feat(terraform): Migrating old structures

Signed-off-by: Peter Mikus <peter.mikus@protonmail.ch> Change-Id: Ib953739b4d34a7f803bff54cec92a2130fcbbc66
author: pmikus <peter.mikus@protonmail.ch> 2024-01-25 07:37:31 +0000
committer: Peter Mikus <peter.mikus@protonmail.ch> 2024-01-25 07:44:34 +0000
commit: 6067078db338b930972ad6f183a4c75d2cf9214a (patch)
tree: eb93118dc9c6a2b3ee742a5e4914e061ec581c65 /fdio.infra.terraform/terraform-nomad-vpp-device
parent: 7b03d44e6761ee27a0fead3401f9b2d04d95f709 (diff)
8 files changed, 343 insertions, 0 deletions
diff --git a/fdio.infra.terraform/terraform-nomad-vpp-device/conf/nomad/vpp-device.hcl.tftpl b/fdio.infra.terraform/terraform-nomad-vpp-device/conf/nomad/vpp-device.hcl.tftpl
new file mode 100644
index 0000000000..aac1a46165
--- /dev/null
+++ b/fdio.infra.terraform/terraform-nomad-vpp-device/conf/nomad/vpp-device.hcl.tftpl
@@ -0,0 +1,188 @@
+job "${job_name}" {
+  # The "region" parameter specifies the region in which to execute the job.
+  # If omitted, this inherits the default region name of "global".
+  # region = "global"
+  #
+  # The "datacenters" parameter specifies the list of datacenters which should
+  # be considered when placing this task. This must be provided.
+  datacenters = "${datacenters}"
+
+  # The "type" parameter controls the type of job, which impacts the scheduler's
+  # decision on placement. This configuration is optional and defaults to
+  # "service". For a full list of job types and their differences, please see
+  # the online documentation.
+  #
+  type        = "system"
+
+  # The "group" stanza defines a series of tasks that should be co-located on
+  # the same Nomad client. Any task within a group will be placed on the same
+  # client.
+  #
+  # https://www.nomadproject.io/docs/job-specification/group
+  #
+  group "csit-shim-amd-group-1" {
+    # The "count" parameter specifies the number of the task groups that should
+    # be running under this group. This value must be non-negative.
+    count = ${group_count}
+
+    # The constraint allows restricting the set of eligible nodes. Constraints
+    # may filter on attributes or client metadata.
+    #
+    # https://www.nomadproject.io/docs/job-specification/constraint
+    #
+    constraint {
+      attribute = "$${node.class}"
+      value     = "csit"
+    }
+
+    # The restart stanza configures a tasks's behavior on task failure. Restarts
+    # happen on the client that is running the task.
+    #
+    # https://www.nomadproject.io/docs/job-specification/restart
+    #
+    restart {
+      interval = "1m"
+      attempts = 3
+      delay    = "15s"
+      mode     = "delay"
+    }
+
+    # The network stanza specifies the networking requirements for the task
+    # group, including the network mode and port allocations. When scheduling
+    # jobs in Nomad they are provisioned across your fleet of machines along
+    # with other jobs and services. Because you don't know in advance what host
+    # your job will be provisioned on, Nomad will provide your tasks with
+    # network configuration when they start up.
+    #
+    # https://www.nomadproject.io/docs/job-specification/network
+    #
+    network {
+      port "ssh" {
+          static = 6022
+      }
+      port "ssh2" {
+          static = 6023
+      }
+    }
+
+    # The "task" stanza creates an individual unit of work, such as a Docker
+    # container, web application, or batch processing.
+    #
+    # https://www.nomadproject.io/docs/job-specification/task
+    #
+    task "csit-shim-amd-task-1" {
+      # The "driver" parameter specifies the task driver that should be used to
+      # run the task.
+      driver = "docker"
+
+      # The "config" stanza specifies the driver configuration, which is passed
+      # directly to the driver to start the task. The details of configurations
+      # are specific to each driver, so please see specific driver
+      # documentation for more information.
+      config {
+        image        = "${image_x86_64}"
+        network_mode = "host"
+        pid_mode     = "host"
+        volumes      = [
+          "/var/run/docker.sock:/var/run/docker.sock"
+        ]
+        privileged   = true
+      }
+
+      # The "resources" stanza describes the requirements a task needs to
+      # execute. Resource requirements include memory, network, cpu, and more.
+      # This ensures the task will execute on a machine that contains enough
+      # resource capacity.
+      #
+      # https://www.nomadproject.io/docs/job-specification/resources
+      #
+      resources {
+        cpu    = ${cpu}
+        memory = ${memory}
+      }
+    }
+  }
+
+  group "csit-shim-arm-group-1" {
+    # The "count" parameter specifies the number of the task groups that should
+    # be running under this group. This value must be non-negative.
+    count = ${group_count}
+
+    # The constraint allows restricting the set of eligible nodes. Constraints
+    # may filter on attributes or client metadata.
+    #
+    # https://www.nomadproject.io/docs/job-specification/constraint
+    #
+    constraint {
+      attribute = "$${node.class}"
+      value     = "csitarm"
+    }
+
+    # The restart stanza configures a tasks's behavior on task failure. Restarts
+    # happen on the client that is running the task.
+    #
+    # https://www.nomadproject.io/docs/job-specification/restart
+    #
+    restart {
+      interval = "1m"
+      attempts = 3
+      delay    = "15s"
+      mode     = "delay"
+    }
+
+    # The network stanza specifies the networking requirements for the task
+    # group, including the network mode and port allocations. When scheduling
+    # jobs in Nomad they are provisioned across your fleet of machines along
+    # with other jobs and services. Because you don't know in advance what host
+    # your job will be provisioned on, Nomad will provide your tasks with
+    # network configuration when they start up.
+    #
+    # https://www.nomadproject.io/docs/job-specification/network
+    #
+    network {
+      port "ssh" {
+          static = 6022
+      }
+      port "ssh2" {
+          static = 6023
+      }
+    }
+
+    # The "task" stanza creates an individual unit of work, such as a Docker
+    # container, web application, or batch processing.
+    #
+    # https://www.nomadproject.io/docs/job-specification/task
+    #
+    task "csit-shim-arm-task-1" {
+      # The "driver" parameter specifies the task driver that should be used to
+      # run the task.
+      driver = "docker"
+
+      # The "config" stanza specifies the driver configuration, which is passed
+      # directly to the driver to start the task. The details of configurations
+      # are specific to each driver, so please see specific driver
+      # documentation for more information.
+      config {
+        image        = "${image_aarch64}"
+        network_mode = "host"
+        pid_mode     = "host"
+        volumes      = [
+          "/var/run/docker.sock:/var/run/docker.sock"
+        ]
+        privileged   = true
+      }
+
+      # The "resources" stanza describes the requirements a task needs to
+      # execute. Resource requirements include memory, network, cpu, and more.
+      # This ensures the task will execute on a machine that contains enough
+      # resource capacity.
+      #
+      # https://www.nomadproject.io/docs/job-specification/resources
+      #
+      resources {
+        cpu    = ${cpu}
+        memory = ${memory}
+      }
+    }
+  }
+}
+\ No newline at end of file
diff --git a/fdio.infra.terraform/terraform-nomad-vpp-device/fdio/main.tf b/fdio.infra.terraform/terraform-nomad-vpp-device/fdio/main.tf
new file mode 100644
index 0000000000..96666e6e89
--- /dev/null
+++ b/fdio.infra.terraform/terraform-nomad-vpp-device/fdio/main.tf
@@ -0,0 +1,15 @@
+module "vpp-device" {
+  providers = {
+    nomad = nomad.yul1
+  }
+  source = "../"
+
+  # nomad
+  datacenters   = ["yul1"]
+  job_name      = "prod-device-csit-shim"
+  group_count   = "1"
+  cpu           = "1500"
+  memory        = "4096"
+  image_aarch64 = "fdiotools/csit_shim-ubuntu2004:2021_03_02_143938_UTC-aarch64"
+  image_x86_64  = "fdiotools/csit_shim-ubuntu2004:2021_03_04_142103_UTC-x86_64"
+}
+\ No newline at end of file
diff --git a/fdio.infra.terraform/terraform-nomad-vpp-device/fdio/providers.tf b/fdio.infra.terraform/terraform-nomad-vpp-device/fdio/providers.tf
new file mode 100644
index 0000000000..42a6a45ce0
--- /dev/null
+++ b/fdio.infra.terraform/terraform-nomad-vpp-device/fdio/providers.tf
@@ -0,0 +1,13 @@
+provider "nomad" {
+  address = var.nomad_provider_address
+  alias   = "yul1"
+  #  ca_file   = var.nomad_provider_ca_file
+  #  cert_file = var.nomad_provider_cert_file
+  #  key_file  = var.nomad_provider_key_file
+}
+
+provider "vault" {
+  address         = var.vault_provider_address
+  skip_tls_verify = var.vault_provider_skip_tls_verify
+  token           = var.vault_provider_token
+}
+\ No newline at end of file
diff --git a/fdio.infra.terraform/terraform-nomad-vpp-device/fdio/variables.tf b/fdio.infra.terraform/terraform-nomad-vpp-device/fdio/variables.tf
new file mode 100644
index 0000000000..569ba29c87
--- /dev/null
+++ b/fdio.infra.terraform/terraform-nomad-vpp-device/fdio/variables.tf
@@ -0,0 +1,47 @@
+variable "nomad_acl" {
+  description = "Nomad ACLs enabled/disabled."
+  type        = bool
+  default     = false
+}
+
+variable "nomad_provider_address" {
+  description = "FD.io Nomad cluster address."
+  type        = string
+  default     = "http://10.30.51.23:4646"
+}
+
+variable "nomad_provider_ca_file" {
+  description = "A local file path to a PEM-encoded certificate authority."
+  type        = string
+  default     = "/etc/nomad.d/ssl/nomad-ca.pem"
+}
+
+variable "nomad_provider_cert_file" {
+  description = "A local file path to a PEM-encoded certificate."
+  type        = string
+  default     = "/etc/nomad.d/ssl/nomad-cli.pem"
+}
+
+variable "nomad_provider_key_file" {
+  description = "A local file path to a PEM-encoded private key."
+  type        = string
+  default     = "/etc/nomad.d/ssl/nomad-cli-key.pem"
+}
+
+variable "vault_provider_address" {
+  description = "Vault cluster address."
+  type        = string
+  default     = "http://10.30.51.23:8200"
+}
+
+variable "vault_provider_skip_tls_verify" {
+  description = "Verification of the Vault server's TLS certificate."
+  type        = bool
+  default     = false
+}
+
+variable "vault_provider_token" {
+  description = "Vault root token."
+  type        = string
+  sensitive   = true
+}
+\ No newline at end of file
diff --git a/fdio.infra.terraform/terraform-nomad-vpp-device/fdio/versions.tf b/fdio.infra.terraform/terraform-nomad-vpp-device/fdio/versions.tf
new file mode 100644
index 0000000000..82b792fd72
--- /dev/null
+++ b/fdio.infra.terraform/terraform-nomad-vpp-device/fdio/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    nomad = {
+      source  = "hashicorp/nomad"
+      version = ">= 1.4.19"
+    }
+  }
+  required_version = ">= 1.3.7"
+}
+\ No newline at end of file
diff --git a/fdio.infra.terraform/terraform-nomad-vpp-device/main.tf b/fdio.infra.terraform/terraform-nomad-vpp-device/main.tf
new file mode 100644
index 0000000000..2e67085714
--- /dev/null
+++ b/fdio.infra.terraform/terraform-nomad-vpp-device/main.tf
@@ -0,0 +1,19 @@
+locals {
+  datacenters = join(",", var.datacenters)
+}
+
+resource "nomad_job" "nomad_job_csit_shim" {
+  jobspec = templatefile(
+    "${path.module}/conf/nomad/vpp-device.hcl.tftpl",
+    {
+        datacenters   = local.datacenters
+        job_name      = var.job_name
+        group_count   = var.group_count
+        cpu           = var.cpu
+        mem           = var.memory
+        image_aarch64 = var.image_aarch64
+        image_x86_64  = var.image_x86_64
+    }
+  )
+  detach  = false
+}
+\ No newline at end of file
diff --git a/fdio.infra.terraform/terraform-nomad-vpp-device/variables.tf b/fdio.infra.terraform/terraform-nomad-vpp-device/variables.tf
new file mode 100644
index 0000000000..0a11e1da3b
--- /dev/null
+++ b/fdio.infra.terraform/terraform-nomad-vpp-device/variables.tf
@@ -0,0 +1,43 @@
+# Nomad
+variable "datacenters" {
+  description = "Specifies the list of DCs to be considered placing this task"
+  type        = list(string)
+  default     = ["dc1"]
+}
+
+# CSIT SHIM
+variable "job_name" {
+  description = "CSIT SHIM job name"
+  type        = string
+  default     = "prod-csit-shim"
+}
+
+variable "group_count" {
+  description = "Number of CSIT SHIM group instances"
+  type        = number
+  default     = 1
+}
+
+variable "cpu" {
+  description = "CSIT SHIM task CPU"
+  type        = number
+  default     = 2000
+}
+
+variable "memory" {
+  description = "CSIT SHIM task memory"
+  type        = number
+  default     = 10000
+}
+
+variable "image_aarch64" {
+  description = "CSIT SHIM AARCH64 docker image"
+  type        = string
+  default     = "fdiotools/csit_shim-ubuntu2004:prod-aarch64"
+}
+
+variable "image_x86_64" {
+  description = "CSIT SHIM X86_64 docker image"
+  type        = string
+  default     = "fdiotools/csit_shim-ubuntu2004:prod-x86_64"
+}
+\ No newline at end of file
diff --git a/fdio.infra.terraform/terraform-nomad-vpp-device/versions.tf b/fdio.infra.terraform/terraform-nomad-vpp-device/versions.tf
new file mode 100644
index 0000000000..a319c35908
--- /dev/null
+++ b/fdio.infra.terraform/terraform-nomad-vpp-device/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    nomad = {
+      source  = "hashicorp/nomad"
+      version = ">= 1.4.19"
+    }
+  }
+  required_version = ">= 1.3.7"
+}
author	pmikus <peter.mikus@protonmail.ch>	2024-01-25 07:37:31 +0000
committer	Peter Mikus <peter.mikus@protonmail.ch>	2024-01-25 07:44:34 +0000
commit	6067078db338b930972ad6f183a4c75d2cf9214a (patch)
tree	eb93118dc9c6a2b3ee742a5e4914e061ec581c65 /fdio.infra.terraform/terraform-nomad-vpp-device
parent	7b03d44e6761ee27a0fead3401f9b2d04d95f709 (diff)