Update e2e infra provision to expect providers (#24694)

* func: move infra provisionining to a module and remove providers

* func: update paths

* func: update more paths

* func: update path inside bootstrap scrip

* style: remove debug prints on bootstrap scripts

* Delete e2e/terraform/csi/input/volume-efs.hcl

* fix: update keys path to use module path instead pf root

* fix: add missing headers

* fix: update keys directory inside provision-nomad

* style; format hcl files

* Update compute.tf

* Update e2e/terraform/main.tf

Co-authored-by: Tim Gross <tgross@hashicorp.com>

* Update e2e/terraform/provision-infra/compute.tf

Co-authored-by: Tim Gross <tgross@hashicorp.com>

* fix: update more paths

* fix: fmt hcl files

* func: final paths revision for running e2e locally

* fix: make path of certs relative to module for the bootstrap

* func: final paths revision for running e2e locally

* Update network.tf

* fix: fix typo and add success message

* fix: remove the test name from token to avoid long names and use name for vol to avoid colisions

* func: unify the uploads folder

* func: make the uploads file one per cluster

* func: Add outputs with all data necessary to connect to the cluster

* fix: make nomad token a sensitive output

* Update bootstrap-nomad.sh

---------

Co-authored-by: Tim Gross <tgross@hashicorp.com>

e2e/terraform/.terraform.lock.hcl

@@ -1,177 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/aws" {
-  version = "4.10.0"
-  hashes = [
-    "h1:3zeyl8QwNYPXRD4b++0Vo9nBcsL3FXT+DT3x/KJNKB0=",
-    "h1:F9BjbxBhuo1A/rP318IUrkW3TAh29i6UC18qwhzCs6c=",
-    "h1:S6xGPRL08YEuBdemiYZyIBf/YwM4OCvzVuaiuU6kLjc=",
-    "h1:pjPLizna1qa/CZh7HvLuQ73YmqaunLXatyOqzF2ePEI=",
-    "zh:0a2a7eabfeb7dbb17b7f82aff3fa2ba51e836c15e5be4f5468ea44bd1299b48d",
-    "zh:23409c7205d13d2d68b5528e1c49e0a0455d99bbfec61eb0201142beffaa81f7",
-    "zh:3adad2245d97816f3919778b52c58fb2de130938a3e9081358bfbb72ec478d9a",
-    "zh:5bf100aba6332f24b1ffeae7536d5d489bb907bf774a06b95f2183089eaf1a1a",
-    "zh:63c3a24c0c229a1d3390e6ea2454ba4d8ace9b94e086bee1dbdcf665ae969e15",
-    "zh:6b76f5ffd920f0a750da3a4ff1d00eab18d9cd3731b009aae3df4135613bad4d",
-    "zh:8cd6b1e6b51e8e9bbe2944bb169f113d20d1d72d07ccd1b7b83f40b3c958233e",
-    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:c5c31f58fb5bd6aebc6c662a4693640ec763cb3399cce0b592101cf24ece1625",
-    "zh:cc485410be43d6ad95d81b9e54cc4d2117aadf9bf5941165a9df26565d9cce42",
-    "zh:cebb89c74b6a3dc6780824b1d1e2a8d16a51e75679e14ad0b830d9f7da1a3a67",
-    "zh:e7dc427189cb491e1f96e295101964415cbf8630395ee51e396d2a811f365237",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/external" {
-  version = "2.2.2"
-  hashes = [
-    "h1:/Qsdu8SIXbfANKJFs1UTAfvcomJUalOd3uDZvj3jixA=",
-    "h1:BKQ5f5ijzeyBSnUr+j0wUi+bYv6KBQVQNDXNRVEcfJE=",
-    "h1:VUkgcWvCliS0HO4kt7oEQhFD2gcx/59XpwMqxfCU1kE=",
-    "h1:e7RpnZ2PbJEEPnfsg7V0FNwbfSk0/Z3FdrLsXINBmDY=",
-    "zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca",
-    "zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28",
-    "zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b",
-    "zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39",
-    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327",
-    "zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955",
-    "zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb",
-    "zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0",
-    "zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a",
-    "zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372",
-    "zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/hcp" {
-  version = "0.26.0"
-  hashes = [
-    "h1:B5O/NawTnKPdUgUlGP/mM2ybv0RcLvVJVOcrivDdFnI=",
-    "h1:C0KoYT09Ff91pE5KzrFrISCE5wQyJaJnxPdA0SXDOzI=",
-    "h1:f4IwCK9heo5F+k+nRFY/fzG18DesbBcqRL8F4WsKh7Q=",
-    "h1:fCHcXVlT/MoAqvIUjFyJqtGrz+ebHNCcR1YM2ZSRPxE=",
-    "zh:0fa82a384b25a58b65523e0ea4768fa1212b1f5cfc0c9379d31162454fedcc9d",
-    "zh:6fa5415dbac9c8d20026772dd5aee7dd3ac541e9d86827d0b70bc752472ec76c",
-    "zh:7490212c32339153165aec1dcef063804aac0d3f1cfbdfd3d04d7a60c29b0f40",
-    "zh:792e8fbe630159105801a471c46c988d94636637c1e5cdb725956cab4e664c87",
-    "zh:9e460a3e4735ff24f2fc1c445fce54e4ed596c8dc97f683f5cefa93fb2be9b14",
-    "zh:a124e8366fdf10d17a0b2860151beb00e12d8c33860fcc661547d0239138d3fb",
-    "zh:a9b9cb4d077f8d8bcc22c813aea820c224228807f34e2e3716d30c84ce63c53a",
-    "zh:aae6a8e87c6c64bb33311ef658993a5cc8398aac8dcb2c18953bd9e96a2e0011",
-    "zh:dc2e83b8f4ca2d4aa2e0b5cc98b9c298c1cf5c583d323320c85d4f06f8f4b43c",
-    "zh:e17b1c7ef80c3507c892d343282c61dc58ab45978481ee004843f1746f6b791c",
-    "zh:ee35efe2628aca5f259f3fee8db15accfdced1a5530f01c8a23f59e5ed5dcb7a",
-    "zh:f8173393330eb376b7357f8271d1c75e0850905dceb32ce482af58e112894278",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/local" {
-  version = "2.2.2"
-  hashes = [
-    "h1:5UYW2wJ320IggrzLt8tLD6MowePqycWtH1b2RInHZkE=",
-    "h1:BVEZnjtpWxKPG9OOQh4dFa1z5pwMO/uuzYtu6AR2LyM=",
-    "h1:S6nf97sybBugc8FtrOSPXaynEKx0gO6Oktu6KJzvdDU=",
-    "h1:SjDyZXIUHEQzZe10VjhlhZq2a9kgQB6tmqJcpq2BeWg=",
-    "zh:027e4873c69da214e2fed131666d5de92089732a11d096b68257da54d30b6f9d",
-    "zh:0ba2216e16cfb72538d76a4c4945b4567a76f7edbfef926b1c5a08d7bba2a043",
-    "zh:1fee8f6aae1833c27caa96e156cf99a681b6f085e476d7e1b77d285e21d182c1",
