fdio.infra.terraform/2n_aws_c5n/deploy/main.tf

   1 data "vault_aws_access_credentials" "creds" {
   2   backend = "${var.vault-name}-path"
   3   role    = "${var.vault-name}-role"
   4 }
   5
   6 resource "aws_vpc" "CSITVPC" {
   7   assign_generated_ipv6_cidr_block = false
   8   enable_dns_hostnames             = false
   9   enable_dns_support               = true
  10   cidr_block                       = var.vpc_cidr_mgmt
  11   instance_tenancy                 = "default"
  12
  13   tags = {
  14     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-vpc"
  15     "Environment" = var.environment_name
  16   }
  17 }
  18
  19 resource "aws_security_group" "CSITSG" {
  20   depends_on                       = [
  21     aws_vpc.CSITVPC
  22   ]
  23   description                      = "Allow inbound traffic"
  24   name                             = "${var.resources_name_prefix}_${var.testbed_name}-sg"
  25   revoke_rules_on_delete           = false
  26   vpc_id                           = aws_vpc.CSITVPC.id
  27
  28   ingress {
  29     from_port        = 22
  30     to_port          = 22
  31     protocol         = "tcp"
  32     cidr_blocks      = ["0.0.0.0/0"]
  33     ipv6_cidr_blocks = []
  34   }
  35
  36   ingress {
  37     from_port        = 0
  38     to_port          = 0
  39     protocol         = -1
  40     self             = true
  41     ipv6_cidr_blocks = []
  42   }
  43
  44   egress {
  45     from_port        = 0
  46     to_port          = 0
  47     protocol         = "-1"
  48     cidr_blocks      = ["0.0.0.0/0"]
  49     ipv6_cidr_blocks = []
  50   }
  51
  52   tags = {
  53     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-sg"
  54     "Environment" = var.environment_name
  55   }
  56 }
  57
  58 resource "aws_vpc_ipv4_cidr_block_association" "b" {
  59   depends_on = [
  60     aws_vpc.CSITVPC
  61   ]
  62   cidr_block = var.vpc_cidr_b
  63   vpc_id     = aws_vpc.CSITVPC.id
  64 }
  65
  66 resource "aws_vpc_ipv4_cidr_block_association" "c" {
  67   depends_on = [
  68     aws_vpc.CSITVPC
  69   ]
  70   cidr_block = var.vpc_cidr_c
  71   vpc_id     = aws_vpc.CSITVPC.id
  72 }
  73
  74 resource "aws_vpc_ipv4_cidr_block_association" "d" {
  75   depends_on = [
  76     aws_vpc.CSITVPC
  77   ]
  78   cidr_block = var.vpc_cidr_d
  79   vpc_id     = aws_vpc.CSITVPC.id
  80 }
  81
  82 # Subnets
  83 resource "aws_subnet" "mgmt" {
  84   availability_zone               = var.avail_zone
  85   assign_ipv6_address_on_creation = false
  86   cidr_block                      = var.vpc_cidr_mgmt
  87   depends_on                      = [
  88     aws_vpc.CSITVPC
  89   ]
  90   map_public_ip_on_launch         = false
  91   vpc_id                          = aws_vpc.CSITVPC.id
  92
  93   tags = {
  94     "Environment" = var.environment_name
  95   }
  96 }
  97
  98 resource "aws_subnet" "b" {
  99   availability_zone               = var.avail_zone
 100   assign_ipv6_address_on_creation = false
 101   cidr_block                      = var.vpc_cidr_b
 102   depends_on                      = [
 103     aws_vpc.CSITVPC,
 104     aws_vpc_ipv4_cidr_block_association.b
 105   ]
 106   map_public_ip_on_launch         = false
 107   vpc_id                          = aws_vpc.CSITVPC.id
 108
 109   tags = {
 110     "Environment" = var.environment_name
 111   }
 112 }
 113
 114 resource "aws_subnet" "c" {
 115   availability_zone               = var.avail_zone
 116   assign_ipv6_address_on_creation = false
 117   cidr_block                      = var.vpc_cidr_c
 118   depends_on                      = [
 119     aws_vpc.CSITVPC,
 120     aws_vpc_ipv4_cidr_block_association.c
 121   ]
 122   map_public_ip_on_launch         = false
