search

Deploy Cloud Bastion Host HA Instance

hashtag
Application Scenario

Cloud Bastion Host (CBH) is a security operation and maintenance management service provided by Huawei Cloud, offering enterprises a unified security operation and maintenance entry point. CBH helps enterprises establish secure and compliant operation and maintenance management systems through centralized identity authentication, permission management, and operation auditing.

Cloud Bastion Host HA instance provides high availability assurance, ensuring service continuity and reliability through master-standby architecture. HA instance supports cross-availability zone deployment. When the master instance fails, the standby instance can automatically take over the service, ensuring business continuity. Before creation, you need to confirm the CBH specification type, master-standby availability zone configuration, network parameters, and security group rules based on actual application scenarios.

This best practice will introduce how to use Terraform to automatically deploy a cloud bastion host HA instance.

hashtag
Related Resources/Data Sources

This best practice involves the following main resources and data sources:

hashtag
Data Sources

hashtag
Resources

hashtag
Resource/Data Source Dependencies

hashtag
Operation Steps

hashtag
1. Script Preparation

Prepare the TF file (e.g., main.tf) in the specified workspace for writing the current best practice script, ensuring that it (or other TF files in the same directory) contains the provider version declaration and Huawei Cloud authentication information required for deploying resources. Refer to the "Preparation Before Deploying Huawei Cloud Resources" document for configuration introduction.

hashtag
2. Query Availability Zones Required for Cloud Bastion Host HA Instance Resource Creation via Data Source

Add the following script to the TF file (e.g., main.tf) to instruct Terraform to perform a data source query, the result of which will be used to create the cloud bastion host HA instance:

Parameter Description:

  • count: Number of data source instances, used to control whether to execute the availability zone list query data source, only creates the data source when var.master_availability_zone or var.slave_availability_zone is empty (i.e., executes availability zone list query)

hashtag
3. Query Specification Information Required for Cloud Bastion Host HA Instance Resource Creation via Data Source

Add the following script to the TF file (e.g., main.tf) to instruct Terraform to perform a data source query, the result of which will be used to create the cloud bastion host HA instance:

Parameter Description:

  • count: Number of data source instances, used to control whether to execute the specification list query data source, only creates the data source when var.instance_flavor_id is empty (i.e., executes specification list query)

  • type: Specification type for the cloud bastion host HA instance, assigned by referencing the input variable instance_flavor_type

hashtag
4. Create VPC

Add the following script to the TF file (e.g., main.tf) to instruct Terraform to create a VPC resource:

Parameter Description:

  • name: VPC name, assigned by referencing the input variable vpc_name

  • cidr: VPC CIDR block, assigned by referencing the input variable vpc_cidr

hashtag
5. Create VPC Subnet

Add the following script to the TF file to instruct Terraform to create a VPC subnet resource:

Parameter Description:

  • vpc_id: VPC ID to which the subnet belongs, assigned by referencing the VPC resource (huaweicloud_vpc) ID

  • name: Subnet name, assigned by referencing the input variable subnet_name

  • cidr: Subnet CIDR block, automatically calculated when subnet_cidr is empty, otherwise uses the input variable subnet_cidr value

  • gateway_ip: Subnet gateway IP, automatically calculated when subnet_gateway_ip is empty, otherwise uses the input variable subnet_gateway_ip value

hashtag
6. Create Security Group

Add the following script to the TF file to instruct Terraform to create a security group resource:

Parameter Description:

  • name: Security group name, assigned by referencing the input variable security_group_name

  • delete_default_rules: Whether to delete default rules, set to true to delete default rules

hashtag
7. Create Cloud Bastion Host HA Instance

Add the following script to the TF file to instruct Terraform to create a cloud bastion host HA instance resource:

Parameter Description:

  • name: Cloud bastion host HA instance name, assigned by referencing the input variable instance_name

  • flavor_id: Cloud bastion host HA instance specification ID, when instance_flavor_id is empty, assigned based on the specification list query data source (data.huaweicloud_cbh_flavors) return result, otherwise uses the input variable instance_flavor_id value

  • vpc_id: VPC ID to which the cloud bastion host HA instance belongs, assigned by referencing the VPC resource (huaweicloud_vpc) ID

  • subnet_id: Subnet ID to which the cloud bastion host HA instance belongs, assigned by referencing the VPC subnet resource (huaweicloud_vpc_subnet) ID

  • security_group_id: Security group ID to which the cloud bastion host HA instance belongs, assigned by referencing the security group resource (huaweicloud_networking_secgroup) ID

  • master_availability_zone: Availability zone where the master instance of the cloud bastion host HA instance is located, when master_availability_zone is empty, assigned based on the availability zone list query data source (data.huaweicloud_cbh_availability_zones) return result, otherwise uses the input variable master_availability_zone value

  • slave_availability_zone: Availability zone where the slave instance of the cloud bastion host HA instance is located, when slave_availability_zone is empty, assigned based on the availability zone list query data source (data.huaweicloud_cbh_availability_zones) return result, otherwise uses the input variable slave_availability_zone value

  • password: Cloud bastion host HA instance login password, assigned by referencing the input variable instance_password

  • charging_mode: Cloud bastion host HA instance billing mode, assigned by referencing the input variable charging_mode

  • period_unit: Cloud bastion host HA instance billing period unit, assigned by referencing the input variable period_unit

  • period: Cloud bastion host HA instance billing period, assigned by referencing the input variable period

  • auto_renew: Whether to enable auto-renewal for the cloud bastion host HA instance, assigned by referencing the input variable auto_renew

hashtag
8. Preset Input Parameters Required for Resource Deployment (Optional)

In this practice, some resources and data sources use input variables to assign values to configuration content. These input parameters need to be manually entered during subsequent deployments. At the same time, Terraform provides a method to preset these configurations through .tfvars files, which can avoid repeated input during each execution.

Create a terraform.tfvars file in the working directory with the following example content:

Usage:

  1. Save the above content as terraform.tfvars file in the working directory (this file name allows users to automatically import the content of this tfvars file when executing terraform commands; for other names, .auto needs to be added before tfvars, such as variables.auto.tfvars)

  2. Modify parameter values as needed

  3. When executing terraform plan or terraform apply, Terraform will automatically read the variable values from this file

In addition to using terraform.tfvars file, variable values can also be set in the following ways:

  1. Command line parameters: terraform apply -var="vpc_name=my-vpc" -var="subnet_name=my-subnet"

  2. Environment variables: export TF_VAR_vpc_name=my-vpc

  3. Custom named variable files: terraform apply -var-file="custom.tfvars"

Note: If the same variable is set in multiple ways, Terraform will use the variable value according to the following priority: command line parameters > variable files > environment variables > default values.

hashtag
9. Initialize and Apply Terraform Configuration

After completing the above script configuration, execute the following steps to create resources:

  1. Run terraform init to initialize the environment

  2. Run terraform plan to view the resource creation plan

  3. After confirming the resource plan is correct, run terraform apply to start creating the cloud bastion host HA instance

  4. Run terraform show to view the details of the created cloud bastion host HA instance

hashtag
Reference Information

PreviousDeploy Cloud Bastion Host Single InstanceNextCC

Last updated