-    "zh:2e8a3e72e877003df1c390a231e0d8e827eba9f788606e643f8e061218750360",
-    "zh:719008f9e262aa1523a6f9132adbe9eee93c648c2981f8359ce41a40e6425433",
-    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:9a70fdbe6ef955c4919a4519caca116f34c19c7ddedd77990fbe4f80fe66dc84",
-    "zh:abc412423d670cbb6264827fa80e1ffdc4a74aff3f19ba6a239dd87b85b15bec",
-    "zh:ae953a62c94d2a2a0822e5717fafc54e454af57bd6ed02cd301b9786765c1dd3",
-    "zh:be0910bdf46698560f9e86f51a4ff795c62c02f8dc82b2b1dab77a0b3a93f61e",
-    "zh:e58f9083b7971919b95f553227adaa7abe864fce976f0166cf4d65fc17257ff2",
-    "zh:ff4f77cbdbb22cc98182821c7ef84dce16298ab0e997d5c7fae97247f7a4bcb0",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/null" {
-  version = "3.1.1"
-  hashes = [
-    "h1:71sNUDvmiJcijsvfXpiLCz0lXIBSsEJjMxljt7hxMhw=",
-    "h1:Pctug/s/2Hg5FJqjYcTM0kPyx3AoYK1MpRWO0T9V2ns=",
-    "h1:YvH6gTaQzGdNv+SKTZujU1O0bO+Pw6vJHOPhqgN8XNs=",
-    "h1:ZD4wyZ0KJzt5s2mD0xD7paJlVONNicLvZKdgtezz02I=",
-    "zh:063466f41f1d9fd0dd93722840c1314f046d8760b1812fa67c34de0afcba5597",
-    "zh:08c058e367de6debdad35fc24d97131c7cf75103baec8279aba3506a08b53faf",
-    "zh:73ce6dff935150d6ddc6ac4a10071e02647d10175c173cfe5dca81f3d13d8afe",
-    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:8fdd792a626413502e68c195f2097352bdc6a0df694f7df350ed784741eb587e",
-    "zh:976bbaf268cb497400fd5b3c774d218f3933271864345f18deebe4dcbfcd6afa",
-    "zh:b21b78ca581f98f4cdb7a366b03ae9db23a73dfa7df12c533d7c19b68e9e72e5",
-    "zh:b7fc0c1615dbdb1d6fd4abb9c7dc7da286631f7ca2299fb9cd4664258ccfbff4",
-    "zh:d1efc942b2c44345e0c29bc976594cb7278c38cfb8897b344669eafbc3cddf46",
-    "zh:e356c245b3cd9d4789bab010893566acace682d7db877e52d40fc4ca34a50924",
-    "zh:ea98802ba92fcfa8cf12cbce2e9e7ebe999afbf8ed47fa45fc847a098d89468b",
-    "zh:eff8872458806499889f6927b5d954560f3d74bf20b6043409edf94d26cd906f",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/random" {
-  version = "3.1.2"
-  hashes = [
-    "h1:5A5VsY5wNmOZlupUcLnIoziMPn8htSZBXbP3lI7lBEM=",
-    "h1:9A6Ghjgad0KjJRxa6nPo8i8uFvwj3Vv0wnEgy49u+24=",
-    "h1:JF+aiOtS0G0ffbBdk1qfj7IrT39y/GZh/yl2IhqcIVM=",
-    "h1:hxN/z2AVJkF2ei7bfevJdD1B0WfyABxxk9j1zzLsLRk=",
-    "zh:0daceba867b330d3f8e2c5dc895c4291845a78f31955ce1b91ab2c4d1cd1c10b",
-    "zh:104050099efd30a630741f788f9576b19998e7a09347decbec3da0b21d64ba2d",
-    "zh:173f4ef3fdf0c7e2564a3db0fac560e9f5afdf6afd0b75d6646af6576b122b16",
-    "zh:41d50f975e535f968b3f37170fb07937c15b76d85ba947d0ce5e5ff9530eda65",
-    "zh:51a5038867e5e60757ed7f513dd6a973068241190d158a81d1b69296efb9cb8d",
-    "zh:6432a568e97a5a36cc8aebca5a7e9c879a55d3bc71d0da1ab849ad905f41c0be",
-    "zh:6bac6501394b87138a5e17c9f3a41e46ff7833ad0ba2a96197bb7787e95b641c",
-    "zh:6c0a7f5faacda644b022e7718e53f5868187435be6d000786d1ca05aa6683a25",
-    "zh:74c89de3fa6ef3027efe08f8473c2baeb41b4c6cee250ba7aeb5b64e8c79800d",
-    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:b29eabbf0a5298f0e95a1df214c7cfe06ea9bcf362c63b3ad2f72d85da7d4685",
-    "zh:e891458c7a61e5b964e09616f1a4f87d0471feae1ec04cc51776e7dec1a3abce",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/tls" {
-  version = "3.3.0"
-  hashes = [
-    "h1:A4xOtHhD4jCmn4nO1xCTk2Nl5IP5JpjicjF+Fuu2ZFQ=",
-    "h1:Uf8HqbZjYn8pKB0og2H9A8IXIKtHT+o8BE3+fjtO1ZQ=",
-    "h1:oitTcxYGyDvHuNsjPJUi00a+AT0k+TWgNsGUSM2CV/E=",
-    "h1:xx/b39Q9FVZSlDc97rlDmQ9dNaaxFFyVzP9kV+47z28=",
-    "zh:16140e8cc880f95b642b6bf6564f4e98760e9991864aacc8e21273423571e561",
-    "zh:16338b8457759c97fdd73153965d6063b037f2954fd512e569fcdc42b7fef743",
-    "zh:348bd44b7cd0c6d663bba36cecb474c17635a8f22b02187d034b8e57a8729c5a",
-    "zh:3832ac73c2335c0fac26138bacbd18160efaa3f06c562869acc129e814e27f86",
-    "zh:756d1e60690d0164eee9c93b498b4c8beabbfc1d8b7346cb6d2fa719055089d6",
-    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:93b911bcddba8dadc5339edb004c8019c230ea67477c73c4f741c236dd9511b1",
-    "zh:c0c4e5742e8ac004c507540423db52af3f44b8ec04443aa8e14669340819344f",
-    "zh:c78296a1dff8ccd5d50203aac353422fc18d425072ba947c88cf5b46de7d32d2",
-    "zh:d7143f444e0f7e6cd67fcaf080398b4f1487cf05de3e0e79af6c14e22812e38b",
-    "zh:e600ac76b118816ad72132eee4c22ab5fc044f67c3babc54537e1fc1ad53d295",
-    "zh:fca07af5f591e12d2dc178a550da69a4847bdb34f8180a5b8e04fde6b528cf99",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/vault" {
-  version = "3.4.1"
-  hashes = [
-    "h1:HIjd/7KktGO5E/a0uICbIanUj0Jdd0j8aL/r+QxFhAs=",
-    "h1:X8P4B/zB97Dtj21qp0Rrswlz92WYCA5C59jpYGZeQuc=",
-    "h1:dXJBo807u69+Uib2hjoBQ68G2+nGXcNZeq/THVyQQVc=",
-    "h1:oow6cAwKiFpJBBWKsDqNmwZIrFTWWvoeIbqs+vyUDE0=",
-    "zh:1eb8370a1846e34e2bcc4d11eece5733735784a8eab447bbed3cfd822101b577",
-    "zh:2df3989327cea68b2167514b7ebddc67b09340f00bbf3fa85df03c97adfb9d25",
-    "zh:3dd1e317264f574985e856296deef71a76464918bf0566eb0d7f6389ea0586bd",
-    "zh:9750861f2822482aa608ea5a52b385bc42b2e1f2511094e6a975412618c4495d",
-    "zh:9b940e7f78975d29a4d0a116cf43c0bc1cb03bec4ad8d34887d64e6e60bacb9e",
-    "zh:9cb6e7ad2a62529d35dacd20695d49c2f02230cb785d46178cc10f4ec80e5a51",
-    "zh:a12718689bbcb37bcbb9132c18bffd354fad8ab5c8cb89cec1a0ee85c65b8cb7",
-    "zh:a6e38afacca1af4fab04a9f2dc49b8295eb462db68bdc7451352d0f950f804f8",
-    "zh:d6e0e994d51b9e07d5713d4796381f9e129e9de962e79caae2b7055f6f68297e",
-    "zh:ea4bbef7a1bb2553db473fa304c93845674167b61e8c9677107a96c8c696da12",
-    "zh:f985a8b7f4ef7d1eba9cef7d99997ee9c4a54ffe76dab7fa8b1fdec2a9edca7e",
-  ]
-}