 123   vpc_id                          = aws_vpc.CSITVPC.id
 124
 125   tags = {
 126     "Environment" = var.environment_name
 127   }
 128 }
 129
 130 resource "aws_subnet" "d" {
 131   availability_zone               = var.avail_zone
 132   assign_ipv6_address_on_creation = false
 133   cidr_block                      = var.vpc_cidr_d
 134   depends_on                      = [
 135     aws_vpc.CSITVPC,
 136     aws_vpc_ipv4_cidr_block_association.d
 137   ]
 138   map_public_ip_on_launch         = false
 139   vpc_id                          = aws_vpc.CSITVPC.id
 140
 141   tags = {
 142     "Environment" = var.environment_name
 143   }
 144 }
 145
 146 resource "aws_internet_gateway" "CSITGW" {
 147   depends_on = [
 148     aws_vpc.CSITVPC
 149   ]
 150   vpc_id     = aws_vpc.CSITVPC.id
 151
 152   tags = {
 153     "Environment" = var.environment_name
 154   }
 155 }
 156
 157 # SSH keypair
 158 # Temporary key for provisioning only
 159 resource "tls_private_key" "CSITTLS" {
 160   algorithm   = "RSA"
 161   ecdsa_curve = "P521"
 162   rsa_bits    = 4096
 163 }
 164
 165 resource "aws_key_pair" "CSITKP" {
 166   key_name   = "${var.resources_name_prefix}_${var.testbed_name}-key"
 167   public_key = "${tls_private_key.CSITTLS.public_key_openssh}"
 168 }
 169
 170 resource "aws_placement_group" "CSITPG" {
 171   name     = "${var.resources_name_prefix}_${var.testbed_name}-pg"
 172   strategy = "cluster"
 173 }
 174
 175 # NICs
 176 resource "aws_network_interface" "dut1_if1" {
 177   depends_on        = [
 178     aws_vpc.CSITVPC,
 179     aws_subnet.b,
 180     aws_instance.dut1
 181   ]
 182   private_ip        = var.dut1_if1_ip
 183   private_ips       = [var.dut1_if1_ip]
 184   security_groups   = [aws_security_group.CSITSG.id]
 185   source_dest_check = false
 186   subnet_id         = aws_subnet.b.id
 187
 188   attachment {
 189     instance     = aws_instance.dut1.id
 190     device_index = 1
 191   }
 192
 193   tags = {
 194     "Environment" = var.environment_name
 195   }
 196 }
 197
 198 resource "aws_network_interface" "dut1_if2" {
 199   depends_on        = [
 200     aws_vpc.CSITVPC,
 201     aws_subnet.d,
 202     aws_instance.dut1
 203   ]
 204   private_ip        = var.dut1_if2_ip
 205   private_ips       = [var.dut1_if2_ip]
 206   security_groups   = [aws_security_group.CSITSG.id]
 207   source_dest_check = false
 208   subnet_id         = aws_subnet.d.id
 209
 210   attachment {
 211     instance     = aws_instance.dut1.id
 212     device_index = 2
 213   }
 214
 215   tags = {
 216     "Environment" = var.environment_name
 217   }
 218 }
 219
 220 resource "aws_network_interface" "tg_if1" {
 221   depends_on        = [
 222     aws_vpc.CSITVPC,
 223     aws_subnet.b,
 224     aws_instance.tg
 225   ]
 226   private_ip        = var.tg_if1_ip
 227   private_ips       = [var.tg_if1_ip]
 228   security_groups   = [aws_security_group.CSITSG.id]
 229   source_dest_check = false
 230   subnet_id         = aws_subnet.b.id
 231
 232   attachment {
 233     instance     = aws_instance.tg.id
 234     device_index = 1
 235   }
 236
 237   tags = {
 238     "Environment" = var.environment_name
 239   }
 240 }
 241
 242 resource "aws_network_interface" "tg_if2" {
 243   depends_on        = [
 244     aws_vpc.CSITVPC,
 245     aws_subnet.d,
 246     aws_instance.tg
 247   ]
 248   private_ip        = var.tg_if2_ip
 249   private_ips       = [var.tg_if2_ip]
 250   security_groups   = [aws_security_group.CSITSG.id]
 251   source_dest_check = false
 252   subnet_id         = aws_subnet.d.id
 253
 254   attachment {
 255     instance     = aws_instance.tg.id
 256     device_index = 2
 257   }
 258
 259   tags = {
