fdio.infra.terraform/2n_aws_c5n/deploy/main.tf

   1 data "vault_aws_access_credentials" "creds" {
   2   backend         = "${var.vault-name}-path"
   3   role            = "${var.vault-name}-role"
   4 }
   5
   6 resource "aws_vpc" "CSITVPC" {
   7   cidr_block = var.vpc_cidr_mgmt
   8
   9   tags            = {
  10     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-vpc"
  11     "Environment" = var.environment_name
  12   }
  13 }
  14
  15 resource "aws_security_group" "CSITSG" {
  16   name        = "${var.resources_name_prefix}_${var.testbed_name}-sg"
  17   description = "Allow inbound traffic"
  18   vpc_id      = aws_vpc.CSITVPC.id
  19   depends_on  = [aws_vpc.CSITVPC]
  20
  21   ingress {
  22     from_port   = 22
  23     to_port     = 22
  24     protocol    = "tcp"
  25     cidr_blocks = ["0.0.0.0/0"]
  26   }
  27
  28   ingress {
  29     from_port = 0
  30     to_port   = 0
  31     protocol  = -1
  32     self      = true
  33   }
  34
  35   egress {
  36     from_port   = 0
  37     to_port     = 0
  38     protocol    = "-1"
  39     cidr_blocks = ["0.0.0.0/0"]
  40   }
  41
  42   tags = {
  43     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-sg"
  44     "Environment" = var.environment_name
  45   }
  46 }
  47
  48 resource "aws_vpc_ipv4_cidr_block_association" "b" {
  49   vpc_id     = aws_vpc.CSITVPC.id
  50   cidr_block = var.vpc_cidr_b
  51   depends_on = [aws_vpc.CSITVPC]
  52 }
  53 resource "aws_vpc_ipv4_cidr_block_association" "c" {
  54   vpc_id     = aws_vpc.CSITVPC.id
  55   cidr_block = var.vpc_cidr_c
  56   depends_on = [aws_vpc.CSITVPC]
  57 }
  58 resource "aws_vpc_ipv4_cidr_block_association" "d" {
  59   vpc_id     = aws_vpc.CSITVPC.id
  60   cidr_block = var.vpc_cidr_d
  61   depends_on = [aws_vpc.CSITVPC]
  62 }
  63
  64 # Subnets
  65 resource "aws_subnet" "mgmt" {
  66   vpc_id            = aws_vpc.CSITVPC.id
  67   cidr_block        = var.vpc_cidr_mgmt
  68   availability_zone = var.avail_zone
  69   depends_on        = [aws_vpc.CSITVPC]
  70
  71   tags = {
  72     "Environment" = var.environment_name
  73   }
  74 }
  75 resource "aws_subnet" "b" {
  76   vpc_id            = aws_vpc.CSITVPC.id
  77   cidr_block        = var.vpc_cidr_b
  78   availability_zone = var.avail_zone
  79   depends_on        = [aws_vpc.CSITVPC, aws_vpc_ipv4_cidr_block_association.b]
  80
  81   tags = {
  82     "Environment" = var.environment_name
  83   }
  84 }
  85 resource "aws_subnet" "c" {
  86   vpc_id            = aws_vpc.CSITVPC.id
  87   cidr_block        = var.vpc_cidr_c
  88   availability_zone = var.avail_zone
  89   depends_on        = [aws_vpc.CSITVPC, aws_vpc_ipv4_cidr_block_association.c]
  90
  91   tags = {
  92     "Environment" = var.environment_name
  93   }
  94 }
  95 resource "aws_subnet" "d" {
  96   vpc_id            = aws_vpc.CSITVPC.id
  97   cidr_block        = var.vpc_cidr_d
  98   availability_zone = var.avail_zone
  99   depends_on        = [aws_vpc.CSITVPC, aws_vpc_ipv4_cidr_block_association.d]
 100
 101   tags = {
 102     "Environment" = var.environment_name
 103   }
 104 }
 105
 106 resource "aws_internet_gateway" "CSITGW" {
 107   vpc_id     = aws_vpc.CSITVPC.id
 108   depends_on = [aws_vpc.CSITVPC]
 109
 110   tags = {
 111     "Environment" = var.environment_name
 112   }
 113 }
 114
 115 # SSH keypair
 116 # Temporary key for provisioning only
 117 resource "tls_private_key" "CSITTLS" {
 118   algorithm = "RSA"
 119   rsa_bits  = 4096
 120 }
 121 resource "aws_key_pair" "CSITKP" {
 122   key_name   = "${var.resources_name_prefix}_${var.testbed_name}-key"
 123   public_key = tls_private_key.CSITTLS.public_key_openssh
 124 }
 125
 126 resource "aws_placement_group" "CSITPG" {
 127   name     = "${var.resources_name_prefix}_${var.testbed_name}-pg"
 128   strategy = "cluster"
 129 }
 130
 131 # NICs
 132 resource "aws_network_interface" "dut1_if1" {
 133   subnet_id         = aws_subnet.b.id
 134   source_dest_check = false
 135   private_ip        = var.dut1_if1_ip
 136   private_ips       = [var.dut1_if1_ip]
 137   security_groups   = [aws_security_group.CSITSG.id]
 138   depends_on        = [aws_vpc.CSITVPC, aws_subnet.b, aws_instance.dut1]
 139
 140   attachment {
 141     instance     = aws_instance.dut1.id
 142     device_index = 1
 143   }
 144
 145   tags = {
 146     "Environment" = var.environment_name