e2e/terraform/Makefile

@@ -7,7 +7,7 @@ CONSUL_LICENSE_PATH ?=
 custom.tfvars:
 	echo 'nomad_local_binary = "$(PKG_PATH)"' > custom.tfvars
 	echo 'volumes = false' >> custom.tfvars
-	echo 'client_count_ubuntu_jammy_amd64 = 3' >> custom.tfvars
+	echo 'client_count_linux = 3' >> custom.tfvars
 	echo 'client_count_windows_2016_amd64 = 0' >> custom.tfvars
 	echo 'consul_license = "$(shell cat $(CONSUL_LICENSE_PATH))"' >> custom.tfvars
 	echo 'nomad_license = "$(shell cat $(NOMAD_LICENSE_PATH))"' >> custom.tfvars

e2e/terraform/README.md

@@ -51,7 +51,7 @@ Linux clients or Windows clients.
 region                           = "us-east-1"
 instance_type                    = "t2.medium"
 server_count                     = "3"
-client_count_ubuntu_jammy_amd64  = "4"
+client_count_linux               = "4"
 client_count_windows_2016_amd64  = "1"
 ```
 

e2e/terraform/main.tf

@@ -5,30 +5,16 @@ provider "aws" {
   region = var.region
 }
 
-data "aws_caller_identity" "current" {
-}
+module "provision-infra" {
+  source = "./provision-infra"
 
-resource "random_pet" "e2e" {
-}
-
-resource "random_password" "windows_admin_password" {
-  length           = 20
-  special          = true
-  override_special = "_%@"
-}
-
-locals {
-  random_name = "${var.name}-${random_pet.e2e.id}"
-}
-
-# Generates keys to use for provisioning and access
-module "keys" {
-  name    = local.random_name
-  path    = "${path.root}/keys"
-  source  = "mitchellh/dynamic-keys/aws"
-  version = "v2.0.0"
-}
-
-data "aws_kms_alias" "e2e" {
-  name = "alias/${var.aws_kms_alias}"
+  server_count                    = var.server_count
+  client_count_linux              = var.client_count_linux
+  client_count_windows_2016_amd64 = var.client_count_windows_2016_amd64
+  nomad_local_binary              = var.nomad_local_binary
+  nomad_license                   = var.nomad_license
+  consul_license                  = var.consul_license
+  nomad_region                    = var.nomad_region
+  instance_architecture           = var.instance_architecture
+  name                            = var.name
 }

e2e/terraform/outputs.tf

@@ -2,43 +2,40 @@
 # SPDX-License-Identifier: BUSL-1.1
 
 output "servers" {
-  value = aws_instance.server.*.public_ip
+  value = module.provision-infra.servers
 }
 
 output "linux_clients" {
-  value = aws_instance.client_ubuntu_jammy_amd64.*.public_ip
+  value = module.provision-infra.linux_clients
 }
 
 output "windows_clients" {
-  value = aws_instance.client_windows_2016_amd64.*.public_ip
+  value = module.provision-infra.windows_clients
 }
 
 output "message" {
-  value = <<EOM
-Your cluster has been provisioned! To prepare your environment, run:
+  value = module.provision-infra.message
+}
 
-   $(terraform output --raw environment)
+output "nomad_addr" {
+  value = module.provision-infra.nomad_addr
+}
 
-Then you can run tests from the e2e directory with:
+output "ca_file" {
+  value = module.provision-infra.ca_file
+}
 
-   go test -v .
+output "cert_file" {
+  value = module.provision-infra.cert_file
+}
 
-ssh into servers with:
+output "key_file" {
+  value = module.provision-infra.key_file
+}
 
-%{for ip in aws_instance.server.*.public_ip~}
-   ssh -i keys/${local.random_name}.pem ubuntu@${ip}
-%{endfor~}
-
-ssh into clients with:
-
-%{for ip in aws_instance.client_ubuntu_jammy_amd64.*.public_ip~}
-    ssh -i keys/${local.random_name}.pem ubuntu@${ip}
-%{endfor~}
-%{for ip in aws_instance.client_windows_2016_amd64.*.public_ip~}
-    ssh -i keys/${local.random_name}.pem Administrator@${ip}
-%{endfor~}
-
-EOM
+output "nomad_token" {
+  value     = module.provision-infra.nomad_token
+  sensitive = true
 }
 
 # Note: Consul and Vault environment needs to be set in test
@@ -47,15 +44,5 @@ EOM
 output "environment" {
   description = "get connection config by running: $(terraform output environment)"
   sensitive   = true
-  value       = <<EOM
-export NOMAD_ADDR=https://${aws_instance.server[0].public_ip}:4646
-export NOMAD_CACERT=${abspath(path.module)}/keys/tls_ca.crt
-export NOMAD_CLIENT_CERT=${abspath(path.module)}/keys/tls_api_client.crt
-export NOMAD_CLIENT_KEY=${abspath(path.module)}/keys/tls_api_client.key
-export NOMAD_TOKEN=${data.local_sensitive_file.nomad_token.content}
-export NOMAD_E2E=1
-export CONSUL_HTTP_ADDR=https://${aws_instance.consul_server.public_ip}:8501
-export CONSUL_HTTP_TOKEN=${local_sensitive_file.consul_initial_management_token.content}
-export CONSUL_CACERT=${abspath(path.module)}/keys/tls_ca.crt
-EOM
+  value       = module.provision-infra.environment
 }

e2e/terraform/provision-infra/compute.tf

@@ -2,7 +2,8 @@
 # SPDX-License-Identifier: BUSL-1.1
 
 locals {
-  ami_prefix = "nomad-e2e-v3"
+  ami_prefix        = "nomad-e2e-v3"
+  ubuntu_image_name = "ubuntu-jammy-${var.instance_architecture}"
 }
 
 resource "aws_instance" "server" {
@@ -22,18 +23,18 @@ resource "aws_instance" "server" {
   }
 }
 
-resource "aws_instance" "client_ubuntu_jammy_amd64" {
-  ami                    = data.aws_ami.ubuntu_jammy_amd64.image_id
+resource "aws_instance" "client_ubuntu_jammy" {
+  ami                    = data.aws_ami.ubuntu_jammy.image_id
   instance_type          = var.instance_type
   key_name               = module.keys.key_name
   vpc_security_group_ids = [aws_security_group.clients.id] # see also the secondary ENI
-  count                  = var.client_count_ubuntu_jammy_amd64
+  count                  = var.client_count_linux
   iam_instance_profile   = data.aws_iam_instance_profile.nomad_e2e_cluster.name
   availability_zone      = var.availability_zone
 
   # Instance tags
   tags = {
