We will explore the functions and necessary properties such as creation, diary, update, and deletion of resources/services for configuring a multi-cloud network.
Prerequisites
Install OpenTofu
See Installing OpenTofu
Install by the installer
# Download the installer script:
curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh
# Alternatively: wget --secure-protocol=TLSv1_2 --https-only https://get.opentofu.org/install-opentofu.sh -O install-opentofu.sh
# Give it execution permissions:
chmod +x install-opentofu.sh
# Please inspect the downloaded script
# Run the installer:
./install-opentofu.sh --install-method deb
# Remove the installer:
rm install-opentofu.sh
Get source code
In this readme, ~/poc-mc-net-tf
is used as the default directory.
git clone https://github.com/cloud-barista/poc-mc-net-tf.git ~/poc-mc-net-tf
Install swag
If you got an error because of missing swag, install swag:
go install github.com/swaggo/swag/cmd/swag@latest
Setup credentials
Note - There may be an issue regarding Credential settings. Contributions are welcome.
AWS
-
Install AWS CLI (It should be checked.)
-
Prepare your AWS credential
See Set and view configuration settings using commands
Click to see sample
```
[default]
AWS_ACCESS_KEY_ID=A2KXXXXXXXXXXX4XXXSD
AWS_SECRET_ACCESS_KEY=AB2YjR92sdflkj4D34XXXXXXXXXXXXXXXXXXXXXX
```
- Store your AWS credential
~/.aws/credentials
MS Azure
- Install MS Azure CLI (It should be checked.)
See How to install the Azure CLI
- Prepare your MS Azure credential (i.e., a service principal)
See Create a service principal for use with Microsoft Purview
See Create an Azure service principal with Azure CLI
- Store MS Azure credential
secrets/credential-azure.env
Click to see sample
```
ARM_CLIENT_ID=asd9f234-1fs2-xxxx-xxxx-xxxxxxxxxxxx
ARM_CLIENT_SECRET=a23i11G~nxxxxXxxXXxx-xxxXXXX3XxxxXXXXxxx
ARM_TENANT_ID=asdf231d-8s7s-11xx-x111-111111xxx111
ARM_SUBSCRIPTION_ID=e14fhg99-11xx-1111-11x1-111xx11x1x11
```
- Run
source secrets/credential-azure.env
az login --service-principal -u "$ARM_CLIENT_ID" -p "$ARM_CLIENT_SECRET" --tenant "$ARM_TENANT_ID"
GCP
- Prepare your GCP credential
See Service account credentials
- Store your GCP credential
secrets/credential-gcp.json
Click to see sample
```json
{
"type": "service_account",
"project_id": "YOUR_PROJECT_ID",
"private_key_id": "xx0x0x0x0x0xx0xxxxx0xx0xx0x0x0xx0x0xxxx0",
"private_key": "-----BEGIN PRIVATE KEY-----\YOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEY==\n-----END PRIVATE KEY-----\n",
"client_email": "YOUR_SERVICE_ACCOUNT@YOUR_PROJECT_ID.iam.gserviceaccount.com",
"client_id": "000000000000000000000",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/YOUR_SERVICE_ACCOUNT%40YOUR_PROJECT_ID.iam.gserviceaccount.com"
}
```
Getting started
Source code based installation and exeuction
Build
cd ~/poc-mc-net-tf
make
Run API server binary
cd ~/poc-mc-net-tf
make run
Container based execution
Check a tag of poc-mc-net-tf container image in cloudbaristaorg/poc-mc-net-tf
Run poc-mc-net-tf container
Note - Credentials for AWS, Azure, and GCP must be prepared and injected when running a container.
Note - Modify source="${PWD}"/secrets/
to the appropriate path.
Note - About credential injection:
- Set AWS credenttal as environment variable:
--env-file "${PWD}"/secrets/credentials
- Set Azure credential as environment variable:
--env-file "${PWD}"/secrets/credentials
- Mount GCP credential file:
--mount type=bind,source="${PWD}"/secrets/,target=/app/secrets/
docker run \
--env-file "${PWD}"/secrets/credentials \
--env-file "${PWD}"/secrets/credential-azure.env \
--mount type=bind,source="${PWD}"/secrets/,target=/app/secrets/ \
-p 8888:8888 \
--name poc-mc-net-tf \
cloudbaristaorg/poc-mc-net-tf:latest
Access Swagger UI
You can find the default username and password to access to API dashboard when the API server runs.
URL: http://localhost:8888/mc-net/swagger/index.html
Note - You can find API documentation on Swagger UI.
Appendix
The example of API call sequence
- POST /rg/{resourceGroupId}/vpn/gcp-azure/init
- POST /rg/{resourceGroupId}/vpn/gcp-azure/blueprint
- POST /rg/{resourceGroupId}/vpn/gcp-azure/plan
- POST /rg/{resourceGroupId}/vpn/gcp-azure (Time-consuming API, return a request ID and be processed asynchronously)
- GET /rg/{resourceGroupId}/vpn/gcp-azure/request/{requestId}/status (Check the above API status)
- GET /rg/{resourceGroupId}/vpn/gcp-azure/state (Check the resource status on CSPs)
- DELETE /rg/{resourceGroupId}/vpn/gcp-azure (Time-consuming API, return a request ID and be processed asynchronously)
- DELETE /rg/{resourceGroupId}/vpn/gcp-azure/clear