Private networks
resource "hcloud_network" "privateNet" { name = "Private network" ip_range = "10.0.0.0/8" } resource "hcloud_network_subnet" "privateSubnet" { network_id = hcloud_network.privateNet.id type = "cloud" network_zone = "eu-central" ip_range = "10.0.1.0/24" } resource "hcloud_network_route" "gateway"{ network_id = hcloud_network.privateNet.id destination = "0.0.0.0/0" gateway = "10.0.1.20" }
resource "hcloud_server" "gateway" { .... public_net { ipv4 = hcloud_primary_ip.gatwewayIp.id } network { network_id = hcloud_network.privateNet.id ip = "10.0.1.20" } }
resource "hcloud_server" "intern" { .... public_net { ipv4_enabled = false ipv6_enabled = false } network { network_id = hcloud_network.privateNet.id ip = "10.0.1.30" } }
No. 17
Creating a subnet
Q: |
Follow Figure 1040, “Private subnet overview ” creating two hosts being connected by a private subnet:
TipVariables of
|
-
Host “intern” does not have Internet access.
-
Consequences:
-
No package updates.
-
No package installs
-
...
-
-
-
Allow IP forwarding on gateway host
-
Configure NAT enabling gateway host as router
-
-
Use an application level gateway:
-
Problem: apt-cacher-ng installation requires time for service to become available.
-
Consequence: Package installs on host “intern” must be deferred.
-
Problem: No standard Terraform “service ready” dependency management hook.
#!/bin/bash echo "Waiting for apt-cacher-ng to launch on port 3142 ..." while ! nc -z ${frontendPrivatenetIp} 3142; do sleep 8 # wait for 8 second before polling again echo apt-cacher-ng not yet ready ... done echo "apt-cacher-ng service ready"
resource "null_resource" "waitForProxy" { connection { type = "ssh" user = "devops" host_key = ...public_key_openssh agent = "true" host = ...web.ipv4_address } provisioner "remote-exec" { inline=["/usr/bin/waitForAptProxy"] } } |
resource "hcloud_server" "intern" { ... depends_on = [ hcloud_network_subnet.pSubnet ,null_resource.waitForProxy ] } |
No. 18
Adding an application level gateway
Q: |
This exercise is a follow-up to Creating a subnet . We add
an application level gateway providing HTTP
access to hosts residing in the private subnet
e.g. host
|