fdio.infra.terraform/2n_aws_c5n/deploy/main.tf

   1 data "vault_aws_access_credentials" "creds" {
   2   backend = "${var.vault-name}-path"
   3   role    = "${var.vault-name}-role"
   4 }
   5
   6 resource "aws_vpc" "CSITVPC" {
   7   assign_generated_ipv6_cidr_block = true
   8   enable_dns_hostnames             = false
   9   enable_dns_support               = true
  10   cidr_block                       = var.vpc_cidr_mgmt
  11   instance_tenancy                 = "default"
  12
  13   tags = {
  14     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-vpc"
  15     "Environment" = var.environment_name
  16   }
  17 }
  18
  19 resource "aws_security_group" "CSITSG" {
  20   depends_on                       = [
  21     aws_vpc.CSITVPC
  22   ]
  23   description                      = "Allow inbound traffic"
  24   name                             = "${var.resources_name_prefix}_${var.testbed_name}-sg"
  25   revoke_rules_on_delete           = false
  26   vpc_id                           = aws_vpc.CSITVPC.id
  27
  28   ingress {
  29     from_port        = 22
  30     to_port          = 22
  31     protocol         = "tcp"
  32     cidr_blocks      = ["0.0.0.0/0"]
  33   }
  34
  35   ingress {
  36     from_port        = 22
  37     to_port          = 22
  38     protocol         = "tcp"
  39     ipv6_cidr_blocks = ["::/0"]
  40   }
  41
  42   ingress {
  43     from_port        = 0
  44     to_port          = 0
  45     protocol         = -1
  46     self             = true
  47     ipv6_cidr_blocks = ["::/0"]
  48   }
  49
  50   egress {
  51     from_port        = 0
  52     to_port          = 0
  53     protocol         = "-1"
  54     cidr_blocks      = ["0.0.0.0/0"]
  55   }
  56
  57   egress {
  58     from_port        = 0
  59     to_port          = 0
  60     protocol         = "-1"
  61     ipv6_cidr_blocks = ["::/0"]
  62   }
  63
  64   tags = {
  65     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-sg"
  66     "Environment" = var.environment_name
  67   }
  68 }
  69
  70 resource "aws_vpc_ipv4_cidr_block_association" "b" {
  71   depends_on = [
  72     aws_vpc.CSITVPC
  73   ]
  74   cidr_block = var.vpc_cidr_b
  75   vpc_id     = aws_vpc.CSITVPC.id
  76 }
  77
  78 resource "aws_vpc_ipv4_cidr_block_association" "c" {
  79   depends_on = [
  80     aws_vpc.CSITVPC
  81   ]
  82   cidr_block = var.vpc_cidr_c
  83   vpc_id     = aws_vpc.CSITVPC.id
  84 }
  85
  86 resource "aws_vpc_ipv4_cidr_block_association" "d" {
  87   depends_on = [
  88     aws_vpc.CSITVPC
  89   ]
  90   cidr_block = var.vpc_cidr_d
  91   vpc_id     = aws_vpc.CSITVPC.id
  92 }
  93
  94 # Subnets
  95 resource "aws_subnet" "mgmt" {
  96   availability_zone               = var.avail_zone
  97   assign_ipv6_address_on_creation = false
  98   cidr_block                      = var.vpc_cidr_mgmt
  99   depends_on                      = [
 100     aws_vpc.CSITVPC
 101   ]
 102   ipv6_cidr_block                 = cidrsubnet(aws_vpc.CSITVPC.ipv6_cidr_block, 8, 1)
 103   map_public_ip_on_launch         = false
 104   vpc_id                          = aws_vpc.CSITVPC.id
 105
 106   tags = {
 107     "Environment" = var.environment_name
 108   }
 109 }
 110
 111 resource "aws_subnet" "b" {
 112   availability_zone               = var.avail_zone
 113   assign_ipv6_address_on_creation = true
 114   cidr_block                      = var.vpc_cidr_b
 115   depends_on                      = [
 116     aws_vpc.CSITVPC,
 117     aws_vpc_ipv4_cidr_block_association.b
 118   ]
 119   ipv6_cidr_block                 = cidrsubnet(aws_vpc.CSITVPC.ipv6_cidr_block, 8, 2)
 120   map_public_ip_on_launch         = false
 121   vpc_id                          = aws_vpc.CSITVPC.id
 122
 123   tags = {
 124     "Environment" = var.environment_name
 125   }
 126 }
 127
 128 resource "aws_subnet" "c" {
 129   availability_zone               = var.avail_zone
 130   assign_ipv6_address_on_creation = true
 131   cidr_block                      = var.vpc_cidr_c
 132   depends_on                      = [
 133     aws_vpc.CSITVPC,
 134     aws_vpc_ipv4_cidr_block_association.c
 135   ]
 136   ipv6_cidr_block                 = cidrsubnet(aws_vpc.CSITVPC.ipv6_cidr_block, 8, 3)
 137   map_public_ip_on_launch         = false
 138   vpc_id                          = aws_vpc.CSITVPC.id
 139
 140   tags = {
 141     "Environment" = var.environment_name
 142   }
 143 }
 144
 145 resource "aws_subnet" "d" {
 146   availability_zone               = var.avail_zone
 147   assign_ipv6_address_on_creation = true
 148   cidr_block                      = var.vpc_cidr_d
 149   depends_on                      = [
 150     aws_vpc.CSITVPC,
 151     aws_vpc_ipv4_cidr_block_association.d
 152   ]
 153   ipv6_cidr_block                 = cidrsubnet(aws_vpc.CSITVPC.ipv6_cidr_block, 8, 4)
 154   map_public_ip_on_launch         = false
 155   vpc_id                          = aws_vpc.CSITVPC.id
 156
 157   tags = {
 158     "Environment" = var.environment_name
 159   }
 160 }
 161
 162 resource "aws_internet_gateway" "CSITGW" {
 163   depends_on = [
 164     aws_vpc.CSITVPC
 165   ]
 166   vpc_id     = aws_vpc.CSITVPC.id
 167
 168   tags = {
 169     "Environment" = var.environment_name
 170   }
 171 }
 172
 173 # SSH keypair
 174 # Temporary key for provisioning only
 175 resource "tls_private_key" "CSITTLS" {
 176   algorithm   = "RSA"
 177   ecdsa_curve = "P521"
 178   rsa_bits    = 4096
 179 }
 180
 181 resource "aws_key_pair" "CSITKP" {
 182   key_name   = "${var.resources_name_prefix}_${var.testbed_name}-key"
 183   public_key = "${tls_private_key.CSITTLS.public_key_openssh}"
 184 }
 185
 186 resource "aws_placement_group" "CSITPG" {
 187   name     = "${var.resources_name_prefix}_${var.testbed_name}-pg"
 188   strategy = "cluster"
 189 }
 190
 191 # NICs
 192 resource "aws_network_interface" "dut1_if1" {
 193   depends_on        = [
 194     aws_vpc.CSITVPC,
 195     aws_subnet.b,
 196     aws_instance.dut1
 197   ]
 198   private_ip        = var.dut1_if1_ip
 199   private_ips       = [var.dut1_if1_ip]
 200   security_groups   = [aws_security_group.CSITSG.id]
 201   source_dest_check = false
 202   subnet_id         = aws_subnet.b.id
 203
 204   attachment {
 205     instance     = aws_instance.dut1.id
 206     device_index = 1
 207   }
 208
 209   tags = {
 210     "Environment" = var.environment_name
 211   }
 212 }
 213
 214 resource "aws_network_interface" "dut1_if2" {
 215   depends_on        = [
 216     aws_vpc.CSITVPC,
 217     aws_subnet.d,
 218     aws_instance.dut1
 219   ]
 220   private_ip        = var.dut1_if2_ip
 221   private_ips       = [var.dut1_if2_ip]
 222   security_groups   = [aws_security_group.CSITSG.id]
 223   source_dest_check = false
 224   subnet_id         = aws_subnet.d.id
 225
 226   attachment {
 227     instance     = aws_instance.dut1.id
 228     device_index = 2
 229   }
 230
 231   tags = {
 232     "Environment" = var.environment_name
 233   }
 234 }
 235
 236 resource "aws_network_interface" "tg_if1" {
 237   depends_on        = [
 238     aws_vpc.CSITVPC,
 239     aws_subnet.b,
 240     aws_instance.tg
 241   ]
 242   private_ip        = var.tg_if1_ip
 243   private_ips       = [var.tg_if1_ip]
 244   security_groups   = [aws_security_group.CSITSG.id]
 245   source_dest_check = false
 246   subnet_id         = aws_subnet.b.id
 247
 248   attachment {
 249     instance     = aws_instance.tg.id
 250     device_index = 1
 251   }
 252
 253   tags = {
 254     "Environment" = var.environment_name
 255   }
 256 }
 257
 258 resource "aws_network_interface" "tg_if2" {
 259   depends_on        = [
 260     aws_vpc.CSITVPC,
 261     aws_subnet.d,
 262     aws_instance.tg
 263   ]
 264   private_ip        = var.tg_if2_ip
 265   private_ips       = [var.tg_if2_ip]
 266   security_groups   = [aws_security_group.CSITSG.id]
 267   source_dest_check = false
 268   subnet_id         = aws_subnet.d.id
 269
 270   attachment {
 271     instance     = aws_instance.tg.id
 272     device_index = 2
 273   }
 274
 275   tags = {
 276     "Environment" = var.environment_name
 277   }
 278 }
 279
 280 data "aws_network_interface" "dut1_if1" {
 281   id = aws_network_interface.dut1_if1.id
 282 }
 283
 284 data "aws_network_interface" "dut1_if2" {
 285   id = aws_network_interface.dut1_if2.id
 286 }
 287
 288 data "aws_network_interface" "tg_if1" {
 289   id = aws_network_interface.tg_if1.id
 290 }
 291
 292 data "aws_network_interface" "tg_if2" {
 293   id = aws_network_interface.tg_if2.id
 294 }
 295
 296 # Instances
 297 resource "aws_instance" "tg" {
 298   depends_on                           = [
 299     aws_vpc.CSITVPC,
 300     aws_placement_group.CSITPG,
 301     aws_security_group.CSITSG
 302   ]
 303   ami                                  = var.ami_image_tg
 304   availability_zone                    = var.avail_zone
 305   associate_public_ip_address          = true
 306   instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
 307   instance_type                        = var.instance_type
 308   key_name                             = aws_key_pair.CSITKP.key_name
 309   placement_group                      = aws_placement_group.CSITPG.id
 310   private_ip                           = var.tg_mgmt_ip
 311   source_dest_check                    = false
 312   subnet_id                            = aws_subnet.mgmt.id
 313   vpc_security_group_ids               = [aws_security_group.CSITSG.id]
 314   # host_id                            = "1"
 315
 316   root_block_device {
 317     delete_on_termination = true
 318     volume_size           = 50
 319   }
 320
 321   tags = {
 322     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-tg"
 323     "Environment" = var.environment_name
 324   }
 325 }
 326
 327 resource "aws_instance" "dut1" {
 328   depends_on                           = [
 329     aws_vpc.CSITVPC,
 330     aws_placement_group.CSITPG,
 331     aws_security_group.CSITSG,
 332     aws_instance.tg
 333   ]
 334   ami                                  = var.ami_image_sut
 335   availability_zone                    = var.avail_zone
 336   associate_public_ip_address          = true
 337   instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
 338   instance_type                        = var.instance_type
 339   key_name                             = aws_key_pair.CSITKP.key_name
 340   placement_group                      = aws_placement_group.CSITPG.id
 341   private_ip                           = var.dut1_mgmt_ip
 342   source_dest_check                    = false
 343   subnet_id                            = aws_subnet.mgmt.id
 344   vpc_security_group_ids               = [aws_security_group.CSITSG.id]
 345   # host_id                            = "2"
 346
 347   root_block_device {
 348     delete_on_termination = true
 349     volume_size           = 50
 350   }
 351
 352   tags = {
 353     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-dut1"
 354     "Environment" = var.environment_name
 355   }
 356 }
 357
 358 # Routes
 359 resource "aws_route" "CSIT-igw" {
 360   depends_on             = [
 361     aws_vpc.CSITVPC,
 362     aws_internet_gateway.CSITGW
 363   ]
 364   destination_cidr_block      = "0.0.0.0/0"
 365   destination_ipv6_cidr_block = "::/0"
 366   gateway_id                  = aws_internet_gateway.CSITGW.id
 367   route_table_id              = aws_vpc.CSITVPC.main_route_table_id
 368 }
 369
 370 resource "aws_route" "dummy-trex-port-0" {
 371   depends_on             = [
 372     aws_vpc.CSITVPC,
 373     aws_instance.dut1
 374   ]
 375   destination_cidr_block = var.trex_dummy_cidr_port_0
 376   network_interface_id   = aws_instance.tg.primary_network_interface_id
