1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
AWS Deployments
---------------
CSIT performance testbed deployments in AWS rely on
Infrastructure-as-a-C (IaaC) Terraform AWS providers. Terraform
providers specified in CSIT interact with resources provided by AWS to
orchestrate virtual environment for running CSIT performance tests. For
more information, see
`Terraform Registry aws <https://registry.terraform.io/providers/hashicorp/aws/latest/>`_.
Compatibility
~~~~~~~~~~~~~
+-----------+----------------+
| Software | OSS Version |
+===========+================+
| Terraform | 1.0.3 or newer |
+-----------+----------------+
| Vault | 1.8.4 or newer |
+-----------+----------------+
Requirements
~~~~~~~~~~~~
- Required Modules and Providers
- `Terraform Registry aws <https://registry.terraform.io/providers/hashicorp/aws/latest>`_.
- `Terraform Registry null <https://registry.terraform.io/providers/hashicorp/null/latest>`_.
- `Terraform Registry tls <https://registry.terraform.io/providers/hashicorp/tls>`_.
- `Terraform Registry vault <https://registry.terraform.io/providers/hashicorp/vault>`_.
- Required software
- `Vault <https://releases.hashicorp.com/vault/>`_ service available
on specified ip/port.
Usage
~~~~~
- OPTIONAL: Enable logging
- Terraform does not have logging enabled by default, to enable logging
to stderr, set up TF_LOG variable with specified loglevel.
- Available loglevels: TRACE, DEBUG, INFO, WARN, ERROR:
::
export TF_LOG="LOGLEVEL"
- It is also possible to store logged output to a file by setting up
TF_LOG_PATH variable:
::
export TF_LOG_PATH="path/to/logfile"
- Run Terraform in a given root module folder depending on chosen testbed
topology.
- Terraform will deploy and configure instances and other resources,
all of these resources can be later identified on AWS via
Environment tag.
- By default, Environment tag "CSIT-AWS" is used. Example:
::
cd fdio.infra.terraform/2n_aws_c5n/
terraform init
terraform plan
terraform apply
- This will deploy environment with default values, you can check the
defaults in `./2n_aws_c5n/main.tf` and `./2n_aws_c5n/variables.tf`
files.
- If you would like to change some of these values, you can:
- Set up TF_VAR_* environment variables prior to running 'terraform apply':
::
export TF_VAR_testbed_name="testbed1"
- Use '-var=varname=value' flag when running 'terraform apply':
::
terraform apply -var=testbed_name=testbed1
- Note: Only variables defined in `variables.tf` file of the root
module can be changed using these methods.
- To clean up the AWS environment and remove all used resources, run:
::
terraform destroy
Deployment Example
~~~~~~~~~~~~~~~~~~
Following is an example of a
`Terraform deploy module <https://git.fd.io/csit/tree/fdio.infra.terraform/2n_aws_c5n/main.tf>`_
for a CSIT 2-Node testbed topology with AWS variables set to default
values. A number of variables is also defined in a
`separate Terraform variable file <https://git.fd.io/csit/tree/fdio.infra.terraform/2n_aws_c5n/variables.tf>`_.
::
module "deploy" {
source = "./deploy"
# Parameters starting with var. can be set using "TF_VAR_*" environment
# variables or -var parameter when running "terraform apply", for default
# values see ./variables.tf
testbed_name = var.testbed_name
topology_name = var.topology_name
environment_name = var.environment_name
resources_name_prefix = var.resources_name_prefix
# AWS general
region = var.region
avail_zone = var.avail_zone
instance_type = var.instance_type
ami_image_tg = var.ami_image_tg
ami_image_sut = var.ami_image_sut
# AWS Network
vpc_cidr_mgmt = "192.168.0.0/24"
vpc_cidr_b = "192.168.10.0/24"
vpc_cidr_c = "200.0.0.0/24"
vpc_cidr_d = "192.168.20.0/24"
tg_mgmt_ip = "192.168.0.10"
dut1_mgmt_ip = "192.168.0.11"
tg_if1_ip = "192.168.10.254"
tg_if2_ip = "192.168.20.254"
dut1_if1_ip = "192.168.10.11"
dut1_if2_ip = "192.168.20.11"
trex_dummy_cidr_port_0 = "10.0.0.0/24"
trex_dummy_cidr_port_1 = "20.0.0.0/24"
# Ansible
ansible_python_executable = "/usr/bin/python3"
ansible_file_path = "../../fdio.infra.ansible/site.yaml"
ansible_topology_path = "../../fdio.infra.ansible/cloud_topology.yaml"
ansible_provision_pwd = "Csit1234"
# First run
first_run_commands = [
"sudo sed -i 's/^PasswordAuthentication/#PasswordAuthentication/' /etc/ssh/sshd_config",
"sudo systemctl restart sshd",
"sudo useradd --create-home -s /bin/bash provisionuser",
"echo 'provisionuser:Csit1234' | sudo chpasswd",
"echo 'provisionuser ALL = (ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers",
"sudo useradd --create-home -s /bin/bash testuser",
"echo 'testuser:Csit1234' | sudo chpasswd",
"echo 'testuser ALL = (ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers"
]
}
Secrets & Credentials
~~~~~~~~~~~~~~~~~~~~~
Set credentials manually
^^^^^^^^^^^^^^^^^^^^^^^^
To set the credentials manually you first need to tell the module to not
fetch credentials from Vault. To do that, set `provider "aws"`
`access_key` and `secret_key` to custom value or use credentials file
as a source.
::
provider "aws" {
region = var.region
access_key = data.vault_aws_access_credentials.creds.access_key
secret_key = data.vault_aws_access_credentials.creds.secret_key
}
|
