- name: Create Topology File
template:
- src: "templates/topology_{{ cloud_topology }}.j2"
- dest: "../topologies/available/{{ cloud_topology }}_{{ testbed_name }}.yaml"
+ src: "templates/topology-{{ cloud_topology }}.j2"
+ dest: "../topologies/available/{{ cloud_topology }}-{{ testbed_name }}.yaml"
tags:
- create-topology-file
{{ tg_public_ip }}
sut:
hosts:
- {{ dut1_public_ip }}
+ {{ dut1_public_ip | default() }}
{{ dut2_public_ip | default() }}
**/.terraform/*
# .tfstate files
-#*.tfstate
-#*.tfstate.*
+*.tfstate
+*.tfstate.*
.terraform.lock.hcl
.terraform.tfstate.lock.info
+++ /dev/null
-# Terraform CI Infra
-
-This folder contains configuration for terraform based deployments.
-
-## Nomad
-
-Application orchestration - Nomad
-- ./1n_nmd/
-
-## AWS
-
-Testbed deployment - Amazon AWS
-- ./2n_aws_c5n/
-- ./3n_aws_c5n/
-
-## Azure
-
-Testbed deployment - Microsoft Azure
-- ./3n_azure_fsv2/
--- /dev/null
+data "vault_aws_access_credentials" "creds" {
+ backend = "${var.vault-name}-path"
+ role = "${var.vault-name}-role"
+}
+
+locals {
+ ansible_python_executable = "/usr/bin/python3"
+ availability_zone = "eu-central-1a"
+ name = "csit-vpc"
+ environment = "csit-vpc-environment"
+ key_pair_key_name = "${var.resource_prefix}-${var.testbed_name}-pk"
+ placement_group_name = "${var.resource_prefix}-${var.testbed_name}-pg"
+ security_group_name = "${var.resource_prefix}-${var.testbed_name}-sg"
+ testbed_name = "testbed1"
+ topology_name = "2n-aws-c5n"
+ tg_name = "${var.resource_prefix}-${var.testbed_name}-tg"
+ sut1_name = "${var.resource_prefix}-${var.testbed_name}-sut1"
+}
+
+# Create VPC
+module "vpc" {
+ source = "../terraform-aws-vpc"
+ security_group_name = local.security_group_name
+ subnet_availability_zone = local.availability_zone
+ tags_name = local.name
+ tags_environment = local.environment
+}
+
+# Create Subnet
+module "subnet_b" {
+ source = "../terraform-aws-subnet"
+ subnet_cidr_block = "192.168.10.0/24"
+ subnet_ipv6_cidr_block = cidrsubnet(module.vpc.vpc_ipv6_cidr_block, 8, 2)
+ subnet_availability_zone = local.availability_zone
+ tags_name = local.name
+ tags_environment = local.environment
+ subnet_vpc_id = module.vpc.vpc_id
+}
+
+module "subnet_d" {
+ source = "../terraform-aws-subnet"
+ subnet_cidr_block = "192.168.20.0/24"
+ subnet_ipv6_cidr_block = cidrsubnet(module.vpc.vpc_ipv6_cidr_block, 8, 4)
+ subnet_availability_zone = local.availability_zone
+ tags_name = local.name
+ tags_environment = local.environment
+ subnet_vpc_id = module.vpc.vpc_id
+}
+
+# Create Private Key
+resource "tls_private_key" "private_key" {
+ algorithm = var.private_key_algorithm
+ ecdsa_curve = var.private_key_ecdsa_curve
+ rsa_bits = var.private_key_rsa_bits
+}
+
+# Create Key Pair
+resource "aws_key_pair" "key_pair" {
+ depends_on = [
+ tls_private_key.private_key
+ ]
+ key_name = local.key_pair_key_name
+ public_key = tls_private_key.private_key.public_key_openssh
+}
+
+# Create Placement Group
+resource "aws_placement_group" "placement_group" {
+ name = local.placement_group_name
+ strategy = var.placement_group_strategy
+}
+
+# Create Instance
+resource "aws_instance" "tg" {
+ depends_on = [
+ module.vpc,
+ aws_placement_group.placement_group
+ ]
+ ami = var.tg_ami
+ availability_zone = local.availability_zone
+ associate_public_ip_address = var.tg_associate_public_ip_address
+ instance_initiated_shutdown_behavior = var.tg_instance_initiated_shutdown_behavior
