Aller au contenu

Multi-cloud

Configurer les providers GCP, AWS, Azure, OVH et OpenStack dans OpenTofu.

Google Cloud Platform

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 5.0"
    }
  }
}

provider "google" {
  project = var.project_id
  region  = "europe-west1"
}

Authentification :

# gcloud (developpement)
gcloud auth application-default login

# Service account (CI/CD)
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/sa-key.json"

Pour les environnements souverains, voir Souverainete GCP (attribut universe_domain).

Amazon Web Services

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = "eu-west-1"
}

Authentification :

# AWS CLI (developpement)
aws configure

# Variables d'environnement (CI/CD)
export AWS_ACCESS_KEY_ID="..."
export AWS_SECRET_ACCESS_KEY="..."

Microsoft Azure

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.0"
    }
  }
}

provider "azurerm" {
  features {}
  subscription_id = var.subscription_id
}

Authentification :

# Azure CLI (developpement)
az login

# Service Principal (CI/CD)
export ARM_CLIENT_ID="..."
export ARM_CLIENT_SECRET="..."
export ARM_TENANT_ID="..."
export ARM_SUBSCRIPTION_ID="..."

OVHcloud

terraform {
  required_providers {
    ovh = {
      source  = "ovh/ovh"
      version = "~> 0.40"
    }
    openstack = {
      source  = "terraform-provider-openstack/openstack"
      version = "~> 1.54"
    }
  }
}

provider "ovh" {
  endpoint           = "ovh-eu"
  application_key    = var.ovh_application_key
  application_secret = var.ovh_application_secret
  consumer_key       = var.ovh_consumer_key
}

provider "openstack" {
  auth_url    = "https://auth.cloud.ovh.net/v3"
  region      = "GRA11"
  tenant_name = var.ovh_tenant_name
}

Authentification : créez un token API sur api.ovh.com et un utilisateur OpenStack dans l'interface OVH.

OVH et OpenStack

OVH utilisé OpenStack pour son infrastructure cloud. Vous aurez souvent besoin des deux providers : ovh pour les services spécifiques OVH (DNS, domaines) et openstack pour les ressources cloud (instances, réseaux).

OpenStack

terraform {
  required_providers {
    openstack = {
      source  = "terraform-provider-openstack/openstack"
      version = "~> 1.54"
    }
  }
}

provider "openstack" {
  auth_url    = var.auth_url
  region      = var.region
  tenant_name = var.tenant_name
  user_name   = var.user_name
  password    = var.password
}

Authentification :

# Via clouds.yaml (recommande)
export OS_CLOUD="mycloud"

# Via variables d'environnement
source openrc.sh

Comparatif des providers

Provider Source Resources principales
google hashicorp/google google_compute_instance, google_storage_bucket
aws hashicorp/aws aws_instance, aws_s3_bucket
azurerm hashicorp/azurerm azurerm_virtual_machine, azurerm_storage_account
ovh ovh/ovh ovh_domain_zone_record, ovh_cloud_project_kube
openstack terraform-provider-openstack/openstack openstack_compute_instance_v2, openstack_networking_network_v2

Multi-provider dans un même projet

# Exemple : DNS OVH + infrastructure GCP
provider "google" {
  project = var.gcp_project
  region  = "europe-west1"
}

provider "ovh" {
  endpoint = "ovh-eu"
}

resource "google_compute_instance" "web" {
  name         = "webserver"
  machine_type = "e2-medium"
  zone         = "europe-west1-b"
  # ...
}

resource "ovh_domain_zone_record" "web" {
  zone      = "example.com"
  subdomain = "www"
  fieldtype = "A"
  target    = google_compute_instance.web.network_interface[0].access_config[0].nat_ip
  ttl       = 300
}