resources/tools/terraform/azure/main.tf

   1 provider "azurerm" {
   2   version = ">= 1.4.0"
   3 }
   4
   5 # Variables
   6
   7 variable "vpc_cidr_a" {
   8   type = string
   9   default = "172.16.0.0/24"
  10 }
  11
  12 variable "vpc_cidr_b" {
  13   type = string
  14   default = "192.168.10.0/24"
  15 }
  16
  17 variable "vpc_cidr_c" {
  18   type = string
  19   default = "200.0.0.0/24"
  20 }
  21
  22 variable "vpc_cidr_d" {
  23   type = string
  24   default = "192.168.20.0/24"
  25 }
  26
  27 variable "trex_dummy_cidr_port_0" {
  28   type = string
  29   default = "10.0.0.0/24"
  30 }
  31
  32 variable "trex_dummy_cidr_port_1" {
  33   type = string
  34   default = "20.0.0.0/24"
  35 }
  36
  37 # Create resource group and resources
  38
  39 resource "azurerm_resource_group" "CSIT" {
  40   name     = "CSIT_pm"
  41   location = "North Europe"
  42 }
  43
  44 resource "azurerm_virtual_network" "CSIT" {
  45   name                = "CSIT-network"
  46   resource_group_name = azurerm_resource_group.CSIT.name
  47   location            = azurerm_resource_group.CSIT.location
  48   address_space       = [ var.vpc_cidr_a,
  49                           var.vpc_cidr_b,
  50                           var.vpc_cidr_c,
  51                           var.vpc_cidr_d ]
  52   depends_on          = [ azurerm_resource_group.CSIT ]
  53 }
  54
  55 resource "azurerm_subnet" "a" {
  56   name                 = "subnet_a"
  57   resource_group_name  = azurerm_resource_group.CSIT.name
  58   virtual_network_name = azurerm_virtual_network.CSIT.name
  59   address_prefix       = var.vpc_cidr_a
  60   depends_on           = [ azurerm_resource_group.CSIT ]
  61 }
  62
  63 resource "azurerm_subnet" "b" {
  64   name                 = "subnet_b"
  65   resource_group_name  = azurerm_resource_group.CSIT.name
  66   virtual_network_name = azurerm_virtual_network.CSIT.name
  67   address_prefix       = var.vpc_cidr_b
  68   depends_on           = [ azurerm_resource_group.CSIT ]
  69 }
  70
  71 resource "azurerm_subnet" "c" {
  72   name                 = "subnet_c"
  73   resource_group_name  = azurerm_resource_group.CSIT.name
  74   virtual_network_name = azurerm_virtual_network.CSIT.name
  75   address_prefix       = var.vpc_cidr_c
  76   depends_on           = [ azurerm_resource_group.CSIT ]
  77 }
  78
  79 resource "azurerm_subnet" "d" {
  80   name                 = "subnet_d"
  81   resource_group_name  = azurerm_resource_group.CSIT.name
  82   virtual_network_name = azurerm_virtual_network.CSIT.name
  83   address_prefix       = var.vpc_cidr_d
  84   depends_on           = [ azurerm_resource_group.CSIT ]
  85 }
  86
  87 # Create a security group of the Kiknos instances
  88
  89 resource "azurerm_network_security_group" "CSIT" {
  90   name                = "CSIT"
  91   resource_group_name = azurerm_resource_group.CSIT.name
  92   location            = azurerm_resource_group.CSIT.location
  93   security_rule {
  94     name                       = "IpSec"
  95     priority                   = 100
  96     direction                  = "Inbound"
  97     access                     = "Allow"
  98     protocol                   = "Udp"
  99     source_port_range          = "*"
 100     destination_port_range     = "500"
 101     source_address_prefix      = "*"
 102     destination_address_prefix = "*"
 103   }
 104   security_rule {
 105     name                       = "IpSec-NAT"
 106     priority                   = 101
 107     direction                  = "Inbound"
 108     access                     = "Allow"
 109     protocol                   = "Udp"
 110     source_port_range          = "*"
 111     destination_port_range     = "4500"
 112     source_address_prefix      = "*"
 113     destination_address_prefix = "*"
 114   }
 115   security_rule {
