Skip to content

Commit

Permalink
fix: for the automation
Browse files Browse the repository at this point in the history
Signed-off-by: Paul Bastide <[email protected]>
  • Loading branch information
prb112 committed Dec 16, 2023
1 parent d463196 commit 7053ae8
Show file tree
Hide file tree
Showing 8 changed files with 220 additions and 3 deletions.
6 changes: 3 additions & 3 deletions modules/1_vpc_prepare/security_groups.tf
Original file line number Diff line number Diff line change
Expand Up @@ -66,14 +66,14 @@ resource "ibm_is_security_group_rule" "worker_all_powervs_cidr" {
}

locals {
lbs_sg = [for x in data.ibm_is_security_groups.sgs.security_groups : x if endswith(x.name, "-ocp-sec-group")]
lbs_sg = [for x in data.ibm_is_security_groups.supp_vm_sgs.security_groups : x if endswith(x.name, "-ocp-sec-group")]
}

# TCP Inbound 80 - Security group *ocp-sec-group
# Dev Note: Only opens to the Load Balancers SG
# If it exists, it implies that the SG needs to be updated.
resource "ibm_is_security_group_rule" "lbs_to_workers_http" {
count = length(lbs_sg) > 0 ? 1 : 0
count = length(local.lbs_sg) > 0 ? 1 : 0
group = ibm_is_security_group.worker_vm_sg[0].id
direction = "inbound"
remote = local.lbs_sg[0].id
Expand All @@ -85,7 +85,7 @@ resource "ibm_is_security_group_rule" "lbs_to_workers_http" {

# TCP Inbound 443 - Security group *ocp-sec-group
resource "ibm_is_security_group_rule" "lbs_to_workers_https" {
count = length(lbs_sg) > 0 ? 1 : 0
count = length(local.lbs_sg) > 0 ? 1 : 0
group = ibm_is_security_group.worker_vm_sg[0].id
direction = "inbound"
remote = local.lbs_sg[0].id
Expand Down
8 changes: 8 additions & 0 deletions modules/7_post/ibmcloud_lb/files/remove_lbs.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
################################################################
# Copyright 2023 - IBM Corporation. All rights reserved
# SPDX-License-Identifier: Apache-2.0
################################################################

# The script removes the workers from the pools.

ibmcloud
71 changes: 71 additions & 0 deletions modules/7_post/ibmcloud_lb/files/update_lbs.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
################################################################
# Copyright 2023 - IBM Corporation. All rights reserved
# SPDX-License-Identifier: Apache-2.0
################################################################

# The script updates the ibmcloud entries for the new Intel nodes pool
REGION=$1
RESOURCE_GROUP=$2
VPC_NAME=$3

ibmcloud target -r ${REGION} -g ${RESOURCE_GROUP}
ibmcloud is vpc ${VPC_NAME} --output json
ibmcloud is load-balancers --resource-group-name ${RESOURCE_GROUP} --output json
--- figure out which ones are in the vpc

GET THE INTERNAL IP.
oc get nodes -lkubernetes.io/arch=amd64 -owide --no-headers=true | awk '{print $6}'

LB=
POOL=
ibmcloud is load-balancer-pool-member-create \
"${INGRESS_HTTP_LB}" "${HTTP_POOL}" 80 ${IP} --output JSON

ibmcloud is load-balancer-pool-member-create \
"${INGRESS_HTTPS_LB}" "${HTTPS_POOL}" 443 ${IP} --output JSON


load-balancer-pools
load-balancer-pool-member-create, lb-pmc Create a load balancer pool member
load-balancer-pool-member-delete, lb-pmd Delete one or more members from a load balancer pool.



load-balancer, lb View details of a load balancer
load-balancer-create, lbc Create a load balancer
load-balancer-delete, lbd Delete one or more load balancers.
load-balancer-listener, lb-l View details of a load balancer listener
load-balancer-listener-create, lb-lc Create a load balancer listener
load-balancer-listener-delete, lb-ld Delete one or more load balancer listeners.
load-balancer-listener-policies, lb-lps List all load balancer policies
load-balancer-listener-policy, lb-lp View details of load balancer listener policy
load-balancer-listener-policy-create, lb-lpc Create a load balancer listener policy
load-balancer-listener-policy-delete, lb-lpd Delete one or more policies from a load balancer listener.
load-balancer-listener-policy-rule, lb-lpr List single load balancer policy rule
load-balancer-listener-policy-rule-create, lb-lprc Create a load balancer listener policy rule
load-balancer-listener-policy-rule-delete, lb-lprd Delete one or more policies from a load balancer listener.
load-balancer-listener-policy-rule-update, lb-lpru Update a rule of a load balancer listener policy
load-balancer-listener-policy-rules, lb-lprs List all load balancer policy rules
load-balancer-listener-policy-update, lb-lpu Update a policy of a load balancer listener
load-balancer-listener-update, lb-lu Update a load balancer listener
load-balancer-listeners, lb-ls List all load balancer listeners
load-balancer-pool, lb-p View details of a load balancer pool
load-balancer-pool-create, lb-pc Create a load balancer pool
load-balancer-pool-delete, lb-pd Delete one or more pools from a load balancer.
load-balancer-pool-member, lb-pm View details of load balancer pool member
load-balancer-pool-member-create, lb-pmc Create a load balancer pool member
load-balancer-pool-member-delete, lb-pmd Delete one or more members from a load balancer pool.
load-balancer-pool-member-update, lb-pmu Update a member of a load balancer pool
load-balancer-pool-members, lb-pms List all the members of a load balancer pool
load-balancer-pool-members-update, lb-pmsu Update members of the load balancer pool
load-balancer-pool-update, lb-pu Update a pool of a load balancer
load-balancer-pools, lb-ps List all pools of a load balancer
load-balancer-statistics, lb-statistics List all statistics of a load balancer
load-balancer-update, lbu Update a load balancer
load-balancers, lbs

