From c81979ab0a9991b4d0e355c39aa8d55ab1b7ff69 Mon Sep 17 00:00:00 2001 From: yoonsoonjahng Date: Tue, 24 Nov 2020 22:12:54 -0500 Subject: Initial Terragrunt files to separate Terraform codes Issue-ID: INT-1780 Change-Id: Ia23de2a11a31b4d2c9dc4800e45a27b035639ede Signed-off-by: yoonsoonjahng --- README.md | 127 +++++++++++++++++++++ openlab/RegionOne/region.hcl | 5 + .../stage/compute/control/control-plane.sh | 33 ++++++ .../RegionOne/stage/compute/control/terragrunt.hcl | 35 ++++++ .../stage/compute/nfsserver/nfs-server.sh | 20 ++++ .../stage/compute/nfsserver/terragrunt.hcl | 35 ++++++ .../RegionOne/stage/compute/worker/terragrunt.hcl | 35 ++++++ .../RegionOne/stage/compute/worker/worker-node.sh | 36 ++++++ openlab/RegionOne/stage/concourse/terragrunt.hcl | 23 ++++ openlab/RegionOne/stage/env.hcl | 32 ++++++ openlab/RegionOne/stage/keycloak/terragrunt.hcl | 30 +++++ openlab/RegionOne/stage/keypair/terragrunt.hcl | 22 ++++ openlab/RegionOne/stage/kubernetes/terragrunt.hcl | 52 +++++++++ openlab/RegionOne/stage/network/terragrunt.hcl | 22 ++++ openlab/RegionOne/stage/rancher/terragrunt.hcl | 42 +++++++ .../RegionOne/stage/securitygroup/terragrunt.hcl | 20 ++++ .../test/compute/control/control-plane.sh | 33 ++++++ .../RegionOne/test/compute/control/terragrunt.hcl | 35 ++++++ .../RegionOne/test/compute/nfsserver/nfs-server.sh | 20 ++++ .../test/compute/nfsserver/terragrunt.hcl | 35 ++++++ .../RegionOne/test/compute/worker/terragrunt.hcl | 35 ++++++ .../RegionOne/test/compute/worker/worker-node.sh | 36 ++++++ openlab/RegionOne/test/concourse/terragrunt.hcl | 23 ++++ openlab/RegionOne/test/env.hcl | 32 ++++++ openlab/RegionOne/test/keycloak/terragrunt.hcl | 30 +++++ openlab/RegionOne/test/keypair/terragrunt.hcl | 22 ++++ openlab/RegionOne/test/kubernetes/terragrunt.hcl | 52 +++++++++ openlab/RegionOne/test/network/terragrunt.hcl | 22 ++++ openlab/RegionOne/test/rancher/terragrunt.hcl | 42 +++++++ .../RegionOne/test/securitygroup/terragrunt.hcl | 20 ++++ openlab/account.hcl | 11 ++ openlab/terragrunt.hcl | 64 +++++++++++ 32 files changed, 1081 insertions(+) create mode 100644 README.md create mode 100644 openlab/RegionOne/region.hcl create mode 100644 openlab/RegionOne/stage/compute/control/control-plane.sh create mode 100644 openlab/RegionOne/stage/compute/control/terragrunt.hcl create mode 100644 openlab/RegionOne/stage/compute/nfsserver/nfs-server.sh create mode 100644 openlab/RegionOne/stage/compute/nfsserver/terragrunt.hcl create mode 100644 openlab/RegionOne/stage/compute/worker/terragrunt.hcl create mode 100644 openlab/RegionOne/stage/compute/worker/worker-node.sh create mode 100644 openlab/RegionOne/stage/concourse/terragrunt.hcl create mode 100644 openlab/RegionOne/stage/env.hcl create mode 100644 openlab/RegionOne/stage/keycloak/terragrunt.hcl create mode 100644 openlab/RegionOne/stage/keypair/terragrunt.hcl create mode 100644 openlab/RegionOne/stage/kubernetes/terragrunt.hcl create mode 100644 openlab/RegionOne/stage/network/terragrunt.hcl create mode 100644 openlab/RegionOne/stage/rancher/terragrunt.hcl create mode 100644 openlab/RegionOne/stage/securitygroup/terragrunt.hcl create mode 100644 openlab/RegionOne/test/compute/control/control-plane.sh create mode 100644 openlab/RegionOne/test/compute/control/terragrunt.hcl create mode 100644 openlab/RegionOne/test/compute/nfsserver/nfs-server.sh create mode 100644 openlab/RegionOne/test/compute/nfsserver/terragrunt.hcl create mode 100644 openlab/RegionOne/test/compute/worker/terragrunt.hcl create mode 100644 openlab/RegionOne/test/compute/worker/worker-node.sh create mode 100644 openlab/RegionOne/test/concourse/terragrunt.hcl create mode 100644 openlab/RegionOne/test/env.hcl create mode 100644 openlab/RegionOne/test/keycloak/terragrunt.hcl create mode 100644 openlab/RegionOne/test/keypair/terragrunt.hcl create mode 100644 openlab/RegionOne/test/kubernetes/terragrunt.hcl create mode 100644 openlab/RegionOne/test/network/terragrunt.hcl create mode 100644 openlab/RegionOne/test/rancher/terragrunt.hcl create mode 100644 openlab/RegionOne/test/securitygroup/terragrunt.hcl create mode 100644 openlab/account.hcl create mode 100644 openlab/terragrunt.hcl diff --git a/README.md b/README.md new file mode 100644 index 0000000..ed1dda0 --- /dev/null +++ b/README.md @@ -0,0 +1,127 @@ +# Infrastructure as code for OpenStack deployment of ONAP + +## Build your infrastructure with Terragrunt(Terraform) for ONAP + +Preparing ONAP for deployment requires Openstack VMs with Kubernetes and helm installed. +Building underlying infrastructure for ONAP with Openstack GUI or command-line interfaces is not only time-consuming but also prone to mistakes. +By providing Infrastructure as Code for deploying ONAP, building and managing the underlying infrastructure become simpler and easier. +This [link](https://docs.onap.org/en/casablanca/submodules/oom.git/docs/oom_setup_kubernetes_rancher.html#onap-on-kubernetes-with-rancher) shows how to set up the underlying infrastructure with Openstack GUI and Command line tool. + +This Terragrunt(Terraform) code provides the same infrastructure as you would create through the process outlined in the link above. + +## Directory structure + +``` +openlab # Terragrunt scripts to feed configuration into the Terraform modules + └ RegionOne # For multi regions. e.g, us-east-1 + | └ stage # Environment specific configuration. e.g, QA/Stage/Prod + | └ resource + └ RegionTwo # For multi regions. e.g, us-east-1 + └ test # Environment specific configuration. e.g, QA/Stage/Prod + └ resource +``` + +Infrastrucuture is organized hierarchically in folders. +The root level folder represents an account for clouds such as Openstack or AWS. +The second and third levels represent the region in a cloud and environment under the region respectively. + +### Preparation + +1. You need a cloud storage bucket to store an intermediate state for your infrastructure. The remote state enables your team to work together as well. We tested this code using a Google Storage bucket. You can choose AWS S3 as well as others. + +2. Openstack is the primary target for this code. We tested this code onto Openstack v3.8 (Ocata) + We deployed VMs and K8s with the scripts and after that we deployed ONAP Frankfurt version with OOM. + +### Usage + +#### Set up environment variables for your target cloud. + +1. You need to export cloud storage credential. + For instance, if you use Google Storage bucket, you can download the credentials from Google UI or the command-line tool. + Go to Google Cloud project's `IAM & Admin` menu and choose the service account associated with the storage. + You can export the credential as a JSON formatted file. Then + `export GOOGLE_APPLICATION_CREDENTIALS=/path/to/credential-file`. + Please, refer to the following [link](https://cloud.google.com/iam/docs/creating-managing-service-account-keys). + +2. you need to export Openstack credentials. You can use the openstack.rc file downloaded from your Openstack project. + Please, refer to the following [link](https://docs.openstack.org/ocata/user-guide/common/cli-set-environment-variables-using-openstack-rc.html) for details. + +3. expose your KUBECONFIG environmental variable. kube_config_cluster.yaml file will be created under the stage directory. This file contains + the login credential for the new Kubernetes cluster. You have to provide the full path of the kube_config_cluster.yaml file. + +4. check all the environmental variables are set with the `env` command. + For example, + +``` +GOOGLE_APPLICATION_CREDENTIALS=/path/to/google_credential + +password=OpenstackPassowrd + +user_name=OpenstackUser + +auth_url=http://x.x.x.x:.. + +project_id=12345667 + +KUBECONFIG=/path/to/terragrunt/openlab/RegionOne/stage/kube_config_cluster.yaml +``` + +#### Fill in files + +- `account.hcl`: Top-level configuration for a cloud account. +- `region.hcl`: The second level configuration for a region within the cloud +- `env.hcl`: The third level configuration for an environment within the region +- `terragrunt.hcl`: files under the compute directory. Since Kubernetes deployment needs 2 types of nodes (control and worker) plus 1 NFS cluster, these files under the compute directory contain the configuration for Kubernentes and NFS nodes + +#### Building all modules for an environment + +Move to an environmental level folder, e.g stage. +Then run `terragrunt apply-all` followed by `terraform init` + +Terraform version 0.13 is required. + +https://github.com/gruntwork-io/terragrunt-infrastructure-live-example#deploying-all-modules-in-a-region + +If you have multiple environments, you have to have a directory for it. Stage directory contains subdirectories for underlying infrastructure. +You can simple copy the stage directory and paste it under RegionOne directory. If your cluster runs in a different region, you have to change the name of RegionOne into the region where your cluster runs. + +#### Updating infrastructure version + +Infrastructure may evolve. You can use existing infrastructure as it is or updating the infrastructure to meet a new requirement. +To deploy a different version of infrastructure, you can change a tag of `source` module version. +Please, refer to the below document. +If you like to test a new module (Terraform code) with Terragrunt, you just need to change the source attribute within Terrafrom block in each terragurnt.hcl file. +[link](https://www.terraform.io/docs/modules/sources.html#generic-git-repository) + +#### Using Kubernetes and helm + +Please, refer to [link](https://github.com/gruntwork-io/terragrunt-infrastructure-live-example#example-infrastructure-live-for-terragrunt) + +#### Obtaining