open your firewall to Hashicorp's Ips. It seems from this forum post that this is only available if you on the business tier.
If I run Terraform in a VM on xcp-ng, I don't need to open any port and use Terraform localy.
Yes running it on the xcp-ng host would work, however, keeping best practices in mind I would run it on a less privileged host (laptop with vpn access, development VM). If you have others collaborating on this terraform deployment, giving access to the xcp-ng host just to use terraform seems like a heavy hammer.
Is there a simple script I can run to see if I can access the Xen Orchestra API?
nmap will be able to tell you this.
nmap -sT -P0 -p 443 xo-domain -
Invocation worked!
-
@ddelnano said in Terraform VM Deployment:
es running it on the xcp-ng host would work,
Hi @ddelnano,
Thank you very much for your valuable advice. I will never run any third party application directly in xcp-ng. I meant inside a VM that will run on the xcp-ng hypervisor, like Xen Orchestra is.So, I need to create a VM and set the correct network and then run
nmap -sT -P0 -p 443 xo-domainto test the connection.I'll give this a go.
Thank you