 377   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 378 }
 379
 380 resource "aws_route" "dummy-trex-port-1" {
 381   depends_on             = [
 382     aws_vpc.CSITVPC,
 383     aws_instance.dut1
 384   ]
 385   destination_cidr_block = var.trex_dummy_cidr_port_1
 386   network_interface_id   = aws_instance.tg.primary_network_interface_id
 387   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 388 }
 389
 390 # Deployment/Ansible
 391 resource "null_resource" "deploy_tg" {
 392   depends_on = [
 393     aws_instance.tg,
 394     aws_network_interface.tg_if1,
 395     aws_network_interface.tg_if2,
 396     aws_instance.dut1,
 397     aws_network_interface.dut1_if1,
 398     aws_network_interface.dut1_if2
 399   ]
 400
 401   connection {
 402     user        = "ubuntu"
 403     host        = aws_instance.tg.public_ip
 404     private_key = tls_private_key.CSITTLS.private_key_pem
 405   }
 406
 407   provisioner "remote-exec" {
 408     inline = var.first_run_commands
 409   }
 410
 411 #  provisioner "ansible" {
 412 #    plays {
 413 #      playbook {
 414 #        file_path      = var.ansible_file_path
 415 #        force_handlers = true
 416 #      }
 417 #      hosts = ["tg_aws"]
 418 #      extra_vars = {
 419 #        ansible_ssh_pass           = var.ansible_provision_pwd
 420 #        ansible_python_interpreter = var.ansible_python_executable
 421 #        aws                        = true
 422 #      }
 423 #    }
 424 #  }
 425 #
 426 #  provisioner "remote-exec" {
 427 #    on_failure = continue
 428 #    inline     = ["sudo reboot"]
 429 #  }
 430 }
 431
 432 resource "null_resource" "deploy_dut1" {
 433   depends_on = [
 434     aws_instance.tg,
 435     aws_network_interface.tg_if1,
 436     aws_network_interface.tg_if2,
 437     aws_instance.dut1,
 438     aws_network_interface.dut1_if1,
 439     aws_network_interface.dut1_if2
 440   ]
 441
 442   connection {
 443     user        = "ubuntu"
 444     host        = aws_instance.dut1.public_ip
 445     private_key = tls_private_key.CSITTLS.private_key_pem
 446   }
 447
 448   provisioner "remote-exec" {
 449     inline = var.first_run_commands
 450   }
 451
 452 #  provisioner "ansible" {
 453 #    plays {
 454 #      playbook {
 455 #        file_path      = var.ansible_file_path
 456 #        force_handlers = true
 457 #      }
 458 #      hosts = ["sut_aws"]
 459 #      extra_vars = {
 460 #        ansible_ssh_pass           = var.ansible_provision_pwd
 461 #        ansible_python_interpreter = var.ansible_python_executable
 462 #        aws                        = true
 463 #      }
 464 #    }
 465 #  }
 466 #
 467 #  provisioner "remote-exec" {
 468 #    on_failure = continue
 469 #    inline     = ["sudo reboot"]
 470 #  }
 471 }
 472
 473 resource "null_resource" "deploy_topology" {
 474   depends_on = [
 475     aws_instance.tg,
 476     aws_instance.dut1
 477   ]
 478
 479   provisioner "ansible" {
 480     plays {
 481       playbook {
 482         file_path = var.ansible_topology_path
 483       }
 484       hosts = ["local"]
 485       extra_vars = {
 486         ansible_python_interpreter = var.ansible_python_executable
 487         testbed_name               = var.testbed_name
 488         cloud_topology             = var.topology_name
 489         tg_if1_mac                 = data.aws_network_interface.tg_if1.mac_address
 490         tg_if2_mac                 = data.aws_network_interface.tg_if2.mac_address
 491         dut1_if1_mac               = data.aws_network_interface.dut1_if1.mac_address
 492         dut1_if2_mac               = data.aws_network_interface.dut1_if2.mac_address
 493         tg_public_ip               = aws_instance.tg.public_ip
 494         dut1_public_ip             = aws_instance.dut1.public_ip
 495         public_ip_list             = "${aws_instance.tg.public_ip},${aws_instance.dut1.public_ip}"
 496       }
 497     }
 498   }
 499 }