-    Name           = "${local.random_name}-client-ubuntu-jammy-amd64-${count.index}"
+    Name           = "${local.random_name}-client-ubuntu-jammy-${count.index}"
     ConsulAutoJoin = "auto-join-${local.random_name}"
     User           = data.aws_caller_identity.current.arn
   }
@@ -106,6 +107,26 @@ data "aws_ami" "ubuntu_jammy_amd64" {
   }
 }
 
+data "aws_ami" "ubuntu_jammy" {
+  most_recent = true
+  owners      = ["self"]
+
+  filter {
+    name   = "name"
+    values = ["${local.ami_prefix}-${local.ubuntu_image_name}-*"]
+  }
+
+  filter {
+    name   = "tag:OS"
+    values = ["Ubuntu"]
+  }
+
+  filter {
+    name   = "tag:BuilderSha"
+    values = [data.external.packer_sha.result["sha"]]
+  }
+}
+
 data "aws_ami" "windows_2016_amd64" {
   count = var.client_count_windows_2016_amd64 > 0 ? 1 : 0
 

e2e/terraform/provision-infra/consul-clients.tf

@@ -35,12 +35,12 @@ resource "tls_locally_signed_cert" "consul_agents" {
 
 resource "local_sensitive_file" "consul_agents_key" {
   content  = tls_private_key.consul_agents.private_key_pem
-  filename = "uploads/shared/consul.d/agent_cert.key.pem"
+  filename = "${local.uploads_dir}/shared/consul.d/agent_cert.key.pem"
 }
 
 resource "local_sensitive_file" "consul_agents_cert" {
   content  = tls_locally_signed_cert.consul_agents.cert_pem
-  filename = "uploads/shared/consul.d/agent_cert.pem"
+  filename = "${local.uploads_dir}/shared/consul.d/agent_cert.pem"
 }
 
 # Consul tokens for the Consul agents
@@ -52,7 +52,7 @@ resource "local_sensitive_file" "consul_agent_config_file" {
     token          = "${random_uuid.consul_agent_token.result}"
     autojoin_value = "auto-join-${local.random_name}"
   })
-  filename        = "uploads/shared/consul.d/clients.hcl"
+  filename        = "${local.uploads_dir}/shared/consul.d/clients.hcl"
   file_permission = "0600"
 }
 
@@ -66,7 +66,7 @@ resource "local_sensitive_file" "nomad_client_config_for_consul" {
     client_service_name = "client-${local.random_name}"
     server_service_name = "server-${local.random_name}"
   })
-  filename        = "uploads/shared/nomad.d/client-consul.hcl"
+  filename        = "${local.uploads_dir}/shared/nomad.d/client-consul.hcl"
   file_permission = "0600"
 }
 
@@ -76,6 +76,6 @@ resource "local_sensitive_file" "nomad_server_config_for_consul" {
     client_service_name = "client-${local.random_name}"
     server_service_name = "server-${local.random_name}"
   })
-  filename        = "uploads/shared/nomad.d/server-consul.hcl"
+  filename        = "${local.uploads_dir}/shared/nomad.d/server-consul.hcl"
   file_permission = "0600"
 }

e2e/terraform/provision-infra/consul-servers.tf

@@ -10,7 +10,7 @@ resource "random_uuid" "consul_initial_management_token" {}
 
 resource "local_sensitive_file" "consul_initial_management_token" {
   content         = random_uuid.consul_initial_management_token.result
-  filename        = "keys/consul_initial_management_token"
+  filename        = "${path.module}/keys/consul_initial_management_token"
   file_permission = "0600"
 }
 
@@ -21,7 +21,7 @@ resource "local_sensitive_file" "consul_server_config_file" {
     nomad_token      = "${random_uuid.consul_token_for_nomad.result}"
     autojoin_value   = "auto-join-${local.random_name}"
   })
-  filename        = "uploads/shared/consul.d/servers.hcl"
+  filename        = "${local.uploads_dir}/shared/consul.d/servers.hcl"
   file_permission = "0600"
 }
 
@@ -59,12 +59,12 @@ resource "tls_locally_signed_cert" "consul_server" {
 
 resource "local_sensitive_file" "consul_server_key" {
   content  = tls_private_key.consul_server.private_key_pem
-  filename = "uploads/shared/consul.d/server_cert.key.pem"
+  filename = "${local.uploads_dir}/shared/consul.d/server_cert.key.pem"
 }
 
 resource "local_sensitive_file" "consul_server_cert" {
   content  = tls_locally_signed_cert.consul_server.cert_pem
-  filename = "uploads/shared/consul.d/server_cert.pem"
+  filename = "${local.uploads_dir}/shared/consul.d/server_cert.pem"
 }
 
 # if consul_license is unset, it'll be a harmless empty license file
@@ -72,7 +72,7 @@ resource "local_sensitive_file" "consul_environment" {
   content = templatefile("${path.module}/provision-nomad/etc/consul.d/.environment", {
     license = var.consul_license
   })
-  filename        = "uploads/shared/consul.d/.environment"
+  filename        = "${local.uploads_dir}/shared/consul.d/.environment"
   file_permission = "0600"
 }
 
@@ -91,29 +91,29 @@ resource "null_resource" "upload_consul_server_configs" {
     user            = "ubuntu"
     host            = aws_instance.consul_server.public_ip
     port            = 22
-    private_key     = file("${path.root}/keys/${local.random_name}.pem")
+    private_key     = file("${path.module}/../keys/${local.random_name}.pem")
     target_platform = "unix"
     timeout         = "15m"
   }
 
   provisioner "file" {
-    source      = "keys/tls_ca.crt"
+    source      = "${path.module}/keys/tls_ca.crt"
     destination = "/tmp/consul_ca.pem"
   }
   provisioner "file" {
-    source      = "uploads/shared/consul.d/.environment"
+    source      = "${local.uploads_dir}/shared/consul.d/.environment"
     destination = "/tmp/.consul_environment"
   }
   provisioner "file" {
-    source      = "uploads/shared/consul.d/server_cert.pem"
+    source      = "${local.uploads_dir}/shared/consul.d/server_cert.pem"
     destination = "/tmp/consul_cert.pem"
   }
   provisioner "file" {
-    source      = "uploads/shared/consul.d/server_cert.key.pem"
+    source      = "${local.uploads_dir}/shared/consul.d/server_cert.key.pem"
     destination = "/tmp/consul_cert.key.pem"
   }
   provisioner "file" {