+ instance_type = var.tg_instance_type
+ key_name = aws_key_pair.key_pair.key_name
+ placement_group = aws_placement_group.placement_group.id
+ private_ip = var.tg_private_ip
+ source_dest_check = var.tg_source_dest_check
+ subnet_id = module.vpc.vpc_subnet_id
+ vpc_security_group_ids = [module.vpc.vpc_security_group_id]
+ # host_id = "1"
+
+ root_block_device {
+ delete_on_termination = true
+ volume_size = 50
+ }
+
+ tags = {
+ "Name" = local.tg_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "tg_if1" {
+ depends_on = [
+ module.subnet_b,
+ aws_instance.tg
+ ]
+ private_ip = var.tg_if1_private_ip
+ private_ips = [var.tg_if1_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.tg_source_dest_check
+ subnet_id = module.subnet_b.subnet_id
+
+ attachment {
+ instance = aws_instance.tg.id
+ device_index = 1
+ }
+
+ tags = {
+ "Name" = local.tg_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "tg_if2" {
+ depends_on = [
+ module.subnet_d,
+ aws_instance.tg
+ ]
+ private_ips = [var.tg_if2_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.tg_source_dest_check
+ subnet_id = module.subnet_d.subnet_id
+
+ attachment {
+ instance = aws_instance.tg.id
+ device_index = 2
+ }
+
+ tags = {
+ "Name" = local.tg_name
+ "Environment" = local.environment
+ }
+}
+
+data "aws_network_interface" "tg_if1" {
+ id = aws_network_interface.tg_if1.id
+}
+
+data "aws_network_interface" "tg_if2" {
+ id = aws_network_interface.tg_if2.id
+}
+
+resource "aws_route" "route_tg_if1" {
+ depends_on = [
+ aws_instance.tg
+ ]
+ destination_cidr_block = var.destination_cidr_block_tg_if1
+ network_interface_id = aws_instance.tg.primary_network_interface_id
+ route_table_id = module.vpc.vpc_main_route_table_id
+}
+
+resource "aws_route" "route_tg_if2" {
+ depends_on = [
+ aws_instance.tg
+ ]
+ destination_cidr_block = var.destination_cidr_block_tg_if2
+ network_interface_id = aws_instance.tg.primary_network_interface_id
+ route_table_id = module.vpc.vpc_main_route_table_id
+}
+
+resource "aws_instance" "sut1" {
+ depends_on = [
+ module.vpc,
+ aws_placement_group.placement_group
+ ]
+ ami = var.sut1_ami
+ availability_zone = local.availability_zone
+ associate_public_ip_address = var.sut1_associate_public_ip_address
+ instance_initiated_shutdown_behavior = var.sut1_instance_initiated_shutdown_behavior
+ instance_type = var.sut1_instance_type
+ key_name = aws_key_pair.key_pair.key_name
+ placement_group = aws_placement_group.placement_group.id
+ private_ip = var.sut1_private_ip
+ source_dest_check = var.sut1_source_dest_check
+ subnet_id = module.vpc.vpc_subnet_id
+ vpc_security_group_ids = [module.vpc.vpc_security_group_id]
+ # host_id = "2"
+
+ root_block_device {
+ delete_on_termination = true
+ volume_size = 50
+ }
+
+ tags = {
+ "Name" = local.sut1_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "sut1_if1" {
+ depends_on = [
+ module.subnet_b,
+ aws_instance.sut1
+ ]
+ private_ips = [var.sut1_if1_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.sut1_source_dest_check
+ subnet_id = module.subnet_b.subnet_id
+
+ attachment {
+ instance = aws_instance.sut1.id
+ device_index = 1
+ }
+
+ tags = {
+ "Name" = local.sut1_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "sut1_if2" {
+ depends_on = [
+ module.subnet_d,
+ aws_instance.sut1
+ ]
+ private_ips = [var.sut1_if2_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.sut1_source_dest_check
+ subnet_id = module.subnet_d.subnet_id
+
+ attachment {
