From b29a3736a4c39fda7357fcfa33a02e2832aab9cf Mon Sep 17 00:00:00 2001 From: Juana De La Cuesta Date: Mon, 13 Jan 2025 15:59:40 +0100 Subject: [PATCH] Update e2e infra provision to expect providers (#24694) * func: move infra provisionining to a module and remove providers * func: update paths * func: update more paths * func: update path inside bootstrap scrip * style: remove debug prints on bootstrap scripts * Delete e2e/terraform/csi/input/volume-efs.hcl * fix: update keys path to use module path instead pf root * fix: add missing headers * fix: update keys directory inside provision-nomad * style; format hcl files * Update compute.tf * Update e2e/terraform/main.tf Co-authored-by: Tim Gross * Update e2e/terraform/provision-infra/compute.tf Co-authored-by: Tim Gross * fix: update more paths * fix: fmt hcl files * func: final paths revision for running e2e locally * fix: make path of certs relative to module for the bootstrap * func: final paths revision for running e2e locally * Update network.tf * fix: fix typo and add success message * fix: remove the test name from token to avoid long names and use name for vol to avoid colisions * func: unify the uploads folder * func: make the uploads file one per cluster * func: Add outputs with all data necessary to connect to the cluster * fix: make nomad token a sensitive output * Update bootstrap-nomad.sh --------- Co-authored-by: Tim Gross --- e2e/terraform/.terraform.lock.hcl | 177 ------------------ e2e/terraform/Makefile | 2 +- e2e/terraform/README.md | 2 +- e2e/terraform/main.tf | 36 ++-- e2e/terraform/outputs.tf | 55 +++--- .../{ => provision-infra}/.gitignore | 0 .../{ => provision-infra}/compute.tf | 31 ++- .../{ => provision-infra}/consul-clients.tf | 10 +- .../{ => provision-infra}/consul-servers.tf | 28 +-- .../{ => provision-infra}/ecs-task.json | 0 e2e/terraform/{ => provision-infra}/ecs.tf | 2 +- e2e/terraform/{ => provision-infra}/ecs.tftpl | 0 .../{ => provision-infra}/hcp_vault.tf | 2 +- e2e/terraform/{ => provision-infra}/iam.tf | 0 e2e/terraform/provision-infra/main.tf | 31 +++ .../{ => provision-infra}/network.tf | 4 +- .../{ => provision-infra}/nomad-acls.tf | 10 +- e2e/terraform/{ => provision-infra}/nomad.tf | 31 +-- e2e/terraform/provision-infra/outputs.tf | 82 ++++++++ .../etc/acls/consul/consul-agent-policy.hcl | 0 .../etc/acls/consul/nomad-client-policy.hcl | 0 .../etc/acls/consul/nomad-server-policy.hcl | 0 .../etc/acls/vault/nomad-policy.hcl | 0 .../provision-nomad/etc/consul.d/.environment | 0 .../provision-nomad/etc/consul.d/clients.hcl | 0 .../etc/consul.d/consul-server.service | 0 .../etc/consul.d/consul.service | 0 .../provision-nomad/etc/consul.d/servers.hcl | 0 .../provision-nomad/etc/nomad.d/.environment | 0 .../provision-nomad/etc/nomad.d/base.hcl | 0 .../etc/nomad.d/client-consul.hcl | 0 .../etc/nomad.d/client-linux-0.hcl | 0 .../etc/nomad.d/client-linux-1.hcl | 0 .../etc/nomad.d/client-linux-2.hcl | 0 .../etc/nomad.d/client-linux-3.hcl | 0 .../etc/nomad.d/client-linux.hcl | 0 .../etc/nomad.d/client-windows.hcl | 0 .../provision-nomad/etc/nomad.d/index.hcl | 0 .../etc/nomad.d/nomad-client.service | 0 .../etc/nomad.d/nomad-server.service | 0 .../etc/nomad.d/server-consul.hcl | 0 .../etc/nomad.d/server-linux.hcl | 0 .../provision-nomad/etc/nomad.d/tls.hcl | 0 .../provision-nomad/etc/nomad.d/vault.hcl | 0 .../provision-nomad/install-linux.tf | 0 .../provision-nomad/install-windows.tf | 0 .../provision-nomad/main.tf | 27 ++- .../provision-nomad/tls.tf | 0 .../provision-nomad}/uploads/README.md | 0 .../provision-nomad/variables.tf | 9 +- .../scripts/anonymous.nomad_policy.hcl | 0 .../scripts/bootstrap-consul.sh | 5 + .../scripts/bootstrap-nomad.sh | 7 + .../scripts/consul-agents-policy.hcl | 0 .../scripts/nomad-cluster-consul-policy.hcl | 0 e2e/terraform/{ => provision-infra}/tls_ca.tf | 4 +- .../{ => provision-infra}/tls_client.tf | 10 +- .../{ => provision-infra}/userdata/README.md | 0 .../userdata/windows-2016.ps1 | 0 e2e/terraform/provision-infra/variables.tf | 122 ++++++++++++ .../{ => provision-infra}/versions.tf | 0 .../{ => provision-infra}/volumes.tf | 4 +- .../{ => provision-infra}/volumes.tftpl | 0 e2e/terraform/variables.tf | 20 +- enos/.gitignore | 2 + 65 files changed, 392 insertions(+), 321 deletions(-) delete mode 100644 e2e/terraform/.terraform.lock.hcl rename e2e/terraform/{ => provision-infra}/.gitignore (100%) rename e2e/terraform/{ => provision-infra}/compute.tf (83%) rename e2e/terraform/{ => provision-infra}/consul-clients.tf (86%) rename e2e/terraform/{ => provision-infra}/consul-servers.tf (84%) rename e2e/terraform/{ => provision-infra}/ecs-task.json (100%) rename e2e/terraform/{ => provision-infra}/ecs.tf (94%) rename e2e/terraform/{ => provision-infra}/ecs.tftpl (100%) rename e2e/terraform/{ => provision-infra}/hcp_vault.tf (96%) rename e2e/terraform/{ => provision-infra}/iam.tf (100%) create mode 100644 e2e/terraform/provision-infra/main.tf rename e2e/terraform/{ => provision-infra}/network.tf (97%) rename e2e/terraform/{ => provision-infra}/nomad-acls.tf (85%) rename e2e/terraform/{ => provision-infra}/nomad.tf (75%) create mode 100644 e2e/terraform/provision-infra/outputs.tf rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/acls/consul/consul-agent-policy.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/acls/consul/nomad-client-policy.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/acls/consul/nomad-server-policy.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/acls/vault/nomad-policy.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/consul.d/.environment (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/consul.d/clients.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/consul.d/consul-server.service (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/consul.d/consul.service (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/consul.d/servers.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/.environment (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/base.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/client-consul.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/client-linux-0.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/client-linux-1.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/client-linux-2.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/client-linux-3.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/client-linux.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/client-windows.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/index.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/nomad-client.service (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/nomad-server.service (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/server-consul.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/server-linux.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/tls.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/etc/nomad.d/vault.hcl (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/install-linux.tf (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/install-windows.tf (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/main.tf (85%) rename e2e/terraform/{ => provision-infra}/provision-nomad/tls.tf (100%) rename e2e/terraform/{ => provision-infra/provision-nomad}/uploads/README.md (100%) rename e2e/terraform/{ => provision-infra}/provision-nomad/variables.tf (91%) rename e2e/terraform/{ => provision-infra}/scripts/anonymous.nomad_policy.hcl (100%) rename e2e/terraform/{ => provision-infra}/scripts/bootstrap-consul.sh (88%) rename e2e/terraform/{ => provision-infra}/scripts/bootstrap-nomad.sh (83%) rename e2e/terraform/{ => provision-infra}/scripts/consul-agents-policy.hcl (100%) rename e2e/terraform/{ => provision-infra}/scripts/nomad-cluster-consul-policy.hcl (100%) rename e2e/terraform/{ => provision-infra}/tls_ca.tf (88%) rename e2e/terraform/{ => provision-infra}/tls_client.tf (85%) rename e2e/terraform/{ => provision-infra}/userdata/README.md (100%) rename e2e/terraform/{ => provision-infra}/userdata/windows-2016.ps1 (100%) create mode 100644 e2e/terraform/provision-infra/variables.tf rename e2e/terraform/{ => provision-infra}/versions.tf (100%) rename e2e/terraform/{ => provision-infra}/volumes.tf (86%) rename e2e/terraform/{ => provision-infra}/volumes.tftpl (100%) create mode 100644 enos/.gitignore diff --git a/e2e/terraform/.terraform.lock.hcl b/e2e/terraform/.terraform.lock.hcl deleted file mode 100644 index 5cef68f56..000000000 --- a/e2e/terraform/.terraform.lock.hcl +++ /dev/null @@ -1,177 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.10.0" - hashes = [ - "h1:3zeyl8QwNYPXRD4b++0Vo9nBcsL3FXT+DT3x/KJNKB0=", - "h1:F9BjbxBhuo1A/rP318IUrkW3TAh29i6UC18qwhzCs6c=", - "h1:S6xGPRL08YEuBdemiYZyIBf/YwM4OCvzVuaiuU6kLjc=", - "h1:pjPLizna1qa/CZh7HvLuQ73YmqaunLXatyOqzF2ePEI=", - "zh:0a2a7eabfeb7dbb17b7f82aff3fa2ba51e836c15e5be4f5468ea44bd1299b48d", - "zh:23409c7205d13d2d68b5528e1c49e0a0455d99bbfec61eb0201142beffaa81f7", - "zh:3adad2245d97816f3919778b52c58fb2de130938a3e9081358bfbb72ec478d9a", - "zh:5bf100aba6332f24b1ffeae7536d5d489bb907bf774a06b95f2183089eaf1a1a", - "zh:63c3a24c0c229a1d3390e6ea2454ba4d8ace9b94e086bee1dbdcf665ae969e15", - "zh:6b76f5ffd920f0a750da3a4ff1d00eab18d9cd3731b009aae3df4135613bad4d", - "zh:8cd6b1e6b51e8e9bbe2944bb169f113d20d1d72d07ccd1b7b83f40b3c958233e", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:c5c31f58fb5bd6aebc6c662a4693640ec763cb3399cce0b592101cf24ece1625", - "zh:cc485410be43d6ad95d81b9e54cc4d2117aadf9bf5941165a9df26565d9cce42", - "zh:cebb89c74b6a3dc6780824b1d1e2a8d16a51e75679e14ad0b830d9f7da1a3a67", - "zh:e7dc427189cb491e1f96e295101964415cbf8630395ee51e396d2a811f365237", - ] -} - -provider "registry.terraform.io/hashicorp/external" { - version = "2.2.2" - hashes = [ - "h1:/Qsdu8SIXbfANKJFs1UTAfvcomJUalOd3uDZvj3jixA=", - "h1:BKQ5f5ijzeyBSnUr+j0wUi+bYv6KBQVQNDXNRVEcfJE=", - "h1:VUkgcWvCliS0HO4kt7oEQhFD2gcx/59XpwMqxfCU1kE=", - "h1:e7RpnZ2PbJEEPnfsg7V0FNwbfSk0/Z3FdrLsXINBmDY=", - "zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca", - "zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28", - "zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b", - "zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327", - "zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955", - "zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb", - "zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0", - "zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a", - "zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372", - "zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809", - ] -} - -provider "registry.terraform.io/hashicorp/hcp" { - version = "0.26.0" - hashes = [ - "h1:B5O/NawTnKPdUgUlGP/mM2ybv0RcLvVJVOcrivDdFnI=", - "h1:C0KoYT09Ff91pE5KzrFrISCE5wQyJaJnxPdA0SXDOzI=", - "h1:f4IwCK9heo5F+k+nRFY/fzG18DesbBcqRL8F4WsKh7Q=", - "h1:fCHcXVlT/MoAqvIUjFyJqtGrz+ebHNCcR1YM2ZSRPxE=", - "zh:0fa82a384b25a58b65523e0ea4768fa1212b1f5cfc0c9379d31162454fedcc9d", - "zh:6fa5415dbac9c8d20026772dd5aee7dd3ac541e9d86827d0b70bc752472ec76c", - "zh:7490212c32339153165aec1dcef063804aac0d3f1cfbdfd3d04d7a60c29b0f40", - "zh:792e8fbe630159105801a471c46c988d94636637c1e5cdb725956cab4e664c87", - "zh:9e460a3e4735ff24f2fc1c445fce54e4ed596c8dc97f683f5cefa93fb2be9b14", - "zh:a124e8366fdf10d17a0b2860151beb00e12d8c33860fcc661547d0239138d3fb", - "zh:a9b9cb4d077f8d8bcc22c813aea820c224228807f34e2e3716d30c84ce63c53a", - "zh:aae6a8e87c6c64bb33311ef658993a5cc8398aac8dcb2c18953bd9e96a2e0011", - "zh:dc2e83b8f4ca2d4aa2e0b5cc98b9c298c1cf5c583d323320c85d4f06f8f4b43c", - "zh:e17b1c7ef80c3507c892d343282c61dc58ab45978481ee004843f1746f6b791c", - "zh:ee35efe2628aca5f259f3fee8db15accfdced1a5530f01c8a23f59e5ed5dcb7a", - "zh:f8173393330eb376b7357f8271d1c75e0850905dceb32ce482af58e112894278", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.2.2" - hashes = [ - "h1:5UYW2wJ320IggrzLt8tLD6MowePqycWtH1b2RInHZkE=", - "h1:BVEZnjtpWxKPG9OOQh4dFa1z5pwMO/uuzYtu6AR2LyM=", - "h1:S6nf97sybBugc8FtrOSPXaynEKx0gO6Oktu6KJzvdDU=", - "h1:SjDyZXIUHEQzZe10VjhlhZq2a9kgQB6tmqJcpq2BeWg=", - "zh:027e4873c69da214e2fed131666d5de92089732a11d096b68257da54d30b6f9d", - "zh:0ba2216e16cfb72538d76a4c4945b4567a76f7edbfef926b1c5a08d7bba2a043", - "zh:1fee8f6aae1833c27caa96e156cf99a681b6f085e476d7e1b77d285e21d182c1", - "zh:2e8a3e72e877003df1c390a231e0d8e827eba9f788606e643f8e061218750360", - "zh:719008f9e262aa1523a6f9132adbe9eee93c648c2981f8359ce41a40e6425433", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9a70fdbe6ef955c4919a4519caca116f34c19c7ddedd77990fbe4f80fe66dc84", - "zh:abc412423d670cbb6264827fa80e1ffdc4a74aff3f19ba6a239dd87b85b15bec", - "zh:ae953a62c94d2a2a0822e5717fafc54e454af57bd6ed02cd301b9786765c1dd3", - "zh:be0910bdf46698560f9e86f51a4ff795c62c02f8dc82b2b1dab77a0b3a93f61e", - "zh:e58f9083b7971919b95f553227adaa7abe864fce976f0166cf4d65fc17257ff2", - "zh:ff4f77cbdbb22cc98182821c7ef84dce16298ab0e997d5c7fae97247f7a4bcb0", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.1.1" - hashes = [ - "h1:71sNUDvmiJcijsvfXpiLCz0lXIBSsEJjMxljt7hxMhw=", - "h1:Pctug/s/2Hg5FJqjYcTM0kPyx3AoYK1MpRWO0T9V2ns=", - "h1:YvH6gTaQzGdNv+SKTZujU1O0bO+Pw6vJHOPhqgN8XNs=", - "h1:ZD4wyZ0KJzt5s2mD0xD7paJlVONNicLvZKdgtezz02I=", - "zh:063466f41f1d9fd0dd93722840c1314f046d8760b1812fa67c34de0afcba5597", - "zh:08c058e367de6debdad35fc24d97131c7cf75103baec8279aba3506a08b53faf", - "zh:73ce6dff935150d6ddc6ac4a10071e02647d10175c173cfe5dca81f3d13d8afe", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8fdd792a626413502e68c195f2097352bdc6a0df694f7df350ed784741eb587e", - "zh:976bbaf268cb497400fd5b3c774d218f3933271864345f18deebe4dcbfcd6afa", - "zh:b21b78ca581f98f4cdb7a366b03ae9db23a73dfa7df12c533d7c19b68e9e72e5", - "zh:b7fc0c1615dbdb1d6fd4abb9c7dc7da286631f7ca2299fb9cd4664258ccfbff4", - "zh:d1efc942b2c44345e0c29bc976594cb7278c38cfb8897b344669eafbc3cddf46", - "zh:e356c245b3cd9d4789bab010893566acace682d7db877e52d40fc4ca34a50924", - "zh:ea98802ba92fcfa8cf12cbce2e9e7ebe999afbf8ed47fa45fc847a098d89468b", - "zh:eff8872458806499889f6927b5d954560f3d74bf20b6043409edf94d26cd906f", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.1.2" - hashes = [ - "h1:5A5VsY5wNmOZlupUcLnIoziMPn8htSZBXbP3lI7lBEM=", - "h1:9A6Ghjgad0KjJRxa6nPo8i8uFvwj3Vv0wnEgy49u+24=", - "h1:JF+aiOtS0G0ffbBdk1qfj7IrT39y/GZh/yl2IhqcIVM=", - "h1:hxN/z2AVJkF2ei7bfevJdD1B0WfyABxxk9j1zzLsLRk=", - "zh:0daceba867b330d3f8e2c5dc895c4291845a78f31955ce1b91ab2c4d1cd1c10b", - "zh:104050099efd30a630741f788f9576b19998e7a09347decbec3da0b21d64ba2d", - "zh:173f4ef3fdf0c7e2564a3db0fac560e9f5afdf6afd0b75d6646af6576b122b16", - "zh:41d50f975e535f968b3f37170fb07937c15b76d85ba947d0ce5e5ff9530eda65", - "zh:51a5038867e5e60757ed7f513dd6a973068241190d158a81d1b69296efb9cb8d", - "zh:6432a568e97a5a36cc8aebca5a7e9c879a55d3bc71d0da1ab849ad905f41c0be", - "zh:6bac6501394b87138a5e17c9f3a41e46ff7833ad0ba2a96197bb7787e95b641c", - "zh:6c0a7f5faacda644b022e7718e53f5868187435be6d000786d1ca05aa6683a25", - "zh:74c89de3fa6ef3027efe08f8473c2baeb41b4c6cee250ba7aeb5b64e8c79800d", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:b29eabbf0a5298f0e95a1df214c7cfe06ea9bcf362c63b3ad2f72d85da7d4685", - "zh:e891458c7a61e5b964e09616f1a4f87d0471feae1ec04cc51776e7dec1a3abce", - ] -} - -provider "registry.terraform.io/hashicorp/tls" { - version = "3.3.0" - hashes = [ - "h1:A4xOtHhD4jCmn4nO1xCTk2Nl5IP5JpjicjF+Fuu2ZFQ=", - "h1:Uf8HqbZjYn8pKB0og2H9A8IXIKtHT+o8BE3+fjtO1ZQ=", - "h1:oitTcxYGyDvHuNsjPJUi00a+AT0k+TWgNsGUSM2CV/E=", - "h1:xx/b39Q9FVZSlDc97rlDmQ9dNaaxFFyVzP9kV+47z28=", - "zh:16140e8cc880f95b642b6bf6564f4e98760e9991864aacc8e21273423571e561", - "zh:16338b8457759c97fdd73153965d6063b037f2954fd512e569fcdc42b7fef743", - "zh:348bd44b7cd0c6d663bba36cecb474c17635a8f22b02187d034b8e57a8729c5a", - "zh:3832ac73c2335c0fac26138bacbd18160efaa3f06c562869acc129e814e27f86", - "zh:756d1e60690d0164eee9c93b498b4c8beabbfc1d8b7346cb6d2fa719055089d6", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:93b911bcddba8dadc5339edb004c8019c230ea67477c73c4f741c236dd9511b1", - "zh:c0c4e5742e8ac004c507540423db52af3f44b8ec04443aa8e14669340819344f", - "zh:c78296a1dff8ccd5d50203aac353422fc18d425072ba947c88cf5b46de7d32d2", - "zh:d7143f444e0f7e6cd67fcaf080398b4f1487cf05de3e0e79af6c14e22812e38b", - "zh:e600ac76b118816ad72132eee4c22ab5fc044f67c3babc54537e1fc1ad53d295", - "zh:fca07af5f591e12d2dc178a550da69a4847bdb34f8180a5b8e04fde6b528cf99", - ] -} - -provider "registry.terraform.io/hashicorp/vault" { - version = "3.4.1" - hashes = [ - "h1:HIjd/7KktGO5E/a0uICbIanUj0Jdd0j8aL/r+QxFhAs=", - "h1:X8P4B/zB97Dtj21qp0Rrswlz92WYCA5C59jpYGZeQuc=", - "h1:dXJBo807u69+Uib2hjoBQ68G2+nGXcNZeq/THVyQQVc=", - "h1:oow6cAwKiFpJBBWKsDqNmwZIrFTWWvoeIbqs+vyUDE0=", - "zh:1eb8370a1846e34e2bcc4d11eece5733735784a8eab447bbed3cfd822101b577", - "zh:2df3989327cea68b2167514b7ebddc67b09340f00bbf3fa85df03c97adfb9d25", - "zh:3dd1e317264f574985e856296deef71a76464918bf0566eb0d7f6389ea0586bd", - "zh:9750861f2822482aa608ea5a52b385bc42b2e1f2511094e6a975412618c4495d", - "zh:9b940e7f78975d29a4d0a116cf43c0bc1cb03bec4ad8d34887d64e6e60bacb9e", - "zh:9cb6e7ad2a62529d35dacd20695d49c2f02230cb785d46178cc10f4ec80e5a51", - "zh:a12718689bbcb37bcbb9132c18bffd354fad8ab5c8cb89cec1a0ee85c65b8cb7", - "zh:a6e38afacca1af4fab04a9f2dc49b8295eb462db68bdc7451352d0f950f804f8", - "zh:d6e0e994d51b9e07d5713d4796381f9e129e9de962e79caae2b7055f6f68297e", - "zh:ea4bbef7a1bb2553db473fa304c93845674167b61e8c9677107a96c8c696da12", - "zh:f985a8b7f4ef7d1eba9cef7d99997ee9c4a54ffe76dab7fa8b1fdec2a9edca7e", - ] -} diff --git a/e2e/terraform/Makefile b/e2e/terraform/Makefile index 10b4eda78..14d7124c2 100644 --- a/e2e/terraform/Makefile +++ b/e2e/terraform/Makefile @@ -7,7 +7,7 @@ CONSUL_LICENSE_PATH ?