resources/tools/terraform/azure/main.tf

   1 provider "azurerm" {
   2   version = ">= 1.4.0"
   3 }
   4
   5 # Variables
   6
   7 variable "vpc_cidr_a" {
   8   type = string
   9   default = "172.16.0.0/24"
  10 }
  11
  12 variable "vpc_cidr_b" {
  13   type = string
  14   default = "192.168.10.0/24"
  15 }
  16
  17 variable "vpc_cidr_c" {
  18   type = string
  19   default = "200.0.0.0/24"
  20 }
  21
  22 variable "vpc_cidr_d" {
  23   type = string
  24   default = "192.168.20.0/24"
  25 }
  26
  27 variable "trex_dummy_cidr_port_0" {
  28   type = string
  29   default = "10.0.0.0/24"
  30 }
  31
  32 variable "trex_dummy_cidr_port_1" {
  33   type = string
  34   default = "20.0.0.0/24"
  35 }
  36
  37 # Create resource group and resources
  38
  39 resource "azurerm_resource_group" "CSIT" {
  40   name     = "CSIT_pm"
  41   location = "North Europe"
  42 }
  43
  44 resource "azurerm_virtual_network" "CSIT" {
  45   name                = "CSIT-network"
  46   resource_group_name = azurerm_resource_group.CSIT.name
  47   location            = azurerm_resource_group.CSIT.location
  48   address_space       = [ var.vpc_cidr_a,
  49                           var.vpc_cidr_b,
  50                           var.vpc_cidr_c,
  51                           var.vpc_cidr_d ]
  52   depends_on          = [ azurerm_resource_group.CSIT ]
  53 }
  54
  55 resource "azurerm_subnet" "a" {
  56   name                 = "subnet_a"
  57   resource_group_name  = azurerm_resource_group.CSIT.name
  58   virtual_network_name = azurerm_virtual_network.CSIT.name
  59   address_prefix       = var.vpc_cidr_a
  60   depends_on           = [ azurerm_resource_group.CSIT ]
  61 }
  62
  63 resource "azurerm_subnet" "b" {
  64   name                 = "subnet_b"
  65   resource_group_name  = azurerm_resource_group.CSIT.name
  66   virtual_network_name = azurerm_virtual_network.CSIT.name
  67   address_prefix       = var.vpc_cidr_b
  68   depends_on           = [ azurerm_resource_group.CSIT ]
  69 }
  70
  71 resource "azurerm_subnet" "c" {
  72   name                 = "subnet_c"
  73   resource_group_name  = azurerm_resource_group.CSIT.name
  74   virtual_network_name = azurerm_virtual_network.CSIT.name
  75   address_prefix       = var.vpc_cidr_c
  76   depends_on           = [ azurerm_resource_group.CSIT ]
  77 }
  78
  79 resource "azurerm_subnet" "d" {
  80   name                 = "subnet_d"
  81   resource_group_name  = azurerm_resource_group.CSIT.name
  82   virtual_network_name = azurerm_virtual_network.CSIT.name
  83   address_prefix       = var.vpc_cidr_d
  84   depends_on           = [ azurerm_resource_group.CSIT ]
  85 }
  86
  87 # Create a security group of the Kiknos instances
  88
  89 resource "azurerm_network_security_group" "CSIT" {
  90   name                = "CSIT"
  91   resource_group_name = azurerm_resource_group.CSIT.name
  92   location            = azurerm_resource_group.CSIT.location
  93   security_rule {
  94     name                       = "IpSec"
  95     priority                   = 100
  96     direction                  = "Inbound"
  97     access                     = "Allow"
  98     protocol                   = "Udp"
  99     source_port_range          = "*"
 100     destination_port_range     = "500"
 101     source_address_prefix      = "*"
 102     destination_address_prefix = "*"
 103   }
 104   security_rule {
 105     name                       = "IpSec-NAT"
 106     priority                   = 101
 107     direction                  = "Inbound"
 108     access                     = "Allow"
 109     protocol                   = "Udp"
 110     source_port_range          = "*"
 111     destination_port_range     = "4500"
 112     source_address_prefix      = "*"
 113     destination_address_prefix = "*"
 114   }
 115   security_rule {
 116     name                       = "SSH"
