--- /dev/null
+Terraform-aws-csit modules
+--------------------------
+
+Terraform-aws-csit module is IaaC - infrastructure as a code. Module uses the
+Amazon Web Services (AWS) provider to interact with resources provided by AWS
+to orchestrate virtual environment for running CSIT tests.
+
+- `aws <https://registry.terraform.io/providers/hashicorp/aws/latest/>`_.
+
+Compatibility
+~~~~~~~~~~~~~
+
++-----------+----------------+
+| Software | OSS Version |
++===========+================+
+| Terraform | 1.0.3 or newer |
++-----------+----------------+
+| Vault | 1.8.4 or newer |
++-----------+----------------+
+
+Requirements
+~~~~~~~~~~~~
+
+Required modules and provider
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- `aws <https://registry.terraform.io/providers/hashicorp/aws/latest>`_.
+- `null <https://registry.terraform.io/providers/hashicorp/null/latest>`_.
+- `tls <https://registry.terraform.io/providers/hashicorp/tls>`_.
+- `vault <https://registry.terraform.io/providers/hashicorp/vault>`_.
+
+Required software
+^^^^^^^^^^^^^^^^^
+
+- `Vault <https://releases.hashicorp.com/vault/>`_ service available on
+ specified ip/port.
+
+Usage
+~~~~~
+
+- OPTIONAL: Enable logging
+ Terraform does not have logging enabled by default, to enable logging
+ to stderr, set up TF_LOG variable with specified loglevel:
+ Available loglevels: TRACE, DEBUG, INFO, WARN, ERROR
+
+ ::
+
+ export TF_LOG="LOGLEVEL"
+
+ It is also possible to store logged output to a file by setting up
+ TF_LOG_PATH variable:
+
+ ::
+
+ export TF_LOG_PATH="path/to/logfile"
+
+- Run Terraform in a given root module folder depending on chosen testbed
+ topology. Terraform will deploy and configure instances and other resources,
+ all of these resources can be later identified on AWS via Environment tag.
+ By default, Environment tag "CSIT-AWS" is used.
+ Example:
+
+ ::
+
+ cd fdio.infra.terraform/2n_aws_c5n/
+ terraform init
+ terraform plan
+ terraform apply
+
+ This will deploy environment with default values, you can check the defaults
+ in ./2n_aws_c5n/main.tf and ./2n_aws_c5n/variables.tf files
+
+ If you would like to change some of these values, you can:
+
+ 1. Set up TF_VAR_* environment variables prior to running 'terraform apply':
+
+ ::
+
+ export TF_VAR_testbed_name="testbed1"
+
+ 2. Use '-var=varname=value' flag when running 'terraform apply':
+
+ ::
+
+ terraform apply -var=testbed_name=testbed1
+
+ Note:
+ Only variables defined in variables.tf file of the root module can be
+ changed using these methods.
+
+- To clean up the AWS environment and remove all used resources, run:
+
+ ::
+
+ terraform destroy
+
+Example usage
+~~~~~~~~~~~~~
+
+These are the default values for the AWS modules. The following example is
+2n topology (3n topology variant is very similar). Few variables are defined in
+a `variable.tf` file.
+
+::
+
+ module "deploy" {
+ source = "./deploy"
+
+ # Parameters starting with var. can be set using "TF_VAR_*" environment
+ # variables or -var parameter when running "terraform apply", for default
+ # values see ./variables.tf
+ testbed_name = var.testbed_name
+ topology_name = var.topology_name
+ environment_name = var.environment_name
+ resources_name_prefix = var.resources_name_prefix
+
+ # AWS general
+ region = var.region
+ avail_zone = var.avail_zone
+ instance_type = var.instance_type
+ ami_image_tg = var.ami_image_tg
+ ami_image_sut = var.ami_image_sut
+
+ # AWS Network
+ vpc_cidr_mgmt = "192.168.0.0/24"
+ vpc_cidr_b = "192.168.10.0/24"
+ vpc_cidr_c = "200.0.0.0/24"
+ vpc_cidr_d = "192.168.20.0/24"
+
+ tg_mgmt_ip = "192.168.0.10"
+ dut1_mgmt_ip = "192.168.0.11"
+
+ tg_if1_ip = "192.168.10.254"
+ tg_if2_ip = "192.168.20.254"
+ dut1_if1_ip = "192.168.10.11"
+ dut1_if2_ip = "192.168.20.11"
+
+ trex_dummy_cidr_port_0 = "10.0.0.0/24"
+ trex_dummy_cidr_port_1 = "20.0.0.0/24"
+
+ # Ansible
+ ansible_python_executable = "/usr/bin/python3"
+ ansible_file_path = "../../fdio.infra.ansible/site.yaml"
+ ansible_topology_path = "../../fdio.infra.ansible/cloud_topology.yaml"
+ ansible_provision_pwd = "Csit1234"
+
+ # First run
+ first_run_commands = [
+ "sudo sed -i 's/^PasswordAuthentication/#PasswordAuthentication/' /etc/ssh/sshd_config",
+ "sudo systemctl restart sshd",
+ "sudo useradd --create-home -s /bin/bash provisionuser",
+ "echo 'provisionuser:Csit1234' | sudo chpasswd",
+ "echo 'provisionuser ALL = (ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers",
+ "sudo useradd --create-home -s /bin/bash testuser",
+ "echo 'testuser:Csit1234' | sudo chpasswd",
+ "echo 'testuser ALL = (ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers"
+ ]
+ }
+
+Secrets & Credentials
+~~~~~~~~~~~~~~~~~~~~~
+
+Set credentials manually
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+To set the credentials manually you first need to tell the module to not fetch
+credentials from Vault. To do that, set `provider "aws"` `access_key` and
+`secret_key` to custom value or use credentials file as a source.
+
+::
+
+ provider "aws" {
+ region = var.region
+ access_key = data.vault_aws_access_credentials.creds.access_key
+ secret_key = data.vault_aws_access_credentials.creds.secret_key
+ }
Code Review / csit.git / blobdiff