+++ /dev/null
-provider "azurerm" {
- version = ">= 1.4.0"
-}
-
-# Variables
-
-variable "vpc_addr_space_a" {
- type = string
- default = "172.16.0.0/16"
-}
-
-variable "vpc_cidr_a" {
- type = string
- default = "172.16.0.0/24"
-}
-
-variable "vpc_cidr_b" {
- type = string
- default = "172.16.10.0/24"
-}
-
-variable "vpc_cidr_c" {
- type = string
- default = "172.16.200.0/24"
-}
-
-variable "vpc_cidr_d" {
- type = string
- default = "172.16.20.0/24"
-}
-
-variable "trex_dummy_cidr_port_0" {
- type = string
- default = "172.16.11.0/24"
-}
-
-variable "trex_dummy_cidr_port_1" {
- type = string
- default = "172.16.21.0/24"
-}
-
-# Create resource group and resources
-
-resource "azurerm_resource_group" "CSIT" {
- name = "CSIT"
- #location = "East US"
- location = "UK South"
-}
-
-resource "azurerm_virtual_network" "CSIT" {
- name = "CSIT-network"
- resource_group_name = azurerm_resource_group.CSIT.name
- location = azurerm_resource_group.CSIT.location
- address_space = [var.vpc_addr_space_a]
- depends_on = [azurerm_resource_group.CSIT]
-}
-
-resource "azurerm_subnet" "a" {
- name = "subnet_a"
- resource_group_name = azurerm_resource_group.CSIT.name
- virtual_network_name = azurerm_virtual_network.CSIT.name
- address_prefix = var.vpc_cidr_a
- depends_on = [azurerm_resource_group.CSIT]
-}
-
-resource "azurerm_subnet" "b" {
- name = "subnet_b"
- resource_group_name = azurerm_resource_group.CSIT.name
- virtual_network_name = azurerm_virtual_network.CSIT.name
- address_prefix = var.vpc_cidr_b
- depends_on = [azurerm_resource_group.CSIT]
-}
-
-resource "azurerm_subnet" "c" {
- name = "subnet_c"
- resource_group_name = azurerm_resource_group.CSIT.name
- virtual_network_name = azurerm_virtual_network.CSIT.name
- address_prefix = var.vpc_cidr_c
- depends_on = [azurerm_resource_group.CSIT]
-}
-
-resource "azurerm_subnet" "d" {
- name = "subnet_d"
- resource_group_name = azurerm_resource_group.CSIT.name
- virtual_network_name = azurerm_virtual_network.CSIT.name
- address_prefix = var.vpc_cidr_d
- depends_on = [azurerm_resource_group.CSIT]
-}
-
-# Create a security group of the Kiknos instances
-
-resource "azurerm_network_security_group" "CSIT" {
- name = "CSIT"
- resource_group_name = azurerm_resource_group.CSIT.name
- location = azurerm_resource_group.CSIT.location
- security_rule {
- name = "IpSec"
- priority = 100
- direction = "Inbound"
- access = "Allow"
- protocol = "Udp"
- source_port_range = "*"
- destination_port_range = "500"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
- security_rule {
- name = "IpSec-NAT"
- priority = 101
- direction = "Inbound"
- access = "Allow"
- protocol = "Udp"
- source_port_range = "*"
- destination_port_range = "4500"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
- security_rule {
- name = "SSH"
- priority = 102
- direction = "Inbound"
- access = "Allow"
- protocol = "Tcp"
- source_port_range = "*"
- destination_port_range = "22"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
- security_rule {
- name = "InboundAll"
- priority = 103
- direction = "Inbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
- security_rule {
- name = "Outbound"
- priority = 104
- direction = "Outbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
- depends_on = [azurerm_virtual_network.CSIT]
-}
-
-# Create public IPs
-
-resource "azurerm_public_ip" "tg_public_ip" {
- name = "tg_public_ip"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- allocation_method = "Dynamic"
- depends_on = [azurerm_resource_group.CSIT]
-}
-
-resource "azurerm_public_ip" "dut1_public_ip" {
- name = "dut1_public_ip"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- allocation_method = "Dynamic"
- depends_on = [azurerm_resource_group.CSIT]
-}
-
-resource "azurerm_public_ip" "dut2_public_ip" {
- name = "dut2_public_ip"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- allocation_method = "Dynamic"
- depends_on = [azurerm_resource_group.CSIT]
-}
-
-# Create network interface
-
-resource "azurerm_network_interface" "tg_mng" {
- name = "tg_mng"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- network_security_group_id = azurerm_network_security_group.CSIT.id
- ip_configuration {
- primary = "true"
- name = "tg_mng_ip"
- subnet_id = azurerm_subnet.a.id
- private_ip_address_allocation = "Static"
- private_ip_address = "172.16.0.10"
- public_ip_address_id = azurerm_public_ip.tg_public_ip.id
- }
- depends_on = [azurerm_resource_group.CSIT,
- azurerm_subnet.a,
- azurerm_public_ip.tg_public_ip]
-}
-
-resource "azurerm_network_interface" "dut1_mng" {
- name = "dut1_mng"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- network_security_group_id = azurerm_network_security_group.CSIT.id
- ip_configuration {
- primary = "true"
- name = "dut1_mng_ip"
- subnet_id = azurerm_subnet.a.id
- private_ip_address_allocation = "Static"
- private_ip_address = "172.16.0.11"
- public_ip_address_id = azurerm_public_ip.dut1_public_ip.id
- }
- depends_on = [azurerm_resource_group.CSIT,
- azurerm_subnet.a,
- azurerm_public_ip.dut1_public_ip]
-}
-
-resource "azurerm_network_interface" "dut2_mng" {
- name = "dut2_mng"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- network_security_group_id = azurerm_network_security_group.CSIT.id
- ip_configuration {
- primary = "true"
- name = "dut2_mng_ip"
- subnet_id = azurerm_subnet.a.id
- private_ip_address_allocation = "Static"
- private_ip_address = "172.16.0.12"
- public_ip_address_id = azurerm_public_ip.dut2_public_ip.id
- }
- depends_on = [azurerm_resource_group.CSIT,
- azurerm_subnet.a,
- azurerm_public_ip.dut2_public_ip]
-}
-
-resource "azurerm_route_table" "b" {
- name = "b"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- depends_on = [azurerm_resource_group.CSIT,
- azurerm_subnet.b]
- disable_bgp_route_propagation = false
- route {
- name = "route-10"
- address_prefix = var.trex_dummy_cidr_port_0
- next_hop_type = "VirtualAppliance"
- next_hop_in_ip_address = data.azurerm_network_interface.tg_if1.private_ip_address
- }
- route {
- name = "route-20"
- address_prefix = var.trex_dummy_cidr_port_1
- next_hop_type = "VirtualAppliance"
- next_hop_in_ip_address = data.azurerm_network_interface.dut1_if1.private_ip_address
- }
- route {
- name = "tg2"
- address_prefix = var.vpc_cidr_d
- next_hop_type = "VirtualAppliance"
- next_hop_in_ip_address = data.azurerm_network_interface.dut1_if1.private_ip_address
- }
-}
-
-resource "azurerm_route_table" "c" {
- name = "c"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- depends_on = [azurerm_resource_group.CSIT,