 117     priority                   = 102
 118     direction                  = "Inbound"
 119     access                     = "Allow"
 120     protocol                   = "Tcp"
 121     source_port_range          = "*"
 122     destination_port_range     = "22"
 123     source_address_prefix      = "*"
 124     destination_address_prefix = "*"
 125   }
 126   security_rule {
 127     name                       = "InboundAll"
 128     priority                   = 103
 129     direction                  = "Inbound"
 130     access                     = "Allow"
 131     protocol                   = "*"
 132     source_port_range          = "*"
 133     destination_port_range     = "*"
 134     source_address_prefix      = "*"
 135     destination_address_prefix = "*"
 136   }
 137   security_rule {
 138     name                       = "Outbound"
 139     priority                   = 104
 140     direction                  = "Outbound"
 141     access                     = "Allow"
 142     protocol                   = "*"
 143     source_port_range          = "*"
 144     destination_port_range     = "*"
 145     source_address_prefix      = "*"
 146     destination_address_prefix = "*"
 147   }
 148   depends_on = [azurerm_virtual_network.CSIT]
 149 }
 150
 151 # Create public IPs
 152
 153 resource "azurerm_public_ip" "tg_public_ip" {
 154     name                         = "tg_public_ip"
 155     location                     = azurerm_resource_group.CSIT.location
 156     resource_group_name          = azurerm_resource_group.CSIT.name
 157     allocation_method            = "Dynamic"
 158     depends_on                   = [ azurerm_resource_group.CSIT ]
 159 }
 160
 161 resource "azurerm_public_ip" "dut1_public_ip" {
 162     name                         = "dut1_public_ip"
 163     location                     = azurerm_resource_group.CSIT.location
 164     resource_group_name          = azurerm_resource_group.CSIT.name
 165     allocation_method            = "Dynamic"
 166     depends_on                   = [ azurerm_resource_group.CSIT ]
 167 }
 168
 169 resource "azurerm_public_ip" "dut2_public_ip" {
 170     name                         = "dut2_public_ip"
 171     location                     = azurerm_resource_group.CSIT.location
 172     resource_group_name          = azurerm_resource_group.CSIT.name
 173     allocation_method            = "Dynamic"
 174     depends_on                   = [ azurerm_resource_group.CSIT ]
 175 }
 176
 177 # Create network interface
 178
 179 resource "azurerm_network_interface" "tg_mng" {
 180     name                      = "tg_mng"
 181     location                  = azurerm_resource_group.CSIT.location
 182     resource_group_name       = azurerm_resource_group.CSIT.name
 183     network_security_group_id = azurerm_network_security_group.CSIT.id
 184     ip_configuration {
 185         primary                       = "true"
 186         name                          = "tg_mng_ip"
 187         subnet_id                     = azurerm_subnet.a.id
 188         private_ip_address_allocation = "Static"
 189         private_ip_address            = "172.16.0.10"
 190         public_ip_address_id          = azurerm_public_ip.tg_public_ip.id
 191     }
 192     depends_on                = [ azurerm_resource_group.CSIT,
 193                                   azurerm_subnet.a,
 194                                   azurerm_public_ip.tg_public_ip ]
 195 }
 196
 197 resource "azurerm_network_interface" "dut1_mng" {
 198     name                      = "dut1_mng"
 199     location                  = azurerm_resource_group.CSIT.location
 200     resource_group_name       = azurerm_resource_group.CSIT.name
 201     network_security_group_id = azurerm_network_security_group.CSIT.id
 202     ip_configuration {
 203         primary                       = "true"
 204         name                          = "dut1_mng_ip"