+ instance = aws_instance.sut1.id
+ device_index = 2
+ }
+
+ tags = {
+ "Name" = local.sut1_name
+ "Environment" = local.environment
+ }
+}
+
+data "aws_network_interface" "sut1_if1" {
+ id = aws_network_interface.sut1_if1.id
+}
+
+data "aws_network_interface" "sut1_if2" {
+ id = aws_network_interface.sut1_if2.id
+}
+
+resource "null_resource" "deploy_tg" {
+ depends_on = [
+ aws_instance.tg,
+ aws_network_interface.tg_if1,
+ aws_network_interface.tg_if2,
+ aws_instance.sut1,
+ aws_network_interface.sut1_if1,
+ aws_network_interface.sut1_if2
+ ]
+
+ connection {
+ user = "ubuntu"
+ host = aws_instance.tg.public_ip
+ private_key = tls_private_key.private_key.private_key_pem
+ }
+
+ provisioner "remote-exec" {
+ inline = var.first_run_commands
+ }
+}
+
+resource "null_resource" "deploy_sut1" {
+ depends_on = [
+ aws_instance.tg,
+ aws_network_interface.tg_if1,
+ aws_network_interface.tg_if2,
+ aws_instance.sut1,
+ aws_network_interface.sut1_if1,
+ aws_network_interface.sut1_if2
+ ]
+
+ connection {
+ user = "ubuntu"
+ host = aws_instance.sut1.public_ip
+ private_key = tls_private_key.private_key.private_key_pem
+ }
+
+ provisioner "remote-exec" {
+ inline = var.first_run_commands
+ }
+}
+
+resource "null_resource" "deploy_topology" {
+ depends_on = [
+ aws_instance.tg,
+ aws_instance.sut1
+ ]
+
+ provisioner "ansible" {
+ plays {
+ playbook {
+ file_path = var.ansible_topology_path
+ }
+ hosts = ["local"]
+ extra_vars = {
+ ansible_python_interpreter = local.ansible_python_executable
+ testbed_name = local.testbed_name
+ cloud_topology = local.topology_name
+ tg_if1_mac = data.aws_network_interface.tg_if1.mac_address
+ tg_if2_mac = data.aws_network_interface.tg_if2.mac_address
+ dut1_if1_mac = data.aws_network_interface.sut1_if1.mac_address
+ dut1_if2_mac = data.aws_network_interface.sut1_if2.mac_address
+ tg_public_ip = aws_instance.tg.public_ip
+ dut1_public_ip = aws_instance.sut1.public_ip
+ public_ip_list = "${aws_instance.tg.public_ip},${aws_instance.sut1.public_ip}"
+ }
+ }
+ }
+}
\ No newline at end of file
--- /dev/null
+provider "aws" {
+ region = var.region
+ access_key = data.vault_aws_access_credentials.creds.access_key
+ secret_key = data.vault_aws_access_credentials.creds.secret_key
+}
+
+provider "vault" {
+ address = "http://10.30.51.28:8200"
+ skip_tls_verify = true
+ token = "s.4z5PsufFwV3sHbCzK9Y2Cojd"
+}
\ No newline at end of file
--- /dev/null
+variable "vault-name" {
+ default = "dynamic-aws-creds-vault-fdio"
+}
+
+variable "region" {
+ description = "AWS Region."
+ type = string
+ default = "eu-central-1"
+}
+
+variable "resource_prefix" {
+ description = "Resources name prefix."
+ type = string
+ default = "csit-2n-aws-c5n"
+}
+
+variable "testbed_name" {
+ description = "Testbed name."
+ type = string
+ default = "testbed1"
+}
+
+# Variables for Private Key
+variable "private_key_algorithm" {
+ description = "The name of the algorithm to use for the key."
+ type = string
+ default = "RSA"
+}
+
+variable "private_key_ecdsa_curve" {
+ description = "When algorithm is ECDSA, the name of the elliptic curve to use."
+ type = string
+ default = "P521"
+}
+
+variable "private_key_rsa_bits" {
+ description = "When algorithm is RSA, the size of the generated RSA key in bits."
+ type = number
+ default = 4096
+}
+
+# Variables for Placement Group
+variable "placement_group_strategy" {
+ description = "The placement strategy. Can be cluster, partition or spread."