= custom.tfvars: echo 'nomad_local_binary = "$(PKG_PATH)"' > custom.tfvars echo 'volumes = false' >> custom.tfvars - echo 'client_count_ubuntu_jammy_amd64 = 3' >> custom.tfvars + echo 'client_count_linux = 3' >> custom.tfvars echo 'client_count_windows_2016_amd64 = 0' >> custom.tfvars echo 'consul_license = "$(shell cat $(CONSUL_LICENSE_PATH))"' >> custom.tfvars echo 'nomad_license = "$(shell cat $(NOMAD_LICENSE_PATH))"' >> custom.tfvars diff --git a/e2e/terraform/README.md b/e2e/terraform/README.md index a57856545..12a9e1196 100644 --- a/e2e/terraform/README.md +++ b/e2e/terraform/README.md @@ -51,7 +51,7 @@ Linux clients or Windows clients. region = "us-east-1" instance_type = "t2.medium" server_count = "3" -client_count_ubuntu_jammy_amd64 = "4" +client_count_linux = "4" client_count_windows_2016_amd64 = "1" ``` diff --git a/e2e/terraform/main.tf b/e2e/terraform/main.tf index f6e84ef5e..e5ab2753c 100644 --- a/e2e/terraform/main.tf +++ b/e2e/terraform/main.tf @@ -5,30 +5,16 @@ provider "aws" { region = var.region } -data "aws_caller_identity" "current" { -} +module "provision-infra" { + source = "./provision-infra" -resource "random_pet" "e2e" { -} - -resource "random_password" "windows_admin_password" { - length = 20 - special = true - override_special = "_%@" -} - -locals { - random_name = "${var.name}-${random_pet.e2e.id}" -} - -# Generates keys to use for provisioning and access -module "keys" { - name = local.random_name - path = "${path.root}/keys" - source = "mitchellh/dynamic-keys/aws" - version = "v2.0.0" -} - -data "aws_kms_alias" "e2e" { - name = "alias/${var.aws_kms_alias}" + server_count = var.server_count + client_count_linux = var.client_count_linux + client_count_windows_2016_amd64 = var.client_count_windows_2016_amd64 + nomad_local_binary = var.nomad_local_binary + nomad_license = var.nomad_license + consul_license = var.consul_license + nomad_region = var.nomad_region + instance_architecture = var.instance_architecture + name = var.name } diff --git a/e2e/terraform/outputs.tf b/e2e/terraform/outputs.tf index 0441906b1..985f523a5 100644 --- a/e2e/terraform/outputs.tf +++ b/e2e/terraform/outputs.tf @@ -2,43 +2,40 @@ # SPDX-License-Identifier: BUSL-1.1 output "servers" { - value = aws_instance.server.*.public_ip + value = module.provision-infra.servers } output "linux_clients" { - value = aws_instance.client_ubuntu_jammy_amd64.*.public_ip + value = module.provision-infra.linux_clients } output "windows_clients" { - value = aws_instance.client_windows_2016_amd64.*.public_ip + value = module.provision-infra.windows_clients } output "message" { - value = < 0 ? 1 : 0 diff --git a/e2e/terraform/consul-clients.tf b/e2e/terraform/provision-infra/consul-clients.tf similarity index 86% rename from e2e/terraform/consul-clients.tf rename to e2e/terraform/provision-infra/consul-clients.tf index 2d6501c96..9556ef6da 100644 --- a/e2e/terraform/consul-clients.tf +++ b/e2e/terraform/provision-infra/consul-clients.tf @@ -35,12 +35,12 @@ resource "tls_locally_signed_cert" "consul_agents" { resource "local_sensitive_file" "consul_agents_key" { content = tls_private_key.consul_agents.private_key_pem - filename = "uploads/shared/consul.d/agent_cert.key.pem" + filename = "${local.uploads_dir}/shared/consul.d/agent_cert.key.pem" } resource "local_sensitive_file" "consul_agents_cert" { content = tls_locally_signed_cert.consul_agents.cert_pem - filename = "uploads/shared/consul.d/agent_cert.pem" + filename = "${local.uploads_dir}/shared/consul.d/agent_cert.pem" } # Consul tokens for the Consul agents @@ -52,7 +52,7 @@ resource "local_sensitive_file" "consul_agent_config_file" { token = "${random_uuid.consul_agent_token.result}" autojoin_value = "auto-join-${local.random_name}" }) - filename = "uploads/shared/consul.d/clients.hcl" + filename = "${local.uploads_dir}/shared/consul.d/clients.hcl" file_permission = "0600" } @@ -66,7 +66,7 @@ resource "local_sensitive_file" "nomad_client_config_for_consul" { client_service_name = "client-${local.random_name}" server_service_name = "server-${local.random_name}" }) - filename = "uploads/shared/nomad.d/client-consul.hcl" + filename = "${local.uploads_dir}/shared/nomad.d/client-consul.hcl" file_permission = "0600" } @@ -76,6 +76,6 @@ resource "local_sensitive_file" "nomad_server_config_for_consul" { client_service_name = "client-${local.random_name}" server_service_name = "server-${local.random_name}" }) - filename = "uploads/shared/nomad.d/server-consul.hcl" + filename = "${local.uploads_dir}/shared/nomad.d/server-consul.hcl" file_permission = "0600" } diff --git a/e2e/terraform/consul-servers.tf b/e2e/terraform/provision-infra/consul-servers.tf similarity index 84% rename from e2e/terraform/consul-servers.tf rename to e2e/terraform/provision-infra/consul-servers.tf index a0fbfdb98..67740b2d9 100644 --- a/e2e/terraform/consul-servers.tf +++ b/e2e/terraform/provision-infra/consul-servers.tf @@ -10,7 +10,7 @@ resource "random_uuid" "consul_initial_management_token" {} resource "local_sensitive_file" "consul_initial_management_token" { content = random_uuid.consul_initial_management_token.result - filename = "keys/consul_initial_management_token" + filename = "${path.module}/keys/consul_initial_management_token" file_permission = "0600" } @@ -21,7 +21,7 @@ resource "local_sensitive_file" "consul_server_config_file" { nomad_token = "${random_uuid.consul_token_for_nomad.result}" autojoin_value = "auto-join-${local.random_name}" }) - filename = "uploads/shared/consul.d/servers.hcl" + filename = "${local.uploads_dir}/shared/consul.d/servers.hcl" file_permission = "0600" } @@ -59,12 +59,12 @@ resource "tls_locally_signed_cert" "consul_server" { resource "local_sensitive_file" "consul_server_key" { content = tls_private_key.consul_server.private_key_pem - filename = "uploads/shared/consul.d/server_cert.key.pem" + filename = "${local.uploads_dir}/shared/consul.d/server_cert.key.pem" } resource "local_sensitive_file" "consul_server_cert" { content = tls_locally_signed_cert.consul_server.cert_pem - filename = "uploads/shared/consul.d/server_cert.pem" + filename = "${local.uploads_dir}/shared/consul.d/server_cert.pem" } # if consul_license is unset, it'll be a harmless empty license file @@ -72,7 +72,7 @@ resource "local_sensitive_file" "consul_environment" { content = templatefile("${path.module}/provision-nomad/etc/consul.d/.environment", { license = var.consul_license }) - filename = "uploads/shared/consul.d/.environment" + filename = "${local.uploads_dir}/shared/consul.d/.environment" file_permission = "0600" } @@ -91,29 +91,29 @@ resource "null_resource" "upload_consul_server_configs" { user = "ubuntu" host = aws_instance.consul_server.public_ip port = 22 - private_key = file("${path.root}/keys/${local.random_name}.pem") + private_key = file("${path.module}/../keys/${local.random_name}.pem") target_platform = "unix" timeout = "15m" } provisioner "file" { - source = "keys/tls_ca.crt" + source = "${path.module}/keys/tls_ca.crt" destination = "/tmp/consul_ca.pem" } provisioner "file" { - source = "uploads/shared/consul.d/.environment" + source = "${local.uploads_dir}/shared/consul.d/.environment" destination = "/tmp/.consul_environment" } provisioner "file" { - source = "uploads/shared/consul.d/server_cert.pem" + source = "${local.uploads_dir}/shared/consul.d/server_cert.pem" destination = "/tmp/consul_cert.pem" } provisioner "file" { - source = "uploads/shared/consul.d/server_cert.key.pem" + source = "${local.uploads_dir}/shared/consul.d/server_cert.key.pem" destination = "/tmp/consul_cert.key.pem" } provisioner "file" { - source = "uploads/shared/consul.d/servers.hcl" + source = "${local.uploads_dir}/shared/consul.d/servers.hcl" destination = "/tmp/consul_server.hcl" } provisioner "file" { @@ -133,7 +133,7 @@ resource "null_resource" "install_consul_server_configs" { user = "ubuntu" host = aws_instance.consul_server.public_ip port = 22 - private_key = file("${path.root}/keys/${local.random_name}.pem") + private_key = file("${path.module}/../keys/${local.random_name}.pem") target_platform = "unix" timeout = "15m" } @@ -166,10 +166,10 @@ resource "null_resource" "bootstrap_consul_acls" { depends_on = [null_resource.install_consul_server_configs] provisioner "local-exec" { - command = "./scripts/bootstrap-consul.sh" + command = "${path.module}/scripts/bootstrap-consul.sh" environment = { CONSUL_HTTP_ADDR = "https://${aws_instance.consul_server.public_ip}:8501" - CONSUL_CACERT = "keys/tls_ca.crt" + CONSUL_CACERT = "${path.module}/keys/tls_ca.crt" CONSUL_HTTP_TOKEN = "${random_uuid.consul_initial_management_token.result}" CONSUL_AGENT_TOKEN = "${random_uuid.consul_agent_token.result}" NOMAD_CLUSTER_CONSUL_TOKEN = "${random_uuid.consul_token_for_nomad.result}" diff --git a/e2e/terraform/ecs-task.json b/e2e/terraform/provision-infra/ecs-task.json similarity index 100% rename from e2e/terraform/ecs-task.json rename to e2e/terraform/provision-infra/ecs-task.json diff --git a/e2e/terraform/ecs.tf b/e2e/terraform/provision-infra/ecs.tf similarity index 94% rename from e2e/terraform/ecs.tf rename to e2e/terraform/provision-infra/ecs.tf index 98ea55554..b0854806e 100644 --- a/e2e/terraform/ecs.tf +++ b/e2e/terraform/provision-infra/ecs.tf @@ -3,7 +3,7 @@ # Nomad ECS Remote Task Driver E2E resource "aws_ecs_cluster" "nomad_rtd_e2e" { - name = "nomad-rtd-e2e" + name = "nomad-rtd-e2e-${random_pet.e2e.id}" } resource "aws_ecs_task_definition" "nomad_rtd_e2e" { diff --git a/e2e/terraform/ecs.tftpl b/e2e/terraform/provision-infra/ecs.tftpl similarity index 100% rename from e2e/terraform/ecs.tftpl rename to e2e/terraform/provision-infra/ecs.tftpl diff --git a/e2e/terraform/hcp_vault.tf b/e2e/terraform/provision-infra/hcp_vault.tf similarity index 96% rename from e2e/terraform/hcp_vault.tf rename to e2e/terraform/provision-infra/hcp_vault.tf index 4bfbe9efc..41156d135 100644 --- a/e2e/terraform/hcp_vault.tf +++ b/e2e/terraform/provision-infra/hcp_vault.tf @@ -48,6 +48,6 @@ resource "local_sensitive_file" "nomad_config_for_vault" { namespace = var.hcp_vault_namespace role = "nomad-tasks-${local.random_name}" }) - filename = "uploads/shared/nomad.d/vault.hcl" + filename = "${local.uploads_dir}/shared/nomad.d/vault.hcl" file_permission = "0600" } diff --git a/e2e/terraform/iam.tf b/e2e/terraform/provision-infra/iam.tf similarity index 100% rename from e2e/terraform/iam.tf rename to e2e/terraform/provision-infra/iam.tf diff --git a/e2e/terraform/provision-infra/main.tf b/e2e/terraform/provision-infra/main.tf new file mode 100644 index 000000000..27403ebb7 --- /dev/null +++ b/e2e/terraform/provision-infra/main.tf @@ -0,0 +1,31 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +data "aws_caller_identity" "current" { +} + +resource "random_pet" "e2e" { +} + +resource "random_password" "windows_admin_password" { + length = 20 + special = true + override_special = "_%@" +} + +locals { + random_name = "${var.name}-${random_pet.e2e.id}" + uploads_dir = "${path.module}/provision-nomad/uploads/${random_pet.e2e.id}" +} + +# Generates keys to use for provisioning and access +module "keys" { + name = local.random_name + path = "${path.module}/../keys" + source = "mitchellh/dynamic-keys/aws" + version = "v2.0.0" +} + +data "aws_kms_alias" "e2e" { + name = "alias/${var.aws_kms_alias}" +} diff --git a/e2e/terraform/network.tf b/e2e/terraform/provision-infra/network.tf similarity index 97% rename from e2e/terraform/network.tf rename to e2e/terraform/provision-infra/network.tf index 79330e0aa..774da56bf 100644 --- a/e2e/terraform/network.tf +++ b/e2e/terraform/provision-infra/network.tf @@ -207,9 +207,9 @@ resource "aws_network_interface" "clients_secondary" { subnet_id = data.aws_subnet.secondary.id security_groups = [aws_security_group.clients_secondary.id] - count = var.client_count_ubuntu_jammy_amd64 + count = var.client_count_linux attachment { - instance = aws_instance.client_ubuntu_jammy_amd64[count.index].id + instance = aws_instance.client_ubuntu_jammy[count.index].id device_index = 1 } } diff --git a/e2e/terraform/nomad-acls.tf b/e2e/terraform/provision-infra/nomad-acls.tf similarity index 85% rename from e2e/terraform/nomad-acls.tf rename to e2e/terraform/provision-infra/nomad-acls.tf index b5cce557f..846bce89e 100644 --- a/e2e/terraform/nomad-acls.tf +++ b/e2e/terraform/provision-infra/nomad-acls.tf @@ -11,12 +11,12 @@ resource "null_resource" "bootstrap_nomad_acls" { depends_on = [module.nomad_server, null_resource.bootstrap_consul_acls] provisioner "local-exec" { - command = "./scripts/bootstrap-nomad.sh" + command = "${path.module}/scripts/bootstrap-nomad.sh" environment = { NOMAD_ADDR = "https://${aws_instance.server.0.public_ip}:4646" - NOMAD_CACERT = "keys/tls_ca.crt" - NOMAD_CLIENT_CERT = "keys/tls_api_client.crt" - NOMAD_CLIENT_KEY = "keys/tls_api_client.key" + NOMAD_CACERT = "${path.module}/keys/tls_ca.crt" + NOMAD_CLIENT_CERT = "${path.module}/keys/tls_api_client.crt" + NOMAD_CLIENT_KEY = "${path.module}/keys/tls_api_client.key" } } } @@ -53,7 +53,7 @@ resource "null_resource" "root_nomad_env_servers" { user = "ubuntu" host = aws_instance.server[count.index].public_ip port = 22 - private_key = file("${path.root}/keys/${local.random_name}.pem") + private_key = file("${path.module}/../keys/${local.random_name}.pem") timeout = "5m" } provisioner "remote-exec" { diff --git a/e2e/terraform/nomad.tf b/e2e/terraform/provision-infra/nomad.tf similarity index 75% rename from e2e/terraform/nomad.tf rename to e2e/terraform/provision-infra/nomad.tf index 195776b48..8b2b87e9a 100644 --- a/e2e/terraform/nomad.tf +++ b/e2e/terraform/provision-infra/nomad.tf @@ -22,38 +22,42 @@ module "nomad_server" { aws_region = var.region aws_kms_key_id = data.aws_kms_alias.e2e.target_key_id + uploads_dir = local.uploads_dir + connection = { type = "ssh" user = "ubuntu" port = 22 - private_key = "${path.root}/keys/${local.random_name}.pem" + private_key = "${path.module}/../keys/${local.random_name}.pem" } } # TODO: split out the different Linux targets (ubuntu, centos, arm, etc.) when # they're available -module "nomad_client_ubuntu_jammy_amd64" { +module "nomad_client_ubuntu_jammy" { source = "./provision-nomad" - depends_on = [aws_instance.client_ubuntu_jammy_amd64] - count = var.client_count_ubuntu_jammy_amd64 - - platform = "linux" - arch = "linux_amd64" - role = "client" - index = count.index - instance = aws_instance.client_ubuntu_jammy_amd64[count.index] + depends_on = [aws_instance.client_ubuntu_jammy] + count = var.client_count_linux + platform = "linux" + arch = "linux_amd64" + role = "client" + index = count.index + instance = aws_instance.client_ubuntu_jammy[count.index] + nomad_license = var.nomad_license nomad_region = var.nomad_region nomad_local_binary = count.index < length(var.nomad_local_binary_client_ubuntu_jammy_amd64) ? var.nomad_local_binary_client_ubuntu_jammy_amd64[count.index] : var.nomad_local_binary tls_ca_key = tls_private_key.ca.private_key_pem tls_ca_cert = tls_self_signed_cert.ca.cert_pem + uploads_dir = local.uploads_dir + connection = { type = "ssh" user = "ubuntu" port = 22 - private_key = "${path.root}/keys/${local.random_name}.pem" + private_key = "${path.module}/../keys/${local.random_name}.pem" } } @@ -72,15 +76,18 @@ module "nomad_client_windows_2016_amd64" { instance = aws_instance.client_windows_2016_amd64[count.index] nomad_region = var.nomad_region + nomad_license = var.nomad_license nomad_local_binary = count.index < length(var.nomad_local_binary_client_windows_2016_amd64) ? var.nomad_local_binary_client_windows_2016_amd64[count.index] : "" tls_ca_key = tls_private_key.ca.private_key_pem tls_ca_cert = tls_self_signed_cert.ca.cert_pem + uploads_dir = local.uploads_dir + connection = { type = "ssh" user = "Administrator" port = 22 - private_key = "${path.root}/keys/${local.random_name}.pem" + private_key = "${path.module}/../keys/${local.random_name}.pem" } } diff --git a/e2e/terraform/provision-infra/outputs.tf b/e2e/terraform/provision-infra/outputs.tf new file mode 100644 index 000000000..012b1cb1f --- /dev/null +++ b/e2e/terraform/provision-infra/outputs.tf @@ -0,0 +1,82 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +output "servers" { + value = aws_instance.server.*.public_ip +} + +output "linux_clients" { + value = aws_instance.client_ubuntu_jammy.*.public_ip +} + +output "windows_clients" { + value = aws_instance.client_windows_2016_amd64.