 205         subnet_id                     = azurerm_subnet.a.id
 206         private_ip_address_allocation = "Static"
 207         private_ip_address            = "172.16.0.11"
 208         public_ip_address_id          = azurerm_public_ip.dut1_public_ip.id
 209     }
 210     depends_on                = [ azurerm_resource_group.CSIT,
 211                                   azurerm_subnet.a,
 212                                   azurerm_public_ip.dut1_public_ip ]
 213 }
 214
 215 resource "azurerm_network_interface" "dut2_mng" {
 216     name                      = "dut2_mng"
 217     location                  = azurerm_resource_group.CSIT.location
 218     resource_group_name       = azurerm_resource_group.CSIT.name
 219     network_security_group_id = azurerm_network_security_group.CSIT.id
 220     ip_configuration {
 221         primary                       = "true"
 222         name                          = "dut2_mng_ip"
 223         subnet_id                     = azurerm_subnet.a.id
 224         private_ip_address_allocation = "Static"
 225         private_ip_address            = "172.16.0.12"
 226         public_ip_address_id          = azurerm_public_ip.dut2_public_ip.id
 227     }
 228     depends_on                = [ azurerm_resource_group.CSIT,
 229                                   azurerm_subnet.a,
 230                                   azurerm_public_ip.dut2_public_ip ]
 231 }
 232
 233 resource "azurerm_route_table" "b" {
 234   name                          = "b"
 235   location                      = azurerm_resource_group.CSIT.location
 236   resource_group_name           = azurerm_resource_group.CSIT.name
 237   depends_on                    = [ azurerm_resource_group.CSIT,
 238                                     azurerm_subnet.b ]
 239   disable_bgp_route_propagation = false
 240   route {
 241     name                    = "route-10"
 242     address_prefix          = "10.0.0.0/24"
 243     next_hop_type           = "VirtualAppliance"
 244     next_hop_in_ip_address  = "192.168.10.254"
 245   }
 246   route {
 247     name                    = "route-20"
 248     address_prefix          = "20.0.0.0/24"
 249     next_hop_type           = "VirtualAppliance"
 250     next_hop_in_ip_address  = "192.168.10.11"
 251   }
 252   route {
 253     name                    = "tg2"
 254     address_prefix          = "192.168.20.0/24"
 255     next_hop_type           = "VirtualAppliance"
 256     next_hop_in_ip_address  = "192.168.10.11"
 257   }
 258 }
 259
 260 resource "azurerm_route_table" "c" {
 261   name                          = "c"
 262   location                      = azurerm_resource_group.CSIT.location
 263   resource_group_name           = azurerm_resource_group.CSIT.name
 264   depends_on                    = [ azurerm_resource_group.CSIT,
 265                                     azurerm_subnet.c ]
 266   disable_bgp_route_propagation = false
 267   route {
 268     name                    = "route-10"
 269     address_prefix          = "10.0.0.0/24"
 270     next_hop_type           = "VirtualAppliance"
 271     next_hop_in_ip_address  = "200.0.0.101"
 272   }
 273   route {
 274     name                    = "route-20"
 275     address_prefix          = "20.0.0.0/24"
 276     next_hop_type           = "VirtualAppliance"
 277     next_hop_in_ip_address  = "200.0.0.102"
 278   }
 279   route {
 280     name                    = "tg1"
 281     address_prefix          = "192.168.10.0/24"
 282     next_hop_type           = "VirtualAppliance"
 283     next_hop_in_ip_address  = "200.0.0.101"
 284   }
 285   route {
 286     name                    = "tg2"
 287     address_prefix          = "192.168.20.0/24"
 288     next_hop_type           = "VirtualAppliance"
 289     next_hop_in_ip_address  = "200.0.0.102"
 290   }
 291 }
 292
 293 resource "azurerm_route_table" "d" {