 116     name                       = "SSH"
 117     priority                   = 102
 118     direction                  = "Inbound"
 119     access                     = "Allow"
 120     protocol                   = "Tcp"
 121     source_port_range          = "*"
 122     destination_port_range     = "22"
 123     source_address_prefix      = "*"
 124     destination_address_prefix = "*"
 125   }
 126   security_rule {
 127     name                       = "InboundAll"
 128     priority                   = 103
 129     direction                  = "Inbound"
 130     access                     = "Allow"
 131     protocol                   = "*"
 132     source_port_range          = "*"
 133     destination_port_range     = "*"
 134     source_address_prefix      = "*"
 135     destination_address_prefix = "*"
 136   }
 137   security_rule {
 138     name                       = "Outbound"
 139     priority                   = 104
 140     direction                  = "Outbound"
 141     access                     = "Allow"
 142     protocol                   = "*"
 143     source_port_range          = "*"
 144     destination_port_range     = "*"
 145     source_address_prefix      = "*"
 146     destination_address_prefix = "*"
 147   }
 148   depends_on = [azurerm_virtual_network.CSIT]
 149 }
 150
 151 # Create public IPs
 152
 153 resource "azurerm_public_ip" "tg_public_ip" {
 154     name                         = "tg_public_ip"
 155     location                     = azurerm_resource_group.CSIT.location
 156     resource_group_name          = azurerm_resource_group.CSIT.name
 157     allocation_method            = "Dynamic"
 158     depends_on                   = [ azurerm_resource_group.CSIT ]
 159 }
 160
 161 resource "azurerm_public_ip" "dut1_public_ip" {
 162     name                         = "dut1_public_ip"
 163     location                     = azurerm_resource_group.CSIT.location
 164     resource_group_name          = azurerm_resource_group.CSIT.name
 165     allocation_method            = "Dynamic"
 166     depends_on                   = [ azurerm_resource_group.CSIT ]
 167 }
 168
 169 resource "azurerm_public_ip" "dut2_public_ip" {
 170     name                         = "dut2_public_ip"
 171     location                     = azurerm_resource_group.CSIT.location
 172     resource_group_name          = azurerm_resource_group.CSIT.name
 173     allocation_method            = "Dynamic"
 174     depends_on                   = [ azurerm_resource_group.CSIT ]
 175 }
 176
 177 # Create network interface
 178
 179 resource "azurerm_network_interface" "tg_mng" {
 180     name                      = "tg_mng"
 181     location                  = azurerm_resource_group.CSIT.location
 182     resource_group_name       = azurerm_resource_group.CSIT.name
 183     network_security_group_id = azurerm_network_security_group.CSIT.id
 184     ip_configuration {
 185         primary                       = "true"
 186         name                          = "tg_mng_ip"
 187         subnet_id                     = azurerm_subnet.a.id
 188         private_ip_address_allocation = "Static"
 189         private_ip_address            = "172.16.0.10"
 190         public_ip_address_id          = azurerm_public_ip.tg_public_ip.id
 191     }
 192     depends_on                = [ azurerm_resource_group.CSIT,
 193                                   azurerm_subnet.a,
 194                                   azurerm_public_ip.tg_public_ip ]
 195 }
 196
 197 resource "azurerm_network_interface" "dut1_mng" {
 198     name                      = "dut1_mng"
 199     location                  = azurerm_resource_group.CSIT.location
 200     resource_group_name       = azurerm_resource_group.CSIT.name
 201     network_security_group_id = azurerm_network_security_group.CSIT.id
 202     ip_configuration {