- azurerm_subnet.c]
- disable_bgp_route_propagation = false
- route {
- name = "route-10"
- address_prefix = var.trex_dummy_cidr_port_0
- next_hop_type = "VirtualAppliance"
- next_hop_in_ip_address = data.azurerm_network_interface.dut1_if2.private_ip_address
- }
- route {
- name = "route-100"
- address_prefix = "100.0.0.0/8"
- next_hop_type = "VirtualAppliance"
- next_hop_in_ip_address = data.azurerm_network_interface.dut1_if2.private_ip_address
- }
- route {
- name = "route-20"
- address_prefix = var.trex_dummy_cidr_port_1
- next_hop_type = "VirtualAppliance"
- next_hop_in_ip_address = data.azurerm_network_interface.dut2_if1.private_ip_address
- }
- route {
- name = "tg1"
- address_prefix = var.vpc_cidr_b
- next_hop_type = "VirtualAppliance"
- next_hop_in_ip_address = data.azurerm_network_interface.dut1_if2.private_ip_address
- }
- route {
- name = "tg2"
- address_prefix = var.vpc_cidr_d
- next_hop_type = "VirtualAppliance"
- next_hop_in_ip_address = data.azurerm_network_interface.dut2_if1.private_ip_address
- }
-}
-
-resource "azurerm_route_table" "d" {
- name = "d"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- depends_on = [azurerm_resource_group.CSIT,
- azurerm_subnet.d]
- disable_bgp_route_propagation = false
- route {
- name = "route-10"
- address_prefix = var.trex_dummy_cidr_port_0
- next_hop_type = "VirtualAppliance"
- next_hop_in_ip_address = data.azurerm_network_interface.dut2_if2.private_ip_address
- }
- route {
- name = "route-20"
- address_prefix = var.trex_dummy_cidr_port_1
- next_hop_type = "VirtualAppliance"
- next_hop_in_ip_address = data.azurerm_network_interface.tg_if2.private_ip_address
- }
- route {
- name = "tg1"
- address_prefix = var.vpc_cidr_b
- next_hop_type = "VirtualAppliance"
- next_hop_in_ip_address = data.azurerm_network_interface.dut2_if2.private_ip_address
- }
-}
-
-resource "azurerm_subnet_route_table_association" "b" {
- subnet_id = azurerm_subnet.b.id
- route_table_id = azurerm_route_table.b.id
-}
-
-resource "azurerm_subnet_route_table_association" "c" {
- subnet_id = azurerm_subnet.c.id
- route_table_id = azurerm_route_table.c.id
-}
-
-resource "azurerm_subnet_route_table_association" "d" {
- subnet_id = azurerm_subnet.d.id
- route_table_id = azurerm_route_table.d.id
-}
-
-resource "azurerm_virtual_machine" "tg" {
- name = "tg"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- primary_network_interface_id = azurerm_network_interface.tg_mng.id
- network_interface_ids = [azurerm_network_interface.tg_mng.id,
- azurerm_network_interface.tg_if1.id,
- azurerm_network_interface.tg_if2.id]
- vm_size = "Standard_F32s_v2"
- delete_os_disk_on_termination = true
- delete_data_disks_on_termination = true
- storage_os_disk {
- name = "OsDiskTG"
- caching = "ReadWrite"
- create_option = "FromImage"
- managed_disk_type = "StandardSSD_LRS"
- }
- storage_image_reference {
- publisher = "Canonical"
- offer = "UbuntuServer"
- sku = "18.04-LTS"
- version = "latest"
- }
- os_profile {
- computer_name = "tg"
- admin_username = "ubuntu"
- }
- os_profile_linux_config {
- disable_password_authentication = true
- ssh_keys {
- path = "/home/ubuntu/.ssh/authorized_keys"
- key_data = file("~/.ssh/id_rsa.pub")
- }
- }
- depends_on = [azurerm_resource_group.CSIT,
- azurerm_network_interface.tg_mng]
-}
-
-resource "azurerm_virtual_machine" "dut1" {
- name = "dut1"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- primary_network_interface_id = azurerm_network_interface.dut1_mng.id
- network_interface_ids = [azurerm_network_interface.dut1_mng.id,
- azurerm_network_interface.dut1_if1.id,
- azurerm_network_interface.dut1_if2.id]
- vm_size = "Standard_F32s_v2"
- delete_os_disk_on_termination = true
- delete_data_disks_on_termination = true
- storage_os_disk {
- name = "OsDiskDUT1"
- caching = "ReadWrite"
- create_option = "FromImage"
- managed_disk_type = "StandardSSD_LRS"
- }
- storage_image_reference {
- publisher = "Canonical"
- offer = "UbuntuServer"
- sku = "18.04-LTS"
- version = "latest"
- }
- os_profile {
- computer_name = "dut1"
- admin_username = "ubuntu"
- }
- os_profile_linux_config {
- disable_password_authentication = true
- ssh_keys {
- path = "/home/ubuntu/.ssh/authorized_keys"
- key_data = file("~/.ssh/id_rsa.pub")
- }
- }
- depends_on = [azurerm_resource_group.CSIT,
- azurerm_network_interface.dut1_mng]
-}
-
-resource "azurerm_virtual_machine" "dut2" {
- name = "dut2"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- primary_network_interface_id = azurerm_network_interface.dut2_mng.id
- network_interface_ids = [azurerm_network_interface.dut2_mng.id,
- azurerm_network_interface.dut2_if1.id,
- azurerm_network_interface.dut2_if2.id]
- vm_size = "Standard_F32s_v2"
- delete_os_disk_on_termination = true
- delete_data_disks_on_termination = true
- storage_os_disk {
- name = "OsDiskDUT2"
- caching = "ReadWrite"
- create_option = "FromImage"
- managed_disk_type = "StandardSSD_LRS"
- }
- storage_image_reference {
- publisher = "Canonical"
- offer = "UbuntuServer"
- sku = "18.04-LTS"
- version = "latest"
- }
- os_profile {
- computer_name = "dut2"
- admin_username = "ubuntu"
- }
- os_profile_linux_config {
- disable_password_authentication = true
- ssh_keys {
- path = "/home/ubuntu/.ssh/authorized_keys"
- key_data = file("~/.ssh/id_rsa.pub")
- }
- }
- depends_on = [azurerm_resource_group.CSIT,
- azurerm_network_interface.dut2_mng]
-}
-
-data "azurerm_public_ip" "tg_public_ip" {
- name = "tg_public_ip"
- resource_group_name = azurerm_resource_group.CSIT.name
- depends_on = [azurerm_virtual_machine.tg]
-}
-
-data "azurerm_public_ip" "dut1_public_ip" {
- name = "dut1_public_ip"
- resource_group_name = azurerm_resource_group.CSIT.name
- depends_on = [azurerm_virtual_machine.dut1]
-}
-
-data "azurerm_public_ip" "dut2_public_ip" {
- name = "dut2_public_ip"
- resource_group_name = azurerm_resource_group.CSIT.name
- depends_on = [azurerm_virtual_machine.dut2]
-}
-
-# Provisioning
-
-resource "null_resource" "deploy_tg" {
- depends_on = [azurerm_virtual_machine.tg,
- azurerm_network_interface.tg_if1,
- azurerm_network_interface.tg_if2]
- connection {
- user = "ubuntu"
- host = data.azurerm_public_ip.tg_public_ip.ip_address
- private_key = file("~/.ssh/id_rsa")
- }
- provisioner "ansible" {
- plays {
- playbook {
- file_path = "../../testbed-setup/ansible/site.yaml"
- force_handlers = true
- }
- hosts = ["tg_azure"]
- extra_vars = {
- ansible_python_interpreter = "/usr/bin/python3"
- azure = true
- }
- }
- }
-}
-
-resource "null_resource" "deploy_dut1" {
- depends_on = [azurerm_virtual_machine.dut1,
- azurerm_network_interface.dut1_if1,
- azurerm_network_interface.dut1_if2]
- connection {
- user = "ubuntu"
- host = data.azurerm_public_ip.dut1_public_ip.ip_address
- private_key = file("~/.ssh/id_rsa")
- }
- provisioner "ansible" {
- plays {
- playbook {
- file_path = "../../testbed-setup/ansible/site.yaml"
- force_handlers = true
- }
- hosts = ["sut_azure"]
- extra_vars = {
- ansible_python_interpreter = "/usr/bin/python3"
- azure = true
- }
- }
- }
-}
-
-resource "null_resource" "deploy_dut2" {
- depends_on = [azurerm_virtual_machine.dut2,
- azurerm_network_interface.dut2_if1,
- azurerm_network_interface.dut2_if2]
- connection {
- user = "ubuntu"
- host = data.azurerm_public_ip.dut2_public_ip.ip_address
- private_key = file("~/.ssh/id_rsa")
- }
- provisioner "ansible" {
- plays {
- playbook {
- file_path = "../../testbed-setup/ansible/site.yaml"
- force_handlers = true
- }
- hosts = ["sut_azure"]
- extra_vars = {
- ansible_python_interpreter = "/usr/bin/python3"
- azure = true
- }
- }
- }
-}
-
-resource "null_resource" "deploy_topology" {
- depends_on = [azurerm_virtual_machine.tg,
- azurerm_network_interface.tg_if1,
- azurerm_network_interface.tg_if2,
- azurerm_virtual_machine.dut1,
- azurerm_network_interface.dut1_if1,
- azurerm_network_interface.dut1_if2,
- azurerm_virtual_machine.dut2,
- azurerm_network_interface.dut2_if1,
- azurerm_network_interface.dut2_if2]
- provisioner "ansible" {
- plays {
- playbook {
- file_path = "../../testbed-setup/ansible/cloud_topology.yaml"
- }
- hosts = ["local"]
- extra_vars = {
- ansible_python_interpreter = "/usr/bin/python3"
- cloud_topology = "3n_azure_Fsv2"
- tg_if1_mac = data.azurerm_network_interface.tg_if1.mac_address
- tg_if2_mac = data.azurerm_network_interface.tg_if2.mac_address
- dut1_if1_mac = data.azurerm_network_interface.dut1_if1.mac_address
- dut1_if2_mac = data.azurerm_network_interface.dut1_if2.mac_address
- dut2_if1_mac = data.azurerm_network_interface.dut2_if1.mac_address
- dut2_if2_mac = data.azurerm_network_interface.dut2_if2.mac_address
- tg_public_ip = data.azurerm_public_ip.tg_public_ip.ip_address
- dut1_public_ip = data.azurerm_public_ip.dut1_public_ip.ip_address
- dut2_public_ip = data.azurerm_public_ip.dut2_public_ip.ip_address
- }
- }
- }
-}
-
-output "dbg_tg" {
- value = "TG IP: ${data.azurerm_public_ip.tg_public_ip.ip_address}"
-}
-
-output "dbg_dut1" {
- value = "DUT1 IP: ${data.azurerm_public_ip.dut1_public_ip.ip_address}"
-}
-
-output "dbg_dut2" {
- value = "DUT2 IP: ${data.azurerm_public_ip.dut2_public_ip.ip_address}"
-}
+++ /dev/null
-# Create a network interface for the data-plane traffic
-
-resource "azurerm_network_interface" "dut1_if2" {
- name = "dut1_if2"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- network_security_group_id = azurerm_network_security_group.CSIT.id
- enable_ip_forwarding = "true"
- enable_accelerated_networking = "true"
-
- ip_configuration {
- name = "dut1_if2"
- subnet_id = azurerm_subnet.c.id
- private_ip_address_allocation = "Static"
- private_ip_address = "172.16.200.101"
- }
-}
-
-data "azurerm_network_interface" "dut1_if2" {
- name = "dut1_if2"
- resource_group_name = azurerm_resource_group.CSIT.name
- depends_on = [azurerm_virtual_machine.dut1]
-}
-
-resource "azurerm_network_interface" "dut2_if1" {
- name = "dut2_if1"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- network_security_group_id = azurerm_network_security_group.CSIT.id
- enable_ip_forwarding = "true"
- enable_accelerated_networking = "true"
-
- ip_configuration {
- name = "dut2_if1"
- subnet_id = azurerm_subnet.c.id
- private_ip_address_allocation = "Static"
- private_ip_address = "172.16.200.102"
- }
-}
-
-data "azurerm_network_interface" "dut2_if1" {
- name = "dut2_if1"
- resource_group_name = azurerm_resource_group.CSIT.name
- depends_on = [azurerm_virtual_machine.dut2]
-}
-
-resource "azurerm_network_interface" "dut1_if1" {
- name = "dut1_if1"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- network_security_group_id = azurerm_network_security_group.CSIT.id
- enable_ip_forwarding = "true"
- enable_accelerated_networking = "true"
-
- ip_configuration {
- name = "dut1_if1"
- subnet_id = azurerm_subnet.b.id
- private_ip_address_allocation = "Static"
- private_ip_address = "172.16.10.11"
- }
-}
-
-data "azurerm_network_interface" "dut1_if1" {
- name = "dut1_if1"
- resource_group_name = azurerm_resource_group.CSIT.name
- depends_on = [azurerm_virtual_machine.dut1]
-}
-
-resource "azurerm_network_interface" "dut2_if2" {
- name = "dut2_if2"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- network_security_group_id = azurerm_network_security_group.CSIT.id
- enable_ip_forwarding = "true"
- enable_accelerated_networking = "true"
-
- ip_configuration {
- name = "dut2_if2"
- subnet_id = azurerm_subnet.d.id
- private_ip_address_allocation = "Static"
- private_ip_address = "172.16.20.11"
- }
-}
-
-data "azurerm_network_interface" "dut2_if2" {
- name = "dut2_if2"
- resource_group_name = azurerm_resource_group.CSIT.name
- depends_on = [azurerm_virtual_machine.dut2]
-}
-
-resource "azurerm_network_interface" "tg_if1" {
- name = "tg_if1"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- network_security_group_id = azurerm_network_security_group.CSIT.id
- enable_ip_forwarding = "true"
- enable_accelerated_networking = "true"
-
- ip_configuration {
- name = "tg1"
- subnet_id = azurerm_subnet.b.id
- private_ip_address_allocation = "Static"
- private_ip_address = "172.16.10.250"
- }
-}
-
-data "azurerm_network_interface" "tg_if1" {
- name = "tg_if1"
- resource_group_name = azurerm_resource_group.CSIT.name
- depends_on = [azurerm_virtual_machine.tg]
-}
-
-resource "azurerm_network_interface" "tg_if2" {
- name = "tg_if2"
- location = azurerm_resource_group.CSIT.location
- resource_group_name = azurerm_resource_group.CSIT.name
- network_security_group_id = azurerm_network_security_group.CSIT.id
- enable_ip_forwarding = "true"
- enable_accelerated_networking = "true"
-
- ip_configuration {
- name = "tg2"
- subnet_id = azurerm_subnet.d.id
- private_ip_address_allocation = "Static"
- private_ip_address = "172.16.20.250"
- }
-}
-
-data "azurerm_network_interface" "tg_if2" {
- name = "tg_if2"
- resource_group_name = azurerm_resource_group.CSIT.name
- depends_on = [azurerm_virtual_machine.tg]
-}
variable "tg_instance_type" {
description = "The instance type to use for the instance."
type = string
- default = "c6gn.4xlarge"
+ default = "c6in.4xlarge"
}
variable "tg_private_ip" {
--- /dev/null
+data "vault_aws_access_credentials" "creds" {
+ backend = "${var.vault-name}-path"
+ role = "${var.vault-name}-role"
+}
+
+locals {
+ ansible_python_executable = "/usr/bin/python3"
+ availability_zone = "eu-central-1b"
+ name = "csit-vpc"
+ environment = "csit-vpc-environment"
+ key_pair_key_name = "${var.resource_prefix}-${var.testbed_name}-pk"
+ placement_group_name = "${var.resource_prefix}-${var.testbed_name}-pg"
+ security_group_name = "${var.resource_prefix}-${var.testbed_name}-sg"
+ testbed_name = "testbed1"
+ topology_name = "2n-c7gn"
+ tg_name = "${var.resource_prefix}-${var.testbed_name}-tg"
+ sut1_name = "${var.resource_prefix}-${var.testbed_name}-sut1"
+}
+
+# Create VPC
+module "vpc" {
+ source = "../terraform-aws-vpc"
+ security_group_name = local.security_group_name
+ subnet_availability_zone = local.availability_zone
+ tags_name = local.name
+ tags_environment = local.environment
+ vpc_enable_dns_hostnames = false
+}
+
+# Create Subnet
+module "subnet_b" {
+ source = "../terraform-aws-subnet"
+ subnet_cidr_block = "192.168.10.0/24"
+ subnet_ipv6_cidr_block = cidrsubnet(module.vpc.vpc_ipv6_cidr_block, 8, 2)
+ subnet_availability_zone = local.availability_zone
+ tags_name = local.name
+ tags_environment = local.environment
+ subnet_vpc_id = module.vpc.vpc_id
+}
+
+module "subnet_d" {
+ source = "../terraform-aws-subnet"
+ subnet_cidr_block = "192.168.20.0/24"
+ subnet_ipv6_cidr_block = cidrsubnet(module.vpc.vpc_ipv6_cidr_block, 8, 4)
+ subnet_availability_zone = local.availability_zone
+ tags_name = local.name
+ tags_environment = local.environment
+ subnet_vpc_id = module.vpc.vpc_id
+}
+
+# Create Private Key
+module "private_key" {
+ source = "pmikus/private-key/tls"
+ version = "4.0.4"
+
+ private_key_algorithm = var.private_key_algorithm
+}
+
+# Create Key Pair
+module "key_pair" {
+ source = "pmikus/key-pair/aws"
+ version = "5.7.0"
+
+ key_pair_key_name = local.key_pair_key_name
+ key_pair_public_key = module.private_key.public_key_openssh
+
+ key_pair_tags = {
+ "Environment" = local.environment
+ }
+}
+
+# Create Placement Group
+resource "aws_placement_group" "placement_group" {
+ name = local.placement_group_name
+ strategy = var.placement_group_strategy
+}
+
+# Create Instance
+resource "aws_instance" "tg" {
+ depends_on = [
+ module.vpc,
+ aws_placement_group.placement_group
+ ]
+ ami = var.tg_ami
+ availability_zone = local.availability_zone
+ associate_public_ip_address = var.tg_associate_public_ip_address
+ instance_initiated_shutdown_behavior = var.tg_instance_initiated_shutdown_behavior
+ instance_type = var.tg_instance_type
+ key_name = module.key_pair.key_pair_key_name
+ placement_group = aws_placement_group.placement_group.id
+ private_ip = var.tg_private_ip
+ source_dest_check = var.tg_source_dest_check
+ subnet_id = module.vpc.vpc_subnet_id
+ vpc_security_group_ids = [module.vpc.vpc_security_group_id]
+ # host_id = "1"
+
+ root_block_device {
+ delete_on_termination = true
+ volume_size = 50
+ }
+
+ tags = {
+ "Name" = local.tg_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "tg_if1" {
+ depends_on = [
+ module.subnet_b,
+ aws_instance.tg
+ ]
+ private_ip = var.tg_if1_private_ip
+ private_ips = [var.tg_if1_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.tg_source_dest_check
+ subnet_id = module.subnet_b.subnet_id
+
+ attachment {
+ instance = aws_instance.tg.id
+ device_index = 1
+ }
+
+ tags = {
+ "Name" = local.tg_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "tg_if2" {
+ depends_on = [
+ module.subnet_d,
+ aws_instance.tg
+ ]
+ private_ip = var.tg_if2_private_ip
+ private_ips = [var.tg_if2_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.tg_source_dest_check
+ subnet_id = module.subnet_d.subnet_id
+
+ attachment {
+ instance = aws_instance.tg.id
+ device_index = 2
+ }
+
+ tags = {
+ "Name" = local.tg_name
+ "Environment" = local.environment
+ }
+}
+
+data "aws_network_interface" "tg_if1" {
+ id = aws_network_interface.tg_if1.id
+}
+
+data "aws_network_interface" "tg_if2" {
+ id = aws_network_interface.tg_if2.id
+}
+
+resource "aws_route" "route_tg_if1" {
+ depends_on = [
+ aws_instance.tg
+ ]
+ destination_cidr_block = var.destination_cidr_block_tg_if1
+ network_interface_id = aws_instance.tg.primary_network_interface_id
+ route_table_id = module.vpc.vpc_main_route_table_id
+}
+
+resource "aws_route" "route_tg_if2" {
+ depends_on = [
+ aws_instance.tg
+ ]
+ destination_cidr_block = var.destination_cidr_block_tg_if2
+ network_interface_id = aws_instance.tg.primary_network_interface_id
+ route_table_id = module.vpc.vpc_main_route_table_id
+}
+
+resource "aws_instance" "sut1" {
+ depends_on = [
+ module.vpc,
+ aws_placement_group.placement_group
+ ]
+ ami = var.sut1_ami
+ availability_zone = local.availability_zone
+ associate_public_ip_address = var.sut1_associate_public_ip_address
+ instance_initiated_shutdown_behavior = var.sut1_instance_initiated_shutdown_behavior
+ instance_type = var.sut1_instance_type
+ key_name = module.key_pair.key_pair_key_name
+ placement_group = aws_placement_group.placement_group.id
+ private_ip = var.sut1_private_ip
+ source_dest_check = var.sut1_source_dest_check
+ subnet_id = module.vpc.vpc_subnet_id
+ vpc_security_group_ids = [module.vpc.vpc_security_group_id]
+ # host_id = "2"
+
+ root_block_device {
+ delete_on_termination = true
+ volume_size = 50
+ }
+
+ tags = {
+ "Name" = local.sut1_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "sut1_if1" {
+ depends_on = [
+ module.subnet_b,
+ aws_instance.sut1
+ ]
+ private_ip = var.sut1_if1_private_ip
+ private_ips = [var.sut1_if1_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.sut1_source_dest_check
+ subnet_id = module.subnet_b.subnet_id
+
+ attachment {
+ instance = aws_instance.sut1.id
+ device_index = 1
+ }
+
+ tags = {
+ "Name" = local.sut1_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "sut1_if2" {
+ depends_on = [
+ module.subnet_d,
+ aws_instance.sut1
+ ]
+ private_ip = var.sut1_if2_private_ip
+ private_ips = [var.sut1_if2_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.sut1_source_dest_check
+ subnet_id = module.subnet_d.subnet_id
+
+ attachment {
+ instance = aws_instance.sut1.id
+ device_index = 2
+ }
+
+ tags = {
+ "Name" = local.sut1_name
+ "Environment" = local.environment
+ }
+}
+
+data "aws_network_interface" "sut1_if1" {
+ id = aws_network_interface.sut1_if1.id
+}
+
+data "aws_network_interface" "sut1_if2" {
+ id = aws_network_interface.sut1_if2.id
+}
+
+resource "null_resource" "deploy_tg" {
+ depends_on = [
+ aws_instance.tg,
+ aws_network_interface.tg_if1,
+ aws_network_interface.tg_if2,
+ aws_instance.sut1,
+ aws_network_interface.sut1_if1,
+ aws_network_interface.sut1_if2
+ ]
+
+ connection {
+ user = "ubuntu"
+ host = aws_instance.tg.public_ip
+ private_key = module.private_key.private_key_pem
+ }
+
+ provisioner "remote-exec" {
+ inline = var.first_run_commands
+ }
+}
+
+resource "null_resource" "deploy_sut1" {
+ depends_on = [
+ aws_instance.tg,
+ aws_network_interface.tg_if1,
+ aws_network_interface.tg_if2,
+ aws_instance.sut1,
+ aws_network_interface.sut1_if1,
+ aws_network_interface.sut1_if2
+ ]
+
+ connection {
+ user = "ubuntu"
+ host = aws_instance.sut1.public_ip
+ private_key = module.private_key.private_key_pem
+ }
+
+ provisioner "remote-exec" {
+ inline = var.first_run_commands
+ }
+}
+
+resource "null_resource" "deploy_topology" {
+ depends_on = [
+ aws_instance.tg,
+ aws_instance.sut1
+ ]
+
+ provisioner "ansible" {
+ plays {
+ playbook {
+ file_path = var.ansible_topology_path
+ }
+ hosts = ["local"]
+ extra_vars = {
+ ansible_python_interpreter = local.ansible_python_executable
+ testbed_name = local.testbed_name
+ cloud_topology = local.topology_name
+ tg_if1_mac = data.aws_network_interface.tg_if1.mac_address
+ tg_if2_mac = data.aws_network_interface.tg_if2.mac_address
+ dut1_if1_mac = data.aws_network_interface.sut1_if1.mac_address
+ dut1_if2_mac = data.aws_network_interface.sut1_if2.mac_address
+ tg_public_ip = aws_instance.tg.public_ip
+ dut1_public_ip = aws_instance.sut1.public_ip
+ public_ip_list = "${aws_instance.tg.public_ip},${aws_instance.sut1.public_ip}"
+ }
+ }
+ }
+}
--- /dev/null
+provider "aws" {
+ region = var.region
+ access_key = data.vault_aws_access_credentials.creds.access_key
+ secret_key = data.vault_aws_access_credentials.creds.secret_key
+}
+
+provider "vault" {
+ address = "http://vault.service.consul:8200"
+ skip_tls_verify = true
+ token = "s.4z5PsufFwV3sHbCzK9Y2Cojd"
+}
\ No newline at end of file
--- /dev/null
+variable "vault-name" {
+ default = "dynamic-aws-creds-vault-fdio-csit-jenkins"
+}
+
+variable "region" {
+ description = "AWS Region."
+ type = string
+ default = "eu-central-1"
+}
+
+variable "resource_prefix" {
+ description = "Resources name prefix."
+ type = string
+ default = "csit-2n-c7gn"
+}
+
+variable "testbed_name" {
+ description = "Testbed name."
+ type = string
+ default = "testbed1"
+}
+
+# Variables for Private Key
+variable "private_key_algorithm" {
+ description = "The name of the algorithm to use for the key."
+ type = string
+ default = "RSA"
+}
+
+variable "private_key_ecdsa_curve" {
+ description = "When algorithm is ECDSA, the name of the elliptic curve to use."
+ type = string
+ default = "P521"
+}
+
+variable "private_key_rsa_bits" {
+ description = "When algorithm is RSA, the size of the generated RSA key in bits."
+ type = number
+ default = 4096
+}
+
+# Variables for Placement Group
+variable "placement_group_strategy" {
+ description = "The placement strategy. Can be cluster, partition or spread."
+ type = string
+ default = "cluster"
+}
+
+# Variables for Instance
+variable "tg_ami" {
+ description = "AMI to use for the instance."
+ type = string
+ default = "ami-07430bfa17fd4e597"
+}
+
+variable "tg_associate_public_ip_address" {
+ description = "Whether to associate a public IP address with an instance in a VPC."
+ type = bool
+ default = true
+}
+
+variable "tg_instance_initiated_shutdown_behavior" {
+ description = "Shutdown behavior for the instance."
+ type = string
+ default = "terminate"
+}
+
+variable "tg_instance_type" {
+ description = "The instance type to use for the instance."
+ type = string
+ default = "c6in.4xlarge"
+}
+
+variable "tg_private_ip" {
+ description = "Private IP address to associate with the instance in a VPC."
+ type = string
+ default = "192.168.0.10"
+}
+
+variable "tg_source_dest_check" {
+ description = "Controls if traffic is routed to the instance when the destination address does not match the instance."
+ type = bool
+ default = false
+}
+
+variable "sut1_ami" {
+ description = "AMI to use for the instance."
+ type = string
+ default = "ami-0cebabdc14ee56909"
+}
+
+variable "sut1_associate_public_ip_address" {
+ description = "Whether to associate a public IP address with an instance in a VPC."
+ type = bool
+ default = true
+}
+
+variable "sut1_instance_initiated_shutdown_behavior" {
+ description = "Shutdown behavior for the instance."
+ type = string
+ default = "terminate"
+}
+
+variable "sut1_instance_type" {
+ description = "The instance type to use for the instance."
+ type = string
+ default = "c7gn.4xlarge"
+}
+
+variable "sut1_private_ip" {
+ description = "Private IP address to associate with the instance in a VPC."
+ type = string
+ default = "192.168.0.11"
+}
+
+variable "sut1_source_dest_check" {
+ description = "Controls if traffic is routed to the instance when the destination address does not match the instance."
+ type = bool
+ default = false
+}
+
+# Variables for Network Interface
+variable "tg_if1_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "192.168.10.254"
+}
+
+variable "tg_if2_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "192.168.20.254"
+}
+
+variable "destination_cidr_block_tg_if1" {
+ description = "The destination CIDR block."
+ type = string
+ default = "10.0.0.0/24"
+}
+
+variable "destination_cidr_block_tg_if2" {
+ description = "The destination CIDR block."
+ type = string
+ default = "20.0.0.0/24"
+}
+
+variable "sut1_if1_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "192.168.10.11"
+}
+
+variable "sut1_if2_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "192.168.20.11"
+}
+
+# Variables for Null Resource
+variable "first_run_commands" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = list(string)
+ default = [
+ "sudo sed -i 's/^PasswordAuthentication/#PasswordAuthentication/' /etc/ssh/sshd_config",
+ "sudo systemctl restart sshd",
+ "sudo useradd --create-home -s /bin/bash provisionuser",
+ "echo 'provisionuser:Csit1234' | sudo chpasswd",
+ "echo 'provisionuser ALL = (ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers",
+ "sudo useradd --create-home -s /bin/bash testuser",
+ "echo 'testuser:Csit1234' | sudo chpasswd",
+ "echo 'testuser ALL = (ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers"
+ ]
+}
+
+# Variables for Null Resource
+variable "ansible_topology_path" {
+ description = "Ansible topology path."
+ type = string
+ default = "../../fdio.infra.ansible/cloud_topology.yaml"
+}
--- /dev/null
+terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 5.7.0"
+ }
+ null = {
+ source = "hashicorp/null"
+ version = ">= 3.2.1"
+ }
+ tls = {
+ source = "hashicorp/tls"
+ version = ">= 4.0.4"
+ }
+ vault = {
+ version = ">= 3.15.2"
+ }
+ }
+ required_version = ">= 1.4.2"
+}
\ No newline at end of file
--- /dev/null
+data "vault_aws_access_credentials" "creds" {
+ backend = "${var.vault-name}-path"
+ role = "${var.vault-name}-role"
+}
+
+locals {
+ ansible_python_executable = "/usr/bin/python3"
+ availability_zone = "eu-central-1a"
+ name = "csit-vpc"
+ environment = "csit-vpc-environment"
+ key_pair_key_name = "${var.resource_prefix}-${var.testbed_name}-pk"
+ placement_group_name = "${var.resource_prefix}-${var.testbed_name}-pg"
+ security_group_name = "${var.resource_prefix}-${var.testbed_name}-sg"
+ testbed_name = "testbed1"
+ topology_name = "3n-c7gn"
+ tg_name = "${var.resource_prefix}-${var.testbed_name}-tg"
+ sut1_name = "${var.resource_prefix}-${var.testbed_name}-sut1"
+ sut2_name = "${var.resource_prefix}-${var.testbed_name}-sut2"
+}
+
+# Create VPC
+module "vpc" {
+ source = "../terraform-aws-vpc"
+ security_group_name = local.security_group_name
+ subnet_availability_zone = local.availability_zone
+ tags_name = local.name
+ tags_environment = local.environment
+}
+
+# Create Subnet
+module "subnet_b" {
+ source = "../terraform-aws-subnet"
+ subnet_cidr_block = "192.168.10.0/24"
+ subnet_ipv6_cidr_block = cidrsubnet(module.vpc.vpc_ipv6_cidr_block, 8, 2)
+ subnet_availability_zone = local.availability_zone
+ tags_name = local.name
+ tags_environment = local.environment
+ subnet_vpc_id = module.vpc.vpc_id
+}
+
+module "subnet_c" {
+ source = "../terraform-aws-subnet"
+ subnet_cidr_block = "200.0.0.0/24"
+ subnet_ipv6_cidr_block = cidrsubnet(module.vpc.vpc_ipv6_cidr_block, 8, 3)
+ subnet_availability_zone = local.availability_zone
+ tags_name = local.name
+ tags_environment = local.environment
+ subnet_vpc_id = module.vpc.vpc_id
+}
+
+module "subnet_d" {
+ source = "../terraform-aws-subnet"
+ subnet_cidr_block = "192.168.20.0/24"
+ subnet_ipv6_cidr_block = cidrsubnet(module.vpc.vpc_ipv6_cidr_block, 8, 4)
+ subnet_availability_zone = local.availability_zone
+ tags_name = local.name
+ tags_environment = local.environment
+ subnet_vpc_id = module.vpc.vpc_id
+}
+
+# Create Private Key
+module "private_key" {
+ source = "pmikus/private-key/tls"
+ version = "4.0.4"
+
+ private_key_algorithm = var.private_key_algorithm
+}
+
+# Create Key Pair
+module "key_pair" {
+ source = "pmikus/key-pair/aws"
+ version = "5.7.0"
+
+ key_pair_key_name = local.key_pair_key_name
+ key_pair_public_key = module.private_key.public_key_openssh
+
+ key_pair_tags = {
+ "Environment" = local.environment
+ }
+}
+
+# Create Placement Group
+resource "aws_placement_group" "placement_group" {
+ name = local.placement_group_name
+ strategy = var.placement_group_strategy
+}
+
+# Create Instance
+resource "aws_instance" "tg" {
+ depends_on = [
+ module.vpc,
+ aws_placement_group.placement_group
+ ]
+ ami = var.tg_ami
+ availability_zone = local.availability_zone
+ associate_public_ip_address = var.tg_associate_public_ip_address
+ instance_initiated_shutdown_behavior = var.tg_instance_initiated_shutdown_behavior
+ instance_type = var.tg_instance_type
+ key_name = module.key_pair.key_pair_key_name
+ placement_group = aws_placement_group.placement_group.id
+ private_ip = var.tg_private_ip
+ source_dest_check = var.tg_source_dest_check
+ subnet_id = module.vpc.vpc_subnet_id
+ vpc_security_group_ids = [module.vpc.vpc_security_group_id]
+ # host_id = "1"
+
+ root_block_device {
+ delete_on_termination = true
+ volume_size = 50
+ }
+
+ tags = {
+ "Name" = local.tg_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "tg_if1" {
+ depends_on = [
+ module.subnet_b,
+ aws_instance.tg
+ ]
+ private_ip = var.tg_if1_private_ip
+ private_ips = [var.tg_if1_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.tg_source_dest_check
+ subnet_id = module.subnet_b.subnet_id
+
+ attachment {
+ instance = aws_instance.tg.id
+ device_index = 1
+ }
+
+ tags = {
+ "Name" = local.tg_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "tg_if2" {
+ depends_on = [
+ module.subnet_d,
+ aws_instance.tg
+ ]
+ private_ips = [var.tg_if2_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.tg_source_dest_check
+ subnet_id = module.subnet_d.subnet_id
+
+ attachment {
+ instance = aws_instance.tg.id
+ device_index = 2
+ }
+
+ tags = {
+ "Name" = local.tg_name
+ "Environment" = local.environment
+ }
+}
+
+data "aws_network_interface" "tg_if1" {
+ id = aws_network_interface.tg_if1.id
+}
+
+data "aws_network_interface" "tg_if2" {
+ id = aws_network_interface.tg_if2.id
+}
+
+resource "aws_route" "route_tg_if1" {
+ depends_on = [
+ aws_instance.tg
+ ]
+ destination_cidr_block = var.destination_cidr_block_tg_if1
+ network_interface_id = aws_instance.tg.primary_network_interface_id
+ route_table_id = module.vpc.vpc_main_route_table_id
+}
+
+resource "aws_route" "route_tg_if2" {
+ depends_on = [
+ aws_instance.tg
+ ]
+ destination_cidr_block = var.destination_cidr_block_tg_if2
+ network_interface_id = aws_instance.tg.primary_network_interface_id
+ route_table_id = module.vpc.vpc_main_route_table_id
+}
+
+resource "aws_instance" "sut1" {
+ depends_on = [
+ module.vpc,
+ aws_placement_group.placement_group
+ ]
+ ami = var.sut1_ami
+ availability_zone = local.availability_zone
+ associate_public_ip_address = var.sut1_associate_public_ip_address
+ instance_initiated_shutdown_behavior = var.sut1_instance_initiated_shutdown_behavior
+ instance_type = var.sut1_instance_type
+ key_name = module.key_pair.key_pair_key_name
+ placement_group = aws_placement_group.placement_group.id
+ private_ip = var.sut1_private_ip
+ source_dest_check = var.sut1_source_dest_check
+ subnet_id = module.vpc.vpc_subnet_id
+ vpc_security_group_ids = [module.vpc.vpc_security_group_id]
+ # host_id = "2"
+
+ root_block_device {
+ delete_on_termination = true
+ volume_size = 50
+ }
+
+ tags = {
+ "Name" = local.sut1_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "sut1_if1" {
+ depends_on = [
+ module.subnet_b,
+ aws_instance.sut1
+ ]
+ private_ips = [var.sut1_if1_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.sut1_source_dest_check
+ subnet_id = module.subnet_b.subnet_id
+
+ attachment {
+ instance = aws_instance.sut1.id
+ device_index = 1
+ }
+
+ tags = {
+ "Name" = local.sut1_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "sut1_if2" {
+ depends_on = [
+ module.subnet_c,
+ aws_instance.sut1
+ ]
+ private_ips = [var.sut1_if2_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.sut1_source_dest_check
+ subnet_id = module.subnet_c.subnet_id
+
+ attachment {
+ instance = aws_instance.sut1.id
+ device_index = 2
+ }
+
+ tags = {
+ "Name" = local.sut1_name
+ "Environment" = local.environment
+ }
+}
+
+data "aws_network_interface" "sut1_if1" {
+ id = aws_network_interface.sut1_if1.id
+}
+
+data "aws_network_interface" "sut1_if2" {
+ id = aws_network_interface.sut1_if2.id
+}
+
+resource "aws_instance" "sut2" {
+ depends_on = [
+ module.vpc,
+ aws_placement_group.placement_group
+ ]
+ ami = var.sut2_ami
+ availability_zone = local.availability_zone
+ associate_public_ip_address = var.sut2_associate_public_ip_address
+ instance_initiated_shutdown_behavior = var.sut2_instance_initiated_shutdown_behavior
+ instance_type = var.sut2_instance_type
+ key_name = module.key_pair.key_pair_key_name
+ placement_group = aws_placement_group.placement_group.id
+ private_ip = var.sut2_private_ip
+ source_dest_check = var.sut2_source_dest_check
+ subnet_id = module.vpc.vpc_subnet_id
+ vpc_security_group_ids = [module.vpc.vpc_security_group_id]
+ # host_id = "2"
+
+ root_block_device {
+ delete_on_termination = true
+ volume_size = 50
+ }
+
+ tags = {
+ "Name" = local.sut2_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "sut2_if1" {
+ depends_on = [
+ module.subnet_c,
+ aws_instance.sut2
+ ]
+ private_ips = [var.sut2_if1_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.sut2_source_dest_check
+ subnet_id = module.subnet_c.subnet_id
+
+ attachment {
+ instance = aws_instance.sut2.id
+ device_index = 1
+ }
+
+ tags = {
+ "Name" = local.sut2_name
+ "Environment" = local.environment
+ }
+}
+
+resource "aws_network_interface" "sut2_if2" {
+ depends_on = [
+ module.subnet_d,
+ aws_instance.sut2
+ ]
+ private_ips = [var.sut2_if2_private_ip]
+ security_groups = [module.vpc.vpc_security_group_id]
+ source_dest_check = var.sut2_source_dest_check
+ subnet_id = module.subnet_d.subnet_id
+
+ attachment {
+ instance = aws_instance.sut2.id
+ device_index = 2
+ }
+
+ tags = {
+ "Name" = local.sut2_name
+ "Environment" = local.environment
+ }
+}
+
+data "aws_network_interface" "sut2_if1" {
+ id = aws_network_interface.sut2_if1.id
+}
+
+data "aws_network_interface" "sut2_if2" {
+ id = aws_network_interface.sut2_if2.id
+}
+
+resource "null_resource" "deploy_tg" {
+ depends_on = [
+ aws_instance.tg,
+ aws_network_interface.tg_if1,
+ aws_network_interface.tg_if2,
+ aws_instance.sut1,
+ aws_network_interface.sut1_if1,
+ aws_network_interface.sut1_if2,
+ aws_instance.sut2,
+ aws_network_interface.sut2_if1,
+ aws_network_interface.sut2_if2
+ ]
+
+ connection {
+ user = "ubuntu"
+ host = aws_instance.tg.public_ip
+ private_key = module.private_key.private_key_pem
+ }
+
+ provisioner "remote-exec" {
+ inline = var.first_run_commands
+ }
+}
+
+resource "null_resource" "deploy_sut1" {
+ depends_on = [
+ aws_instance.tg,
+ aws_network_interface.tg_if1,
+ aws_network_interface.tg_if2,
+ aws_instance.sut1,
+ aws_network_interface.sut1_if1,
+ aws_network_interface.sut1_if2,
+ aws_instance.sut2,
+ aws_network_interface.sut2_if1,
+ aws_network_interface.sut2_if2
+ ]
+
+ connection {
+ user = "ubuntu"
+ host = aws_instance.sut1.public_ip
+ private_key = module.private_key.private_key_pem
+ }
+
+ provisioner "remote-exec" {
+ inline = var.first_run_commands
+ }
+}
+
+resource "null_resource" "deploy_sut2" {
+ depends_on = [
+ aws_instance.tg,
+ aws_network_interface.tg_if1,
+ aws_network_interface.tg_if2,
+ aws_instance.sut1,
+ aws_network_interface.sut1_if1,
+ aws_network_interface.sut1_if2,
+ aws_instance.sut2,
+ aws_network_interface.sut2_if1,
+ aws_network_interface.sut2_if2
+ ]
+
+ connection {
+ user = "ubuntu"
+ host = aws_instance.sut2.public_ip
+ private_key = module.private_key.private_key_pem
+ }
+
+ provisioner "remote-exec" {
+ inline = var.first_run_commands
+ }
+}
+
+resource "null_resource" "deploy_topology" {
+ depends_on = [
+ aws_instance.tg,
+ aws_instance.sut1,
+ aws_instance.sut2
+ ]
+
+ provisioner "ansible" {
+ plays {
+ playbook {
+ file_path = var.ansible_topology_path
+ }
+ hosts = ["local"]
+ extra_vars = {
+ ansible_python_interpreter = local.ansible_python_executable
+ testbed_name = local.testbed_name
+ cloud_topology = local.topology_name
+ tg_if1_mac = data.aws_network_interface.tg_if1.mac_address
+ tg_if2_mac = data.aws_network_interface.tg_if2.mac_address
+ dut1_if1_mac = data.aws_network_interface.sut1_if1.mac_address
+ dut1_if2_mac = data.aws_network_interface.sut1_if2.mac_address
+ dut2_if1_mac = data.aws_network_interface.sut2_if1.mac_address
+ dut2_if2_mac = data.aws_network_interface.sut2_if2.mac_address
+ tg_public_ip = aws_instance.tg.public_ip
+ dut1_public_ip = aws_instance.sut1.public_ip
+ dut2_public_ip = aws_instance.sut2.public_ip
+ public_ip_list = "${aws_instance.tg.public_ip},${aws_instance.sut1.public_ip},${aws_instance.sut2.public_ip}"
+ }
+ }
+ }
+}
\ No newline at end of file
--- /dev/null
+provider "aws" {
+ region = var.region
+ access_key = data.vault_aws_access_credentials.creds.access_key
+ secret_key = data.vault_aws_access_credentials.creds.secret_key
+}
+
+provider "vault" {
+ address = "http://10.30.51.24:8200"
+ skip_tls_verify = true
+ token = "s.4z5PsufFwV3sHbCzK9Y2Cojd"
+}
\ No newline at end of file
--- /dev/null
+variable "vault-name" {
+ default = "dynamic-aws-creds-vault-fdio-csit-jenkins"
+}
+
+variable "region" {
+ description = "AWS Region."
+ type = string
+ default = "eu-central-1"
+}
+
+variable "resource_prefix" {
+ description = "Resources name prefix."
+ type = string
+ default = "csit-3n-c7gn"
+}
+
+variable "testbed_name" {
+ description = "Testbed name."
+ type = string
+ default = "testbed1"
+}
+
+# Variables for Private Key
+variable "private_key_algorithm" {
+ description = "The name of the algorithm to use for the key."
+ type = string
+ default = "ED25519"
+}
+
+# Variables for Placement Group
+variable "placement_group_strategy" {
+ description = "The placement strategy. Can be cluster, partition or spread."
+ type = string
+ default = "cluster"
+}
+
+# Variables for Instance
+variable "tg_ami" {
+ description = "AMI to use for the instance."
+ type = string
+ default = "ami-07430bfa17fd4e597"
+}
+
+variable "tg_associate_public_ip_address" {
+ description = "Whether to associate a public IP address with an instance in a VPC."
+ type = bool
+ default = true
+}
+
+variable "tg_instance_initiated_shutdown_behavior" {
+ description = "Shutdown behavior for the instance."
+ type = string
+ default = "terminate"
+}
+
+variable "tg_instance_type" {
+ description = "The instance type to use for the instance."
+ type = string
+ default = "c6in.4xlarge"
+}
+
+variable "tg_private_ip" {
+ description = "Private IP address to associate with the instance in a VPC."
+ type = string
+ default = "192.168.0.10"
+}
+
+variable "tg_source_dest_check" {
+ description = "Controls if traffic is routed to the instance when the destination address does not match the instance."
+ type = bool
+ default = false
+}
+
+variable "sut1_ami" {
+ description = "AMI to use for the instance."
+ type = string
+ default = "ami-0cebabdc14ee56909"
+}
+
+variable "sut1_associate_public_ip_address" {
+ description = "Whether to associate a public IP address with an instance in a VPC."
+ type = bool
+ default = true
+}
+
+variable "sut1_instance_initiated_shutdown_behavior" {
+ description = "Shutdown behavior for the instance."
+ type = string
+ default = "terminate"
+}
+
+variable "sut1_instance_type" {
+ description = "The instance type to use for the instance."
+ type = string
+ default = "c7gn.4xlarge"
+}
+
+variable "sut1_private_ip" {
+ description = "Private IP address to associate with the instance in a VPC."
+ type = string
+ default = "192.168.0.11"
+}
+
+variable "sut1_source_dest_check" {
+ description = "Controls if traffic is routed to the instance when the destination address does not match the instance."
+ type = bool
+ default = false
+}
+
+variable "sut2_ami" {
+ description = "AMI to use for the instance."
+ type = string
+ default = "ami-0cebabdc14ee56909"
+}
+
+variable "sut2_associate_public_ip_address" {
+ description = "Whether to associate a public IP address with an instance in a VPC."
+ type = bool
+ default = true
+}
+
+variable "sut2_instance_initiated_shutdown_behavior" {
+ description = "Shutdown behavior for the instance."
+ type = string
+ default = "terminate"
+}
+
+variable "sut2_instance_type" {
+ description = "The instance type to use for the instance."
+ type = string
+ default = "c7gn.4xlarge"
+}
+
+variable "sut2_private_ip" {
+ description = "Private IP address to associate with the instance in a VPC."
+ type = string
+ default = "192.168.0.12"
+}
+
+variable "sut2_source_dest_check" {
+ description = "Controls if traffic is routed to the instance when the destination address does not match the instance."
+ type = bool
+ default = false
+}
+
+# Variables for Network Interface
+variable "tg_if1_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "192.168.10.254"
+}
+
+variable "tg_if2_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "192.168.20.254"
+}
+
+variable "destination_cidr_block_tg_if1" {
+ description = "The destination CIDR block."
+ type = string
+ default = "10.0.0.0/24"
+}
+
+variable "destination_cidr_block_tg_if2" {
+ description = "The destination CIDR block."
+ type = string
+ default = "20.0.0.0/24"
+}
+
+variable "sut1_if1_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "192.168.10.11"
+}
+
+variable "sut1_if2_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "200.0.0.101"
+}
+
+variable "sut2_if1_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "200.0.0.102"
+}
+
+variable "sut2_if2_private_ip" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = string
+ default = "192.168.20.11"
+}
+
+# Variables for Null Resource
+variable "first_run_commands" {
+ description = "List of private IPs to assign to the ENI without regard to order."
+ type = list(string)
+ default = [
+ "sudo sed -i 's/^PasswordAuthentication/#PasswordAuthentication/' /etc/ssh/sshd_config",
+ "sudo systemctl restart sshd",
+ "sudo useradd --create-home -s /bin/bash provisionuser",
+ "echo 'provisionuser:Csit1234' | sudo chpasswd",
+ "echo 'provisionuser ALL = (ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers",
+ "sudo useradd --create-home -s /bin/bash testuser",
+ "echo 'testuser:Csit1234' | sudo chpasswd",
+ "echo 'testuser ALL = (ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers"
+ ]
+}
+
+# Variables for Null Resource
+variable "ansible_topology_path" {
+ description = "Ansible topology path."
+ type = string
+ default = "../../fdio.infra.ansible/cloud_topology.yaml"
+}
--- /dev/null
+terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 5.7.0"
+ }
+ null = {
+ source = "hashicorp/null"
+ version = ">= 3.2.1"
+ }
+ tls = {
+ source = "hashicorp/tls"
+ version = ">= 4.0.4"
+ }
+ vault = {
+ version = ">= 3.15.2"
+ }
+ }
+ required_version = ">= 1.4.2"
+}
\ No newline at end of file
variable "vault_provider_address" {
description = "Vault cluster address."
type = string
- default = "vault.service.consul:8200"
+ default = "http://10.30.51.23:8200"
}
variable "vault_provider_skip_tls_verify" {
- description = "Verification of the Vault server's TLS certificate"
+ description = "Verification of the Vault server's TLS certificate."
type = bool
default = false
}
variable "vault_provider_token" {
- description = "Vault root token"
+ description = "Vault root token."
type = string
sensitive = true
}
terraform {
backend "consul" {
- address = "consul.service.consul:8500"
+ address = "10.30.51.23:8500"
scheme = "http"
path = "terraform/aws-secret-backend"
}
required_providers {
vault = {
- version = ">= 3.2.1"
+ version = ">= 3.12.0"
}
}
- required_version = ">= 1.1.4"
+ required_version = ">= 1.5.4"
}
set -exuo pipefail
case "$FLAVOR" in
- "aws" | "c6in" | "c6gn")
+ "aws" | "c6in" | "c6gn" | "c7gn")
INVENTORY_PATH="cloud_inventory"
;;
*)
set -exuo pipefail
case "$FLAVOR" in
- "aws" | "c6in" | "c6gn")
+ "aws" | "c6in" | "c6gn" | "c7gn")
INVENTORY_PATH="cloud_inventory"
;;
*)
NODENESS="3n"
FLAVOR="aws"
;;
- *"1n-c6gn")
- NODENESS="1n"
- FLAVOR="c6gn"
- ;;
*"2n-c6gn")
NODENESS="2n"
FLAVOR="c6gn"
NODENESS="3n"
FLAVOR="c6gn"
;;
+ *"2n-c7gn")
+ NODENESS="2n"
+ FLAVOR="c7gn"
+ ;;
+ *"3n-c7gn")
+ NODENESS="3n"
+ FLAVOR="c7gn"
+ ;;
*"1n-c6in")
NODENESS="1n"
FLAVOR="c6in"
}
terraform_apply || die "Failed to call terraform apply."
;;
- "1n_c6gn" | "2n_c6gn" | "3n_c6gn")
+ "2n_c6gn" | "3n_c6gn")
export TF_VAR_testbed_name="${TEST_CODE}"
TERRAFORM_MODULE_DIR="terraform-aws-${NODENESS}-c6gn"
terraform_init || die "Failed to call terraform init."
}
terraform_apply || die "Failed to call terraform apply."
;;
+ "2n_c7gn" | "3n_c7gn")
+ export TF_VAR_testbed_name="${TEST_CODE}"
+ TERRAFORM_MODULE_DIR="terraform-aws-${NODENESS}-c7gn"
+ terraform_init || die "Failed to call terraform init."
+ trap "terraform_destroy" ERR EXIT || {
+ die "Trap attempt failed, please cleanup manually. Aborting!"
+ }
+ terraform_apply || die "Failed to call terraform apply."
+ ;;
"1n_c6in" | "2n_c6in" | "3n_c6in")
export TF_VAR_testbed_name="${TEST_CODE}"
TERRAFORM_MODULE_DIR="terraform-aws-${NODENESS}-c6in"
# NIC SELECTION
case "${TEST_CODE}" in
- *"1n-aws"* | *"1n-c6gn"* | *"1n-c6in"*)
+ *"1n-aws"* | *"1n-c6in"*)
start_pattern='^ SUT:'
;;
*)
*"1n-aws" | *"2n-aws" | *"3n-aws")
default_nic="nic_amazon-nitro-50g"
;;
- *"1n-c6gn" | *"2n-c6gn" | *"3n-c6gn")
+ *"2n-c6gn" | *"3n-c6gn")
+ default_nic="nic_amazon-nitro-100g"
+ ;;
+ *"2n-c7gn" | *"3n-c7gn")
default_nic="nic_amazon-nitro-100g"
;;
*"1n-c6in" | *"2n-c6in" | *"3n-c6in")
*"1n-aws" | *"2n-aws" | *"3n-aws")
test_tag_array+=("!ipsechw")
;;
- *"1n-c6gn" | *"2n-c6gn" | *"3n-c6gn")
+ *"2n-c6gn" | *"3n-c6gn")
+ test_tag_array+=("!ipsechw")
+ ;;
+ *"2n-c7gn" | *"3n-c7gn")
test_tag_array+=("!ipsechw")
;;
*"1n-c6in" | *"2n-c6in" | *"3n-c6in")
TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*1n-aws*.yaml )
TOPOLOGIES_TAGS="1_node_single_link_topo"
;;
- "1n_c6gn")
- TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*1n-c6gn*.yaml )
- TOPOLOGIES_TAGS="1_node_single_link_topo"
- ;;
"1n_c6in")
TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*1n-c6in*.yaml )
TOPOLOGIES_TAGS="1_node_single_link_topo"
TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*2n-c6gn*.yaml )
TOPOLOGIES_TAGS="2_node_single_link_topo"
;;
+ "2n_c7gn")
+ TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*2n-c7gn*.yaml )
+ TOPOLOGIES_TAGS="2_node_single_link_topo"
+ ;;
"2n_c6in")
TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*2n-c6in*.yaml )
TOPOLOGIES_TAGS="2_node_single_link_topo"
TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*3n-c6gn*.yaml )
TOPOLOGIES_TAGS="3_node_single_link_topo"
;;
+ "3n_c7gn")
+ TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*3n-c7gn*.yaml )
+ TOPOLOGIES_TAGS="3_node_single_link_topo"
+ ;;
"3n_c6in")
TOPOLOGIES=( "${TOPOLOGIES_DIR}"/*3n-c6in*.yaml )
TOPOLOGIES_TAGS="3_node_single_link_topo"
# Settings to prevent duration stretching.
export PERF_TRIAL_STL_DELAY=0.1
;;
- *"1n-c6gn" | *"2n-c6gn" | *"3n-c6gn")
+ *"2n-c6gn" | *"3n-c6gn")
+ export TREX_RX_DESCRIPTORS_COUNT=1024
+ export TREX_EXTRA_CMDLINE="--mbuf-factor 19"
+ export TREX_CORE_COUNT=6
+ # Settings to prevent duration stretching.
+ export PERF_TRIAL_STL_DELAY=0.1
+ ;;
+ *"2n-c7gn" | *"3n-c7gn")
export TREX_RX_DESCRIPTORS_COUNT=1024
export TREX_EXTRA_CMDLINE="--mbuf-factor 19"
export TREX_CORE_COUNT=6
TERRAFORM_MODULE_DIR="terraform-aws-${NODENESS}-${FLAVOR}-c5n"
terraform_destroy || die "Failed to call terraform destroy."
;;
- *"1n-c6gn" | *"2n-c6gn" | *"3n-c6gn")
+ *"2n-c6gn" | *"3n-c6gn")
+ TERRAFORM_MODULE_DIR="terraform-aws-${NODENESS}-${FLAVOR}"
+ terraform_destroy || die "Failed to call terraform destroy."
+ ;;
+ *"2n-c7gn" | *"3n-c7gn")
TERRAFORM_MODULE_DIR="terraform-aws-${NODENESS}-${FLAVOR}"
terraform_destroy || die "Failed to call terraform destroy."
;;
Code Review / csit.git / commitdiff