Hybrid and Multi-Cloud Overlay — Part 5— Challenges — AWS, Azure, GCP, OCI and Alicloud

resource "aws_instance" "layer2-aws-router" {
instance_type = "t2.small"
ami = data.aws_ami.ubuntu.id
key_name = aws_key_pair.VM_SSH_KEY.key_name
availability_zone = data.aws_availability_zones.available.names[0]
tags = {
Name = "layer2-aws-router"
environment = "l2project"
}
network_interface {
network_interface_id = aws_network_interface.Router_Front_NIC.id
device_index = 0
}
network_interface {
network_interface_id = aws_network_interface.Router_Backend_NIC.id
device_index = 1
}

provisioner "remote-exec" {
connection {
type = "ssh"
user = "ubuntu"
host = aws_eip.router.public_ip
private_key = file(var.VM_SSH_KEY_FILE)
timeout = "5m"
}
inline = [
"sudo adduser --disabled-password --gecos \"\" ${var.VM_USER}",
"sudo mkdir /home/${var.VM_USER}/.ssh",
"sudo cp -a /home/ubuntu/.ssh/* /home/${var.VM_USER}/.ssh/",
"sudo echo '${var.VM_USER} ALL=(ALL) NOPASSWD: ALL' > ${var.VM_USER}",
"sudo mv ${var.VM_USER} /etc/sudoers.d/",
"sudo chown -R 0:0 /etc/sudoers.d/${var.VM_USER}",
"sudo chown -R ${var.VM_USER}:${var.VM_USER} /home/${var.VM_USER}/.ssh",
"sudo hostname layer2-aws-router",
]
}
provisioner "file" {
source = "../common/tools.sh"
destination = "/tmp/tools.sh"
connection {
type = "ssh"
user = var.VM_USER
host = aws_eip.router.public_ip
private_key = file(var.VM_SSH_KEY_FILE)
timeout = "5m"
}
}
provisioner "remote-exec" {
connection {
type = "ssh"
user = var.VM_USER
host = aws_eip.router.public_ip
private_key = file(var.VM_SSH_KEY_FILE)
timeout = "5m"
}
inline = [
"chmod +x /tmp/tools.sh",
"sudo bash -x /tmp/tools.sh",
"sudo pkill -u ubuntu",
"sudo deluser ubuntu",
]
}
provisioner "file" {
source = "../common/dhclient_metric.sh"
destination = "/tmp/dhclient_metric.sh"
connection {
type = "ssh"
user = var.VM_USER
host = aws_eip.router.public_ip
private_key = file(var.VM_SSH_KEY_FILE)
timeout = "5m"
}
}
provisioner "remote-exec" {
connection {
type = "ssh"
user = var.VM_USER
host = aws_eip.router.public_ip
private_key = file(var.VM_SSH_KEY_FILE)
timeout = "5m"
}
inline = [
"chmod +x /tmp/dhclient_metric.sh",
"sudo bash -x /tmp/dhclient_metric.sh ",
]
}
}
#!/bin/bash
#This script configures metric on the 2nd NIC and enables DHCP
sudo echo $(ls -t /sys/class/net/)
backend=$(sudo ip link | awk -F: '$0 !~ "ovs|br|docker|vxlan|lo|vir|wl|^[^0-9]"{print $2;getline}' | sed -n 2p)
sudo echo $backend
sudo ifconfig $backend up
sudo dhclient -e IF_METRIC=200 $backend
resource "azurerm_linux_virtual_machine" "layer2-azure-router" {
name = "layer2-azure-router"
location = var.AZURE_LOCATION
resource_group_name = azurerm_resource_group.l2project_rg.name
network_interface_ids = [azurerm_network_interface.Router_Front_NIC.id, azurerm_network_interface.Router_Backend_NIC.id]
size = "Standard_B1s"
computer_name = "layer2-azure-router"
admin_username = var.VM_USER

os_disk {
name = "router-disk"
caching = "ReadWrite"
storage_account_type = "Premium_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
admin_ssh_key {
username = var.VM_USER
public_key = file(var.VM_SSH_PUBLICKEY_FILE)
}
boot_diagnostics {
storage_account_uri = azurerm_storage_account.storage_account.primary_blob_endpoint
}
tags = {
environment = "l2project"
}
}
resource "null_resource" "router_config" {
depends_on = [ azurerm_linux_virtual_machine.layer2-azure-router, azurerm_public_ip.router]
connection {
type = "ssh"
user = var.VM_USER
host = azurerm_public_ip.router.fqdn
private_key = file(var.VM_SSH_KEY_FILE)
agent = false
timeout = "5m"
}
provisioner "file" {
source = "../common/tools.sh"
destination = "/tmp/tools.sh"
}
provisioner "remote-exec" {
inline = [
"chmod +x /tmp/tools.sh",
"sudo echo '${var.VM_USER} ALL=(ALL) NOPASSWD: ALL' > ${var.VM_USER}",
"sudo mv ${var.VM_USER} /etc/sudoers.d/",
"sudo chown -R 0:0 /etc/sudoers.d/${var.VM_USER}",
"sudo bash -x /tmp/tools.sh",
]
}
}
resource "google_compute_instance" "layer2-gcp-router" {
name = "layer2-gcp-router"
machine_type = "f1-micro"
zone = var.GCP_ZONE
tags = ["l2-project", "external-ssh-tunnel", "internal-icmp-ssh-tunnel"]
boot_disk {
initialize_params {
image = data.google_compute_image.ubuntu.self_link
}
}
metadata = {
ssh-keys = "${var.VM_USER}:${file(var.VM_SSH_PUBLICKEY_FILE)}"
}
depends_on = [
google_compute_firewall.internal-icmp-ssh-tunnel,
google_compute_firewall.external-ssh-tunnel,
google_compute_address.router_backend,
google_compute_address.router_publicip,
]
network_interface {
subnetwork = google_compute_subnetwork.front-subnet.name
access_config {
nat_ip = google_compute_address.router_publicip.address
}
}
network_interface {
subnetwork = google_compute_subnetwork.underlay-subnet.name
network_ip = google_compute_address.router_backend.address
}