 203         primary                       = "true"
 204         name                          = "dut1_mng_ip"
 205         subnet_id                     = azurerm_subnet.a.id
 206         private_ip_address_allocation = "Static"
 207         private_ip_address            = "172.16.0.11"
 208         public_ip_address_id          = azurerm_public_ip.dut1_public_ip.id
 209     }
 210     depends_on                = [ azurerm_resource_group.CSIT,
 211                                   azurerm_subnet.a,
 212                                   azurerm_public_ip.dut1_public_ip ]
 213 }
 214
 215 resource "azurerm_network_interface" "dut2_mng" {
 216     name                      = "dut2_mng"
 217     location                  = azurerm_resource_group.CSIT.location
 218     resource_group_name       = azurerm_resource_group.CSIT.name
 219     network_security_group_id = azurerm_network_security_group.CSIT.id
 220     ip_configuration {
 221         primary                       = "true"
 222         name                          = "dut2_mng_ip"
 223         subnet_id                     = azurerm_subnet.a.id
 224         private_ip_address_allocation = "Static"
 225         private_ip_address            = "172.16.0.12"
 226         public_ip_address_id          = azurerm_public_ip.dut2_public_ip.id
 227     }
 228     depends_on                = [ azurerm_resource_group.CSIT,
 229                                   azurerm_subnet.a,
 230                                   azurerm_public_ip.dut2_public_ip ]
 231 }
 232
 233 resource "azurerm_route_table" "b" {
 234   name                          = "b"
 235   location                      = azurerm_resource_group.CSIT.location
 236   resource_group_name           = azurerm_resource_group.CSIT.name
 237   depends_on                    = [ azurerm_resource_group.CSIT,
 238                                     azurerm_subnet.b ]
 239   disable_bgp_route_propagation = false
 240   route {
 241     name                    = "route-10"
 242     address_prefix          = "10.0.0.0/24"
 243     next_hop_type           = "VirtualAppliance"
 244     next_hop_in_ip_address  = "192.168.10.254"
 245   }
 246   route {
 247     name                    = "route-20"
 248     address_prefix          = "20.0.0.0/24"
 249     next_hop_type           = "VirtualAppliance"
 250     next_hop_in_ip_address  = "192.168.10.11"
 251   }
 252   route {
 253     name                    = "tg2"
 254     address_prefix          = "192.168.20.0/24"
 255     next_hop_type           = "VirtualAppliance"
 256     next_hop_in_ip_address  = "192.168.10.11"
 257   }
 258 }
 259
 260 resource "azurerm_route_table" "c" {
 261   name                          = "c"
 262   location                      = azurerm_resource_group.CSIT.location
 263   resource_group_name           = azurerm_resource_group.CSIT.name
 264   depends_on                    = [ azurerm_resource_group.CSIT,
 265                                     azurerm_subnet.c ]
 266   disable_bgp_route_propagation = false
 267   route {
 268     name                    = "route-10"
 269     address_prefix          = "10.0.0.0/24"
 270     next_hop_type           = "VirtualAppliance"
 271     next_hop_in_ip_address  = "200.0.0.101"
 272   }
 273   route {
 274     name                    = "route-20"
 275     address_prefix          = "20.0.0.0/24"
 276     next_hop_type           = "VirtualAppliance"
 277     next_hop_in_ip_address  = "200.0.0.102"
 278   }
 279   route {
 280     name                    = "tg1"
 281     address_prefix          = "192.168.10.0/24"
 282     next_hop_type           = "VirtualAppliance"
 283     next_hop_in_ip_address  = "200.0.0.101"
 284   }
 285   route {
 286     name                    = "tg2"
 287     address_prefix          = "192.168.20.0/24"
 288     next_hop_type           = "VirtualAppliance"
