Creating a group of instances with fixed IP addresses
You can use tags and variables to create a group of VM instances with predefined internal and public IP addresses.
To create an instance group with fixed IP addresses:
-
By default, all operations in Instance Groups are performed on behalf of a service account. If you don't have a service account, create one.
-
Create a cloud network and subnets, for example, in two availability zones, if you do not have them.
-
To make VMs in the group accessible from the internet, reserve the required number of static public IP addresses. For the example below, four IP addresses are enough.
-
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the
--folder-name
or--folder-id
parameter. -
View the description of the CLI command to create an instance group:
yc compute instance-group create --help
-
Select one of the Yandex Cloud Marketplace public images, e.g., Ubuntu 22.04 LTS.
To get a list of available images using the CLI, run this command:
yc compute image list --folder-id standard-images
Result:
+----------------------+-------------------------------------+--------------------------+----------------------+--------+ | ID | NAME | FAMILY | PRODUCT IDS | STATUS | +----------------------+-------------------------------------+--------------------------+----------------------+--------+ ... | fdvk34al8k5n******** | centos-7-1549279494 | centos-7 | dqni65lfhvv2******** | READY | | fdv7ooobjfl3******** | windows-2016-gvlk-1548913814 | windows-2016-gvlk | dqnnc72gj2is******** | READY | | fdv4f5kv5cvf******** | ubuntu-1604-lts-1549457823 | ubuntu-1604-lts | dqnnb6dc7640******** | READY | ... +----------------------+-------------------------------------+--------------------------+----------------------+--------+
-
Prepare a file with the YAML specification of the instance group and give it a name, e.g.,
specification.yaml
.To assign fixed IP addresses to the VMs of the group, add the following sections and parameters to the specification:
-
In the
allocation_policy
field, a nestedzones
field with pairedzone_id
andinstance_tags_pool
parameters for each of the availability zones in which you will create VM instances. For example, if the VMs of the group will be located in theru-central1-a
andru-central1-b
availability zones, theallocation_policy
field will look like this:allocation_policy: zones: - zone_id: ru-central1-a instance_tags_pool: - <ru-central1-a_zone_tag1> - <ru-central1-a_zone_tag2> - zone_id: ru-central1-b instance_tags_pool: - <ru-central1-b_zone_tag1> - <ru-central1-b_zone_tag2>
Where:
zone_id
: Availability zone ID.instance_tags_pool
: List of unique tags for binding IP addresses to the VMs of the group. The tag value is used to generate VM names and variables containing IP addresses of the VMs. For each availability zone, the number of tags should match the number of VMs created in it. Examples of possible tag values:ru1-a1
,ru1-b2
, etc.
-
The
variables
field containing variables used in templates to provide IP addresses of the VMs you are creating to the VM group:variables: - key: ip_<ru-central1-a_zone_tag1> value: <internal_IP_address_1> - key: external_ip_<ru-central1-a_zone_tag1> value: <public_IP_address_1> ... - key: ip_<ru-central1-b_zone_tag2> value: <internal_IP_address_4> - key: external_ip_<ru-central1-b_zone_tag2> value: <public_IP_address_4>
Where:
-
key
: Variable name in<prefix>_<tag>
format:-
<prefix>
defines the IP address type. For example, you can use theip
prefix for internal addresses andexternal_ip
for public ones. -
<tag>
value must fully match the value of the relevant tag specified for this VM in theallocation_policy
field, e.g.,ru1-a1
.
-
-
value
: Variable value, which is either an internal or public IP address of the new VM.Internal IP addresses must belong to the IP address range allocated to the specified subnet in the respective availability zone.
If you are not going to assign public IP addresses to the group instances, do not specify variables with the
external_ip
prefix.
For more information about using variables in a VM template, see Variables in an instance template.
-
-
In the
instance_template.name
field, the VM name containing the tag template, e.g.,sample-vm-{instance.tag}
. After inserting tag values into this template, the VM names will look like this:sample-vm-ru1-a1
,sample-vm-ru1-b2
, etc. -
In the
instance_template.network_interface_specs
field, subnet IDs and IP address templates:instance_template: ... network_interface_specs: - subnet_ids: - <subnet_ID_in_ru-central1-a> - <subnet_ID_in_ru-central1-b> primary_v4_address_spec: address: "{ip_{instance.tag}}" one_to_one_nat_spec: ip_version: IPV4 address: "{<external_ip_{instance.tag}}"
Where:
subnet_ids
: List of IDs for the subnets to host the VMs. You must specify one subnet in each availability zone where a group VM will be created.primary_v4_address_spec.address
: Internal IP address template. It will use the variable value specified for this VM in thevariables
field.primary_v4_address_spec.one_to_one_nat_spec.address
: Public IP address template. It will use the variable value specified for this VM in thevariables
field.
If you are not going to assign public IP addresses to the group instances, do not add the
primary_v4_address_spec.one_to_one_nat_spec
field to the specification.
YAML specification example:
service_account_id: ajegtlf2q28a******** name: my-vm-group-with-fixed-ips description: Example of using tags for managing ips. Created with CLI scale_policy: fixed_scale: size: 4 deploy_policy: max_unavailable: 2 allocation_policy: zones: - zone_id: ru-central1-a instance_tags_pool: - ru1-a1 - ru1-a2 - zone_id: ru-central1-b instance_tags_pool: - ru1-b1 - ru1-b2 variables: - key: ip_ru1-a1 value: 192.168.2.5 - key: external_ip_ru1-a1 value: 84.201.***.** - key: ip_ru1-a2 value: 192.168.2.15 - key: external_ip_ru1-a2 value: 130.193.**.** - key: ip_ru1-b1 value: 192.168.1.5 - key: external_ip_ru1-b1 value: 84.201.***.** - key: ip_ru1-b2 value: 192.168.1.15 - key: external_ip_ru1-b2 value: 84.201.***.* instance_template: name: sample-vm-{instance.tag} platform_id: standard-v2 resources_spec: memory: 2G cores: 2 boot_disk_spec: mode: READ_WRITE disk_spec: image_id: fd8dlvgiatiqd8tt2qke type_id: network-hdd size: 20g network_interface_specs: - subnet_ids: - e2l3qffk0h6t******** - e9bijtoprmcu******** primary_v4_address_spec: address: "{ip_{instance.tag}}" one_to_one_nat_spec: address: "{external_ip_{instance.tag}}"
This example shows a specification for creating a fixed-size instance group with fixed internal and public IP addresses.
For more information about the instance group specification parameters, see Specification of an instance group in YAML format.
-
-
Create an instance group in the default folder:
yc compute instance-group create --file specification.yaml
This command creates an instance group with the following characteristics:
- Name:
my-vm-group-with-fixed-ips
- OS:
Ubuntu 22.04 LTS
- Number of VMs: four, in the
ru-central1-a
andru-central1-b
availability zones, two per zone - vCPUs: 2; RAM: 2 GB
- Network HDD: 20 GB
- Fixed internal and public IP addresses assigned to each VM of the group
- Name:
If you don't have Terraform, install it and configure the Yandex Cloud provider.
-
In the configuration file, describe the parameters of the resources you want to create:
resource "yandex_compute_instance_group" "ig-1" { name = "fixed-ig" folder_id = "<folder_ID>" service_account_id = "${yandex_iam_service_account.ig-sa.id}" deletion_protection = false depends_on = [yandex_resourcemanager_folder_iam_member.editor] instance_template { name = "sample-vm-{instance.tag}" platform_id = "standard-v3" resources { memory = 2 cores = 2 } boot_disk { mode = "READ_WRITE" initialize_params { image_id = "fd8dlvgiatiqd8tt2qke" } } network_interface { network_id = "${yandex_vpc_network.ig-network.id}" subnet_ids = ["${yandex_vpc_subnet.ig-subnet-a.id}", "${yandex_vpc_subnet.ig-subnet-b.id}"] nat = true ip_address = "{ip_{instance.tag}}" nat_ip_address = "{external_ip_{instance.tag}}" } metadata = { user-data = "#cloud-config\n datasource:\n Ec2:\n strict_id: false\n ssh_pwauth: no\n users:\n - name: <VM_user_name>\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh-authorized-keys:\n - <public_SSH_key>\n runcmd: []" } } variables = { ip_ru1-a1 = "192.168.2.5" external_ip_ru1-a1 = "${yandex_vpc_address.external-address-a1.external_ipv4_address[0].address}" ip_ru1-a2 = "192.168.2.15" external_ip_ru1-a2 = "${yandex_vpc_address.external-address-a2.external_ipv4_address[0].address}" ip_ru1-b1 = "192.168.1.5" external_ip_ru1-b1 = "${yandex_vpc_address.external-address-b1.external_ipv4_address[0].address}" ip_ru1-b2 = "192.168.1.15" external_ip_ru1-b2 = "${yandex_vpc_address.external-address-b2.external_ipv4_address[0].address}" } scale_policy { fixed_scale { size = 4 } } allocation_policy { zones = ["ru-central1-a","ru-central1-b"] instance_tags_pool { zone = "ru-central1-a" tags = ["ru1-a1","ru1-a2"] } instance_tags_pool { zone = "ru-central1-b" tags = ["ru1-b1","ru1-b2"] } } deploy_policy { max_unavailable = 1 max_expansion = 0 } } resource "yandex_iam_service_account" "ig-sa" { name = "instance-group-sa" description = "Service account to manage the instance group." } resource "yandex_resourcemanager_folder_iam_member" "editor" { folder_id = "<folder_ID>" role = "editor" member = "serviceAccount:${yandex_iam_service_account.ig-sa.id}" depends_on = [ yandex_iam_service_account.ig-sa, ] } resource "yandex_vpc_network" "ig-network" { name = "ig-network" } resource "yandex_vpc_subnet" "ig-subnet-a" { name = "ig-subnet-a" zone = "ru-central1-a" network_id = "${yandex_vpc_network.ig-network.id}" v4_cidr_blocks = ["192.168.2.0/24"] } resource "yandex_vpc_subnet" "ig-subnet-b" { name = "ig-subnet-b" zone = "ru-central1-b" network_id = "${yandex_vpc_network.ig-network.id}" v4_cidr_blocks = ["192.168.1.0/24"] } resource "yandex_vpc_address" "external-address-a1" { name = "external-address-a1" external_ipv4_address { zone_id = "ru-central1-a" } } resource "yandex_vpc_address" "external-address-a2" { name = "external-address-a2" external_ipv4_address { zone_id = "ru-central1-a" } } resource "yandex_vpc_address" "external-address-b1" { name = "external-address-b1" external_ipv4_address { zone_id = "ru-central1-b" } } resource "yandex_vpc_address" "external-address-b2" { name = "external-address-b2" external_ipv4_address { zone_id = "ru-central1-b" } }
Where:
-
yandex_compute_instance_group
: Description of the instance group:-
General information about the instance group:
name
: Name of the instance group.folder_id
: Folder ID.service_account_id
: Service account ID.deletion_protection
: Instance group deletion protection,true
orfalse
. You cannot delete an instance group with this option enabled. The default value isfalse
.