 294   name                          = "d"
 295   location                      = azurerm_resource_group.CSIT.location
 296   resource_group_name           = azurerm_resource_group.CSIT.name
 297   depends_on                    = [ azurerm_resource_group.CSIT,
 298                                     azurerm_subnet.d ]
 299   disable_bgp_route_propagation = false
 300   route {
 301     name                    = "route-10"
 302     address_prefix          = "10.0.0.0/24"
 303     next_hop_type           = "VirtualAppliance"
 304     next_hop_in_ip_address  = "192.168.20.11"
 305   }
 306   route {
 307     name                    = "route-20"
 308     address_prefix          = "20.0.0.0/24"
 309     next_hop_type           = "VirtualAppliance"
 310     next_hop_in_ip_address  = "192.168.20.254"
 311   }
 312   route {
 313     name                    = "tg1"
 314     address_prefix          = "192.168.10.0/24"
 315     next_hop_type           = "VirtualAppliance"
 316     next_hop_in_ip_address  = "192.168.20.11"
 317   }
 318 }
 319
 320 resource "azurerm_subnet_route_table_association" "b" {
 321   subnet_id      = azurerm_subnet.b.id
 322   route_table_id = azurerm_route_table.b.id
 323 }
 324
 325 resource "azurerm_subnet_route_table_association" "c" {
 326   subnet_id      = azurerm_subnet.c.id
 327   route_table_id = azurerm_route_table.c.id
 328 }
 329
 330 resource "azurerm_subnet_route_table_association" "d" {
 331   subnet_id      = azurerm_subnet.d.id
 332   route_table_id = azurerm_route_table.d.id
 333 }
 334
 335 resource "azurerm_virtual_machine" "tg" {
 336     name                             = "tg"
 337     location                         = azurerm_resource_group.CSIT.location
 338     resource_group_name              = azurerm_resource_group.CSIT.name
 339     primary_network_interface_id     = azurerm_network_interface.tg_mng.id
 340     network_interface_ids            = [ azurerm_network_interface.tg_mng.id,
 341                                          azurerm_network_interface.tg_if1.id,
 342                                          azurerm_network_interface.tg_if2.id ]
 343     vm_size                          = "Standard_F32s_v2"
 344     delete_os_disk_on_termination    = true
 345     delete_data_disks_on_termination = true
 346     storage_os_disk {
 347         name              = "OsDiskTG"
 348         caching           = "ReadWrite"
 349         create_option     = "FromImage"
 350         managed_disk_type = "StandardSSD_LRS"
 351     }
 352     storage_image_reference {
 353         publisher = "Canonical"
 354         offer     = "UbuntuServer"
 355         sku       = "18.04-LTS"
 356         version   = "latest"
 357     }
 358     os_profile {
 359         computer_name  = "tg"
 360         admin_username = "testuser"
 361         admin_password = "Csit1234"
 362     }
 363     os_profile_linux_config {
 364         disable_password_authentication = false
 365         ssh_keys {
 366             path     = "/home/testuser/.ssh/authorized_keys"
 367             key_data = file("~/.ssh/id_rsa.pub")
 368         }
 369     }
 370     depends_on          = [ azurerm_resource_group.CSIT,
 371                             azurerm_network_interface.tg_mng ]
 372 }
 373
 374 resource "azurerm_virtual_machine" "dut1" {
 375     name                             = "dut1"
 376     location                         = azurerm_resource_group.CSIT.location
 377     resource_group_name              = azurerm_resource_group.CSIT.name
 378     primary_network_interface_id     = azurerm_network_interface.dut1_mng.id
 379     network_interface_ids            = [ azurerm_network_interface.dut1_mng.id,
 380                                          azurerm_network_interface.dut1_if1.id,
 381                                          azurerm_network_interface.dut1_if2.id ]
 382     vm_size                          = "Standard_F32s_v2"