your KUBECONFIG + +Finally, You need to export Kubernenetes credentials. +This credential is used when Helm service account is created. +For example, `export KUBECONFIG=/path/to/kube_config_cluster.yaml` +In default, `kube_config_cluster.yaml` will be created under `path/to/openlab/RegionOne/stage` directory once you run `terragrunt apply-all` + +## Google Cloud Backend for Terraform + +To use the Google Cloud Storage backend for Terraform -- it stores state and manages locking -- you'll need to install the Google Cloud SDK. Follow the instructions here https://cloud.google.com/sdk. +You can do this task with Google Cloud's Web. + +1. Create a service account + gcloud iam service-accounts create `service-account-name` + +2. Binding the service account with a role + gcloud projects add-iam-policy-binding `project id` --member "serviceAccount:service-account-name-above@project-id.iam.gserviceaccount.com" --role "roles/proper-role-such-as-storage-user" + +3. To create a key for the service account created above + gcloud iam service-accounts keys create account.json --iam-account \`service-account-name-above@project-id.iam.gserviceaccount.com + +4. Create a storage bucket + gsutil mb -p project-id gs://storage-bucket-name + +## Secrets + +How to hide your secret and provide it via a key management tool. Please, refer to the link below. +Refer to https://nderraugh.github.io/ diff --git a/openlab/RegionOne/region.hcl b/openlab/RegionOne/region.hcl new file mode 100644 index 0000000..dbb3c91 --- /dev/null +++ b/openlab/RegionOne/region.hcl @@ -0,0 +1,5 @@ +# Set common variables for the region. This is automatically pulled in in the root terragrunt.hcl configuration to +# configure the remote state bucket and pass forward to the child modules as inputs. +locals { + region = "RegionOne" +} \ No newline at end of file diff --git a/openlab/RegionOne/stage/compute/control/control-plane.sh b/openlab/RegionOne/stage/compute/control/control-plane.sh new file mode 100644 index 0000000..881f651 --- /dev/null +++ b/openlab/RegionOne/stage/compute/control/control-plane.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +DOCKER_VERSION=18.09.5 + +export DEBIAN_FRONTEND=noninteractive + +apt-get update + +curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh +mkdir -p /etc/systemd/system/docker.service.d/ +cat > /etc/systemd/system/docker.service.d/docker.conf << EOF +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001 +EOF + +sudo usermod -aG docker ubuntu + +systemctl daemon-reload +systemctl restart docker +apt-mark hold docker-ce + +IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` +HOSTNAME=`hostname` + +echo "$IP_ADDR $HOSTNAME" >> /etc/hosts + +docker login -u docker -p docker nexus3.onap.org:10001 + +sudo apt-get install make -y + + +exit 0 \ No newline at end of file diff --git a/openlab/RegionOne/stage/compute/control/terragrunt.hcl b/openlab/RegionOne/stage/compute/control/terragrunt.hcl new file mode 100644 index 0000000..fadd4c9 --- /dev/null +++ b/openlab/RegionOne/stage/compute/control/terragrunt.hcl @@ -0,0 +1,35 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + network = local.env_vars.locals.network +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/openstack/compute" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../../keypair", "../../network", "../../securitygroup"] +} + +inputs = { + + environment = local.environment + cluster_name = "${local.region}-${local.environment}" + + node_name = "control-node" + image = "ubuntu-18.04" + flavor = "m1.xlarge" + floating_ip_pool = "external" + # Read as File stream + user_data = file("control-plane.sh") + node_count = 3 +} diff --git a/openlab/RegionOne/stage/compute/nfsserver/nfs-server.sh b/openlab/RegionOne/stage/compute/nfsserver/nfs-server.sh new file mode 100644 index 0000000..127a554 --- /dev/null +++ b/openlab/RegionOne/stage/compute/nfsserver/nfs-server.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +export DEBIAN_FRONTEND=noninteractive + +apt-get update + +IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` +HOSTNAME=`hostname` + +echo "$IP_ADDR $HOSTNAME" >> /etc/hosts + +sudo apt-get install make -y + +# nfs server +sudo apt-get install nfs-kernel-server -y + +sudo mkdir -p /nfs_share +sudo chown nobody:nogroup /nfs_share/ + +exit 0 \ No newline at end of file diff --git a/openlab/RegionOne/stage/compute/nfsserver/terragrunt.hcl b/openlab/RegionOne/stage/compute/nfsserver/terragrunt.hcl new file mode 100644 index 0000000..9d0a213 --- /dev/null +++ b/openlab/RegionOne/stage/compute/nfsserver/terragrunt.hcl @@ -0,0 +1,35 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + network = local.env_vars.locals.network +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/openstack/compute" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../../keypair", "../../network", "../../securitygroup"] +} + +inputs = { + + environment = local.environment + cluster_name = "${local.region}-${local.environment}" + + node_name = "nfsserver" + image = "ubuntu-18.04" + flavor = "m1.xlarge" + floating_ip_pool = "external" + # Read as File stream + user_data = file("nfs-server.sh") + node_count = 1 +} diff --git a/openlab/RegionOne/stage/compute/worker/terragrunt.hcl b/openlab/RegionOne/stage/compute/worker/terragrunt.hcl new file mode 100644 index 0000000..b57276a --- /dev/null +++ b/openlab/RegionOne/stage/compute/worker/terragrunt.hcl @@ -0,0 +1,35 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + network = local.env_vars.locals.network +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/openstack/compute" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../../keypair", "../../network", "../../securitygroup"] +} + +inputs = { + + environment = local.environment + cluster_name = "${local.region}-${local.environment}" + + node_name = "worker-node" + image = "ubuntu-18.04" + flavor = "m1.xlarge" + floating_ip_pool = "external" + # Read as File stream + user_data = file("worker-node.sh") + node_count = 3 +} diff --git a/openlab/RegionOne/stage/compute/worker/worker-node.sh b/openlab/RegionOne/stage/compute/worker/worker-node.sh new file mode 100644 index 0000000..4c0d52a --- /dev/null +++ b/openlab/RegionOne/stage/compute/worker/worker-node.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +DOCKER_VERSION=18.09.5 + +export DEBIAN_FRONTEND=noninteractive + +apt-get update + +curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh +mkdir -p /etc/systemd/system/docker.service.d/ +cat > /etc/systemd/system/docker.service.d/docker.conf << EOF +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001 +EOF + +sudo usermod -aG docker ubuntu + +systemctl daemon-reload +systemctl restart docker +apt-mark hold docker-ce + +IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` +HOSTNAME=`hostname` + +echo "$IP_ADDR $HOSTNAME" >> /etc/hosts + +docker login -u docker -p docker nexus3.onap.org:10001 + +sudo apt-get install make -y + +# install nfs +sudo apt-get install nfs-common -y + + +exit 0 \ No newline at end of file diff --git a/openlab/RegionOne/stage/concourse/terragrunt.hcl b/openlab/RegionOne/stage/concourse/terragrunt.hcl new file mode 100644 index 0000000..e5b9a93 --- /dev/null +++ b/openlab/RegionOne/stage/concourse/terragrunt.hcl @@ -0,0 +1,23 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + concourse_enabled = local.env_vars.locals.concourse_enabled +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/cicd/concourse" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../kubernetes"] +} + +inputs = { + concourse_enabled = local.concourse_enabled + +} diff --git a/openlab/RegionOne/stage/env.hcl b/openlab/RegionOne/stage/env.hcl new file mode 100644 index 0000000..8a2d58e --- /dev/null +++ b/openlab/RegionOne/stage/env.hcl @@ -0,0 +1,32 @@ +# Set common variables for the environment. This is automatically pulled in in the root terragrunt.hcl configuration to +# feed forward to the child modules. +locals { + environment = "stage" # name of the environment you use. e.g stage, prod or qa + network = "" # name of the network to connect with the Internet + + # Rancher and Kubernetes + # To access a VM, 'ssh -i ssh_private_key_path kubernetes_user@one-of-the-external-ips' + # a key pair for accessing VMs + ssh_public_key = "" + ssh_private_key_path = "" + + kubernetes_version = "v1.17.3-rancher1-1" + kubernetes_user = "ubuntu" + kubernetes_cluster_name = "rke_cluster" + + kubernetes_home = "${get_parent_terragrunt_dir()}" + + # Helm + service_account = "tiller" + namespace = "kube-system" + + # NFS provisioner for kubernetes + nfs_enabled = true + + # Keycloak + keycloak_enabled = false + olm_version = "0.16.1" # Version of Operator Lifecycle Manager + + # Concourse CICD + concourse_enabled = false +} \ No newline at end of file diff --git a/openlab/RegionOne/stage/keycloak/terragrunt.hcl b/openlab/RegionOne/stage/keycloak/terragrunt.hcl new file mode 100644 index 0000000..61f2208 --- /dev/null +++ b/openlab/RegionOne/stage/keycloak/terragrunt.hcl @@ -0,0 +1,30 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + keycloak_enabled = local.env_vars.locals.keycloak_enabled + kubernetes_home = local.env_vars.locals.kubernetes_home + olm_version = local.env_vars.locals.olm_version +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/kubernetes/keycloak" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../kubernetes"] +} + + +inputs = { + keycloak_enabled = local.keycloak_enabled + kubernetes_home = local.kubernetes_home + olm_version = local.olm_version + crds_yaml = "https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${local.olm_version}/crds.yaml" + olm_yaml = "https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${local.olm_version}/olm.yaml" +} diff --git a/openlab/RegionOne/stage/keypair/terragrunt.hcl b/openlab/RegionOne/stage/keypair/terragrunt.hcl new file mode 100644 index 0000000..fe6500c --- /dev/null +++ b/openlab/RegionOne/stage/keypair/terragrunt.hcl @@ -0,0 +1,22 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + ssh_public_key = local.env_vars.locals.ssh_public_key +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/openstack/keypair" +} + +include { + path = find_in_parent_folders() +} + +inputs = { + cluster_name = "${local.region}-${local.environment}" + ssh_public_key = local.ssh_public_key +} diff --git a/openlab/RegionOne/stage/kubernetes/terragrunt.hcl b/openlab/RegionOne/stage/kubernetes/terragrunt.hcl new file mode 100644 index 0000000..63b44fd --- /dev/null +++ b/openlab/RegionOne/stage/kubernetes/terragrunt.hcl @@ -0,0 +1,52 @@ +locals { + # Automatically load account-level variables + account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + backend = local.account_vars.locals.backend + backend_state = local.account_vars.locals.backend_state + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + ssh_private_key_path = local.env_vars.locals.ssh_private_key_path + + kubernetes_user = local.env_vars.locals.kubernetes_user + kubernetes_cluster_name = local.env_vars.locals.kubernetes_cluster_name + kubernetes_home = local.env_vars.locals.kubernetes_home + + # NFS + nfs_enabled = local.env_vars.locals.nfs_enabled + + # Helm + service_account = local.env_vars.locals.service_account + namespace = local.env_vars.locals.namespace +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/kubernetes/kubernetes" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../rancher"] +} + +inputs = { + backend = local.backend + backend_state = local.backend_state + region = local.region + environment = local.environment + ssh_private_key_path = local.ssh_private_key_path + + kubernetes_user = local.kubernetes_user + kubernetes_cluster_name = local.kubernetes_cluster_name + kubernetes_home = local.kubernetes_home + + nfs_enabled = local.nfs_enabled + + service_account = local.service_account + namespace = local.namespace +} \ No newline at end of file diff --git a/openlab/RegionOne/stage/network/terragrunt.hcl b/openlab/RegionOne/stage/network/terragrunt.hcl new file mode 100644 index 0000000..eb50f3b --- /dev/null +++ b/openlab/RegionOne/stage/network/terragrunt.hcl @@ -0,0 +1,22 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + network = local.env_vars.locals.network +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/openstack/network" +} + +include { + path = find_in_parent_folders() +} + +inputs = { + cluster_name = "${local.region}-${local.environment}" + network = local.network +} diff --git a/openlab/RegionOne/stage/rancher/terragrunt.hcl b/openlab/RegionOne/stage/rancher/terragrunt.hcl new file mode 100644 index 0000000..c0a762d --- /dev/null +++ b/openlab/RegionOne/stage/rancher/terragrunt.hcl @@ -0,0 +1,42 @@ +locals { + # Automatically load account-level variables + account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + backend = local.account_vars.locals.backend + backend_state = local.account_vars.locals.backend_state + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + ssh_private_key_path = local.env_vars.locals.ssh_private_key_path + + kubernetes_version = local.env_vars.locals.kubernetes_version + kubernetes_user = local.env_vars.locals.kubernetes_user + kubernetes_cluster_name = local.env_vars.locals.kubernetes_cluster_name + kubernetes_home = local.env_vars.locals.kubernetes_home + +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/kubernetes/rancher" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../compute/control"] +} + +inputs = { + backend = local.backend + backend_state = local.backend_state + region = local.region + environment = local.environment + ssh_private_key_path = local.ssh_private_key_path + kubernetes_version = local.kubernetes_version + kubernetes_user = local.kubernetes_user + kubernetes_cluster_name = local.kubernetes_cluster_name + kubernetes_home = local.kubernetes_home +} \ No newline at end of file diff --git a/openlab/RegionOne/stage/securitygroup/terragrunt.hcl b/openlab/RegionOne/stage/securitygroup/terragrunt.hcl new file mode 100644 index 0000000..3ebbb09 --- /dev/null +++ b/openlab/RegionOne/stage/securitygroup/terragrunt.hcl @@ -0,0 +1,20 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/openstack/securitygroup" +} + +include { + path = find_in_parent_folders() +} + +inputs = { + cluster_name = "${local.region}-${local.environment}" +} diff --git a/openlab/RegionOne/test/compute/control/control-plane.sh b/openlab/RegionOne/test/compute/control/control-plane.sh new file mode 100644 index 0000000..881f651 --- /dev/null +++ b/openlab/RegionOne/test/compute/control/control-plane.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +DOCKER_VERSION=18.09.5 + +export DEBIAN_FRONTEND=noninteractive + +apt-get update + +curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh +mkdir -p /etc/systemd/system/docker.service.d/ +cat > /etc/systemd/system/docker.service.d/docker.conf << EOF +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001 +EOF + +sudo usermod -aG docker ubuntu + +systemctl daemon-reload +systemctl restart docker +apt-mark hold docker-ce + +IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` +HOSTNAME=`hostname` + +echo "$IP_ADDR $HOSTNAME" >> /etc/hosts + +docker login -u docker -p docker nexus3.onap.org:10001 + +sudo apt-get install make -y + + +exit 0 \ No newline at end of file diff --git a/openlab/RegionOne/test/compute/control/terragrunt.hcl b/openlab/RegionOne/test/compute/control/terragrunt.hcl new file mode 100644 index 0000000..fadd4c9 --- /dev/null +++ b/openlab/RegionOne/test/compute/control/terragrunt.hcl @@ -0,0 +1,35 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + network = local.env_vars.locals.network +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/openstack/compute" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../../keypair", "../../network", "../../securitygroup"] +} + +inputs = { + + environment = local.environment + cluster_name = "${local.region}-${local.environment}" + + node_name = "control-node" + image = "ubuntu-18.04" + flavor = "m1.xlarge" + floating_ip_pool = "external" + # Read as File stream + user_data = file("control-plane.sh") + node_count = 3 +} diff --git a/openlab/RegionOne/test/compute/nfsserver/nfs-server.sh b/openlab/RegionOne/test/compute/nfsserver/nfs-server.sh new file mode 100644 index 0000000..127a554 --- /dev/null +++ b/openlab/RegionOne/test/compute/nfsserver/nfs-server.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +export DEBIAN_FRONTEND=noninteractive + +apt-get update + +IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` +HOSTNAME=`hostname` + +echo "$IP_ADDR $HOSTNAME" >> /etc/hosts + +sudo apt-get install make -y + +# nfs server +sudo apt-get install nfs-kernel-server -y + +sudo mkdir -p /nfs_share +sudo chown nobody:nogroup /nfs_share/ + +exit 0 \ No newline at end of file diff --git a/openlab/RegionOne/test/compute/nfsserver/terragrunt.hcl b/openlab/RegionOne/test/compute/nfsserver/terragrunt.hcl new file mode 100644 index 0000000..9d0a213 --- /dev/null +++ b/openlab/RegionOne/test/compute/nfsserver/terragrunt.hcl @@ -0,0 +1,35 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + network = local.env_vars.locals.network +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/openstack/compute" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../../keypair", "../../network", "../../securitygroup"] +} + +inputs = { + + environment = local.environment + cluster_name = "${local.region}-${local.environment}" + + node_name = "nfsserver" + image = "ubuntu-18.04" + flavor = "m1.xlarge" + floating_ip_pool = "external" + # Read as File stream + user_data = file("nfs-server.sh") + node_count = 1 +} diff --git a/openlab/RegionOne/test/compute/worker/terragrunt.hcl b/openlab/RegionOne/test/compute/worker/terragrunt.hcl new file mode 100644 index 0000000..b57276a --- /dev/null +++ b/openlab/RegionOne/test/compute/worker/terragrunt.hcl @@ -0,0 +1,35 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + network = local.env_vars.locals.network +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/openstack/compute" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../../keypair", "../../network", "../../securitygroup"] +} + +inputs = { + + environment = local.environment + cluster_name = "${local.region}-${local.environment}" + + node_name = "worker-node" + image = "ubuntu-18.04" + flavor = "m1.xlarge" + floating_ip_pool = "external" + # Read as File stream + user_data = file("worker-node.sh") + node_count = 3 +} diff --git a/openlab/RegionOne/test/compute/worker/worker-node.sh b/openlab/RegionOne/test/compute/worker/worker-node.sh new file mode 100644 index 0000000..4c0d52a --- /dev/null +++ b/openlab/RegionOne/test/compute/worker/worker-node.