 289     next_hop_in_ip_address  = "200.0.0.102"
 290   }
 291 }
 292
 293 resource "azurerm_route_table" "d" {
 294   name                          = "d"
 295   location                      = azurerm_resource_group.CSIT.location
 296   resource_group_name           = azurerm_resource_group.CSIT.name
 297   depends_on                    = [ azurerm_resource_group.CSIT,
 298                                     azurerm_subnet.d ]
 299   disable_bgp_route_propagation = false
 300   route {
 301     name                    = "route-10"
 302     address_prefix          = "10.0.0.0/24"
 303     next_hop_type           = "VirtualAppliance"
 304     next_hop_in_ip_address  = "192.168.20.11"
 305   }
 306   route {
 307     name                    = "route-20"
 308     address_prefix          = "20.0.0.0/24"
 309     next_hop_type           = "VirtualAppliance"
 310     next_hop_in_ip_address  = "192.168.20.254"
 311   }
 312   route {
 313     name                    = "tg1"
 314     address_prefix          = "192.168.10.0/24"
 315     next_hop_type           = "VirtualAppliance"
 316     next_hop_in_ip_address  = "192.168.20.11"
 317   }
 318 }
 319
 320 resource "azurerm_subnet_route_table_association" "b" {
 321   subnet_id      = azurerm_subnet.b.id
 322   route_table_id = azurerm_route_table.b.id
 323 }
 324
 325 resource "azurerm_subnet_route_table_association" "c" {
 326   subnet_id      = azurerm_subnet.c.id
 327   route_table_id = azurerm_route_table.c.id
 328 }
 329
 330 resource "azurerm_subnet_route_table_association" "d" {
 331   subnet_id      = azurerm_subnet.d.id
 332   route_table_id = azurerm_route_table.d.id
 333 }
 334
 335 resource "azurerm_virtual_machine" "tg" {
 336     name                             = "tg"
 337     location                         = azurerm_resource_group.CSIT.location
 338     resource_group_name              = azurerm_resource_group.CSIT.name
 339     primary_network_interface_id     = azurerm_network_interface.tg_mng.id
 340     network_interface_ids            = [ azurerm_network_interface.tg_mng.id,
 341                                          azurerm_network_interface.tg_if1.id,
 342                                          azurerm_network_interface.tg_if2.id ]
 343     vm_size                          = "Standard_F32s_v2"
 344     delete_os_disk_on_termination    = true
 345     delete_data_disks_on_termination = true
 346     storage_os_disk {
 347         name              = "OsDiskTG"
 348         caching           = "ReadWrite"
 349         create_option     = "FromImage"
 350         managed_disk_type = "StandardSSD_LRS"
 351     }
 352     storage_image_reference {
 353         publisher = "Canonical"
 354         offer     = "UbuntuServer"
 355         sku       = "18.04-LTS"
 356         version   = "latest"
 357     }
 358     os_profile {
 359         computer_name  = "tg"
 360         admin_username = "ubuntu"
 361     }
 362     os_profile_linux_config {
 363         disable_password_authentication = false
 364         ssh_keys {
 365             path     = "/home/ubuntu/.ssh/authorized_keys"
 366             key_data = file("~/.ssh/id_rsa.pub")
 367         }
 368     }
 369     depends_on          = [ azurerm_resource_group.CSIT,
 370                             azurerm_network_interface.tg_mng ]
 371 }
 372
 373 resource "azurerm_virtual_machine" "dut1" {
 374     name                             = "dut1"
 375     location                         = azurerm_resource_group.CSIT.location
 376     resource_group_name              = azurerm_resource_group.CSIT.name
 377     primary_network_interface_id     = azurerm_network_interface.dut1_mng.id
 378     network_interface_ids            = [ azurerm_network_interface.dut1_mng.id,
 379                                          azurerm_network_interface.dut1_if1.id,