 260     "Environment" = var.environment_name
 261   }
 262 }
 263
 264 data "aws_network_interface" "dut1_if1" {
 265   id = aws_network_interface.dut1_if1.id
 266 }
 267
 268 data "aws_network_interface" "dut1_if2" {
 269   id = aws_network_interface.dut1_if2.id
 270 }
 271
 272 data "aws_network_interface" "tg_if1" {
 273   id = aws_network_interface.tg_if1.id
 274 }
 275
 276 data "aws_network_interface" "tg_if2" {
 277   id = aws_network_interface.tg_if2.id
 278 }
 279
 280 # Instances
 281 resource "aws_instance" "tg" {
 282   depends_on                           = [
 283     aws_vpc.CSITVPC,
 284     aws_placement_group.CSITPG,
 285     aws_security_group.CSITSG
 286   ]
 287   ami                                  = var.ami_image_tg
 288   availability_zone                    = var.avail_zone
 289   associate_public_ip_address          = true
 290   instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
 291   instance_type                        = var.instance_type
 292   key_name                             = aws_key_pair.CSITKP.key_name
 293   placement_group                      = aws_placement_group.CSITPG.id
 294   private_ip                           = var.tg_mgmt_ip
 295   source_dest_check                    = false
 296   subnet_id                            = aws_subnet.mgmt.id
 297   vpc_security_group_ids               = [aws_security_group.CSITSG.id]
 298   # host_id                            = "1"
 299
 300 #  root_block_device {
 301 #    volume_size = 50
 302 #  }
 303
 304   tags = {
 305     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-tg"
 306     "Environment" = var.environment_name
 307   }
 308 }
 309
 310 resource "aws_instance" "dut1" {
 311   depends_on                           = [
 312     aws_vpc.CSITVPC,
 313     aws_placement_group.CSITPG,
 314     aws_security_group.CSITSG,
 315     aws_instance.tg
 316   ]
 317   ami                                  = var.ami_image_sut
 318   availability_zone                    = var.avail_zone
 319   associate_public_ip_address          = true
 320   instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
 321   instance_type                        = var.instance_type
 322   key_name                             = aws_key_pair.CSITKP.key_name
 323   placement_group                      = aws_placement_group.CSITPG.id
 324   private_ip                           = var.dut1_mgmt_ip
 325   source_dest_check                    = false
 326   subnet_id                            = aws_subnet.mgmt.id
 327   vpc_security_group_ids               = [aws_security_group.CSITSG.id]
 328   # host_id                            = "2"
 329
 330 #  root_block_device {
 331 #    volume_size = 50
 332 #  }
 333
 334   tags = {
 335     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-dut1"
 336     "Environment" = var.environment_name
 337   }
 338 }
 339
 340 # Routes
 341 resource "aws_route" "CSIT-igw" {
 342   depends_on             = [
 343     aws_vpc.CSITVPC,
 344     aws_internet_gateway.CSITGW
 345   ]
 346   destination_cidr_block = "0.0.0.0/0"
 347   gateway_id             = aws_internet_gateway.CSITGW.id
 348   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 349 }
 350
 351 resource "aws_route" "dummy-trex-port-0" {
 352   depends_on             = [
 353     aws_vpc.CSITVPC,
 354     aws_instance.dut1
 355   ]
 356   destination_cidr_block = var.trex_dummy_cidr_port_0
 357   network_interface_id   = aws_instance.tg.primary_network_interface_id
 358   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 359 }
 360
 361 resource "aws_route" "dummy-trex-port-1" {
 362   depends_on             = [
 363     aws_vpc.CSITVPC,
 364     aws_instance.dut1
 365   ]
