From 8605f3f406468f57bb9b2eac12a4421f65965300 Mon Sep 17 00:00:00 2001 From: vagrant Date: Tue, 4 Feb 2020 14:16:01 +0000 Subject: CSIT Azure integration + Terraform + Ansible Signed-off-by: Peter Mikus Change-Id: I353511c5ef39d8c8d43fedc61c8dbb30b4821e1b --- resources/tools/terraform/azure/.gitignore | 4 + resources/tools/terraform/azure/main.tf | 576 +++++++++++++++++++++++++++++ resources/tools/terraform/azure/nic.tf | 98 +++++ 3 files changed, 678 insertions(+) create mode 100644 resources/tools/terraform/azure/.gitignore create mode 100644 resources/tools/terraform/azure/main.tf create mode 100644 resources/tools/terraform/azure/nic.tf (limited to 'resources/tools/terraform') diff --git a/resources/tools/terraform/azure/.gitignore b/resources/tools/terraform/azure/.gitignore new file mode 100644 index 0000000000..fc64f0039f --- /dev/null +++ b/resources/tools/terraform/azure/.gitignore @@ -0,0 +1,4 @@ +.terraform/ +.terraform.tfstate.lock.info +terraform.tfstate +terraform.tfstate.backup diff --git a/resources/tools/terraform/azure/main.tf b/resources/tools/terraform/azure/main.tf new file mode 100644 index 0000000000..79fa456d23 --- /dev/null +++ b/resources/tools/terraform/azure/main.tf @@ -0,0 +1,576 @@ +provider "azurerm" { + version = ">= 1.4.0" +} + +# Variables + +variable "vpc_cidr_a" { + type = string + default = "172.16.0.0/24" +} + +variable "vpc_cidr_b" { + type = string + default = "192.168.10.0/24" +} + +variable "vpc_cidr_c" { + type = string + default = "200.0.0.0/24" +} + +variable "vpc_cidr_d" { + type = string + default = "192.168.20.0/24" +} + +variable "trex_dummy_cidr_port_0" { + type = string + default = "10.0.0.0/24" +} + +variable "trex_dummy_cidr_port_1" { + type = string + default = "20.0.0.0/24" +} + +# Create resource group and resources + +resource "azurerm_resource_group" "CSIT" { + name = "CSIT_pm" + location = "North Europe" +} + +resource "azurerm_virtual_network" "CSIT" { + name = "CSIT-network" + resource_group_name = azurerm_resource_group.CSIT.name + location = azurerm_resource_group.CSIT.location + address_space = [ var.vpc_cidr_a, + var.vpc_cidr_b, + var.vpc_cidr_c, + var.vpc_cidr_d ] + depends_on = [ azurerm_resource_group.CSIT ] +} + +resource "azurerm_subnet" "a" { + name = "subnet_a" + resource_group_name = azurerm_resource_group.CSIT.name + virtual_network_name = azurerm_virtual_network.CSIT.name + address_prefix = var.vpc_cidr_a + depends_on = [ azurerm_resource_group.CSIT ] +} + +resource "azurerm_subnet" "b" { + name = "subnet_b" + resource_group_name = azurerm_resource_group.CSIT.name + virtual_network_name = azurerm_virtual_network.CSIT.name + address_prefix = var.vpc_cidr_b + depends_on = [ azurerm_resource_group.CSIT ] +} + +resource "azurerm_subnet" "c" { + name = "subnet_c" + resource_group_name = azurerm_resource_group.CSIT.name + virtual_network_name = azurerm_virtual_network.CSIT.name + address_prefix = var.vpc_cidr_c + depends_on = [ azurerm_resource_group.CSIT ] +} + +resource "azurerm_subnet" "d" { + name = "subnet_d" + resource_group_name = azurerm_resource_group.CSIT.name + virtual_network_name = azurerm_virtual_network.CSIT.name + address_prefix = var.vpc_cidr_d + depends_on = [ azurerm_resource_group.CSIT ] +} + +# Create a security group of the Kiknos instances + +resource "azurerm_network_security_group" "CSIT" { + name = "CSIT" + resource_group_name = azurerm_resource_group.CSIT.name + location = azurerm_resource_group.CSIT.location + security_rule { + name = "IpSec" + priority = 100 + direction = "Inbound" + access = "Allow" + protocol = "Udp" + source_port_range = "*" + destination_port_range = "500" + source_address_prefix = "*" + destination_address_prefix = "*" + } + security_rule { + name = "IpSec-NAT" + priority = 101 + direction = "Inbound" + access = "Allow" + protocol = "Udp" + source_port_range = "*" + destination_port_range = "4500" + source_address_prefix = "*" + destination_address_prefix = "*" + } + security_rule { + name = "SSH" + priority = 102 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "22" + source_address_prefix = "*" + destination_address_prefix = "*" + } + security_rule { + name = "InboundAll" + priority = 103 + direction = "Inbound" + access = "Allow" + protocol = "*" + source_port_range = "*" + destination_port_range = "*" + source_address_prefix = "*" + destination_address_prefix = "*" + } + security_rule { + name = "Outbound" + priority = 104 + direction = "Outbound" + access = "Allow" + protocol = "*" + source_port_range = "*" + destination_port_range = "*" + source_address_prefix = "*" + destination_address_prefix = "*" + } + depends_on = [azurerm_virtual_network.CSIT] +} + +# Create public IPs + +resource "azurerm_public_ip" "tg_public_ip" { + name = "tg_public_ip" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + allocation_method = "Dynamic" + depends_on = [ azurerm_resource_group.CSIT ] +} + +resource "azurerm_public_ip" "dut1_public_ip" { + name = "dut1_public_ip" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + allocation_method = "Dynamic" + depends_on = [ azurerm_resource_group.CSIT ] +} + +resource "azurerm_public_ip" "dut2_public_ip" { + name = "dut2_public_ip" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + allocation_method = "Dynamic" + depends_on = [ azurerm_resource_group.CSIT ] +} + +# Create network interface + +resource "azurerm_network_interface" "tg_mng" { + name = "tg_mng" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + network_security_group_id = azurerm_network_security_group.CSIT.id + ip_configuration { + primary = "true" + name = "tg_mng_ip" + subnet_id = azurerm_subnet.a.id + private_ip_address_allocation = "Static" + private_ip_address = "172.16.0.10" + public_ip_address_id = azurerm_public_ip.tg_public_ip.id + } + depends_on = [ azurerm_resource_group.CSIT, + azurerm_subnet.a, + azurerm_public_ip.tg_public_ip ] +} + +resource "azurerm_network_interface" "dut1_mng" { + name = "dut1_mng" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + network_security_group_id = azurerm_network_security_group.CSIT.id + ip_configuration { + primary = "true" + name = "dut1_mng_ip" + subnet_id = azurerm_subnet.a.id + private_ip_address_allocation = "Static" + private_ip_address = "172.16.0.11" + public_ip_address_id = azurerm_public_ip.dut1_public_ip.id + } + depends_on = [ azurerm_resource_group.CSIT, + azurerm_subnet.a, + azurerm_public_ip.dut1_public_ip ] +} + +resource "azurerm_network_interface" "dut2_mng" { + name = "dut2_mng" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + network_security_group_id = azurerm_network_security_group.CSIT.id + ip_configuration { + primary = "true" + name = "dut2_mng_ip" + subnet_id = azurerm_subnet.a.id + private_ip_address_allocation = "Static" + private_ip_address = "172.16.0.12" + public_ip_address_id = azurerm_public_ip.dut2_public_ip.id + } + depends_on = [ azurerm_resource_group.CSIT, + azurerm_subnet.a, + azurerm_public_ip.dut2_public_ip ] +} + +resource "azurerm_route_table" "b" { + name = "b" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + depends_on = [ azurerm_resource_group.CSIT, + azurerm_subnet.b ] + disable_bgp_route_propagation = false + route { + name = "route-10" + address_prefix = "10.0.0.0/24" + next_hop_type = "VirtualAppliance" + next_hop_in_ip_address = "192.168.10.254" + } + route { + name = "route-20" + address_prefix = "20.0.0.0/24" + next_hop_type = "VirtualAppliance" + next_hop_in_ip_address = "192.168.10.11" + } + route { + name = "tg2" + address_prefix = "192.168.20.0/24" + next_hop_type = "VirtualAppliance" + next_hop_in_ip_address = "192.168.10.11" + } +} + +resource "azurerm_route_table" "c" { + name = "c" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + depends_on = [ azurerm_resource_group.CSIT, + azurerm_subnet.c ] + disable_bgp_route_propagation = false + route { + name = "route-10" + address_prefix = "10.0.0.0/24" + next_hop_type = "VirtualAppliance" + next_hop_in_ip_address = "200.0.0.101" + } + route { + name = "route-20" + address_prefix = "20.0.0.0/24" + next_hop_type = "VirtualAppliance" + next_hop_in_ip_address = "200.0.0.102" + } + route { + name = "tg1" + address_prefix = "192.168.10.0/24" + next_hop_type = "VirtualAppliance" + next_hop_in_ip_address = "200.0.0.101" + } + route { + name = "tg2" + address_prefix = "192.168.20.0/24" + next_hop_type = "VirtualAppliance" + next_hop_in_ip_address = "200.0.0.102" + } +} + +resource "azurerm_route_table" "d" { + name = "d" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + depends_on = [ azurerm_resource_group.CSIT, + azurerm_subnet.d ] + disable_bgp_route_propagation = false + route { + name = "route-10" + address_prefix = "10.0.0.0/24" + next_hop_type = "VirtualAppliance" + next_hop_in_ip_address = "192.168.20.11" + } + route { + name = "route-20" + address_prefix = "20.0.0.0/24" + next_hop_type = "VirtualAppliance" + next_hop_in_ip_address = "192.168.20.254" + } + route { + name = "tg1" + address_prefix = "192.168.10.0/24" + next_hop_type = "VirtualAppliance" + next_hop_in_ip_address = "192.168.20.11" + } +} + +resource "azurerm_subnet_route_table_association" "b" { + subnet_id = azurerm_subnet.b.id + route_table_id = azurerm_route_table.b.id +} + +resource "azurerm_subnet_route_table_association" "c" { + subnet_id = azurerm_subnet.c.id + route_table_id = azurerm_route_table.c.id +} + +resource "azurerm_subnet_route_table_association" "d" { + subnet_id = azurerm_subnet.d.id + route_table_id = azurerm_route_table.d.id +} + +resource "azurerm_virtual_machine" "tg" { + name = "tg" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + primary_network_interface_id = azurerm_network_interface.tg_mng.id + network_interface_ids = [ azurerm_network_interface.tg_mng.id, + azurerm_network_interface.tg_if1.id, + azurerm_network_interface.tg_if2.id ] + vm_size = "Standard_F32s_v2" + delete_os_disk_on_termination = true + delete_data_disks_on_termination = true + storage_os_disk { + name = "OsDiskTG" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "StandardSSD_LRS" + } + storage_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "18.04-LTS" + version = "latest" + } + os_profile { + computer_name = "tg" + admin_username = "testuser" + admin_password = "Csit1234" + } + os_profile_linux_config { + disable_password_authentication = false + ssh_keys { + path = "/home/testuser/.ssh/authorized_keys" + key_data = file("~/.ssh/id_rsa.pub") + } + } + depends_on = [ azurerm_resource_group.CSIT, + azurerm_network_interface.tg_mng ] +} + +resource "azurerm_virtual_machine" "dut1" { + name = "dut1" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + primary_network_interface_id = azurerm_network_interface.dut1_mng.id + network_interface_ids = [ azurerm_network_interface.dut1_mng.id, + azurerm_network_interface.dut1_if1.id, + azurerm_network_interface.dut1_if2.id ] + vm_size = "Standard_F32s_v2" + delete_os_disk_on_termination = true + delete_data_disks_on_termination = true + storage_os_disk { + name = "OsDiskDUT1" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "StandardSSD_LRS" + } + storage_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "18.04-LTS" + version = "latest" + } + os_profile { + computer_name = "dut1" + admin_username = "testuser" + admin_password = "Csit1234" + } + os_profile_linux_config { + disable_password_authentication = false + ssh_keys { + path = "/home/testuser/.ssh/authorized_keys" + key_data = file("~/.ssh/id_rsa.pub") + } + } + depends_on = [ azurerm_resource_group.CSIT, + azurerm_network_interface.dut1_mng ] +} + +resource "azurerm_virtual_machine" "dut2" { + name = "dut2" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + primary_network_interface_id = azurerm_network_interface.dut2_mng.id + network_interface_ids = [ azurerm_network_interface.dut2_mng.id, + azurerm_network_interface.dut2_if1.id, + azurerm_network_interface.dut2_if2.id ] + vm_size = "Standard_F32s_v2" + delete_os_disk_on_termination = true + delete_data_disks_on_termination = true + storage_os_disk { + name = "OsDiskDUT2" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "StandardSSD_LRS" + } + storage_image_reference { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "18.04-LTS" + version = "latest" + } + os_profile { + computer_name = "dut2" + admin_username = "testuser" + admin_password = "Csit1234" + } + os_profile_linux_config { + disable_password_authentication = false + ssh_keys { + path = "/home/testuser/.ssh/authorized_keys" + key_data = file("~/.ssh/id_rsa.pub") + } + } + depends_on = [ azurerm_resource_group.CSIT, + azurerm_network_interface.dut2_mng ] +} + +data "azurerm_public_ip" "tg_public_ip" { + name = "tg_public_ip" + resource_group_name = azurerm_resource_group.CSIT.name + depends_on = [ azurerm_virtual_machine.tg ] +} + +data "azurerm_public_ip" "dut1_public_ip" { + name = "dut1_public_ip" + resource_group_name = azurerm_resource_group.CSIT.name + depends_on = [ azurerm_virtual_machine.dut1 ] +} + +data "azurerm_public_ip" "dut2_public_ip" { + name = "dut2_public_ip" + resource_group_name = azurerm_resource_group.CSIT.name + depends_on = [ azurerm_virtual_machine.dut2 ] +} + +# Provisioning + +resource "null_resource" "deploy_tg" { + depends_on = [ azurerm_virtual_machine.tg, + azurerm_network_interface.tg_if1, + azurerm_network_interface.tg_if2 ] + connection { + user = "testuser" + host = data.azurerm_public_ip.tg_public_ip.ip_address + } + provisioner "ansible" { + plays { + playbook { + file_path = "../../testbed-setup/ansible/site_azure.yaml" + force_handlers = true + } + hosts = ["tg"] + extra_vars = { + ansible_python_interpreter = "python3" + azure = true + remote_net = var.vpc_cidr_d + tg_if1_mac = azurerm_network_interface.tg_if1.mac_address + tg_if2_mac = azurerm_network_interface.tg_if2.mac_address + dut1_if1_mac = azurerm_network_interface.dut1_if1.mac_address + dut1_if2_mac = azurerm_network_interface.dut1_if2.mac_address + dut2_if1_mac = azurerm_network_interface.dut2_if1.mac_address + dut2_if2_mac = azurerm_network_interface.dut2_if2.mac_address + dut1_if1_ip = azurerm_network_interface.dut1_if1.private_ip_address + dut2_if2_ip = azurerm_network_interface.dut2_if2.private_ip_address + } + } + } +} + +resource "null_resource" "deploy_dut1" { + depends_on = [ azurerm_virtual_machine.dut1, + azurerm_network_interface.dut1_if1, + azurerm_network_interface.dut1_if2 ] + connection { + user = "testuser" + host = data.azurerm_public_ip.dut1_public_ip.ip_address + } + provisioner "ansible" { + plays { + playbook { + file_path = "../../testbed-setup/ansible/site_azure.yaml" + force_handlers = true + } + hosts = ["sut"] + extra_vars = { + ansible_python_interpreter = "python3" + azure = true + dut1_if1_ip = azurerm_network_interface.dut1_if1.private_ip_address + dut1_if1_mac = azurerm_network_interface.dut1_if1.mac_address + dut1_if2_ip = azurerm_network_interface.dut1_if2.private_ip_address + dut1_if2_mac = azurerm_network_interface.dut1_if2.mac_address + dut2_if2_ip = azurerm_network_interface.dut2_if1.private_ip_address + dut2_if1_gateway = azurerm_network_interface.dut2_if1.private_ip_address + traffic_if1 = var.trex_dummy_cidr_port_0 + traffic_if2 = var.trex_dummy_cidr_port_1 + } + } + } +} + +resource "null_resource" "deploy_dut2" { + depends_on = [ azurerm_virtual_machine.dut2, + azurerm_network_interface.dut2_if1, + azurerm_network_interface.dut2_if2 ] + connection { + user = "testuser" + host = data.azurerm_public_ip.dut2_public_ip.ip_address + } + provisioner "ansible" { + plays { + playbook { + file_path = "../../testbed-setup/ansible/site_azure.yaml" + force_handlers = true + } + hosts = ["sut"] + extra_vars = { + ansible_python_interpreter = "python3" + azure = true + dut2_if1_ip = azurerm_network_interface.dut2_if1.private_ip_address + dut2_if1_mac = azurerm_network_interface.dut2_if1.mac_address + dut2_if2_ip = azurerm_network_interface.dut2_if2.private_ip_address + dut2_if2_mac = azurerm_network_interface.dut2_if2.mac_address + dut1_if2_ip = azurerm_network_interface.dut1_if2.private_ip_address + dut1_if2_gateway = azurerm_network_interface.dut1_if2.private_ip_address + traffic_if1 = var.trex_dummy_cidr_port_0 + traffic_if2 = var.trex_dummy_cidr_port_1 + } + } + } +} + +output "dbg_tg" { + value = "TG IP: ${data.azurerm_public_ip.tg_public_ip.ip_address}" +} + +output "dbg_dut1" { + value = "DUT1 IP: ${data.azurerm_public_ip.dut1_public_ip.ip_address}" +} + +output "dbg_dut2" { + value = "DUT2 IP: ${data.azurerm_public_ip.dut2_public_ip.ip_address}" +} diff --git a/resources/tools/terraform/azure/nic.tf b/resources/tools/terraform/azure/nic.tf new file mode 100644 index 0000000000..c2597571b1 --- /dev/null +++ b/resources/tools/terraform/azure/nic.tf @@ -0,0 +1,98 @@ +# Create a network interface for the data-plane traffic + +resource "azurerm_network_interface" "dut1_if2" { + name = "dut1_if2" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + network_security_group_id = azurerm_network_security_group.CSIT.id + enable_ip_forwarding = "true" + enable_accelerated_networking = "true" + + ip_configuration { + name = "dut1_if2" + subnet_id = azurerm_subnet.c.id + private_ip_address_allocation = "Static" + private_ip_address = "200.0.0.101" + } +} + +resource "azurerm_network_interface" "dut2_if1" { + name = "dut2_if1" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + network_security_group_id = azurerm_network_security_group.CSIT.id + enable_ip_forwarding = "true" + enable_accelerated_networking = "true" + + ip_configuration { + name = "dut2_if1" + subnet_id = azurerm_subnet.c.id + private_ip_address_allocation = "Static" + private_ip_address = "200.0.0.102" + } +} + +resource "azurerm_network_interface" "dut1_if1" { + name = "dut1_if1" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + network_security_group_id = azurerm_network_security_group.CSIT.id + enable_ip_forwarding = "true" + enable_accelerated_networking = "true" + + ip_configuration { + name = "dut1_if1" + subnet_id = azurerm_subnet.b.id + private_ip_address_allocation = "Static" + private_ip_address = "192.168.10.11" + } +} + +resource "azurerm_network_interface" "dut2_if2" { + name = "dut2_if2" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + network_security_group_id = azurerm_network_security_group.CSIT.id + enable_ip_forwarding = "true" + enable_accelerated_networking = "true" + + ip_configuration { + name = "dut2_if2" + subnet_id = azurerm_subnet.d.id + private_ip_address_allocation = "Static" + private_ip_address = "192.168.20.11" + } +} + +resource "azurerm_network_interface" "tg_if1" { + name = "tg_if1" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + network_security_group_id = azurerm_network_security_group.CSIT.id + enable_ip_forwarding = "true" + enable_accelerated_networking = "true" + + ip_configuration { + name = "tg1" + subnet_id = azurerm_subnet.b.id + private_ip_address_allocation = "Static" + private_ip_address = "192.168.10.254" + } +} + +resource "azurerm_network_interface" "tg_if2" { + name = "tg_if2" + location = azurerm_resource_group.CSIT.location + resource_group_name = azurerm_resource_group.CSIT.name + network_security_group_id = azurerm_network_security_group.CSIT.id + enable_ip_forwarding = "true" + enable_accelerated_networking = "true" + + ip_configuration { + name = "tg2" + subnet_id = azurerm_subnet.d.id + private_ip_address_allocation = "Static" + private_ip_address = "192.168.20.254" + } +} + -- cgit 1.2.3-korg