-    source      = "uploads/shared/consul.d/servers.hcl"
+    source      = "${local.uploads_dir}/shared/consul.d/servers.hcl"
     destination = "/tmp/consul_server.hcl"
   }
   provisioner "file" {
@@ -133,7 +133,7 @@ resource "null_resource" "install_consul_server_configs" {
     user            = "ubuntu"
     host            = aws_instance.consul_server.public_ip
     port            = 22
-    private_key     = file("${path.root}/keys/${local.random_name}.pem")
+    private_key     = file("${path.module}/../keys/${local.random_name}.pem")
     target_platform = "unix"
     timeout         = "15m"
   }
@@ -166,10 +166,10 @@ resource "null_resource" "bootstrap_consul_acls" {
   depends_on = [null_resource.install_consul_server_configs]
 
   provisioner "local-exec" {
-    command = "./scripts/bootstrap-consul.sh"
+    command = "${path.module}/scripts/bootstrap-consul.sh"
     environment = {
       CONSUL_HTTP_ADDR           = "https://${aws_instance.consul_server.public_ip}:8501"
-      CONSUL_CACERT              = "keys/tls_ca.crt"
+      CONSUL_CACERT              = "${path.module}/keys/tls_ca.crt"
       CONSUL_HTTP_TOKEN          = "${random_uuid.consul_initial_management_token.result}"
       CONSUL_AGENT_TOKEN         = "${random_uuid.consul_agent_token.result}"
       NOMAD_CLUSTER_CONSUL_TOKEN = "${random_uuid.consul_token_for_nomad.result}"

e2e/terraform/provision-infra/ecs.tf

@@ -3,7 +3,7 @@
 
 # Nomad ECS Remote Task Driver E2E
 resource "aws_ecs_cluster" "nomad_rtd_e2e" {
-  name = "nomad-rtd-e2e"
+  name = "nomad-rtd-e2e-${random_pet.e2e.id}"
 }
 
 resource "aws_ecs_task_definition" "nomad_rtd_e2e" {

e2e/terraform/provision-infra/hcp_vault.tf

@@ -48,6 +48,6 @@ resource "local_sensitive_file" "nomad_config_for_vault" {
     namespace = var.hcp_vault_namespace
     role      = "nomad-tasks-${local.random_name}"
   })
-  filename        = "uploads/shared/nomad.d/vault.hcl"
+  filename        = "${local.uploads_dir}/shared/nomad.d/vault.hcl"
   file_permission = "0600"
 }

e2e/terraform/provision-infra/main.tf

@@ -0,0 +1,31 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+data "aws_caller_identity" "current" {
+}
+
+resource "random_pet" "e2e" {
+}
+
+resource "random_password" "windows_admin_password" {
+  length           = 20
+  special          = true
+  override_special = "_%@"
+}
+
+locals {
+  random_name = "${var.name}-${random_pet.e2e.id}"
+  uploads_dir = "${path.module}/provision-nomad/uploads/${random_pet.e2e.id}"
+}
+
+# Generates keys to use for provisioning and access
+module "keys" {
+  name    = local.random_name
+  path    = "${path.module}/../keys"
+  source  = "mitchellh/dynamic-keys/aws"
+  version = "v2.0.0"
+}
+
+data "aws_kms_alias" "e2e" {
+  name = "alias/${var.aws_kms_alias}"
+}

e2e/terraform/provision-infra/network.tf

@@ -207,9 +207,9 @@ resource "aws_network_interface" "clients_secondary" {
   subnet_id       = data.aws_subnet.secondary.id
   security_groups = [aws_security_group.clients_secondary.id]
 
-  count = var.client_count_ubuntu_jammy_amd64
+  count = var.client_count_linux
   attachment {
-    instance     = aws_instance.client_ubuntu_jammy_amd64[count.index].id
+    instance     = aws_instance.client_ubuntu_jammy[count.index].id
     device_index = 1
   }
 }

e2e/terraform/provision-infra/nomad-acls.tf

@@ -11,12 +11,12 @@ resource "null_resource" "bootstrap_nomad_acls" {
   depends_on = [module.nomad_server, null_resource.bootstrap_consul_acls]
 
   provisioner "local-exec" {
-    command = "./scripts/bootstrap-nomad.sh"
+    command = "${path.module}/scripts/bootstrap-nomad.sh"
     environment = {
       NOMAD_ADDR        = "https://${aws_instance.server.0.public_ip}:4646"
-      NOMAD_CACERT      = "keys/tls_ca.crt"
-      NOMAD_CLIENT_CERT = "keys/tls_api_client.crt"
-      NOMAD_CLIENT_KEY  = "keys/tls_api_client.key"
+      NOMAD_CACERT      = "${path.module}/keys/tls_ca.crt"
+      NOMAD_CLIENT_CERT = "${path.module}/keys/tls_api_client.crt"
+      NOMAD_CLIENT_KEY  = "${path.module}/keys/tls_api_client.key"
     }
   }
 }
@@ -53,7 +53,7 @@ resource "null_resource" "root_nomad_env_servers" {
     user        = "ubuntu"
     host        = aws_instance.server[count.index].public_ip
     port        = 22
-    private_key = file("${path.root}/keys/${local.random_name}.pem")
+    private_key = file("${path.module}/../keys/${local.random_name}.pem")
     timeout     = "5m"
   }
   provisioner "remote-exec" {

e2e/terraform/provision-infra/nomad.tf

@@ -22,38 +22,42 @@ module "nomad_server" {
   aws_region     = var.region
   aws_kms_key_id = data.aws_kms_alias.e2e.target_key_id
 
+  uploads_dir = local.uploads_dir
+
   connection = {
     type        = "ssh"
     user        = "ubuntu"
     port        = 22
-    private_key = "${path.root}/keys/${local.random_name}.pem"
+    private_key = "${path.module}/../keys/${local.random_name}.pem"
   }
 }
 
 # TODO: split out the different Linux targets (ubuntu, centos, arm, etc.) when
 # they're available
-module "nomad_client_ubuntu_jammy_amd64" {
+module "nomad_client_ubuntu_jammy" {
   source     = "./provision-nomad"
-  depends_on = [aws_instance.client_ubuntu_jammy_amd64]
-  count      = var.client_count_ubuntu_jammy_amd64
-
-  platform = "linux"
-  arch     = "linux_amd64"
-  role     = "client"
-  index    = count.index
-  instance = aws_instance.client_ubuntu_jammy_amd64[count.index]
+  depends_on = [aws_instance.client_ubuntu_jammy]
+  count      = var.client_count_linux
 
+  platform           = "linux"
+  arch               = "linux_amd64"
+  role               = "client"
