brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Sep 20. 2024

NCP 23탄-7. 테라폼-DB서버 생성-2024

<1> 네트워크 생성 ,  웹서버 생성

<2> DB 서버 생성




<1> 네트워크 생성 ,  웹서버 생성



1

만들기?


VPC

Public

Private 


 ipv4_cidr_block = "10.0.0.0/21"


2

[root@ngame-web01-dev 2]# more *.tf

::::::::::::::

main.tf

::::::::::::::

# VPC > User scenario > Scenario 1. Single Public Subnet

# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html

provider "ncloud" {

  support_vpc = true

  region      = "KR"

  access_key  = var.access_key

  secret_key  = var.secret_key

}

resource "ncloud_login_key" "key_scn_01" {

  key_name = var.name_vpc1

}

resource "ncloud_vpc" "vpc_vpc1" {

  name            = var.name_vpc1

  ipv4_cidr_block = "10.0.0.0/21"

}

resource "ncloud_subnet" "subnet_pri1" {

  name           = var.name_pri1

  vpc_no         = ncloud_vpc.vpc_vpc1.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc1.ipv4_cidr_block, 2, 0)

  // 10.0.1.0/24

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc1.default_network_acl_no

  subnet_type    = "PRIVATE"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub1" {

  name           = var.name_pub1

  vpc_no         = ncloud_vpc.vpc_vpc1.id

  subnet         = cidrsubnet(ncloud_vpc.vpc_vpc1.ipv4_cidr_block, 3, 2)

  // 10.0.1.0/24

  zone           = "KR-1"

  network_acl_no = ncloud_vpc.vpc_vpc1.default_network_acl_no

  subnet_type    = "PUBLIC"

  // PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_server" "server_web1" {

  subnet_no                 = ncloud_subnet.subnet_pub1.id

  name                      = var.name_web1

  server_image_product_code = "SW.VSVR.OS.LNX64.CNTOS.0703.B050"

  login_key_name            = ncloud_login_key.key_scn_01.key_name

}

resource "ncloud_public_ip" "public_ip_web1" {

  server_instance_no = ncloud_server.server_web1.id

  description        = "for ${var.name_web1}"

}

locals {

  scn01_inbound = [

    [1, "TCP", "0.0.0.0/0", "80", "ALLOW"],

    [2, "TCP", "0.0.0.0/0", "443", "ALLOW"],

    [3, "TCP", "${var.client_ip}/32", "22", "ALLOW"],

    [4, "TCP", "${var.client_ip}/32", "3389", "ALLOW"],

    [5, "TCP", "0.0.0.0/0", "32768-65535", "ALLOW"],

    [197, "TCP", "0.0.0.0/0", "1-65535", "DROP"],

    [198, "UDP", "0.0.0.0/0", "1-65535", "DROP"],

    [199, "ICMP", "0.0.0.0/0", null, "DROP"],

  ]

  scn01_outbound = [

    [1, "TCP", "0.0.0.0/0", "80", "ALLOW"],

    [2, "TCP", "0.0.0.0/0", "443", "ALLOW"],

    [3, "TCP", "${var.client_ip}/32", "1000-65535", "ALLOW"],

    [197, "TCP", "0.0.0.0/0", "1-65535", "DROP"],

    [198, "UDP", "0.0.0.0/0", "1-65535", "DROP"],

    [199, "ICMP", "0.0.0.0/0", null, "DROP"]

  ]

}

resource "ncloud_network_acl_rule" "network_acl_01_rule" {

  network_acl_no = ncloud_vpc.vpc_vpc1.default_network_acl_no

  dynamic "inbound" {

    for_each = local.scn01_inbound

    content {

      priority    = inbound.value[0]

      protocol    = inbound.value[1]

      ip_block    = inbound.value[2]

      port_range  = inbound.value[3]

      rule_action = inbound.value[4]

      description = "for ${var.name_vpc1}"

    }

  }

  dynamic "outbound" {

    for_each = local.scn01_outbound

    content {

      priority    = outbound.value[0]

      protocol    = outbound.value[1]

      ip_block    = outbound.value[2]

      port_range  = outbound.value[3]

      rule_action = outbound.value[4]

      description = "for ${var.name_vpc1}"

    }

  }

}

::::::::::::::

variables.tf

::::::::::::::

# variable name_scn01 {

#  default = "ngame-vpc2"

# }

variable name_vpc1 {

  default = "ngame-vpc2"

}

variable name_pri1 {

  default = "ngame-pri1"

}

variable name_pub1 {

  default = "ngame-pub1"

}

variable name_web1 {

  default = "ngame-web01"

}

variable name_pubip1 {

  default = "ngame-pubip11"

}

variable client_ip {

  default = "2.2.2.2"

}

variable access_key {

  default = "ncp_iam_BPKT6sp5"

}

variable secret_key {

  default = "ncp_iam_BPY9DLNrW50nQ"

}

::::::::::::::

versions.tf

::::::::::::::

terraform {

  required_providers {

    ncloud = {

      source = "navercloudplatform/ncloud"

    }

  }

  required_version = ">= 0.13"

}

[root@ngame-web01-dev 2]#








2


변수 처리하는데 서브넷 계산법을 알아야 한다.


cidrsubnet(prefix, newbits, netnum) 계산법?


cidrsubnet(prefix, newbits, netnum)

prefix ending in /16 and a newbits value of 4, the resulting subnet address will have length /20.



1)

 ipv4_cidr_block = "10.0.0.0/16"

 subnet         = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 8, 1)


/16에 8을 더해 24비트로 결과가 나온다.

1로 시작한다.

10.0.1.0/24 


16+8 = 24

1로 시작



2)

/21


21 3 2


21+3 = 24

2로 시작


10.0.2.0 /24 로 만들어짐





3



terraform init

terraform plan

terraform apply -auto-approve





4

생성 결과


ngame-vpc2

10.0.0.0/21


ngame-pri1

10.0.0.0/23


ngame-pub1

10.0.2.0/24


서버1대

ngame-web01 





5

삭제

terraform destroy  -auto-approve





<2> DB 서버 생성




1

다음

https://brunch.co.kr/@topasvga/4059



브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari