-
Notifications
You must be signed in to change notification settings - Fork 7
/
main.tf
183 lines (154 loc) · 4.7 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
# find latest public Spirent TestCenter Virtual AMI
data "aws_ami" "stcv" {
owners = ["679593333241"]
most_recent = true
executable_users = ["all"]
filter {
name = "name"
values = ["STCv-*"]
}
}
data "template_file" "user_data" {
template = file(var.user_data_file)
}
resource "aws_security_group" "stcv_mgmt_plane" {
count = length(var.mgmt_plane_security_group_ids) > 0 ? 0 : 1
name = "stcv-mgmt-plane-${random_id.uid.id}"
description = "TestCenter Security Group for management plane traffic"
vpc_id = var.vpc_id
# STC chassis
ingress {
from_port = 40004
to_port = 40004
protocol = "tcp"
cidr_blocks = var.ingress_cidr_blocks
}
# STC chassis ready
ingress {
from_port = 40004
to_port = 40004
protocol = "udp"
cidr_blocks = var.ingress_cidr_blocks
}
# STC chassis (QUIC)
ingress {
from_port = 40005
to_port = 40005
protocol = "udp"
cidr_blocks = var.ingress_cidr_blocks
}
# STC portgroup
ingress {
from_port = 51204
to_port = 51204
protocol = "tcp"
cidr_blocks = var.ingress_cidr_blocks
}
# STC portgroup (QUIC)
ingress {
from_port = 51204
to_port = 51204
protocol = "udp"
cidr_blocks = var.ingress_cidr_blocks
}
# SSH
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = var.ingress_cidr_blocks
}
# STCv to GUI/BLL
egress {
from_port = 49100
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# STCv to GUI/BLL (QUIC)
egress {
from_port = 49100
to_port = 65535
protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
# STCv to NTP server
egress {
from_port = 123
to_port = 123
protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "stcv_test_plane" {
count = length(var.test_plane_security_group_ids) > 0 ? 0 : 1
name = "stcv-test-plane-${random_id.uid.id}"
description = "TestCenter Security Group for test plane traffic"
vpc_id = var.vpc_id
# STC test plane traffic
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "random_id" "uid" {
byte_length = 8
}
# create STCv
resource "aws_instance" "stcv" {
count = var.instance_count
ami = var.ami != "" ? var.ami : data.aws_ami.stcv.id
instance_type = var.instance_type
key_name = var.key_name
user_data = data.template_file.user_data.rendered
dynamic "root_block_device" {
for_each = length(var.root_block_device) > 0 ? var.root_block_device : [{}]
content {
delete_on_termination = lookup(root_block_device.value, "delete_on_termination", true)
encrypted = lookup(root_block_device.value, "encrypted", null)
iops = lookup(root_block_device.value, "iops", null)
kms_key_id = lookup(root_block_device.value, "kms_key_id", null)
volume_size = lookup(root_block_device.value, "volume_size", null)
volume_type = lookup(root_block_device.value, "volume_type", null)
}
}
network_interface {
network_interface_id = aws_network_interface.mgmt_plane[count.index].id
device_index = 0
}
tags = {
Name = format("%s%d", var.instance_name_prefix, 1 + count.index)
}
}
locals {
test_plane_subnet_count = length(var.test_plane_subnet_ids)
}
resource "aws_network_interface" "mgmt_plane" {
count = var.instance_count
subnet_id = var.mgmt_plane_subnet_id
security_groups = length(var.mgmt_plane_security_group_ids) > 0 ? var.mgmt_plane_security_group_ids : [aws_security_group.stcv_mgmt_plane[0].id]
}
resource "aws_eip_association" "mgmt_plane" {
count = length(var.mgmt_plane_eips)
network_interface_id = aws_network_interface.mgmt_plane[count.index].id
allocation_id = var.mgmt_plane_eips[count.index]
}
# Create test network interfaces for each instance
# Each instance will transmit and receive traffic on each test network
resource "aws_network_interface" "test_plane" {
count = var.instance_count * local.test_plane_subnet_count
subnet_id = var.test_plane_subnet_ids[floor(count.index / var.instance_count)]
security_groups = length(var.test_plane_security_group_ids) > 0 ? var.test_plane_security_group_ids : [aws_security_group.stcv_test_plane[0].id]
attachment {
instance = aws_instance.stcv[count.index % var.instance_count].id
device_index = 1 + floor(count.index / var.instance_count)
}
}