Terraform で AWS 上に Catalyst 8000V をデプロイする
Terraform を使い、AWS Marketplace から Cisco Catalyst 8000V Edge Software - BYOL をデプロイする .tf ファイルのサンプルをメモしておきます。
構成図
Catalyst 8000V は 17.09.01a (ap-northeast-1 での AMI ID は ami-0d8d61e501acd56c3) を利用しました。 構成は以下の通りです。
.tf ファイルのサンプル
Catalyst 8000V のデフォルトユーザ名は ec2-user です。 この .tf ファイルでデプロイした後は登録した公開鍵と対になる秘密鍵とユーザ名 ec2-user で SSH ログインします。 下記の例では VPC Default Security Group を全アドレス (0.0.0.0/0) から許可している為、必要に応じて修正・制限が必要と思われます。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127 | variable "prefix" { default = "TEST_" }
provider "aws" {
access_key = "ACCESS-KEY"
secret_key = "SECRET-KEY
region = "ap-northeast-1"
}
# VPC
resource "aws_vpc" "vpc1" {
cidr_block = "10.0.0.0/16"
tags = { Name = "${var.prefix}VPC" }
}
# Internet Gateway
resource "aws_internet_gateway" "igw1" {
tags = { Name = "${var.prefix}igw1" }
vpc_id = aws_vpc.vpc1.id
}
# Route Table
resource "aws_route_table" "rtb1" {
vpc_id = aws_vpc.vpc1.id
tags = { Name = "${var.prefix}RouteTable1" }
}
resource "aws_route_table_association" "rtb_association1" {
route_table_id = aws_route_table.rtb1.id
subnet_id = aws_subnet.subnet1.id
}
resource "aws_route" "route1" {
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw1.id
route_table_id = aws_route_table.rtb1.id
}
resource "aws_route_table" "rtb2" {
vpc_id = aws_vpc.vpc1.id
tags = { Name = "${var.prefix}RouteTable2" }
}
resource "aws_route_table_association" "rtb_association2" {
route_table_id = aws_route_table.rtb2.id
subnet_id = aws_subnet.subnet2.id
}
# Subnet
resource "aws_subnet" "subnet1" {
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.1.0/24"
tags = { Name = "${var.prefix}Subnet1" }
vpc_id = aws_vpc.vpc1.id
}
resource "aws_subnet" "subnet2" {
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.2.0/24"
tags = { Name = "${var.prefix}Subnet2" }
vpc_id = aws_vpc.vpc1.id
}
# Security Group
resource "aws_default_security_group" "sg1" {
vpc_id = aws_vpc.vpc1.id
tags = { Name = "${var.prefix}Default" }
}
resource "aws_security_group_rule" "sg_rule1" {
type = "ingress"
protocol = "all"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_default_security_group.sg1.id
}
# Key Pair
resource "aws_key_pair" "keypair" {
key_name = "${var.prefix}keypair"
public_key = "PUBKEY"
}
# EC2 Instance
resource "aws_network_interface" "nic1" {
subnet_id = aws_subnet.subnet1.id
private_ips = ["10.0.1.100"]
security_groups = [aws_default_security_group.sg1.id]
tags = { Name = "${var.prefix}C8Kv-Gi1" }
}
resource "aws_network_interface" "nic2" {
subnet_id = aws_subnet.subnet2.id
private_ips = ["10.0.2.100"]
security_groups = [aws_default_security_group.sg1.id]
tags = { Name = "${var.prefix}C8Kv-Gi2" }
}
resource "aws_instance" "instance1" {
ami = "ami-0a6f4f867117f37c4"
instance_type = "t3.medium"
key_name = aws_key_pair.keypair.id
tags = { Name = "${var.prefix}C8Kv-1" }
network_interface {
network_interface_id = aws_network_interface.nic1.id
device_index = 0
}
network_interface {
network_interface_id = aws_network_interface.nic2.id
device_index = 1
}
}
resource "aws_eip" "eip1" {
vpc = true
network_interface = aws_network_interface.nic1.id
tags = { Name = "${var.prefix}C8Kv-1" }
}
|