*.public_ip +} + +output "message" { + value = </dev/null 2>&1 && pwd )" echo "waiting for Consul leader to be up..." while true : do + pwd + echo CONSUL_CACERT=$CONSUL_CACERT + echo CONSUL_HTTP_ADDR=$CONSUL_HTTP_ADDR consul info && break echo "Consul server not ready, waiting 5s" sleep 5 @@ -27,3 +30,5 @@ consul acl token create -policy-name=nomad-cluster -secret "$NOMAD_CLUSTER_CONSU echo "writing Consul cluster policy and token" consul acl policy create -name consul-agents -rules @${DIR}/consul-agents-policy.hcl consul acl token create -policy-name=consul-agents -secret "$CONSUL_AGENT_TOKEN" + +echo "Consul successfully bootstraped!" \ No newline at end of file diff --git a/e2e/terraform/scripts/bootstrap-nomad.sh b/e2e/terraform/provision-infra/scripts/bootstrap-nomad.sh similarity index 83% rename from e2e/terraform/scripts/bootstrap-nomad.sh rename to e2e/terraform/provision-infra/scripts/bootstrap-nomad.sh index 5039970b8..b231ce767 100755 --- a/e2e/terraform/scripts/bootstrap-nomad.sh +++ b/e2e/terraform/provision-infra/scripts/bootstrap-nomad.sh @@ -10,6 +10,10 @@ do ROOT_TOKEN=$(nomad acl bootstrap | awk '/Secret ID/{print $4}') if [ ! -z $ROOT_TOKEN ]; then break; fi sleep 5 + pwd + echo NOMAD_ADDR= $NOMAD_ADDR + echo NOMAD_CACERT= $NOMAD_CACERT + pwd done set -e @@ -17,6 +21,7 @@ export NOMAD_TOKEN="$ROOT_TOKEN" mkdir -p ../keys echo $NOMAD_TOKEN > "${DIR}/../keys/nomad_root_token" +echo NOMAD_TOKEN=$NOMAD_TOKEN # Our default policy after bootstrapping will be full-access. Without # further policy, we only test that we're hitting the ACL code @@ -26,3 +31,5 @@ nomad acl policy apply \ -description "Anonymous policy (full-access)" \ anonymous \ "${DIR}/anonymous.nomad_policy.hcl" + +echo "Nomad successfully bootstraped" diff --git a/e2e/terraform/scripts/consul-agents-policy.hcl b/e2e/terraform/provision-infra/scripts/consul-agents-policy.hcl similarity index 100% rename from e2e/terraform/scripts/consul-agents-policy.hcl rename to e2e/terraform/provision-infra/scripts/consul-agents-policy.hcl diff --git a/e2e/terraform/scripts/nomad-cluster-consul-policy.hcl b/e2e/terraform/provision-infra/scripts/nomad-cluster-consul-policy.hcl similarity index 100% rename from e2e/terraform/scripts/nomad-cluster-consul-policy.hcl rename to e2e/terraform/provision-infra/scripts/nomad-cluster-consul-policy.hcl diff --git a/e2e/terraform/tls_ca.tf b/e2e/terraform/provision-infra/tls_ca.tf similarity index 88% rename from e2e/terraform/tls_ca.tf rename to e2e/terraform/provision-infra/tls_ca.tf index 992c165b5..d2aaa9a1b 100644 --- a/e2e/terraform/tls_ca.tf +++ b/e2e/terraform/provision-infra/tls_ca.tf @@ -23,11 +23,11 @@ resource "tls_self_signed_cert" "ca" { } resource "local_sensitive_file" "ca_key" { - filename = "keys/tls_ca.key" + filename = "${path.module}/keys/tls_ca.key" content = tls_private_key.ca.private_key_pem } resource "local_sensitive_file" "ca_cert" { - filename = "keys/tls_ca.crt" + filename = "${path.module}/keys/tls_ca.crt" content = tls_self_signed_cert.ca.cert_pem } diff --git a/e2e/terraform/tls_client.tf b/e2e/terraform/provision-infra/tls_client.tf similarity index 85% rename from e2e/terraform/tls_client.tf rename to e2e/terraform/provision-infra/tls_client.tf index 9a5e48c3f..3b184b734 100644 --- a/e2e/terraform/tls_client.tf +++ b/e2e/terraform/provision-infra/tls_client.tf @@ -34,12 +34,12 @@ resource "tls_locally_signed_cert" "api_client" { resource "local_sensitive_file" "api_client_key" { content = tls_private_key.api_client.private_key_pem - filename = "keys/tls_api_client.key" + filename = "${path.module}/keys/tls_api_client.key" } resource "local_sensitive_file" "api_client_cert" { content = tls_locally_signed_cert.api_client.cert_pem - filename = "keys/tls_api_client.crt" + filename = "${path.module}/keys/tls_api_client.crt" } # Self signed cert for reverse proxy @@ -56,7 +56,7 @@ resource "tls_self_signed_cert" "self_signed" { organization = "HashiCorp, Inc." } - ip_addresses = toset(aws_instance.client_ubuntu_jammy_amd64.*.public_ip) + ip_addresses = toset(aws_instance.client_ubuntu_jammy.*.public_ip) validity_period_hours = 720 allowed_uses = [ @@ -66,10 +66,10 @@ resource "tls_self_signed_cert" "self_signed" { resource "local_sensitive_file" "self_signed_key" { content = tls_private_key.self_signed.private_key_pem - filename = "keys/self_signed.key" + filename = "${path.module}/keys/self_signed.key" } resource "local_sensitive_file" "self_signed_cert" { content = tls_self_signed_cert.self_signed.cert_pem - filename = "keys/self_signed.crt" + filename = "${path.module}/keys/self_signed.crt" } diff --git a/e2e/terraform/userdata/README.md b/e2e/terraform/provision-infra/userdata/README.md similarity index 100% rename from e2e/terraform/userdata/README.md rename to e2e/terraform/provision-infra/userdata/README.md diff --git a/e2e/terraform/userdata/windows-2016.ps1 b/e2e/terraform/provision-infra/userdata/windows-2016.ps1 similarity index 100% rename from e2e/terraform/userdata/windows-2016.ps1 rename to e2e/terraform/provision-infra/userdata/windows-2016.ps1 diff --git a/e2e/terraform/provision-infra/variables.tf b/e2e/terraform/provision-infra/variables.tf new file mode 100644 index 000000000..d2306b154 --- /dev/null +++ b/e2e/terraform/provision-infra/variables.tf @@ -0,0 +1,122 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +variable "name" { + description = "Used to name various infrastructure components" + default = "nomad-e2e" +} + +variable "region" { + description = "The AWS region to deploy to." + default = "us-east-1" +} + +variable "availability_zone" { + description = "The AWS availability zone to deploy to." + default = "us-east-1b" +} + +variable "instance_type" { + description = "The AWS instance type to use for both clients and servers." + default = "t3a.medium" +} + +variable "instance_architecture" { + description = "The architecture for the AWS instance type to use for both clients and servers." + default = "amd64" +} + +variable "server_count" { + description = "The number of servers to provision." + default = "3" +} + +variable "client_count_linux" { + description = "The number of Ubuntu clients to provision." + default = "4" +} + +variable "client_count_windows_2016_amd64" { + description = "The number of windows 2016 clients to provision." + default = "0" +} + +variable "restrict_ingress_cidrblock" { + description = "Restrict ingress traffic to cluster to invoker ip address" + type = bool + default = true +} + +# ---------------------------------------- +# The specific version of Nomad deployed will default to whichever one of +# nomad_sha, nomad_version, or nomad_local_binary is set + +variable "nomad_local_binary" { + description = "The path to a local binary to provision" + default = "" +} + +variable "nomad_region" { + description = "The name of the Nomad region." + default = "e2e" +} + +variable "nomad_license" { + type = string + description = "If nomad_license is set, deploy a license" + default = "" +} + +variable "consul_license" { + type = string + description = "If consul_license is set, deploy a license" + default = "" +} + +variable "volumes" { + type = bool + description = "Include external EFS volumes (for CSI)" + default = true +} + + +variable "hcp_vault_cluster_id" { + description = "The ID of the HCP Vault cluster" + type = string + default = "nomad-e2e-shared-hcp-vault" +} + +variable "hcp_vault_namespace" { + description = "The namespace where the HCP Vault cluster policy works" + type = string + default = "admin" +} + +variable "aws_kms_alias" { + description = "The alias for the AWS KMS key ID" + type = string + default = "kms-nomad-keyring" +} + +# ---------------------------------------- +# If you want to deploy multiple versions you can use these variables to +# provide a list of builds to override the values of nomad_sha, nomad_version, +# or nomad_local_binary. Most of the time you can ignore these variables! + +variable "nomad_local_binary_server" { + description = "A list of nomad local binary paths to deploy to servers, to override nomad_local_binary" + type = list(string) + default = [] +} + +variable "nomad_local_binary_client_ubuntu_jammy_amd64" { + description = "A list of nomad local binary paths to deploy to Ubuntu Jammy clients, to override nomad_local_binary" + type = list(string) + default = [] +} + +variable "nomad_local_binary_client_windows_2016_amd64" { + description = "A list of nomad local binary paths to deploy to Windows 2016 clients, to override nomad_local_binary" + type = list(string) + default = [] +} diff --git a/e2e/terraform/versions.tf b/e2e/terraform/provision-infra/versions.tf similarity index 100% rename from e2e/terraform/versions.tf rename to e2e/terraform/provision-infra/versions.tf diff --git a/e2e/terraform/volumes.tf b/e2e/terraform/provision-infra/volumes.tf similarity index 86% rename from e2e/terraform/volumes.tf rename to e2e/terraform/provision-infra/volumes.tf index a3ce9c9ea..5a6329cbd 100644 --- a/e2e/terraform/volumes.tf +++ b/e2e/terraform/provision-infra/volumes.tf @@ -3,7 +3,7 @@ resource "aws_efs_file_system" "csi" { count = var.volumes ? 1 : 0 - creation_token = "${local.random_name}-CSI" + creation_token = "${random_pet.e2e.id}-CSI" tags = { Name = "${local.random_name}-efs" @@ -23,6 +23,6 @@ resource "local_file" "efs_volume_hcl" { content = templatefile("${path.module}/volumes.tftpl", { id = aws_efs_file_system.csi[0].id, }) - filename = "${path.module}/../csi/input/volume-efs.hcl" + filename = "${path.module}/csi/input/volume-efs.hcl" file_permission = "0664" } diff --git a/e2e/terraform/volumes.tftpl b/e2e/terraform/provision-infra/volumes.tftpl similarity index 100% rename from e2e/terraform/volumes.tftpl rename to e2e/terraform/provision-infra/volumes.tftpl diff --git a/e2e/terraform/variables.tf b/e2e/terraform/variables.tf index a027aa99b..814e8eb49 100644 --- a/e2e/terraform/variables.tf +++ b/e2e/terraform/variables.tf @@ -21,12 +21,17 @@ variable "instance_type" { default = "t3a.medium" } +variable "instance_architecture" { + description = "The architecture for the AWS instance type to use for both clients and servers." + default = "amd64" +} + variable "server_count" { description = "The number of servers to provision." default = "3" } -variable "client_count_ubuntu_jammy_amd64" { +variable "client_count_linux" { description = "The number of Ubuntu clients to provision." default = "4" } @@ -48,24 +53,21 @@ variable "restrict_ingress_cidrblock" { variable "nomad_local_binary" { description = "The path to a local binary to provision" - default = "" } variable "nomad_license" { type = string description = "If nomad_license is set, deploy a license" - default = "" } variable "nomad_region" { - description = "The name of the Nomad region." - default = "e2e" + description = "The AWS region to deploy to." + default = "us-east-1" } variable "consul_license" { type = string description = "If consul_license is set, deploy a license" - default = "" } variable "volumes" { @@ -74,12 +76,6 @@ variable "volumes" { default = true } -variable "hcp_consul_cluster_id" { - description = "The ID of the HCP Consul cluster" - type = string - default = "nomad-e2e-shared-hcp-consul" -} - variable "hcp_vault_cluster_id" { description = "The ID of the HCP Vault cluster" type = string diff --git a/enos/.gitignore b/enos/.gitignore new file mode 100644 index 000000000..4f1020381 --- /dev/null +++ b/enos/.gitignore @@ -0,0 +1,2 @@ +# enos scenarios +.enos/ \ No newline at end of file