fdio.infra.terraform/3n_aws_c5n/deploy/main.tf

   1 data "vault_aws_access_credentials" "creds" {
   2   backend             = "${var.vault-name}-path"
   3   role                = "${var.vault-name}-role"
   4 }
   5
   6 resource "aws_vpc" "CSITVPC" {
   7   cidr_block          = var.vpc_cidr_mgmt
   8
   9   tags                = {
  10     "Name"            = "${var.resources_name_prefix}_${var.testbed_name}-vpc"
  11     "Environment"     = var.environment_name
  12   }
  13 }
  14
  15 resource "aws_security_group" "CSITSG" {
  16   name                = "${var.resources_name_prefix}_${var.testbed_name}-sg"
  17   description         = "Allow inbound traffic"
  18   vpc_id              = aws_vpc.CSITVPC.id
  19   depends_on          = [aws_vpc.CSITVPC]
  20
  21   ingress {
  22     from_port         = 22
  23     to_port           = 22
  24     protocol          = "tcp"
  25     cidr_blocks       = ["0.0.0.0/0"]
  26   }
  27
  28   ingress {
  29     from_port         = 0
  30     to_port           = 0
  31     protocol          = -1
  32     self              = true
  33   }
  34
  35   egress {
  36     from_port         = 0
  37     to_port           = 0
  38     protocol          = "-1"
  39     cidr_blocks       = ["0.0.0.0/0"]
  40   }
  41
  42   tags                = {
  43     "Name"            = "${var.resources_name_prefix}_${var.testbed_name}-sg"
  44     "Environment"     = var.environment_name
  45   }
  46 }
  47
  48 resource "aws_vpc_ipv4_cidr_block_association" "b" {
  49   vpc_id              = aws_vpc.CSITVPC.id
  50   cidr_block          = var.vpc_cidr_b
  51   depends_on          = [aws_vpc.CSITVPC]
  52 }
  53 resource "aws_vpc_ipv4_cidr_block_association" "c" {
  54   vpc_id              = aws_vpc.CSITVPC.id
  55   cidr_block          = var.vpc_cidr_c
  56   depends_on          = [aws_vpc.CSITVPC]
  57 }
  58 resource "aws_vpc_ipv4_cidr_block_association" "d" {
  59   vpc_id              = aws_vpc.CSITVPC.id
  60   cidr_block          = var.vpc_cidr_d
  61   depends_on          = [aws_vpc.CSITVPC]
  62 }
  63
  64 # Subnets
  65 resource "aws_subnet" "mgmt" {
  66   vpc_id              = aws_vpc.CSITVPC.id
  67   cidr_block          = var.vpc_cidr_mgmt
  68   availability_zone   = var.avail_zone
  69   depends_on          = [aws_vpc.CSITVPC]
  70
  71   tags                = {
  72     "Environment"     = var.environment_name
  73   }
  74 }
  75 resource "aws_subnet" "b" {
  76   vpc_id              = aws_vpc.CSITVPC.id
  77   cidr_block          = var.vpc_cidr_b
  78   availability_zone   = var.avail_zone
  79   depends_on          = [aws_vpc.CSITVPC, aws_vpc_ipv4_cidr_block_association.b]
  80
  81   tags                = {
  82     "Environment"     = var.environment_name
  83   }
  84 }
  85 resource "aws_subnet" "c" {
  86   vpc_id              = aws_vpc.CSITVPC.id
  87   cidr_block          = var.vpc_cidr_c
  88   availability_zone   = var.avail_zone
  89   depends_on          = [aws_vpc.CSITVPC, aws_vpc_ipv4_cidr_block_association.c]
  90
  91   tags                = {
  92     "Environment"     = var.environment_name
  93   }
  94 }
  95 resource "aws_subnet" "d" {
  96   vpc_id              = aws_vpc.CSITVPC.id
  97   cidr_block          = var.vpc_cidr_d
  98   availability_zone   = var.avail_zone
  99   depends_on          = [aws_vpc.CSITVPC, aws_vpc_ipv4_cidr_block_association.d]
 100
 101   tags                = {
 102     "Environment"     = var.environment_name
 103   }
 104 }
 105
 106 resource "aws_internet_gateway" "CSITGW" {
 107   vpc_id              = aws_vpc.CSITVPC.id
 108   depends_on          = [aws_vpc.CSITVPC]
 109
 110   tags                = {
 111     "Environment"     = var.environment_name
 112   }
 113 }
 114
 115 # SSH keypair
 116 # Temporary key for provisioning only
 117 resource "tls_private_key" "CSITTLS" {
 118   algorithm           = "RSA"
 119   rsa_bits            = 4096
 120 }
 121 resource "aws_key_pair" "CSITKP" {
 122   key_name            = "CSIT_3n_aws_c5n_${var.testbed_name}-key"
 123   public_key          = tls_private_key.CSITTLS.public_key_openssh
 124 }
 125
 126 resource "aws_placement_group" "CSITPG" {
 127   name                = "${var.resources_name_prefix}_${var.testbed_name}-pg"
 128   strategy            = "cluster"
 129 }
 130
 131 # NICs
 132 resource "aws_network_interface" "dut1_if1" {
 133   subnet_id           = aws_subnet.b.id
 134   source_dest_check   = false
 135   private_ip          = var.dut1_if1_ip
 136   private_ips         = [var.dut1_if1_ip]
 137   security_groups     = [aws_security_group.CSITSG.id]
 138   depends_on          = [aws_vpc.CSITVPC, aws_subnet.b, aws_instance.dut1]
 139
 140   attachment {
 141     instance          = aws_instance.dut1.id
 142     device_index      = 1
 143   }
 144
 145   tags                = {
 146     "Environment"     = var.environment_name
 147   }
 148 }
 149
 150 resource "aws_network_interface" "dut1_if2" {
 151   subnet_id           = aws_subnet.c.id
 152   source_dest_check   = false
 153   private_ip          = var.dut1_if2_ip
 154   private_ips         = [var.dut1_if2_ip]
 155   security_groups     = [aws_security_group.CSITSG.id]
 156   depends_on          = [aws_vpc.CSITVPC, aws_subnet.c, aws_instance.dut1]
 157
 158   attachment {
 159     instance          = aws_instance.dut1.id
 160     device_index      = 2
 161   }
 162
 163   tags                = {
 164     "Environment"     = var.environment_name
 165   }
 166 }
 167
 168 resource "aws_network_interface" "dut2_if1" {
 169   subnet_id           = aws_subnet.c.id
 170   source_dest_check   = false
 171   private_ip          = var.dut2_if1_ip
 172   private_ips         = [var.dut2_if1_ip]
 173   security_groups     = [aws_security_group.CSITSG.id]
 174   depends_on          = [aws_vpc.CSITVPC, aws_subnet.c, aws_instance.dut2]
 175
 176   attachment {
 177     instance          = aws_instance.dut2.id
 178     device_index      = 1
 179   }
 180
 181   tags                = {
 182     "Environment"     = var.environment_name
 183   }
 184 }
 185
 186 resource "aws_network_interface" "dut2_if2" {
 187   subnet_id           = aws_subnet.d.id
 188   source_dest_check   = false
 189   private_ip          = var.dut2_if2_ip
 190   private_ips         = [var.dut2_if2_ip]
 191   security_groups     = [aws_security_group.CSITSG.id]
 192   depends_on          = [aws_vpc.CSITVPC, aws_subnet.d, aws_instance.dut2]
 193
 194   attachment {
 195     instance          = aws_instance.dut2.id
 196     device_index      = 2
 197   }
 198
 199   tags                = {
 200     "Environment"     = var.environment_name
 201   }
 202 }
 203
 204 resource "aws_network_interface" "tg_if1" {
 205   subnet_id           = aws_subnet.b.id
 206   source_dest_check   = false
 207   private_ip          = var.tg_if1_ip
 208   private_ips         = [var.tg_if1_ip]
 209   security_groups     = [aws_security_group.CSITSG.id]
 210   depends_on          = [aws_vpc.CSITVPC, aws_subnet.b, aws_instance.tg]
 211
 212   attachment {
 213     instance          = aws_instance.tg.id
 214     device_index      = 1
 215   }
 216
 217   tags = {
 218     "Environment"     = var.environment_name
 219   }
 220 }
 221
 222 resource "aws_network_interface" "tg_if2" {
 223   subnet_id           = aws_subnet.d.id
 224   source_dest_check   = false
 225   private_ip          = var.tg_if2_ip
 226   private_ips         = [var.tg_if2_ip]
 227   security_groups     = [aws_security_group.CSITSG.id]
 228   depends_on          = [aws_vpc.CSITVPC, aws_subnet.d, aws_instance.tg]
 229
 230   attachment {
 231     instance          = aws_instance.tg.id
 232     device_index      = 2
 233   }
 234
 235   tags = {
 236     "Environment"     = var.environment_name
 237   }
 238 }
 239
 240 data "aws_network_interface" "dut1_if1" {
 241   id                  = aws_network_interface.dut1_if1.id
 242 }
 243
 244 data "aws_network_interface" "dut1_if2" {
 245   id                  = aws_network_interface.dut1_if2.id
 246 }
 247
 248 data "aws_network_interface" "dut2_if1" {
 249   id                  = aws_network_interface.dut2_if1.id
 250 }
 251
 252 data "aws_network_interface" "dut2_if2" {
 253   id                  = aws_network_interface.dut2_if2.id
 254 }
 255
 256 data "aws_network_interface" "tg_if1" {
 257   id                  = aws_network_interface.tg_if1.id
 258 }
 259
 260 data "aws_network_interface" "tg_if2" {
 261   id                  = aws_network_interface.tg_if2.id
 262 }
 263
 264 # Instances
 265 resource "aws_instance" "tg" {
 266   ami                                  = var.ami_image
 267   availability_zone                    = var.avail_zone
 268   instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
 269   instance_type                        = var.instance_type
 270   key_name                             = aws_key_pair.CSITKP.key_name
 271   associate_public_ip_address          = true
 272   subnet_id                            = aws_subnet.mgmt.id
 273   private_ip                           = var.tg_mgmt_ip
 274   vpc_security_group_ids               = [aws_security_group.CSITSG.id]
 275   placement_group                      = aws_placement_group.CSITPG.id
 276   source_dest_check                    = false
 277   # host_id                            = "1"
 278
 279   depends_on             = [
 280     aws_vpc.CSITVPC,
 281     aws_placement_group.CSITPG,
 282   ]
 283
 284   root_block_device {
 285     volume_size          = 50
 286   }
 287
 288   tags                   = {
 289     "Name"               = "${var.resources_name_prefix}_${var.testbed_name}-tg"
 290     "Environment"        = var.environment_name
 291   }
 292 }
 293
 294 resource "aws_instance" "dut1" {
 295   ami                                  = var.ami_image
 296   availability_zone                    = var.avail_zone
 297   instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
 298   instance_type                        = var.instance_type
 299   key_name                             = aws_key_pair.CSITKP.key_name
 300   associate_public_ip_address          = true
 301   subnet_id                            = aws_subnet.mgmt.id
 302   private_ip                           = var.dut1_mgmt_ip
 303   vpc_security_group_ids               = [aws_security_group.CSITSG.id]
 304   placement_group                      = aws_placement_group.CSITPG.id
 305   source_dest_check                    = false
 306   # host_id                            = "2"
 307
 308   depends_on             = [
 309     aws_vpc.CSITVPC,
 310     aws_placement_group.CSITPG,
 311     aws_instance.tg
 312   ]
 313
 314   root_block_device {
 315     volume_size          = 50
 316   }
 317
 318   tags                   = {
 319     "Name"               = "${var.resources_name_prefix}_${var.testbed_name}-dut1"
 320     "Environment"        = var.environment_name
 321   }
 322 }
 323
 324 resource "aws_instance" "dut2" {
 325   ami                         = var.ami_image
 326   availability_zone           = var.avail_zone
 327   instance_type               = var.instance_type
 328   key_name                    = aws_key_pair.CSITKP.key_name
 329   associate_public_ip_address = true
 330   subnet_id                   = aws_subnet.mgmt.id
 331   private_ip                  = var.dut2_mgmt_ip
 332   vpc_security_group_ids      = [aws_security_group.CSITSG.id]
 333   placement_group             = aws_placement_group.CSITPG.id
 334   source_dest_check           = false
 335   # host_id                   = "3"
 336
 337   depends_on             = [
 338     aws_vpc.CSITVPC,
 339     aws_placement_group.CSITPG,
 340     aws_instance.tg,
 341     aws_instance.dut1
 342   ]
 343
 344   root_block_device {
 345     volume_size          = 50
 346   }
 347
 348   tags                   = {
 349     "Name"               = "${var.resources_name_prefix}_${var.testbed_name}-dut2"
 350     "Environment"        = var.environment_name
 351   }
 352 }
 353
 354 # Routes
 355 resource "aws_route" "CSIT-igw" {
 356   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 357   gateway_id             = aws_internet_gateway.CSITGW.id
 358   destination_cidr_block = "0.0.0.0/0"
 359   depends_on             = [aws_vpc.CSITVPC, aws_internet_gateway.CSITGW]
 360 }
 361 resource "aws_route" "dummy-trex-port-0" {
 362   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 363   network_interface_id   = aws_instance.tg.primary_network_interface_id
 364   destination_cidr_block = var.trex_dummy_cidr_port_0
 365   depends_on             = [aws_vpc.CSITVPC, aws_instance.dut1]
 366 }
 367 resource "aws_route" "dummy-trex-port-1" {
 368   route_table_id         = aws_vpc.CSITVPC.main_route_table_id
 369   network_interface_id   = aws_instance.tg.primary_network_interface_id
 370   destination_cidr_block = var.trex_dummy_cidr_port_1
 371   depends_on             = [aws_vpc.CSITVPC, aws_instance.dut1]
 372 }
 373
 374 # Deployment/Ansible
 375 resource "null_resource" "deploy_tg" {
 376   depends_on             = [
 377     aws_instance.tg,
 378     aws_network_interface.tg_if1,
 379     aws_network_interface.tg_if2,
 380     aws_instance.dut1,
 381     aws_network_interface.dut1_if1,
 382     aws_network_interface.dut1_if2,
 383     aws_instance.dut2,
 384     aws_network_interface.dut2_if1,
 385     aws_network_interface.dut2_if2
 386   ]
 387
 388   connection {
 389     user                 = "ubuntu"
 390     host                 = aws_instance.tg.public_ip
 391     private_key          = tls_private_key.CSITTLS.private_key_pem
 392   }
 393
 394   provisioner "remote-exec" {
 395     inline               = var.first_run_commands
 396   }
 397
 398   provisioner "ansible" {
 399     plays {
 400       playbook {
 401         file_path        = var.ansible_file_path
 402         force_handlers   = true
 403       }
 404       hosts              = ["tg_aws"]
 405       extra_vars         = {
 406         ansible_ssh_pass           = var.ansible_provision_pwd
 407         ansible_python_interpreter = var.ansible_python_executable
 408         aws                        = true
 409       }
 410     }
 411   }
 412
 413   provisioner "remote-exec" {
 414     on_failure           = continue
 415     inline               = ["sudo reboot"]
 416   }
 417 }
 418
 419 resource "null_resource" "deploy_dut1" {
 420   depends_on             = [
 421     aws_instance.tg,
 422     aws_network_interface.tg_if1,
 423     aws_network_interface.tg_if2,
 424     aws_instance.dut1,
 425     aws_network_interface.dut1_if1,
 426     aws_network_interface.dut1_if2,
 427     aws_instance.dut2,
 428     aws_network_interface.dut2_if1,
 429     aws_network_interface.dut2_if2
 430   ]
 431
 432   connection {
 433     user                 = "ubuntu"
 434     host                 = aws_instance.dut1.public_ip
 435     private_key          = tls_private_key.CSITTLS.private_key_pem
 436   }
 437
 438   provisioner "remote-exec" {
 439     inline               = var.first_run_commands
 440   }
 441
 442   provisioner "ansible" {
 443     plays {
 444       playbook {
 445         file_path        = var.ansible_file_path
 446         force_handlers   = true
 447       }
 448       hosts              = ["sut_aws"]
 449       extra_vars         = {
 450         ansible_ssh_pass           = var.ansible_provision_pwd
 451         ansible_python_interpreter = var.ansible_python_executable
 452         aws                        = true
 453       }
 454     }
 455   }
 456
 457   provisioner "remote-exec" {
 458     on_failure           = continue
 459     inline               = ["sudo reboot"]
 460   }
 461 }
 462
 463 resource "null_resource" "deploy_dut2" {
 464   depends_on             = [
 465     aws_instance.tg,
 466     aws_network_interface.tg_if1,
 467     aws_network_interface.tg_if2,
 468     aws_instance.dut1,
 469     aws_network_interface.dut1_if1,
 470     aws_network_interface.dut1_if2,
 471     aws_instance.dut2,
 472     aws_network_interface.dut2_if1,
 473     aws_network_interface.dut2_if2
 474   ]
 475
 476   connection {
 477     user                 = "ubuntu"
 478     host                 = aws_instance.dut2.public_ip
 479     private_key          = tls_private_key.CSITTLS.private_key_pem
 480   }
 481
 482   provisioner "remote-exec" {
 483     inline               = var.first_run_commands
 484   }
 485
 486   provisioner "ansible" {
 487     plays {
 488       playbook {
 489         file_path        = var.ansible_file_path
 490         force_handlers   = true
 491       }
 492       hosts              = ["sut_aws"]
 493       extra_vars         = {
 494         ansible_ssh_pass           = var.ansible_provision_pwd
 495         ansible_python_interpreter = var.ansible_python_executable
 496         aws                        = true
 497       }
 498     }
 499   }
 500
 501   provisioner "remote-exec" {
 502     on_failure           = continue
 503     inline               = ["sudo reboot"]
 504   }
 505 }
 506
 507 resource "null_resource" "deploy_topology" {
 508   depends_on             = [ aws_instance.tg, aws_instance.dut1, aws_instance.dut2 ]
 509
 510   provisioner "ansible" {
 511     plays {
 512       playbook {
 513         file_path        = var.ansible_topology_path
 514       }
 515       hosts              = ["local"]
 516       extra_vars         = {
 517         ansible_python_interpreter = var.ansible_python_executable
 518         testbed_name               = var.testbed_name
 519         cloud_topology             = var.topology_name
 520         tg_if1_mac                 = data.aws_network_interface.tg_if1.mac_address
 521         tg_if2_mac                 = data.aws_network_interface.tg_if2.mac_address
 522         dut1_if1_mac               = data.aws_network_interface.dut1_if1.mac_address
 523         dut1_if2_mac               = data.aws_network_interface.dut1_if2.mac_address
 524         dut2_if1_mac               = data.aws_network_interface.dut2_if1.mac_address
 525         dut2_if2_mac               = data.aws_network_interface.dut2_if2.mac_address
 526         tg_public_ip               = aws_instance.tg.public_ip
 527         dut1_public_ip             = aws_instance.dut1.public_ip
 528         dut2_public_ip             = aws_instance.dut2.public_ip
 529         public_ip_list             = "${aws_instance.tg.public_ip},${aws_instance.dut1.public_ip},${aws_instance.dut2.public_ip}"
 530       }
 531     }
 532   }
 533 }