+ type = string
+ default = "cluster"
+}
+
+# Variables for Instance
+variable "tg_ami" {
+ description = "AMI to use for the instance."
+ type = string
+ default = "ami-0c2d02d48236a23dd"
+}
+
+variable "tg_associate_public_ip_address" {
+ description = "Whether to associate a public IP address with an instance in a VPC."
+ type = bool
+ default = true
+}
+
+variable "tg_instance_initiated_shutdown_behavior" {
+ description = "Shutdown behavior for the instance."
+ type = string
+ default = "terminate"
+}
+
+variable "tg_instance_type" {
+ description = "The instance type to use for the instance."
+ type = string
+ default = "c5n.4xlarge"
+}
+
+variable "tg_private_ip" {
+ description = "Private IP address to associate with the instance in a VPC."
+ type = string
+ default = "192.168.0.10"
+}
+
+variable "tg_source_dest_check" {
+ description = "Controls if traffic is routed to the instance when the destination address does not match the instance."
+ type = bool
+ default = false
+}
+
+variable "sut1_ami" {
+ description = "AMI to use for the instance."
+ type = string
+ default = "ami-0c2d02d48236a23dd"
+}
+
+variable "sut1_associate_public_ip_address" {
+ description = "Whether to associate a public IP address with an instance in a VPC."
+ type = bool
+ default = true
+}
+
+variable "sut1_instance_initiated_shutdown_behavior" {
+ description = "Shutdown behavior for the instance."
+ type = string
+ default = "terminate"
+}
+
+variable "sut1_instance_type" {
+ description = "The instance type to use for the instance."
+ type = string
+ default = "c5n.4xlarge"
+}
+
+variable "sut1_private_ip" {
+ description = "Private IP address to associate with the instance in a VPC."
+ type = string
+ default = "192.168.0.11"
+}
+
+variable "sut1_source_dest_check" {
+ description = "Controls if traffic is routed to the instance when the destination address does not match the instance."
+ type = bool
+ default = false
+}
+
+# Variables for Network Interface
+variable "tg_if1_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "192.168.10.254"
+}
+
+variable "tg_if2_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "192.168.20.254"
+}
+
+variable "destination_cidr_block_tg_if1" {
+ description = "The destination CIDR block."
+ type = string
+ default = "10.0.0.0/16"
+}
+
+variable "destination_cidr_block_tg_if2" {
+ description = "The destination CIDR block."
+ type = string
+ default = "20.0.0.0/16"
+}
+
+variable "sut1_if1_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "192.168.10.11"
+}
+
+variable "sut1_if2_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "192.168.20.11"
+}
+
+# Variables for Null Resource
+variable "first_run_commands" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = list(string)
+ default = [
+ "sudo sed -i 's/^PasswordAuthentication/#PasswordAuthentication/' /etc/ssh/sshd_config",
+ "sudo systemctl restart sshd",
+ "sudo useradd --create-home -s /bin/bash provisionuser",
+ "echo 'provisionuser:Csit1234' | sudo chpasswd",
+ "echo 'provisionuser ALL = (ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers",
+ "sudo useradd --create-home -s /bin/bash testuser",
+ "echo 'testuser:Csit1234' | sudo chpasswd",
+ "echo 'testuser ALL = (ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers"
+ ]
+}
+
+# Variables for Null Resource
+variable "ansible_topology_path" {
+ description = "Ansible topology path."
+ type = string
+ default = "../../fdio.infra.ansible/cloud_topology.yaml"
+}
--- /dev/null
+terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 4.3.0"
+ }
+ null = {
+ source = "hashicorp/null"
+ version = "~> 3.1.0"
+ }
+ tls = {
+ source = "hashicorp/tls"
+ version = "~> 3.1.0"
+ }
+ vault = {
+ version = ">=2.22.1"
+ }
+ }
+ required_version = ">= 1.1.4"
+}
version = "~> 4.3.0"
}
}
- required_version = ">= 1.1.4"
+ required_version = ">= 1.0.4"
}
from_port = lookup(ingress.value, "from_port", null)
to_port = lookup(ingress.value, "to_port", null)
protocol = lookup(ingress.value, "protocol", null)
+ self = lookup(ingress.value, "self", null)
cidr_blocks = lookup(ingress.value, "cidr_blocks", null)
ipv6_cidr_blocks = lookup(ingress.value, "ipv6_cidr_blocks", null)
}
dynamic "egress" {
for_each = var.security_group_egress
content {
- from_port = lookup(ingress.value, "from_port", null)
- to_port = lookup(ingress.value, "to_port", null)
- protocol = lookup(ingress.value, "protocol", null)
- cidr_blocks = lookup(ingress.value, "cidr_blocks", null)
- ipv6_cidr_blocks = lookup(ingress.value, "ipv6_cidr_blocks", null)
+ from_port = lookup(egress.value, "from_port", null)
+ to_port = lookup(egress.value, "to_port", null)
+ protocol = lookup(egress.value, "protocol", null)
+ self = lookup(egress.value, "self", null)
+ cidr_blocks = lookup(egress.value, "cidr_blocks", null)
+ ipv6_cidr_blocks = lookup(egress.value, "ipv6_cidr_blocks", null)
}
}
}
output "vpc_id" {
value = aws_vpc.vpc.id
- description = "The ID of the VPC"
+ description = "The ID of the VPC."
}
output "vpc_ipv6_cidr_block" {
value = aws_vpc.vpc.ipv6_cidr_block
- description = "IPv6 CIDR block"
-}
\ No newline at end of file
+ description = "IPv6 CIDR block."
+}
+
+output "vpc_main_route_table_id" {
+ value = aws_vpc.vpc.main_route_table_id
+ description = "The ID of the Main Route Table."
+}
+
+output "vpc_subnet_id" {
+ value = aws_subnet.subnet.id
+ description = "The ID of the Subnet."
+}
+
+output "vpc_security_group_id" {
+ value = aws_security_group.security_group.id
+ description = "The ID of the Security Group."
+}
from_port = 22
to_port = 22
protocol = "tcp"
+ self = false
+ cidr_blocks = ["0.0.0.0/0"]
+ ipv6_cidr_blocks = ["::/0"]
+ },
+ {
+ from_port = 0
+ to_port = 0
+ protocol = -1
+ self = true
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
},
version = "~> 4.3.0"
}
}
- required_version = ">= 1.1.4"
+ required_version = ">= 1.0.4"
}
TOPOLOGIES_TAGS="2_node_single_link_topo"
;;
"2n_aws")
- TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*2n_aws*.yaml )
+ TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*2n-aws*.yaml )
TOPOLOGIES_TAGS="2_node_single_link_topo"
;;
"3n_aws")
- TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*3n_aws*.yaml )
+ TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*3n-aws*.yaml )
TOPOLOGIES_TAGS="3_node_single_link_topo"
;;
*)
fi
pushd "${CSIT_DIR}"/fdio.infra.terraform || die "Pushd failed!"
- pushd "${NODENESS}_${FLAVOR}_c5n" || die "Pushd failed!"
+ pushd "terraform-aws-${NODENESS}-${FLAVOR}-c5n" || die "Pushd failed!"
export TF_LOG=INFO
trap 'terraform_destroy' ERR || {
die "Trap attempt failed, please cleanup manually. Aborting!"
fi
pushd "${CSIT_DIR}"/fdio.infra.terraform || die "Pushd failed!"
- pushd "${NODENESS}_${FLAVOR}_c5n" || die "Pushd failed!"
+ pushd "terraform-aws-${NODENESS}-${FLAVOR}-c5n" || die "Pushd failed!"
export TF_LOG=INFO
terraform destroy -auto-approve -no-color || die "Terraform destroy failed!"
popd || die "Popd failed!"
fi
pushd "${CSIT_DIR}"/fdio.infra.terraform || die "Pushd failed!"
- pushd "${NODENESS}_${FLAVOR}_c5n" || die "Pushd failed!"
+ pushd "terraform-aws-${NODENESS}-${FLAVOR}-c5n" || die "Pushd failed!"
plugin_url="https://github.com/radekg/terraform-provisioner-ansible/"
plugin_url+="releases/download/v2.5.0/"
Code Review / csit.git / commitdiff