 380                                          azurerm_network_interface.dut1_if2.id ]
 381     vm_size                          = "Standard_F32s_v2"
 382     delete_os_disk_on_termination    = true
 383     delete_data_disks_on_termination = true
 384     storage_os_disk {
 385         name              = "OsDiskDUT1"
 386         caching           = "ReadWrite"
 387         create_option     = "FromImage"
 388         managed_disk_type = "StandardSSD_LRS"
 389     }
 390     storage_image_reference {
 391         publisher = "Canonical"
 392         offer     = "UbuntuServer"
 393         sku       = "18.04-LTS"
 394         version   = "latest"
 395     }
 396     os_profile {
 397         computer_name  = "dut1"
 398         admin_username = "ubuntu"
 399     }
 400     os_profile_linux_config {
 401         disable_password_authentication = false
 402         ssh_keys {
 403             path     = "/home/ubuntu/.ssh/authorized_keys"
 404             key_data = file("~/.ssh/id_rsa.pub")
 405         }
 406     }
 407     depends_on          = [ azurerm_resource_group.CSIT,
 408                             azurerm_network_interface.dut1_mng ]
 409 }
 410
 411 resource "azurerm_virtual_machine" "dut2" {
 412     name                             = "dut2"
 413     location                         = azurerm_resource_group.CSIT.location
 414     resource_group_name              = azurerm_resource_group.CSIT.name
 415     primary_network_interface_id     = azurerm_network_interface.dut2_mng.id
 416     network_interface_ids            = [ azurerm_network_interface.dut2_mng.id,
 417                                          azurerm_network_interface.dut2_if1.id,
 418                                          azurerm_network_interface.dut2_if2.id ]
 419     vm_size                          = "Standard_F32s_v2"
 420     delete_os_disk_on_termination    = true
 421     delete_data_disks_on_termination = true
 422     storage_os_disk {
 423         name              = "OsDiskDUT2"
 424         caching           = "ReadWrite"
 425         create_option     = "FromImage"
 426         managed_disk_type = "StandardSSD_LRS"
 427     }
 428     storage_image_reference {
 429         publisher = "Canonical"
 430         offer     = "UbuntuServer"
 431         sku       = "18.04-LTS"
 432         version   = "latest"
 433     }
 434     os_profile {
 435         computer_name  = "dut2"
 436         admin_username = "ubuntu"
 437     }
 438     os_profile_linux_config {
 439         disable_password_authentication = false
 440         ssh_keys {
 441             path     = "/home/ubuntu/.ssh/authorized_keys"
 442             key_data = file("~/.ssh/id_rsa.pub")
 443         }
 444     }
 445     depends_on          = [ azurerm_resource_group.CSIT,
 446                             azurerm_network_interface.dut2_mng ]
 447 }
 448
 449 data "azurerm_public_ip" "tg_public_ip" {
 450   name                = "tg_public_ip"
 451   resource_group_name = azurerm_resource_group.CSIT.name
 452   depends_on          = [ azurerm_virtual_machine.tg ]
 453 }
 454
 455 data "azurerm_public_ip" "dut1_public_ip" {
 456   name                = "dut1_public_ip"
 457   resource_group_name = azurerm_resource_group.CSIT.name
 458   depends_on          = [ azurerm_virtual_machine.dut1 ]
 459 }
 460
 461 data "azurerm_public_ip" "dut2_public_ip" {
 462   name                = "dut2_public_ip"
 463   resource_group_name = azurerm_resource_group.CSIT.name
 464   depends_on          = [ azurerm_virtual_machine.dut2 ]
 465 }
 466
 467 # Provisioning
 468
 469 resource "null_resource" "deploy_tg" {
 470   depends_on = [ azurerm_virtual_machine.tg,
 471                  azurerm_network_interface.tg_if1,
 472                  azurerm_network_interface.tg_if2 ]
 473   connection {
 474     user = "ubuntu"
 475     host = data.azurerm_public_ip.tg_public_ip.ip_address