 383     delete_os_disk_on_termination    = true
 384     delete_data_disks_on_termination = true
 385     storage_os_disk {
 386         name              = "OsDiskDUT1"
 387         caching           = "ReadWrite"
 388         create_option     = "FromImage"
 389         managed_disk_type = "StandardSSD_LRS"
 390     }
 391     storage_image_reference {
 392         publisher = "Canonical"
 393         offer     = "UbuntuServer"
 394         sku       = "18.04-LTS"
 395         version   = "latest"
 396     }
 397     os_profile {
 398         computer_name  = "dut1"
 399         admin_username = "testuser"
 400         admin_password = "Csit1234"
 401     }
 402     os_profile_linux_config {
 403         disable_password_authentication = false
 404         ssh_keys {
 405             path     = "/home/testuser/.ssh/authorized_keys"
 406             key_data = file("~/.ssh/id_rsa.pub")
 407         }
 408     }
 409     depends_on          = [ azurerm_resource_group.CSIT,
 410                             azurerm_network_interface.dut1_mng ]
 411 }
 412
 413 resource "azurerm_virtual_machine" "dut2" {
 414     name                             = "dut2"
 415     location                         = azurerm_resource_group.CSIT.location
 416     resource_group_name              = azurerm_resource_group.CSIT.name
 417     primary_network_interface_id     = azurerm_network_interface.dut2_mng.id
 418     network_interface_ids            = [ azurerm_network_interface.dut2_mng.id,
 419                                          azurerm_network_interface.dut2_if1.id,
 420                                          azurerm_network_interface.dut2_if2.id ]
 421     vm_size                          = "Standard_F32s_v2"
 422     delete_os_disk_on_termination    = true
 423     delete_data_disks_on_termination = true
 424     storage_os_disk {
 425         name              = "OsDiskDUT2"
 426         caching           = "ReadWrite"
 427         create_option     = "FromImage"
 428         managed_disk_type = "StandardSSD_LRS"
 429     }
 430     storage_image_reference {
 431         publisher = "Canonical"
 432         offer     = "UbuntuServer"
 433         sku       = "18.04-LTS"
 434         version   = "latest"
 435     }
 436     os_profile {
 437         computer_name  = "dut2"
 438         admin_username = "testuser"
 439         admin_password = "Csit1234"
 440     }
 441     os_profile_linux_config {
 442         disable_password_authentication = false
 443         ssh_keys {
 444             path     = "/home/testuser/.ssh/authorized_keys"
 445             key_data = file("~/.ssh/id_rsa.pub")
 446         }
 447     }
 448     depends_on          = [ azurerm_resource_group.CSIT,
 449                             azurerm_network_interface.dut2_mng ]
 450 }
 451
 452 data "azurerm_public_ip" "tg_public_ip" {
 453   name                = "tg_public_ip"
 454   resource_group_name = azurerm_resource_group.CSIT.name
 455   depends_on          = [ azurerm_virtual_machine.tg ]
 456 }
 457
 458 data "azurerm_public_ip" "dut1_public_ip" {
 459   name                = "dut1_public_ip"
 460   resource_group_name = azurerm_resource_group.CSIT.name
 461   depends_on          = [ azurerm_virtual_machine.dut1 ]
 462 }
 463
 464 data "azurerm_public_ip" "dut2_public_ip" {
 465   name                = "dut2_public_ip"
 466   resource_group_name = azurerm_resource_group.CSIT.name
 467   depends_on          = [ azurerm_virtual_machine.dut2 ]
 468 }
 469
 470 # Provisioning
 471
 472 resource "null_resource" "deploy_tg" {
 473   depends_on = [ azurerm_virtual_machine.tg,
 474                  azurerm_network_interface.tg_if1,
 475                  azurerm_network_interface.tg_if2 ]
 476   connection {
 477     user = "testuser"
 478     host = data.azurerm_public_ip.tg_public_ip.ip_address
 479   }
 480   provisioner "ansible" {
 481     plays {
 482       playbook {
 483         file_path = "../../testbed-setup/ansible/site_azure.yaml"
 484         force_handlers = true
 485       }
 486       hosts = ["tg"]
 487       extra_vars = {
 488         ansible_python_interpreter = "python3"
 489         azure = true
 490         remote_net = var.vpc_cidr_d
 491         tg_if1_mac = azurerm_network_interface.tg_if1.mac_address
 492         tg_if2_mac = azurerm_network_interface.tg_if2.mac_address
 493         dut1_if1_mac = azurerm_network_interface.dut1_if1.mac_address
 494         dut1_if2_mac = azurerm_network_interface.dut1_if2.mac_address
 495         dut2_if1_mac = azurerm_network_interface.dut2_if1.mac_address
 496         dut2_if2_mac = azurerm_network_interface.dut2_if2.mac_address
 497         dut1_if1_ip = azurerm_network_interface.dut1_if1.private_ip_address
 498         dut2_if2_ip = azurerm_network_interface.dut2_if2.private_ip_address
 499       }
 500     }
 501   }
 502 }
 503
 504 resource "null_resource" "deploy_dut1" {
 505   depends_on = [ azurerm_virtual_machine.dut1,
 506                  azurerm_network_interface.dut1_if1,
 507                  azurerm_network_interface.dut1_if2 ]
 508   connection {
 509     user = "testuser"
 510     host = data.azurerm_public_ip.dut1_public_ip.ip_address
 511   }
 512   provisioner "ansible" {
 513     plays {
 514       playbook {
 515         file_path = "../../testbed-setup/ansible/site_azure.yaml"
 516         force_handlers = true
 517       }
 518       hosts = ["sut"]
 519       extra_vars = {
 520         ansible_python_interpreter = "python3"
 521         azure = true
 522         dut1_if1_ip = azurerm_network_interface.dut1_if1.private_ip_address
 523         dut1_if1_mac = azurerm_network_interface.dut1_if1.mac_address
 524         dut1_if2_ip = azurerm_network_interface.dut1_if2.private_ip_address
 525         dut1_if2_mac = azurerm_network_interface.dut1_if2.mac_address
 526         dut2_if2_ip = azurerm_network_interface.dut2_if1.private_ip_address
 527         dut2_if1_gateway = azurerm_network_interface.dut2_if1.private_ip_address
 528         traffic_if1 = var.trex_dummy_cidr_port_0
 529         traffic_if2 = var.trex_dummy_cidr_port_1
 530       }
 531     }
 532   }
 533 }
 534
 535 resource "null_resource" "deploy_dut2" {
 536   depends_on = [ azurerm_virtual_machine.dut2,
 537                  azurerm_network_interface.dut2_if1,
 538                  azurerm_network_interface.dut2_if2 ]
 539   connection {
 540     user = "testuser"
 541     host = data.azurerm_public_ip.dut2_public_ip.ip_address
 542   }
 543   provisioner "ansible" {
 544     plays {
 545       playbook {
 546         file_path = "../../testbed-setup/ansible/site_azure.yaml"
 547         force_handlers = true
 548       }
 549       hosts = ["sut"]
 550       extra_vars = {
 551         ansible_python_interpreter = "python3"
 552         azure = true
 553         dut2_if1_ip = azurerm_network_interface.dut2_if1.private_ip_address
 554         dut2_if1_mac = azurerm_network_interface.dut2_if1.mac_address
 555         dut2_if2_ip = azurerm_network_interface.dut2_if2.private_ip_address
 556         dut2_if2_mac = azurerm_network_interface.dut2_if2.mac_address
 557         dut1_if2_ip = azurerm_network_interface.dut1_if2.private_ip_address
 558         dut1_if2_gateway = azurerm_network_interface.dut1_if2.private_ip_address
 559         traffic_if1 = var.trex_dummy_cidr_port_0
 560         traffic_if2 = var.trex_dummy_cidr_port_1
 561       }
 562     }
 563   }
 564 }
 565
 566 output "dbg_tg" {
 567   value = "TG IP: ${data.azurerm_public_ip.tg_public_ip.ip_address}"
 568 }
 569
 570 output "dbg_dut1" {
 571   value = "DUT1 IP: ${data.azurerm_public_ip.dut1_public_ip.ip_address}"
 572 }
 573
 574 output "dbg_dut2" {
 575   value = "DUT2 IP: ${data.azurerm_public_ip.dut2_public_ip.ip_address}"
 576 }