+  index              = count.index
+  instance           = aws_instance.client_ubuntu_jammy[count.index]
+  nomad_license      = var.nomad_license
   nomad_region       = var.nomad_region
   nomad_local_binary = count.index < length(var.nomad_local_binary_client_ubuntu_jammy_amd64) ? var.nomad_local_binary_client_ubuntu_jammy_amd64[count.index] : var.nomad_local_binary
 
   tls_ca_key  = tls_private_key.ca.private_key_pem
   tls_ca_cert = tls_self_signed_cert.ca.cert_pem
 
+  uploads_dir = local.uploads_dir
+
   connection = {
     type        = "ssh"
     user        = "ubuntu"
     port        = 22
-    private_key = "${path.root}/keys/${local.random_name}.pem"
+    private_key = "${path.module}/../keys/${local.random_name}.pem"
   }
 }
 
@@ -72,15 +76,18 @@ module "nomad_client_windows_2016_amd64" {
   instance = aws_instance.client_windows_2016_amd64[count.index]
 
   nomad_region       = var.nomad_region
+  nomad_license      = var.nomad_license
   nomad_local_binary = count.index < length(var.nomad_local_binary_client_windows_2016_amd64) ? var.nomad_local_binary_client_windows_2016_amd64[count.index] : ""
 
   tls_ca_key  = tls_private_key.ca.private_key_pem
   tls_ca_cert = tls_self_signed_cert.ca.cert_pem
 
+  uploads_dir = local.uploads_dir
+
   connection = {
     type        = "ssh"
     user        = "Administrator"
     port        = 22
-    private_key = "${path.root}/keys/${local.random_name}.pem"
+    private_key = "${path.module}/../keys/${local.random_name}.pem"
   }
 }

e2e/terraform/provision-infra/outputs.tf

@@ -0,0 +1,82 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+output "servers" {
+  value = aws_instance.server.*.public_ip
+}
+
+output "linux_clients" {
+  value = aws_instance.client_ubuntu_jammy.*.public_ip
+}
+
+output "windows_clients" {
+  value = aws_instance.client_windows_2016_amd64.*.public_ip
+}
+
+output "message" {
+  value = <<EOM
+Your cluster has been provisioned! To prepare your environment, run:
+
+   $(terraform output --raw environment)
+
+Then you can run tests from the e2e directory with:
+
+   go test -v .
+
+ssh into servers with:
+
+%{for ip in aws_instance.server.*.public_ip~}
+   ssh -i keys/${local.random_name}.pem ubuntu@${ip}
+%{endfor~}
+
+ssh into clients with:
+
+%{for ip in aws_instance.client_ubuntu_jammy.*.public_ip~}
+    ssh -i keys/${local.random_name}.pem ubuntu@${ip}
+%{endfor~}
+%{for ip in aws_instance.client_windows_2016_amd64.*.public_ip~}
+    ssh -i keys/${local.random_name}.pem Administrator@${ip}
+%{endfor~}
+
+EOM
+}
+
+# Note: Consul and Vault environment needs to be set in test
+# environment before the Terraform run, so we don't have that output
+# here
+output "environment" {
+  description = "get connection config by running: $(terraform output environment)"
+  sensitive   = true
+  value       = <<EOM
+export NOMAD_ADDR=https://${aws_instance.server[0].public_ip}:4646
+export NOMAD_CACERT=${abspath(path.module)}/keys/tls_ca.crt
+export NOMAD_CLIENT_CERT=${abspath(path.module)}/keys/tls_api_client.crt
+export NOMAD_CLIENT_KEY=${abspath(path.module)}/keys/tls_api_client.key
+export NOMAD_TOKEN=${data.local_sensitive_file.nomad_token.content}
+export NOMAD_E2E=1
+export CONSUL_HTTP_ADDR=https://${aws_instance.consul_server.public_ip}:8501
+export CONSUL_HTTP_TOKEN=${local_sensitive_file.consul_initial_management_token.content}
+export CONSUL_CACERT=${abspath(path.module)}/keys/tls_ca.crt
+EOM
+}
+
+output "nomad_addr" {
+  value = "https://${aws_instance.server[0].public_ip}:4646"
+}
+
+output "ca_file" {
+  value = "${abspath(path.module)}/keys/tls_ca.crt"
+}
+
+output "cert_file" {
+  value = "${abspath(path.module)}/keys/tls_api_client.crt"
+}
+
+output "key_file" {
+  value = "${abspath(path.module)}/keys/tls_api_client.key"
+}
+
+output "nomad_token" {
+  value     = "${data.local_sensitive_file.nomad_token.content}"
+  sensitive = true
+}

e2e/terraform/provision-infra/provision-nomad/main.tf

@@ -2,8 +2,8 @@
 # SPDX-License-Identifier: BUSL-1.1
 
 locals {
-  upload_dir = "uploads/${var.instance.public_ip}"
-
+  upload_dir          = "${var.uploads_dir}/${var.instance.public_ip}"
+  shared_dir          = "${var.uploads_dir}/shared"
   indexed_config_path = fileexists("${path.module}/etc/nomad.d/${var.role}-${var.platform}-${var.index}.hcl") ? "${path.module}/etc/nomad.d/${var.role}-${var.platform}-${var.index}.hcl" : "${path.module}/etc/nomad.d/index.hcl"
 }
 
@@ -59,19 +59,19 @@ resource "null_resource" "upload_consul_configs" {
   }
 
   provisioner "file" {
-    source      = "uploads/shared/consul.d/agent_cert.key.pem"
+    source      = "${local.shared_dir}/consul.d/agent_cert.key.pem"
     destination = "/tmp/consul_cert.key.pem"
   }
   provisioner "file" {
-    source      = "uploads/shared/consul.d/agent_cert.pem"
+    source      = "${local.shared_dir}/consul.d/agent_cert.pem"
     destination = "/tmp/consul_cert.pem"
   }
   provisioner "file" {
-    source      = "keys/tls_ca.crt"
+    source      = "${path.module}/../keys/tls_ca.crt"
     destination = "/tmp/consul_ca.crt"
   }
   provisioner "file" {
-    source      = "uploads/shared/consul.d/clients.hcl"
+    source      = "${local.shared_dir}/consul.d/clients.hcl"
     destination = "/tmp/consul_client.hcl"
   }
   provisioner "file" {
@@ -94,12 +94,12 @@ resource "null_resource" "upload_nomad_configs" {
 
   # created in consul-clients.tf
   provisioner "file" {
-    source      = "uploads/shared/nomad.d/${var.role}-consul.hcl"
+    source      = "${local.shared_dir}/nomad.d/${var.role}-consul.hcl"
     destination = "/tmp/consul.hcl"
   }
   # created in hcp_vault.tf
   provisioner "file" {
-    source      = "uploads/shared/nomad.d/vault.hcl"
+    source      = "${local.shared_dir}/nomad.d/vault.hcl"
     destination = "/tmp/vault.hcl"
   }
 
@@ -136,24 +136,23 @@ resource "null_resource" "upload_nomad_configs" {
     destination = "/tmp/agent-${var.instance.public_ip}.crt"
   }
   provisioner "file" {
-    source      = "keys/tls_api_client.key"
+    source      = "${path.module}/../keys/tls_api_client.key"
     destination = "/tmp/tls_proxy.key"
   }
   provisioner "file" {
-    source      = "keys/tls_api_client.crt"
+    source      = "${path.module}/../keys/tls_api_client.crt"
     destination = "/tmp/tls_proxy.crt"
   }
   provisioner "file" {
-    source      = "keys/tls_ca.crt"
+    source      = "${path.module}/../keys/tls_ca.crt"
     destination = "/tmp/ca.crt"
   }
   provisioner "file" {
-    source      = "keys/self_signed.key"
+    source      = "${path.module}/../keys/self_signed.key"
     destination = "/tmp/self_signed.key"
   }
   provisioner "file" {
-    source      = "keys/self_signed.crt"
+    source      = "${path.module}/../keys/self_signed.crt"
     destination = "/tmp/self_signed.crt"
   }
-
 }

e2e/terraform/provision-infra/provision-nomad/variables.tf

@@ -16,7 +16,6 @@ variable "nomad_local_binary" {
 variable "nomad_license" {
   type        = string
   description = "The enterprise license to use. overrides Nomad temporary license"
-  default     = ""
 }
 
 variable "tls_ca_algorithm" {
@@ -28,13 +27,11 @@ variable "tls_ca_algorithm" {
 variable "tls_ca_key" {
   type        = string
   description = "Cluster TLS CA private key"
-  default     = ""
 }
 
 variable "tls_ca_cert" {
   type        = string
   description = "Cluster TLS CA cert"
-  default     = ""
 }
 
 variable "arch" {
@@ -90,3 +87,9 @@ variable "aws_kms_key_id" {
   description = "AWS KMS key ID for encrypting and decrypting the Nomad keyring"
   default     = ""
 }
+
+variable "uploads_dir" {
+  type        = string
+  description = "Directory where all the configuration files for nomad, consul and vault will be taken from to configure each nomad node"
+  default     = ""
+}

e2e/terraform/provision-infra/scripts/bootstrap-consul.sh

@@ -7,6 +7,9 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 echo "waiting for Consul leader to be up..."
 while true :
 do
+    pwd
+    echo CONSUL_CACERT=$CONSUL_CACERT
+    echo CONSUL_HTTP_ADDR=$CONSUL_HTTP_ADDR
     consul info && break
     echo "Consul server not ready, waiting 5s"
     sleep 5
@@ -27,3 +30,5 @@ consul acl token create -policy-name=nomad-cluster -secret "$NOMAD_CLUSTER_CONSU
 echo "writing Consul cluster policy and token"
 consul acl policy create -name consul-agents -rules @${DIR}/consul-agents-policy.hcl
 consul acl token create -policy-name=consul-agents -secret "$CONSUL_AGENT_TOKEN"
+
+echo "Consul successfully bootstraped!"

e2e/terraform/provision-infra/scripts/bootstrap-nomad.sh

@@ -10,6 +10,10 @@ do
     ROOT_TOKEN=$(nomad acl bootstrap | awk '/Secret ID/{print $4}')
     if [ ! -z $ROOT_TOKEN ]; then break; fi
     sleep 5
+    pwd
+    echo NOMAD_ADDR= $NOMAD_ADDR
+    echo NOMAD_CACERT= $NOMAD_CACERT
+    pwd
 done
 set -e
 
@@ -17,6 +21,7 @@ export NOMAD_TOKEN="$ROOT_TOKEN"
 
 mkdir -p ../keys
 echo $NOMAD_TOKEN > "${DIR}/../keys/nomad_root_token"
+echo NOMAD_TOKEN=$NOMAD_TOKEN
 
 # Our default policy after bootstrapping will be full-access. Without
 # further policy, we only test that we're hitting the ACL code
@@ -26,3 +31,5 @@ nomad acl policy apply \
       -description "Anonymous policy (full-access)" \
       anonymous \
       "${DIR}/anonymous.nomad_policy.hcl"
+
+echo "Nomad successfully bootstraped"

e2e/terraform/provision-infra/tls_ca.tf

@@ -23,11 +23,11 @@ resource "tls_self_signed_cert" "ca" {
 }
 
 resource "local_sensitive_file" "ca_key" {
-  filename = "keys/tls_ca.key"
+  filename = "${path.module}/keys/tls_ca.key"
   content  = tls_private_key.ca.private_key_pem
 }
 
 resource "local_sensitive_file" "ca_cert" {
-  filename = "keys/tls_ca.crt"
+  filename = "${path.module}/keys/tls_ca.crt"
   content  = tls_self_signed_cert.ca.cert_pem
 }

e2e/terraform/provision-infra/tls_client.tf

@@ -34,12 +34,12 @@ resource "tls_locally_signed_cert" "api_client" {
 
 resource "local_sensitive_file" "api_client_key" {
   content  = tls_private_key.api_client.private_key_pem
-  filename = "keys/tls_api_client.key"
+  filename = "${path.module}/keys/tls_api_client.key"
 }
 
 resource "local_sensitive_file" "api_client_cert" {
   content  = tls_locally_signed_cert.api_client.cert_pem
-  filename = "keys/tls_api_client.crt"
+  filename = "${path.module}/keys/tls_api_client.crt"
 }
 
 # Self signed cert for reverse proxy
@@ -56,7 +56,7 @@ resource "tls_self_signed_cert" "self_signed" {
     organization = "HashiCorp, Inc."
   }
 
-  ip_addresses = toset(aws_instance.client_ubuntu_jammy_amd64.*.public_ip)
+  ip_addresses = toset(aws_instance.client_ubuntu_jammy.*.public_ip)
 
   validity_period_hours = 720
   allowed_uses = [
@@ -66,10 +66,10 @@ resource "tls_self_signed_cert" "self_signed" {
 
 resource "local_sensitive_file" "self_signed_key" {
   content  = tls_private_key.self_signed.private_key_pem
-  filename = "keys/self_signed.key"
+  filename = "${path.module}/keys/self_signed.key"
 }
 
 resource "local_sensitive_file" "self_signed_cert" {
   content  = tls_self_signed_cert.self_signed.cert_pem
-  filename = "keys/self_signed.crt"
+  filename = "${path.module}/keys/self_signed.crt"
 }

e2e/terraform/provision-infra/variables.tf

@@ -0,0 +1,122 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+variable "name" {