-
instance_template
: VM instance template:-
name
: VM name containing the tag template, e.g.,sample-vm-{instance.tag}
. After inserting tag values into this template, the VM names will look like this:sample-vm-ru1-a1
,sample-vm-ru1-b2
, etc. -
platform_id
: Platform. -
resources
: Number of vCPU cores and the amount of RAM available to the VM. The values must match the selected platform. -
boot_disk
: Boot disk settings:mode
: Disk access mode, which is eitherREAD_ONLY
for reading only orREAD_WRITE
for both reading and writing.image_id
: Selected image ID. You can get the image ID from the list of public images.
-
network_interface
: Network settings:subnet_ids
: List of IDs for the subnets to host the VMs. You must specify one subnet in each availability zone where a group VM will be created.nat
: Specifies if a VM will have an assigned public IP address. The possible values aretrue
andfalse
.ip_address
: VM internal IP address. This is a template that will use the value from a variable specified for this VM in thevariables
section.nat_ip_address
: VM public IP address. This is a template that will use the value from a variable specified for this VM in thevariables
field.
-
metadata
: In metadata, provide the VM user name and public key to enable this user to access the VM via SSH.For more information, see VM metadata.
-
-
variables
: Variables assigned to the instance group. This section contains a list of variables in<name> = <value>
format to use in templates to provide IP addresses of the VMs you are creating to the instance group:-
Variable name: Specify the name in
<prefix>_<tag>
format:-
<prefix>
defines the IP address type. For example, you can use theip
prefix for internal IP addresses andexternal_ip
for public ones. -
<tag>
value must fully match the value of the relevant tag specified for this VM in theallocation_policy
field, e.g.,ru1-a1
.
-
-
Variable value: This is either an internal or public IP address of the new VM.
Internal IP addresses must belong to the IP address range allocated to the specified subnet in the respective availability zone.
If you are not going to assign public IP addresses to the group instances, do not specify variables with the
external_ip
prefix.
For more information about using variables in a VM template, see Variables in an instance template.
-
-
deploy_policy
: Deployment policy for instances in the group.scale_policy
: Scaling policy for instances in the group.allocation_policy
: Policy for allocating VM instances across availability zones and regions.-
zones
: Array containing the IDs of availability zones in which the VMs of the group will be created. -
instance_tags_pool
: List of unique tags for binding IP addresses to the VMs of the group. You need to specify it separately for each availability zone which will host your group instances.The values of tags specified in the
tags
array are used to generate VM names and variables containing IP addresses of the VMs. The number of tags specified in thetags
array for an availability zone should match the number of VMs created in it. Examples of possible tag values:ru1-a1
,ru1-b2
, etc.
-
-
-
yandex_iam_service_account
: Description of the service account. All operations in Instance Groups are performed on behalf of the service account.You cannot delete a service account while it is linked to an instance group.
-
yandex_resourcemanager_folder_iam_member
: Description of access permissions to the folder the service account belongs to. To be able to create, update, and delete instances in the instance group, assign theeditor
role to the service account. -
yandex_vpc_network
: Description of the cloud network. -
yandex_vpc_subnet
: Description of the subnets to connect the VMs of the group to. -
yandex_vpc_address
: Description of the reserved static public IP address.Note
If you already have suitable resources, such as a service account, cloud network, subnets, and reserved static IP addresses, you do not need to describe them again. Use their names and IDs in the appropriate parameters.
For more information about the resources you can create with Terraform, see the provider documentation
. -
-
Create resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
All the resources you need will then be created in the specified folder. You can check the new resources and their configuration using the management console
. -
Use the create REST API method for the InstanceGroup resource or the InstanceGroupService/Create gRPC API call.