provisioner "file" {
source = "../common/tools.sh"
destination = "/tmp/tools.sh"
connection {
type = "ssh"
user = var.VM_USER
host = google_compute_address.router_publicip.address
private_key = file(var.VM_SSH_KEY_FILE)
timeout = "6m"
}
}
provisioner "remote-exec" {
connection {
type = "ssh"
user = var.VM_USER
host = google_compute_address.router_publicip.address
private_key = file(var.VM_SSH_KEY_FILE)
timeout = "6m"
}
inline = [
"chmod +x /tmp/tools.sh",
"sudo echo '${var.VM_USER} ALL=(ALL) NOPASSWD: ALL' > ${var.VM_USER}",
"sudo mv ${var.VM_USER} /etc/sudoers.d/",
"sudo chown -R 0:0 /etc/sudoers.d/${var.VM_USER}",
"sudo /tmp/tools.sh",
]
}
}
resource "oci_core_vnic_attachment" "backend_vnic_attachment" {
create_vnic_details {
subnet_id = oci_core_subnet.underlay-subnet.id
display_name = "backendvnic"
assign_public_ip = false
nsg_ids = [
oci_core_network_security_group.ssh_icmp_tunnel_web.id
]
}
instance_id = oci_core_instance.layer2-oci-router.id
}
resource "null_resource" "backend_interface_config" {
depends_on = [oci_core_vnic_attachment.backend_vnic_attachment]
connection {
type = "ssh"
user = var.VM_USER
host = oci_core_instance.layer2-oci-router.public_ip
private_key = file(var.VM_SSH_KEY_FILE)
timeout = "5m"
}
provisioner "file" {
source = "../common/interface.sh"
destination = "/tmp/interface.sh"
}
provisioner "remote-exec" {
inline = [
"chmod +x /tmp/interface.sh",
"/tmp/interface.sh ${oci_core_vnic_attachment.backend_vnic_attachment.create_vnic_details[0].private_ip} ${var.UNDERLAY_SUBNETMASK}",
]
}
}
resource "alicloud_network_interface" "Router_Backend_NIC" {
name = "Router_Backend_NIC"
vswitch_id = alicloud_vswitch.backend-vswitch.id
security_groups = [alicloud_security_group.ssh_icmp_tunnel_web.id]
}
resource "alicloud_network_interface_attachment" "router_backend_nic_attachment" {
instance_id = alicloud_instance.layer2-ali-router.id
network_interface_id = alicloud_network_interface.Router_Backend_NIC.id
}
resource "null_resource" "backend_interface_config" {
depends_on = [alicloud_network_interface_attachment.router_backend_nic_attachment]
connection {
type = "ssh"
user = var.ALI_VM_USER
host = alicloud_instance.layer2-ali-router.public_ip
private_key = file(var.VM_SSH_KEY_FILE)
timeout = "5m"
}
provisioner "file" {
source = "../common/dhclient_metric.sh"
destination = "/tmp/dhclient_metric.sh"
}
provisioner "remote-exec" {
inline = [
"chmod +x /tmp/dhclient_metric.sh",
"sudo bash -x /tmp/dhclient_metric.sh ",
]
}
#!/bin/bash
#This script configures metric on the 2nd NIC and enables DHCP
sudo echo $(ls -t /sys/class/net/)
backend=$(sudo ip link | awk -F: '$0 !~ "ovs|br|docker|vxlan|lo|vir|wl|^[^0-9]"{print $2;getline}' | sed -n 2p)
sudo echo $backend
sudo ifconfig $backend up
sudo dhclient -e IF_METRIC=200 $backend
Part 5 — Video blog

--

--

--

Freelancer with 16 years of experience in Hybrid & multi-cloud, security, networking & Infrastructure. Working with C-level execs. Founder zerolatency.solutions

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Why screen communication isn’t so bad and the benefits of working with the like-minded

Ankr enables BNB Staking for Binance Smart Chain Testnet!

Google’s new Transition API for Android

VW Camper road trip — an agile journey

393.03-SES1 D080X062

393.03-SES1 D080X062

What is GraphQL? A Comprehensive Introduction for Beginners with Examples

Coin to Lure AI Guards Functionality (using UnityEvents) [1]

What, when, how, why, advantage, and disadvantage of java generics

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ramesh Rajendran

Ramesh Rajendran

Freelancer with 16 years of experience in Hybrid & multi-cloud, security, networking & Infrastructure. Working with C-level execs. Founder zerolatency.solutions

More from Medium

Automated user migration and management of AWS Identity and Access Management (IAM) resources

Multi-Cloud Madness

3-Way Multi Cloud Infrastructure Management With Terraform HCL