 147   }
 148 }
 149
 150 resource "aws_network_interface" "dut1_if2" {
 151   subnet_id         = aws_subnet.d.id
 152   source_dest_check = false
 153   private_ip        = var.dut1_if2_ip
 154   private_ips       = [var.dut1_if2_ip]
 155   security_groups   = [aws_security_group.CSITSG.id]
 156   depends_on        = [aws_vpc.CSITVPC, aws_subnet.d, aws_instance.dut1]
 157
 158   attachment {
 159     instance     = aws_instance.dut1.id
 160     device_index = 2
 161   }
 162
 163   tags = {
 164     "Environment" = var.environment_name
 165   }
 166 }
 167
 168 resource "aws_network_interface" "tg_if1" {
 169   subnet_id         = aws_subnet.b.id
 170   source_dest_check = false
 171   private_ip        = var.tg_if1_ip
 172   private_ips       = [var.tg_if1_ip]
 173   security_groups   = [aws_security_group.CSITSG.id]
 174   depends_on        = [aws_vpc.CSITVPC, aws_subnet.b, aws_instance.tg]
 175
 176   attachment {
 177     instance     = aws_instance.tg.id
 178     device_index = 1
 179   }
 180
 181   tags = {
 182     "Environment" = var.environment_name
 183   }
 184 }
 185
 186 resource "aws_network_interface" "tg_if2" {
 187   subnet_id         = aws_subnet.d.id
 188   source_dest_check = false
 189   private_ip        = var.tg_if2_ip
 190   private_ips       = [var.tg_if2_ip]
 191   security_groups   = [aws_security_group.CSITSG.id]
 192   depends_on        = [aws_vpc.CSITVPC, aws_subnet.d, aws_instance.tg]
 193
 194   attachment {
 195     instance     = aws_instance.tg.id
 196     device_index = 2
 197   }
 198
 199   tags = {
 200     "Environment" = var.environment_name
 201   }
 202 }
 203
 204 data "aws_network_interface" "dut1_if1" {
 205   id = aws_network_interface.dut1_if1.id
 206 }
 207
 208 data "aws_network_interface" "dut1_if2" {
 209   id = aws_network_interface.dut1_if2.id
 210 }
 211
 212 data "aws_network_interface" "tg_if1" {
 213   id = aws_network_interface.tg_if1.id
 214 }
 215
 216 data "aws_network_interface" "tg_if2" {
 217   id = aws_network_interface.tg_if2.id
 218 }
 219
 220 # Instances
 221 resource "aws_instance" "tg" {
 222   depends_on                           = [aws_vpc.CSITVPC, aws_placement_group.CSITPG]
 223   ami                                  = var.ami_image
 224   availability_zone                    = var.avail_zone
 225   instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
 226   instance_type                        = var.instance_type
 227   key_name                             = aws_key_pair.CSITKP.key_name
 228   associate_public_ip_address          = true
 229   subnet_id                            = aws_subnet.mgmt.id
 230   private_ip                           = var.tg_mgmt_ip
 231   vpc_security_group_ids               = [aws_security_group.CSITSG.id]
 232   placement_group                      = aws_placement_group.CSITPG.id
 233   source_dest_check                    = false
 234   # host_id                            = "1"
 235
 236   root_block_device {
 237     volume_size = 50
 238   }
 239
 240   tags = {
 241     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-tg"
 242     "Environment" = var.environment_name
 243   }
 244 }
 245
 246 resource "aws_instance" "dut1" {
 247   depends_on                           = [aws_vpc.CSITVPC, aws_placement_group.CSITPG, aws_instance.tg]
 248   ami                                  = var.ami_image
 249   availability_zone                    = var.avail_zone
 250   instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
 251   instance_type                        = var.instance_type
 252   key_name                             = aws_key_pair.CSITKP.key_name
 253   associate_public_ip_address          = true
 254   subnet_id                            = aws_subnet.mgmt.id
 255   private_ip                           = var.dut1_mgmt_ip
 256   vpc_security_group_ids               = [aws_security_group.CSITSG.id]
 257   placement_group                      = aws_placement_group.CSITPG.id
 258   source_dest_check                    = false
 259   # host_id                            = "2"
 260
 261   root_block_device {
 262     volume_size = 50
 263   }
 264
 265   tags = {
 266     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-dut1"
 267     "Environment" = var.environment_name
 268   }
 269 }
 270
 271 # Routes
 272 resource "aws_route" "CSIT-igw" {
 273   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 274   gateway_id             = aws_internet_gateway.CSITGW.id
 275   destination_cidr_block = "0.0.0.0/0"
 276   depends_on             = [aws_vpc.CSITVPC, aws_internet_gateway.CSITGW]
 277 }
 278
 279 resource "aws_route" "dummy-trex-port-0" {
 280   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 281   network_interface_id   = aws_instance.tg.primary_network_interface_id
 282   destination_cidr_block = var.trex_dummy_cidr_port_0
 283   depends_on             = [aws_vpc.CSITVPC, aws_instance.dut1]
 284 }
 285
 286 resource "aws_route" "dummy-trex-port-1" {
 287   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 288   network_interface_id   = aws_instance.tg.primary_network_interface_id
 289   destination_cidr_block = var.trex_dummy_cidr_port_1
 290   depends_on             = [aws_vpc.CSITVPC, aws_instance.dut1]
 291 }
 292
 293 # Deployment/Ansible
 294 resource "null_resource" "deploy_tg" {
 295   depends_on = [
 296     aws_instance.tg,
 297     aws_network_interface.tg_if1,
 298     aws_network_interface.tg_if2,
 299     aws_instance.dut1,
 300     aws_network_interface.dut1_if1,
 301     aws_network_interface.dut1_if2
 302   ]
 303
 304   connection {
 305     user        = "ubuntu"
 306     host        = aws_instance.tg.public_ip
 307     private_key = tls_private_key.CSITTLS.private_key_pem
 308   }
 309
 310   provisioner "remote-exec" {
 311     inline = var.first_run_commands
 312   }
 313
 314   provisioner "ansible" {
 315     plays {
 316       playbook {
 317         file_path      = var.ansible_file_path
 318         force_handlers = true
 319       }
 320       hosts      = ["tg_aws"]
 321       extra_vars = {
 322         ansible_ssh_pass           = var.ansible_provision_pwd
 323         ansible_python_interpreter = var.ansible_python_executable
 324         aws                        = true
 325       }
 326     }
 327   }
 328
 329   provisioner "remote-exec" {
 330     on_failure = continue
 331     inline = ["sudo reboot"]
 332   }
 333 }
 334
 335 resource "null_resource" "deploy_dut1" {
 336   depends_on = [
 337     aws_instance.tg,
 338     aws_network_interface.tg_if1,
 339     aws_network_interface.tg_if2,
 340     aws_instance.dut1,
 341     aws_network_interface.dut1_if1,
 342     aws_network_interface.dut1_if2
 343   ]
 344
 345   connection {
 346     user        = "ubuntu"
 347     host        = aws_instance.dut1.public_ip
 348     private_key = tls_private_key.CSITTLS.private_key_pem
 349   }
 350
 351   provisioner "remote-exec" {
 352     inline = var.first_run_commands
 353   }
 354
 355   provisioner "ansible" {
 356     plays {
 357       playbook {
 358         file_path      = var.ansible_file_path
 359         force_handlers = true
 360       }
 361       hosts      = ["sut_aws"]
 362       extra_vars = {
 363         ansible_ssh_pass           = var.ansible_provision_pwd
 364         ansible_python_interpreter = var.ansible_python_executable
 365         aws                        = true
 366       }
 367     }
 368   }
 369
 370   provisioner "remote-exec" {
 371     on_failure = continue
 372     inline = ["sudo reboot"]
 373   }
 374 }
 375
 376 resource "null_resource" "deploy_topology" {
 377   depends_on = [ aws_instance.tg, aws_instance.dut1 ]
 378
 379   provisioner "ansible" {
 380     plays {
 381       playbook {
 382         file_path = var.ansible_topology_path
 383       }
 384       hosts      = ["local"]
 385       extra_vars = {
 386         ansible_python_interpreter = var.ansible_python_executable
 387         testbed_name               = var.testbed_name
 388         cloud_topology             = var.topology_name
 389         tg_if1_mac                 = data.aws_network_interface.tg_if1.mac_address
 390         tg_if2_mac                 = data.aws_network_interface.tg_if2.mac_address
 391         dut1_if1_mac               = data.aws_network_interface.dut1_if1.mac_address
 392         dut1_if2_mac               = data.aws_network_interface.dut1_if2.mac_address
 393         tg_public_ip               = aws_instance.tg.public_ip
 394         dut1_public_ip             = aws_instance.dut1.public_ip
 395         public_ip_list             = "${aws_instance.tg.public_ip},${aws_instance.dut1.public_ip}"
 396       }
 397     }
 398   }
 399 }