 476     private_key = file("~/.ssh/id_rsa")
 477   }
 478   provisioner "ansible" {
 479     plays {
 480       playbook {
 481         file_path = "../../testbed-setup/ansible/site_azure.yaml"
 482         force_handlers = true
 483       }
 484       hosts = ["tg"]
 485       extra_vars = {
 486         ansible_python_interpreter = "/usr/bin/python3"
 487         azure = true
 488       }
 489     }
 490   }
 491 }
 492
 493 resource "null_resource" "deploy_dut1" {
 494   depends_on = [ azurerm_virtual_machine.dut1,
 495                  azurerm_network_interface.dut1_if1,
 496                  azurerm_network_interface.dut1_if2 ]
 497   connection {
 498     user = "ubuntu"
 499     host = data.azurerm_public_ip.dut1_public_ip.ip_address
 500     private_key = file("~/.ssh/id_rsa")
 501   }
 502   provisioner "ansible" {
 503     plays {
 504       playbook {
 505         file_path = "../../testbed-setup/ansible/site_azure.yaml"
 506         force_handlers = true
 507       }
 508       hosts = ["sut"]
 509       extra_vars = {
 510         ansible_python_interpreter = "/usr/bin/python3"
 511         azure = true
 512       }
 513     }
 514   }
 515 }
 516
 517 resource "null_resource" "deploy_dut2" {
 518   depends_on = [ azurerm_virtual_machine.dut2,
 519                  azurerm_network_interface.dut2_if1,
 520                  azurerm_network_interface.dut2_if2 ]
 521   connection {
 522     user = "ubuntu"
 523     host = data.azurerm_public_ip.dut2_public_ip.ip_address
 524     private_key = file("~/.ssh/id_rsa")
 525   }
 526   provisioner "ansible" {
 527     plays {
 528       playbook {
 529         file_path = "../../testbed-setup/ansible/site_azure.yaml"
 530         force_handlers = true
 531       }
 532       hosts = ["sut"]
 533       extra_vars = {
 534         ansible_python_interpreter = "/usr/bin/python3"
 535         azure = true
 536       }
 537     }
 538   }
 539 }
 540
 541 eesource "null_resource" "deploy_topology" {
 542   depends_on = [ azurerm_virtual_machine.tg,
 543                  azurerm_network_interface.tg_if1,
 544                  azurerm_network_interface.tg_if2,
 545                  azurerm_virtual_machine.dut1,
 546                  azurerm_network_interface.dut1_if1,
 547                  azurerm_network_interface.dut1_if2
 548                  azurerm_virtual_machine.dut2,
 549                  azurerm_network_interface.dut2_if1,
 550                  azurerm_network_interface.dut2_if2 ]
 551   provisioner "ansible" {
 552     plays {
 553       playbook {
 554         file_path = "../../testbed-setup/ansible/cloud_topology.yaml"
 555       }
 556       hosts = ["local"]
 557       extra_vars = {
 558         ansible_python_interpreter = "/usr/bin/python3"
 559         cloud_topology = "azure"
 560         tg_if1_mac = azurerm_network_interface.tg_if1.mac_address
 561         tg_if2_mac = azurerm_network_interface.tg_if2.mac_address
 562         dut1_if1_mac = azurerm_network_interface.dut1_if1.mac_address
 563         dut1_if2_mac = azurerm_network_interface.dut1_if2.mac_address
 564         dut2_if1_mac = azurerm_network_interface.dut2_if1.mac_address
 565         dut2_if2_mac = azurerm_network_interface.dut2_if2.mac_address
 566         tg_public_ip = data.azurerm_public_ip.tg_public_ip.ip_address
 567         dut1_public_ip = data.azurerm_public_ip.dut1_public_ip.ip_address
 568         dut2_public_ip = data.azurerm_public_ip.dut2_public_ip.ip_address
 569       }
 570     }
 571   }
 572 }
 573
 574 output "dbg_tg" {
 575   value = "TG IP: ${data.azurerm_public_ip.tg_public_ip.ip_address}"
 576 }
 577
 578 output "dbg_dut1" {
 579   value = "DUT1 IP: ${data.azurerm_public_ip.dut1_public_ip.ip_address}"
 580 }
 581
 582 output "dbg_dut2" {
 583   value = "DUT2 IP: ${data.azurerm_public_ip.dut2_public_ip.ip_address}"
 584 }