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +DOCKER_VERSION=18.09.5 + +export DEBIAN_FRONTEND=noninteractive + +apt-get update + +curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh +mkdir -p /etc/systemd/system/docker.service.d/ +cat > /etc/systemd/system/docker.service.d/docker.conf << EOF +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001 +EOF + +sudo usermod -aG docker ubuntu + +systemctl daemon-reload +systemctl restart docker +apt-mark hold docker-ce + +IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` +HOSTNAME=`hostname` + +echo "$IP_ADDR $HOSTNAME" >> /etc/hosts + +docker login -u docker -p docker nexus3.onap.org:10001 + +sudo apt-get install make -y + +# install nfs +sudo apt-get install nfs-common -y + + +exit 0 \ No newline at end of file diff --git a/openlab/RegionOne/test/concourse/terragrunt.hcl b/openlab/RegionOne/test/concourse/terragrunt.hcl new file mode 100644 index 0000000..e5b9a93 --- /dev/null +++ b/openlab/RegionOne/test/concourse/terragrunt.hcl @@ -0,0 +1,23 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + concourse_enabled = local.env_vars.locals.concourse_enabled +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/cicd/concourse" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../kubernetes"] +} + +inputs = { + concourse_enabled = local.concourse_enabled + +} diff --git a/openlab/RegionOne/test/env.hcl b/openlab/RegionOne/test/env.hcl new file mode 100644 index 0000000..842d594 --- /dev/null +++ b/openlab/RegionOne/test/env.hcl @@ -0,0 +1,32 @@ +# Set common variables for the environment. This is automatically pulled in in the root terragrunt.hcl configuration to +# feed forward to the child modules. +locals { + environment = "test" # name of the environment you use. e.g stage, prod or qa + network = "" # name of the network to connect with the Internet + + # Rancher and Kubernetes + # To access a VM, 'ssh -i ssh_private_key_path kubernetes_user@one-of-the-external-ips' + # a key pair for accessing VMs + ssh_public_key = "" + ssh_private_key_path = "" + + kubernetes_version = "v1.17.3-rancher1-1" + kubernetes_user = "ubuntu" + kubernetes_cluster_name = "rke_cluster" + + kubernetes_home = "${get_parent_terragrunt_dir()}" + + # Helm + service_account = "tiller" + namespace = "kube-system" + + # NFS provisioner for kubernetes + nfs_enabled = true + + # Keycloak + keycloak_enabled = false + olm_version = "0.16.1" # Version of Operator Lifecycle Manager + + # Concourse CICD + concourse_enabled = false +} \ No newline at end of file diff --git a/openlab/RegionOne/test/keycloak/terragrunt.hcl b/openlab/RegionOne/test/keycloak/terragrunt.hcl new file mode 100644 index 0000000..61f2208 --- /dev/null +++ b/openlab/RegionOne/test/keycloak/terragrunt.hcl @@ -0,0 +1,30 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + keycloak_enabled = local.env_vars.locals.keycloak_enabled + kubernetes_home = local.env_vars.locals.kubernetes_home + olm_version = local.env_vars.locals.olm_version +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/kubernetes/keycloak" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../kubernetes"] +} + + +inputs = { + keycloak_enabled = local.keycloak_enabled + kubernetes_home = local.kubernetes_home + olm_version = local.olm_version + crds_yaml = "https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${local.olm_version}/crds.yaml" + olm_yaml = "https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${local.olm_version}/olm.yaml" +} diff --git a/openlab/RegionOne/test/keypair/terragrunt.hcl b/openlab/RegionOne/test/keypair/terragrunt.hcl new file mode 100644 index 0000000..fe6500c --- /dev/null +++ b/openlab/RegionOne/test/keypair/terragrunt.hcl @@ -0,0 +1,22 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + ssh_public_key = local.env_vars.locals.ssh_public_key +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/openstack/keypair" +} + +include { + path = find_in_parent_folders() +} + +inputs = { + cluster_name = "${local.region}-${local.environment}" + ssh_public_key = local.ssh_public_key +} diff --git a/openlab/RegionOne/test/kubernetes/terragrunt.hcl b/openlab/RegionOne/test/kubernetes/terragrunt.hcl new file mode 100644 index 0000000..63b44fd --- /dev/null +++ b/openlab/RegionOne/test/kubernetes/terragrunt.hcl @@ -0,0 +1,52 @@ +locals { + # Automatically load account-level variables + account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + backend = local.account_vars.locals.backend + backend_state = local.account_vars.locals.backend_state + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + ssh_private_key_path = local.env_vars.locals.ssh_private_key_path + + kubernetes_user = local.env_vars.locals.kubernetes_user + kubernetes_cluster_name = local.env_vars.locals.kubernetes_cluster_name + kubernetes_home = local.env_vars.locals.kubernetes_home + + # NFS + nfs_enabled = local.env_vars.locals.nfs_enabled + + # Helm + service_account = local.env_vars.locals.service_account + namespace = local.env_vars.locals.namespace +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/kubernetes/kubernetes" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../rancher"] +} + +inputs = { + backend = local.backend + backend_state = local.backend_state + region = local.region + environment = local.environment + ssh_private_key_path = local.ssh_private_key_path + + kubernetes_user = local.kubernetes_user + kubernetes_cluster_name = local.kubernetes_cluster_name + kubernetes_home = local.kubernetes_home + + nfs_enabled = local.nfs_enabled + + service_account = local.service_account + namespace = local.namespace +} \ No newline at end of file diff --git a/openlab/RegionOne/test/network/terragrunt.hcl b/openlab/RegionOne/test/network/terragrunt.hcl new file mode 100644 index 0000000..eb50f3b --- /dev/null +++ b/openlab/RegionOne/test/network/terragrunt.hcl @@ -0,0 +1,22 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + network = local.env_vars.locals.network +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/openstack/network" +} + +include { + path = find_in_parent_folders() +} + +inputs = { + cluster_name = "${local.region}-${local.environment}" + network = local.network +} diff --git a/openlab/RegionOne/test/rancher/terragrunt.hcl b/openlab/RegionOne/test/rancher/terragrunt.hcl new file mode 100644 index 0000000..c0a762d --- /dev/null +++ b/openlab/RegionOne/test/rancher/terragrunt.hcl @@ -0,0 +1,42 @@ +locals { + # Automatically load account-level variables + account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + backend = local.account_vars.locals.backend + backend_state = local.account_vars.locals.backend_state + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment + ssh_private_key_path = local.env_vars.locals.ssh_private_key_path + + kubernetes_version = local.env_vars.locals.kubernetes_version + kubernetes_user = local.env_vars.locals.kubernetes_user + kubernetes_cluster_name = local.env_vars.locals.kubernetes_cluster_name + kubernetes_home = local.env_vars.locals.kubernetes_home + +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/kubernetes/rancher" +} + +include { + path = find_in_parent_folders() +} + +dependencies { + paths = ["../compute/control"] +} + +inputs = { + backend = local.backend + backend_state = local.backend_state + region = local.region + environment = local.environment + ssh_private_key_path = local.ssh_private_key_path + kubernetes_version = local.kubernetes_version + kubernetes_user = local.kubernetes_user + kubernetes_cluster_name = local.kubernetes_cluster_name + kubernetes_home = local.kubernetes_home +} \ No newline at end of file diff --git a/openlab/RegionOne/test/securitygroup/terragrunt.hcl b/openlab/RegionOne/test/securitygroup/terragrunt.hcl new file mode 100644 index 0000000..3ebbb09 --- /dev/null +++ b/openlab/RegionOne/test/securitygroup/terragrunt.hcl @@ -0,0 +1,20 @@ +locals { + # Automatically load account-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + env_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + region = local.region_vars.locals.region + environment = local.env_vars.locals.environment +} + +terraform { + source = "git::https://gerrit.onap.org/r/integration/terraform//openlab/modules/openstack/securitygroup" +} + +include { + path = find_in_parent_folders() +} + +inputs = { + cluster_name = "${local.region}-${local.environment}" +} diff --git a/openlab/account.hcl b/openlab/account.hcl new file mode 100644 index 0000000..27c5cf0 --- /dev/null +++ b/openlab/account.hcl @@ -0,0 +1,11 @@ +# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root +# terragrunt.hcl configuration. +# For Openstack, please fill in the values below +locals { + user_name = "${get_env("user_name", "")}" # Expose environmental variables for your account + password = "${get_env("password", "")}" + project_id = "${get_env("project_id", "")}" + auth_url = "${get_env("auth_url", "")}" + backend = "" # Remote state backend. gcs for google or s3 for Amazon + backend_state = "" # GCP storage bucket or AWS S3 +} diff --git a/openlab/terragrunt.hcl b/openlab/terragrunt.hcl new file mode 100644 index 0000000..c97b495 --- /dev/null +++ b/openlab/terragrunt.hcl @@ -0,0 +1,64 @@ +locals { + # Automatically load account-level variables + account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) + + # Automatically load region-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + + # Automatically load environment-level variables + environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) + + # Extract the variables we need for easy access + user_name = local.account_vars.locals.user_name + password = local.account_vars.locals.password + auth_url = local.account_vars.locals.auth_url + project_id = local.account_vars.locals.project_id + backend = local.account_vars.locals.backend + backend_state = local.account_vars.locals.backend_state + region = local.region_vars.locals.region + environment = local.environment_vars.locals.environment +} + +remote_state { + backend = local.backend + + generate = { + path = "backend.tf" + if_exists = "overwrite_terragrunt" + } + + config = { + bucket = "${local.backend_state}" + prefix = "${path_relative_to_include()}/terraform.tfstate" + } +} + +# test/terragrunt.hcl +generate "provider" { + path = "provider.tf" + if_exists = "overwrite_terragrunt" + contents = <