 366   destination_cidr_block = var.trex_dummy_cidr_port_1
 367   network_interface_id   = aws_instance.tg.primary_network_interface_id
 368   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 369 }
 370
 371 # Deployment/Ansible
 372 resource "null_resource" "deploy_tg" {
 373   depends_on = [
 374     aws_instance.tg,
 375     aws_network_interface.tg_if1,
 376     aws_network_interface.tg_if2,
 377     aws_instance.dut1,
 378     aws_network_interface.dut1_if1,
 379     aws_network_interface.dut1_if2
 380   ]
 381
 382   connection {
 383     user        = "ubuntu"
 384     host        = aws_instance.tg.public_ip
 385     private_key = tls_private_key.CSITTLS.private_key_pem
 386   }
 387
 388   provisioner "remote-exec" {
 389     inline = var.first_run_commands
 390   }
 391
 392 #  provisioner "ansible" {
 393 #    plays {
 394 #      playbook {
 395 #        file_path      = var.ansible_file_path
 396 #        force_handlers = true
 397 #      }
 398 #      hosts = ["tg_aws"]
 399 #      extra_vars = {
 400 #        ansible_ssh_pass           = var.ansible_provision_pwd
 401 #        ansible_python_interpreter = var.ansible_python_executable
 402 #        aws                        = true
 403 #      }
 404 #    }
 405 #  }
 406 #
 407 #  provisioner "remote-exec" {
 408 #    on_failure = continue
 409 #    inline     = ["sudo reboot"]
 410 #  }
 411 }
 412
 413 resource "null_resource" "deploy_dut1" {
 414   depends_on = [
 415     aws_instance.tg,
 416     aws_network_interface.tg_if1,
 417     aws_network_interface.tg_if2,
 418     aws_instance.dut1,
 419     aws_network_interface.dut1_if1,
 420     aws_network_interface.dut1_if2
 421   ]
 422
 423   connection {
 424     user        = "ubuntu"
 425     host        = aws_instance.dut1.public_ip
 426     private_key = tls_private_key.CSITTLS.private_key_pem
 427   }
 428
 429   provisioner "remote-exec" {
 430     inline = var.first_run_commands
 431   }
 432
 433 #  provisioner "ansible" {
 434 #    plays {
 435 #      playbook {
 436 #        file_path      = var.ansible_file_path
 437 #        force_handlers = true
 438 #      }
 439 #      hosts = ["sut_aws"]
 440 #      extra_vars = {
 441 #        ansible_ssh_pass           = var.ansible_provision_pwd
 442 #        ansible_python_interpreter = var.ansible_python_executable
 443 #        aws                        = true
 444 #      }
 445 #    }
 446 #  }
 447 #
 448 #  provisioner "remote-exec" {
 449 #    on_failure = continue
 450 #    inline     = ["sudo reboot"]
 451 #  }
 452 }
 453
 454 resource "null_resource" "deploy_topology" {
 455   depends_on = [
 456     aws_instance.tg,
 457     aws_instance.dut1
 458   ]
 459
 460   provisioner "ansible" {
 461     plays {
 462       playbook {
 463         file_path = var.ansible_topology_path
 464       }
 465       hosts = ["local"]
 466       extra_vars = {
 467         ansible_python_interpreter = var.ansible_python_executable
 468         testbed_name               = var.testbed_name
 469         cloud_topology             = var.topology_name
 470         tg_if1_mac                 = data.aws_network_interface.tg_if1.mac_address
 471         tg_if2_mac                 = data.aws_network_interface.tg_if2.mac_address
 472         dut1_if1_mac               = data.aws_network_interface.dut1_if1.mac_address
 473         dut1_if2_mac               = data.aws_network_interface.dut1_if2.mac_address
 474         tg_public_ip               = aws_instance.tg.public_ip
 475         dut1_public_ip             = aws_instance.dut1.public_ip
 476         public_ip_list             = "${aws_instance.tg.public_ip},${aws_instance.dut1.public_ip}"
 477       }
 478     }
 479   }
 480 }