+  description = "Used to name various infrastructure components"
+  default     = "nomad-e2e"
+}
+
+variable "region" {
+  description = "The AWS region to deploy to."
+  default     = "us-east-1"
+}
+
+variable "availability_zone" {
+  description = "The AWS availability zone to deploy to."
+  default     = "us-east-1b"
+}
+
+variable "instance_type" {
+  description = "The AWS instance type to use for both clients and servers."
+  default     = "t3a.medium"
+}
+
+variable "instance_architecture" {
+  description = "The architecture for the AWS instance type to use for both clients and servers."
+  default     = "amd64"
+}
+
+variable "server_count" {
+  description = "The number of servers to provision."
+  default     = "3"
+}
+
+variable "client_count_linux" {
+  description = "The number of Ubuntu clients to provision."
+  default     = "4"
+}
+
+variable "client_count_windows_2016_amd64" {
+  description = "The number of windows 2016 clients to provision."
+  default     = "0"
+}
+
+variable "restrict_ingress_cidrblock" {
+  description = "Restrict ingress traffic to cluster to invoker ip address"
+  type        = bool
+  default     = true
+}
+
+# ----------------------------------------
+# The specific version of Nomad deployed will default to whichever one of
+# nomad_sha, nomad_version, or nomad_local_binary is set
+
+variable "nomad_local_binary" {
+  description = "The path to a local binary to provision"
+  default     = ""
+}
+
+variable "nomad_region" {
+  description = "The name of the Nomad region."
+  default     = "e2e"
+}
+
+variable "nomad_license" {
+  type        = string
+  description = "If nomad_license is set, deploy a license"
+  default     = ""
+}
+
+variable "consul_license" {
+  type        = string
+  description = "If consul_license is set, deploy a license"
+  default     = ""
+}
+
+variable "volumes" {
+  type        = bool
+  description = "Include external EFS volumes (for CSI)"
+  default     = true
+}
+
+
+variable "hcp_vault_cluster_id" {
+  description = "The ID of the HCP Vault cluster"
+  type        = string
+  default     = "nomad-e2e-shared-hcp-vault"
+}
+
+variable "hcp_vault_namespace" {
+  description = "The namespace where the HCP Vault cluster policy works"
+  type        = string
+  default     = "admin"
+}
+
+variable "aws_kms_alias" {
+  description = "The alias for the AWS KMS key ID"
+  type        = string
+  default     = "kms-nomad-keyring"
+}
+
+# ----------------------------------------
+# If you want to deploy multiple versions you can use these variables to
+# provide a list of builds to override the values of nomad_sha, nomad_version,
+# or nomad_local_binary. Most of the time you can ignore these variables!
+
+variable "nomad_local_binary_server" {
+  description = "A list of nomad local binary paths to deploy to servers, to override nomad_local_binary"
+  type        = list(string)
+  default     = []
+}
+
+variable "nomad_local_binary_client_ubuntu_jammy_amd64" {
+  description = "A list of nomad local binary paths to deploy to Ubuntu Jammy clients, to override nomad_local_binary"
+  type        = list(string)
+  default     = []
+}
+
+variable "nomad_local_binary_client_windows_2016_amd64" {
+  description = "A list of nomad local binary paths to deploy to Windows 2016 clients, to override nomad_local_binary"
+  type        = list(string)
+  default     = []
+}

e2e/terraform/provision-infra/volumes.tf

@@ -3,7 +3,7 @@
 
 resource "aws_efs_file_system" "csi" {
   count          = var.volumes ? 1 : 0
-  creation_token = "${local.random_name}-CSI"
+  creation_token = "${random_pet.e2e.id}-CSI"
 
   tags = {
     Name = "${local.random_name}-efs"
@@ -23,6 +23,6 @@ resource "local_file" "efs_volume_hcl" {
   content = templatefile("${path.module}/volumes.tftpl", {
     id = aws_efs_file_system.csi[0].id,
   })
-  filename        = "${path.module}/../csi/input/volume-efs.hcl"
+  filename        = "${path.module}/csi/input/volume-efs.hcl"
   file_permission = "0664"
 }

e2e/terraform/variables.tf

@@ -21,12 +21,17 @@ variable "instance_type" {
   default     = "t3a.medium"
 }
 
+variable "instance_architecture" {
+  description = "The architecture for the AWS instance type to use for both clients and servers."
+  default     = "amd64"
+}
+
 variable "server_count" {
   description = "The number of servers to provision."
   default     = "3"
 }
 
-variable "client_count_ubuntu_jammy_amd64" {
+variable "client_count_linux" {
   description = "The number of Ubuntu clients to provision."
   default     = "4"
 }
@@ -48,24 +53,21 @@ variable "restrict_ingress_cidrblock" {
 
 variable "nomad_local_binary" {
   description = "The path to a local binary to provision"
-  default     = ""
 }
 
 variable "nomad_license" {
   type        = string
   description = "If nomad_license is set, deploy a license"
-  default     = ""
 }
 
 variable "nomad_region" {
-  description = "The name of the Nomad region."
-  default     = "e2e"
+  description = "The AWS region to deploy to."
+  default     = "us-east-1"
 }
 
 variable "consul_license" {
   type        = string
   description = "If consul_license is set, deploy a license"
-  default     = ""
 }
 
 variable "volumes" {
@@ -74,12 +76,6 @@ variable "volumes" {
   default     = true
 }
 
-variable "hcp_consul_cluster_id" {
-  description = "The ID of the HCP Consul cluster"
-  type        = string
-  default     = "nomad-e2e-shared-hcp-consul"
-}
-
 variable "hcp_vault_cluster_id" {
   description = "The ID of the HCP Vault cluster"
   type        = string

enos/.gitignore

@@ -0,0 +1,2 @@
+# enos scenarios
+.enos/