Last active
July 14, 2023 12:40
-
-
Save Callisto13/9c31cfb7cc10f9cfbbda61137a48f942 to your computer and use it in GitHub Desktop.
tunnel-demo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform { | |
| required_providers { | |
| equinix = { | |
| version = "~> 1.11.1" | |
| source = "equinix/equinix" | |
| } | |
| } | |
| } | |
| provider "equinix" { | |
| auth_token = var.metal_auth_token | |
| } | |
| ## VARS | |
| variable "metal_auth_token" { | |
| description = "The auth token for Equinix" | |
| type = string | |
| sensitive = true | |
| } | |
| variable "project_id" { | |
| description = "ID of an existing project" | |
| type = string | |
| } | |
| variable "metro" { | |
| description = "The metro to create resources in." | |
| type = string | |
| default = "da" | |
| } | |
| variable "plan" { | |
| description = "The plan to use for devices." | |
| type = string | |
| default = "t3.small.x86" | |
| } | |
| variable "operating_system" { | |
| description = "The operating system to use for devices." | |
| type = string | |
| default = "ubuntu_20_04" | |
| } | |
| ## THE JUICE | |
| # Create a VLAN in the project | |
| resource "equinix_metal_vlan" "vlan" { | |
| description = "VLAN for tunnel demo" | |
| metro = var.metro | |
| project_id = var.project_id | |
| vxlan = 1100 | |
| } | |
| # Create a mock storage device | |
| resource "equinix_metal_device" "storage" { | |
| hostname = "storage" | |
| project_id = var.project_id | |
| plan = var.plan | |
| metro = var.metro | |
| operating_system = var.operating_system | |
| billing_cycle = "hourly" | |
| user_data = "#!/bin/bash\ncurl -s https://gist.githubusercontent.com/Callisto13/9c31cfb7cc10f9cfbbda61137a48f942/raw/f5319e045e8ff2b38e7166d33ad0afb43717ce07/storage-userdata.sh | bash -s" | |
| } | |
| # Update the storage device networking to be just Layer2 Bonded with VLAN | |
| # attached to bond0 | |
| resource "equinix_metal_port" "bond0_storage" { | |
| port_id = [for p in equinix_metal_device.storage.ports : p.id if p.name == "bond0"][0] | |
| layer2 = true | |
| bonded = true | |
| vlan_ids = [equinix_metal_vlan.vlan.id] | |
| } | |
| # Create a tunnel device | |
| resource "equinix_metal_device" "tunnel" { | |
| hostname = "tunnel" | |
| project_id = var.project_id | |
| plan = var.plan | |
| metro = var.metro | |
| operating_system = var.operating_system | |
| billing_cycle = "hourly" | |
| user_data = "#!/bin/bash\ncurl -s https://gist.githubusercontent.com/Callisto13/9c31cfb7cc10f9cfbbda61137a48f942/raw/6e5f0b99aba4be8b2ec08c4bb0a5a532eb89acdd/tunnel-userdata.sh | bash -s" | |
| } | |
| # Update the tunnel device networking to be Hybrid Bonded with VLAN | |
| # attached to bond0 | |
| resource "equinix_metal_port" "bond0_tunnel" { | |
| port_id = [for p in equinix_metal_device.tunnel.ports : p.id if p.name == "bond0"][0] | |
| layer2 = false | |
| bonded = true | |
| vlan_ids = [equinix_metal_vlan.vlan.id] | |
| } | |
| # useful outputs to print | |
| output "tunnel_L3_ip" { | |
| value = equinix_metal_device.tunnel.network.0.address | |
| description = "The public IP of the tunnel device" | |
| } | |
| output "storage_L2_ip" { | |
| value = "192.168.10.10" | |
| description = "The VLAN interface of the storage device" | |
| } | |
| output "tunnel_command" { | |
| value = "ssh -i <key> -L 1024:192.168.10.10:8000 root@${equinix_metal_device.tunnel.network.0.address}" | |
| description = "The tunnel command to run, follow with `curl 127.0.0.1:1024`" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| modprobe 8021q | |
| echo "8021q" >> /etc/modules-load.d/networking.conf | |
| ip addr add 192.168.10.10/25 dev bond0 | |
| cat <<'EOF' > /root/launch.sh | |
| #!/bin/bash | |
| mkdir -p /root/server | |
| cd /root/server || true | |
| echo "IF YOU CAN READ THIS YOU DESERVE CAKE" > index.html | |
| python3 -m http.server 8000 | |
| EOF | |
| chmod +x /root/launch.sh | |
| cat <<'EOF' > /etc/systemd/system/storage.service | |
| [Unit] | |
| Description=mock storage service | |
| After=network.target | |
| [Service] | |
| Type=simple | |
| Restart=always | |
| RestartSec=5 | |
| User=root | |
| ExecStart=/root/launch.sh | |
| KillMode=process | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| systemctl daemon-reload | |
| systemctl enable storage | |
| systemctl start storage | |
| systemctl status storage |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "project_id": "REPLACE", | |
| "metal_auth_token": "REPLACE" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export VLAN_ID=1100 | |
| export ADDR=11 | |
| modprobe 8021q | |
| echo "8021q" >> /etc/modules-load.d/networking.conf | |
| ip link add link bond0 name "bond0.$VLAN_ID" type vlan id "$VLAN_ID" | |
| ip addr add "192.168.10.$ADDR/25" dev "bond0.$VLAN_ID" | |
| ip -d link set dev "bond0.$VLAN_ID" up | |
| ip -d link show "bond0.$VLAN_ID" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment