fdio.infra.terraform/3n_aws_c5n/deploy/main.tf

   1 data "vault_aws_access_credentials" "creds" {
   2   backend = "${var.vault-name}-path"
   3   role    = "${var.vault-name}-role"
   4 }
   5
   6 resource "aws_vpc" "CSITVPC" {
   7   cidr_block = var.vpc_cidr_mgmt
   8
   9   tags = {
  10     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-vpc"
  11     "Environment" = var.environment_name
  12   }
  13 }
  14
  15 resource "aws_security_group" "CSITSG" {
  16   name        = "${var.resources_name_prefix}_${var.testbed_name}-sg"
  17   description = "Allow inbound traffic"
  18   vpc_id      = aws_vpc.CSITVPC.id
  19   depends_on  = [aws_vpc.CSITVPC]
  20
  21   ingress {
  22     from_port   = 22
  23     to_port     = 22
  24     protocol    = "tcp"
  25     cidr_blocks = ["0.0.0.0/0"]
  26   }
  27
  28   ingress {
  29     from_port = 0
  30     to_port   = 0
  31     protocol  = -1
  32     self      = true
  33   }
  34
  35   egress {
  36     from_port   = 0
  37     to_port     = 0
  38     protocol    = "-1"
  39     cidr_blocks = ["0.0.0.0/0"]
  40   }
  41
  42   tags = {
  43     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-sg"
  44     "Environment" = var.environment_name
  45   }
  46 }
  47
  48 resource "aws_vpc_ipv4_cidr_block_association" "b" {
  49   vpc_id     = aws_vpc.CSITVPC.id
  50   cidr_block = var.vpc_cidr_b
  51   depends_on = [aws_vpc.CSITVPC]
  52 }
  53 resource "aws_vpc_ipv4_cidr_block_association" "c" {
  54   vpc_id     = aws_vpc.CSITVPC.id
  55   cidr_block = var.vpc_cidr_c
  56   depends_on = [aws_vpc.CSITVPC]
  57 }
  58 resource "aws_vpc_ipv4_cidr_block_association" "d" {
  59   vpc_id     = aws_vpc.CSITVPC.id
  60   cidr_block = var.vpc_cidr_d
  61   depends_on = [aws_vpc.CSITVPC]
  62 }
  63
  64 # Subnets
  65 resource "aws_subnet" "mgmt" {
  66   vpc_id            = aws_vpc.CSITVPC.id
  67   cidr_block        = var.vpc_cidr_mgmt
  68   availability_zone = var.avail_zone
  69   depends_on        = [aws_vpc.CSITVPC]
  70
  71   tags = {
  72     "Environment" = var.environment_name
  73   }
  74 }
  75 resource "aws_subnet" "b" {
  76   vpc_id            = aws_vpc.CSITVPC.id
  77   cidr_block        = var.vpc_cidr_b
  78   availability_zone = var.avail_zone
  79   depends_on        = [aws_vpc.CSITVPC, aws_vpc_ipv4_cidr_block_association.b]
  80
  81   tags = {
  82     "Environment" = var.environment_name
  83   }
  84 }
  85 resource "aws_subnet" "c" {
  86   vpc_id            = aws_vpc.CSITVPC.id
  87   cidr_block        = var.vpc_cidr_c
  88   availability_zone = var.avail_zone
  89   depends_on        = [aws_vpc.CSITVPC, aws_vpc_ipv4_cidr_block_association.c]
  90
  91   tags = {
  92     "Environment" = var.environment_name
  93   }
  94 }
  95 resource "aws_subnet" "d" {
  96   vpc_id            = aws_vpc.CSITVPC.id
  97   cidr_block        = var.vpc_cidr_d
  98   availability_zone = var.avail_zone
  99   depends_on        = [aws_vpc.CSITVPC, aws_vpc_ipv4_cidr_block_association.d]
 100
 101   tags = {
 102     "Environment" = var.environment_name
 103   }
 104 }
 105
 106 resource "aws_internet_gateway" "CSITGW" {
 107   vpc_id     = aws_vpc.CSITVPC.id
 108   depends_on = [aws_vpc.CSITVPC]
 109
 110   tags = {
 111     "Environment" = var.environment_name
 112   }
 113 }
 114
 115 # SSH keypair
 116 # Temporary key for provisioning only
 117 resource "tls_private_key" "CSITTLS" {
 118   algorithm = "RSA"
 119   rsa_bits  = 4096
 120 }
 121 resource "aws_key_pair" "CSITKP" {
 122   key_name   = "CSIT_3n_aws_c5n_${var.testbed_name}-key"
 123   public_key = tls_private_key.CSITTLS.public_key_openssh
 124 }
 125
 126 resource "aws_placement_group" "CSITPG" {
 127   name     = "${var.resources_name_prefix}_${var.testbed_name}-pg"
 128   strategy = "cluster"
 129 }
 130
 131 # NICs
 132 resource "aws_network_interface" "dut1_if1" {
 133   subnet_id         = aws_subnet.b.id
 134   source_dest_check = false
 135   private_ip        = var.dut1_if1_ip
 136   private_ips       = [var.dut1_if1_ip]
 137   security_groups   = [aws_security_group.CSITSG.id]
 138   depends_on        = [aws_vpc.CSITVPC, aws_subnet.b, aws_instance.dut1]
 139
 140   attachment {
 141     instance     = aws_instance.dut1.id
 142     device_index = 1
 143   }
 144
 145   tags = {
 146     "Environment" = var.environment_name
 147   }
 148 }
 149
 150 resource "aws_network_interface" "dut1_if2" {
 151   subnet_id         = aws_subnet.c.id
 152   source_dest_check = false
 153   private_ip        = var.dut1_if2_ip
 154   private_ips       = [var.dut1_if2_ip]
 155   security_groups   = [aws_security_group.CSITSG.id]
 156   depends_on        = [aws_vpc.CSITVPC, aws_subnet.c, aws_instance.dut1]
 157
 158   attachment {
 159     instance     = aws_instance.dut1.id
 160     device_index = 2
 161   }
 162
 163   tags = {
 164     "Environment" = var.environment_name
 165   }
 166 }
 167
 168 resource "aws_network_interface" "dut2_if1" {
 169   subnet_id         = aws_subnet.c.id
 170   source_dest_check = false
 171   private_ip        = var.dut2_if1_ip
 172   private_ips       = [var.dut2_if1_ip]
 173   security_groups   = [aws_security_group.CSITSG.id]
 174   depends_on        = [aws_vpc.CSITVPC, aws_subnet.c, aws_instance.dut2]
 175
 176   attachment {
 177     instance     = aws_instance.dut2.id
 178     device_index = 1
 179   }
 180
 181   tags = {
 182     "Environment" = var.environment_name
 183   }
 184 }
 185
 186 resource "aws_network_interface" "dut2_if2" {
 187   subnet_id         = aws_subnet.d.id
 188   source_dest_check = false
 189   private_ip        = var.dut2_if2_ip
 190   private_ips       = [var.dut2_if2_ip]
 191   security_groups   = [aws_security_group.CSITSG.id]
 192   depends_on        = [aws_vpc.CSITVPC, aws_subnet.d, aws_instance.dut2]
 193
 194   attachment {
 195     instance     = aws_instance.dut2.id
 196     device_index = 2
 197   }
 198
 199   tags = {
 200     "Environment" = var.environment_name
 201   }
 202 }
 203
 204 resource "aws_network_interface" "tg_if1" {
 205   subnet_id         = aws_subnet.b.id
 206   source_dest_check = false
 207   private_ip        = var.tg_if1_ip
 208   private_ips       = [var.tg_if1_ip]
 209   security_groups   = [aws_security_group.CSITSG.id]
 210   depends_on        = [aws_vpc.CSITVPC, aws_subnet.b, aws_instance.tg]
 211
 212   attachment {
 213     instance     = aws_instance.tg.id
 214     device_index = 1
 215   }
 216
 217   tags = {
 218     "Environment" = var.environment_name
 219   }
 220 }
 221
 222 resource "aws_network_interface" "tg_if2" {
 223   subnet_id         = aws_subnet.d.id
 224   source_dest_check = false
 225   private_ip        = var.tg_if2_ip
 226   private_ips       = [var.tg_if2_ip]
 227   security_groups   = [aws_security_group.CSITSG.id]
 228   depends_on        = [aws_vpc.CSITVPC, aws_subnet.d, aws_instance.tg]
 229
 230   attachment {
 231     instance     = aws_instance.tg.id
 232     device_index = 2
 233   }
 234
 235   tags = {
 236     "Environment" = var.environment_name
 237   }
 238 }
 239
 240 data "aws_network_interface" "dut1_if1" {
 241   id = aws_network_interface.dut1_if1.id
 242 }
 243
 244 data "aws_network_interface" "dut1_if2" {
 245   id = aws_network_interface.dut1_if2.id
 246 }
 247
 248 data "aws_network_interface" "dut2_if1" {
 249   id = aws_network_interface.dut2_if1.id
 250 }
 251
 252 data "aws_network_interface" "dut2_if2" {
 253   id = aws_network_interface.dut2_if2.id
 254 }
 255
 256 data "aws_network_interface" "tg_if1" {
 257   id = aws_network_interface.tg_if1.id
 258 }
 259
 260 data "aws_network_interface" "tg_if2" {
 261   id = aws_network_interface.tg_if2.id
 262 }
 263
 264 # Instances
 265 resource "aws_instance" "tg" {
 266   ami                                  = var.ami_image_tg
 267   availability_zone                    = var.avail_zone
 268   instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
 269   instance_type                        = var.instance_type
 270   key_name                             = aws_key_pair.CSITKP.key_name
 271   associate_public_ip_address          = true
 272   subnet_id                            = aws_subnet.mgmt.id
 273   private_ip                           = var.tg_mgmt_ip
 274   vpc_security_group_ids               = [aws_security_group.CSITSG.id]
 275   placement_group                      = aws_placement_group.CSITPG.id
 276   source_dest_check                    = false
 277   # host_id                            = "1"
 278
 279   depends_on = [
 280     aws_vpc.CSITVPC,
 281     aws_placement_group.CSITPG,
 282   ]
 283
 284   root_block_device {
 285     volume_size = 50
 286   }
 287
 288   tags = {
 289     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-tg"
 290     "Environment" = var.environment_name
 291   }
 292 }
 293
 294 resource "aws_instance" "dut1" {
 295   ami                                  = var.ami_image_sut
 296   availability_zone                    = var.avail_zone
 297   instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
 298   instance_type                        = var.instance_type
 299   key_name                             = aws_key_pair.CSITKP.key_name
 300   associate_public_ip_address          = true
 301   subnet_id                            = aws_subnet.mgmt.id
 302   private_ip                           = var.dut1_mgmt_ip
 303   vpc_security_group_ids               = [aws_security_group.CSITSG.id]
 304   placement_group                      = aws_placement_group.CSITPG.id
 305   source_dest_check                    = false
 306   # host_id                            = "2"
 307
 308   depends_on = [
 309     aws_vpc.CSITVPC,
 310     aws_placement_group.CSITPG,
 311     aws_instance.tg
 312   ]
 313
 314   root_block_device {
 315     volume_size = 50
 316   }
 317
 318   tags = {
 319     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-dut1"
 320     "Environment" = var.environment_name
 321   }
 322 }
 323
 324 resource "aws_instance" "dut2" {
 325   ami                                  = var.ami_image_sut
 326   availability_zone                    = var.avail_zone
 327   instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
 328   instance_type                        = var.instance_type
 329   key_name                             = aws_key_pair.CSITKP.key_name
 330   associate_public_ip_address          = true
 331   subnet_id                            = aws_subnet.mgmt.id
 332   private_ip                           = var.dut2_mgmt_ip
 333   vpc_security_group_ids               = [aws_security_group.CSITSG.id]
 334   placement_group                      = aws_placement_group.CSITPG.id
 335   source_dest_check                    = false
 336   # host_id                            = "3"
 337
 338   depends_on = [
 339     aws_vpc.CSITVPC,
 340     aws_placement_group.CSITPG,
 341     aws_instance.tg,
 342     aws_instance.dut1
 343   ]
 344
 345   root_block_device {
 346     volume_size = 50
 347   }
 348
 349   tags = {
 350     "Name"        = "${var.resources_name_prefix}_${var.testbed_name}-dut2"
 351     "Environment" = var.environment_name
 352   }
 353 }
 354
 355 # Routes
 356 resource "aws_route" "CSIT-igw" {
 357   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 358   gateway_id             = aws_internet_gateway.CSITGW.id
 359   destination_cidr_block = "0.0.0.0/0"
 360   depends_on             = [aws_vpc.CSITVPC, aws_internet_gateway.CSITGW]
 361 }
 362 resource "aws_route" "dummy-trex-port-0" {
 363   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 364   network_interface_id   = aws_instance.tg.primary_network_interface_id
 365   destination_cidr_block = var.trex_dummy_cidr_port_0
 366   depends_on             = [aws_vpc.CSITVPC, aws_instance.dut1]
 367 }
 368 resource "aws_route" "dummy-trex-port-1" {
 369   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 370   network_interface_id   = aws_instance.tg.primary_network_interface_id
 371   destination_cidr_block = var.trex_dummy_cidr_port_1
 372   depends_on             = [aws_vpc.CSITVPC, aws_instance.dut1]
 373 }
 374
 375 # Deployment/Ansible
 376 resource "null_resource" "deploy_tg" {
 377   depends_on = [
 378     aws_instance.tg,
 379     aws_network_interface.tg_if1,
 380     aws_network_interface.tg_if2,
 381     aws_instance.dut1,
 382     aws_network_interface.dut1_if1,
 383     aws_network_interface.dut1_if2,
 384     aws_instance.dut2,
 385     aws_network_interface.dut2_if1,
 386     aws_network_interface.dut2_if2
 387   ]
 388
 389   connection {
 390     user        = "ubuntu"
 391     host        = aws_instance.tg.public_ip
 392     private_key = tls_private_key.CSITTLS.private_key_pem
 393   }
 394
 395   provisioner "remote-exec" {
 396     inline = var.first_run_commands
 397   }
 398
 399   provisioner "ansible" {
 400     plays {
 401       playbook {
 402         file_path      = var.ansible_file_path
 403         force_handlers = true
 404       }
 405       hosts = ["tg_aws"]
 406       extra_vars = {
 407         ansible_ssh_pass           = var.ansible_provision_pwd
 408         ansible_python_interpreter = var.ansible_python_executable
 409         aws                        = true
 410       }
 411     }
 412   }
 413
 414   provisioner "remote-exec" {
 415     on_failure = continue
 416     inline     = ["sudo reboot"]
 417   }
 418 }
 419
 420 resource "null_resource" "deploy_dut1" {
 421   depends_on = [
 422     aws_instance.tg,
 423     aws_network_interface.tg_if1,
 424     aws_network_interface.tg_if2,
 425     aws_instance.dut1,
 426     aws_network_interface.dut1_if1,
 427     aws_network_interface.dut1_if2,
 428     aws_instance.dut2,
 429     aws_network_interface.dut2_if1,
 430     aws_network_interface.dut2_if2
 431   ]
 432
 433   connection {
 434     user        = "ubuntu"
 435     host        = aws_instance.dut1.public_ip
 436     private_key = tls_private_key.CSITTLS.private_key_pem
 437   }
 438
 439 #  provisioner "remote-exec" {
 440 #    inline = var.first_run_commands
 441 #  }
 442 #
 443 #  provisioner "ansible" {
 444 #    plays {
 445 #      playbook {
 446 #        file_path      = var.ansible_file_path
 447 #        force_handlers = true
 448 #      }
 449 #      hosts = ["sut_aws"]
 450 #      extra_vars = {
 451 #        ansible_ssh_pass           = var.ansible_provision_pwd
 452 #        ansible_python_interpreter = var.ansible_python_executable
 453 #        aws                        = true
 454 #      }
 455 #    }
 456 #  }
 457 #
 458 #  provisioner "remote-exec" {
 459 #    on_failure = continue
 460 #    inline     = ["sudo reboot"]
 461 #  }
 462 }
 463
 464 resource "null_resource" "deploy_dut2" {
 465   depends_on = [
 466     aws_instance.tg,
 467     aws_network_interface.tg_if1,
 468     aws_network_interface.tg_if2,
 469     aws_instance.dut1,
 470     aws_network_interface.dut1_if1,
 471     aws_network_interface.dut1_if2,
 472     aws_instance.dut2,
 473     aws_network_interface.dut2_if1,
 474     aws_network_interface.dut2_if2
 475   ]
 476
 477   connection {
 478     user        = "ubuntu"
 479     host        = aws_instance.dut2.public_ip
 480     private_key = tls_private_key.CSITTLS.private_key_pem
 481   }
 482
 483 #  provisioner "remote-exec" {
 484 #    inline = var.first_run_commands
 485 #  }
 486 #
 487 #  provisioner "ansible" {
 488 #    plays {
 489 #      playbook {
 490 #        file_path      = var.ansible_file_path
 491 #        force_handlers = true
 492 #      }
 493 #      hosts = ["sut_aws"]
 494 #      extra_vars = {
 495 #        ansible_ssh_pass           = var.ansible_provision_pwd
 496 #        ansible_python_interpreter = var.ansible_python_executable
 497 #        aws                        = true
 498 #      }
 499 #    }
 500 #  }
 501 #
 502 #  provisioner "remote-exec" {
 503 #    on_failure = continue
 504 #    inline     = ["sudo reboot"]
 505 #  }
 506 }
 507
 508 resource "null_resource" "deploy_topology" {
 509   depends_on = [aws_instance.tg, aws_instance.dut1, aws_instance.dut2]
 510
 511   provisioner "ansible" {
 512     plays {
 513       playbook {
 514         file_path = var.ansible_topology_path
 515       }
 516       hosts = ["local"]
 517       extra_vars = {
 518         ansible_python_interpreter = var.ansible_python_executable
 519         testbed_name               = var.testbed_name
 520         cloud_topology             = var.topology_name
 521         tg_if1_mac                 = data.aws_network_interface.tg_if1.mac_address
 522         tg_if2_mac                 = data.aws_network_interface.tg_if2.mac_address
 523         dut1_if1_mac               = data.aws_network_interface.dut1_if1.mac_address
 524         dut1_if2_mac               = data.aws_network_interface.dut1_if2.mac_address
 525         dut2_if1_mac               = data.aws_network_interface.dut2_if1.mac_address
 526         dut2_if2_mac               = data.aws_network_interface.dut2_if2.mac_address
 527         tg_public_ip               = aws_instance.tg.public_ip
 528         dut1_public_ip             = aws_instance.dut1.public_ip
 529         dut2_public_ip             = aws_instance.dut2.public_ip
 530         public_ip_list             = "${aws_instance.tg.public_ip},${aws_instance.dut1.public_ip},${aws_instance.dut2.public_ip}"
 531       }
 532     }
 533   }
 534 }