ibmcloud is load-balancer-pool-members --vpc ${VPC_NAME}


ingress-https
ingress-http
90 changes: 90 additions & 0 deletions modules/7_post/ibmcloud_lb/ibmcloud_lb.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
################################################################
# Copyright 2023 - IBM Corporation. All rights reserved
# SPDX-License-Identifier: Apache-2.0
################################################################

locals {
ansible_post_path = "/root/ocp4-upi-compute-powervs-ibmcloud/post"
}

# Dev Note: only on destroy - restore the load balancers
resource "null_resource" "remove_lbs" {

triggers = {
count_1 = var.worker_1["count"]
count_2 = var.worker_2["count"]
count_3 = var.worker_3["count"]
user = var.rhel_username
timeout = "${var.connection_timeout}m"
name_prefix = "${var.name_prefix}"
private_key = sensitive(file(var.private_key_file))
host = var.bastion_public_ip
agent = var.ssh_agent
ansible_post_path = local.ansible_post_path
}

connection {
type = "ssh"
user = self.triggers.user
private_key = self.triggers.private_key
host = self.triggers.host
agent = self.triggers.agent
timeout = self.triggers.timeout
}

provisioner "remote-exec" {
inline = [<<EOF
mkdir -p /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
EOF
]
}

provisioner "file" {
source = "${path.module}/files/remove_lbs.sh"
destination = "/root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/remove_lbs.sh"
}

provisioner "remote-exec" {
when = destroy
on_failure = continue
inline = [<<EOF
cd /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
bash remove_lbs.sh
EOF
]
}
}

resource "null_resource" "updating_load_balancers" {
depends_on = [null_resource.remove_lbs]
connection {
type = "ssh"
user = var.rhel_username
private_key = file(var.private_key_file)
host = var.bastion_public_ip
agent = var.ssh_agent
timeout = "${var.connection_timeout}m"
}

provisioner "remote-exec" {
inline = [<<EOF
mkdir -p /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
EOF
]
}

provisioner "file" {
source = "${path.module}/files/update_lbs.sh"
destination = "/root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/update_lbs.sh"
}

# Dev Note: Updates the load balancers
provisioner "remote-exec" {
inline = [<<EOF
cd /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
bash update_lbs.sh
EOF
]
}
}

5 changes: 5 additions & 0 deletions modules/7_post/ibmcloud_lb/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
################################################################
# Copyright 2023 - IBM Corporation. All rights reserved
# SPDX-License-Identifier: Apache-2.0
################################################################

16 changes: 16 additions & 0 deletions modules/7_post/ibmcloud_lb/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
################################################################
# Copyright 2023 - IBM Corporation. All rights reserved
# SPDX-License-Identifier: Apache-2.0
################################################################

variable "ssh_agent" {}
variable "connection_timeout" {}
variable "rhel_username" {}
variable "bastion_public_ip" {}
variable "private_key_file" {}
variable "vpc_region" {}
variable "vpc_zone" {}
variable "name_prefix" {}
variable "worker_1" {}
variable "worker_2" {}
variable "worker_3" {}
8 changes: 8 additions & 0 deletions modules/7_post/ibmcloud_lb/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
################################################################
# Copyright 2023 - IBM Corporation. All rights reserved
# SPDX-License-Identifier: Apache-2.0
################################################################

terraform {
required_version = ">= 1.5.0"
}
19 changes: 19 additions & 0 deletions modules/7_post/post.tf
Original file line number Diff line number Diff line change
Expand Up @@ -205,3 +205,22 @@ module "haproxy_lb_support" {
worker_2 = var.worker_2
worker_3 = var.worker_3
}

# Dev Note: we only execute when CIS, Security Groups and Load Balancers are used
module "ibmcloud_lb_support" {
count = var.ibm_cloud_cis ? 1 : 0
depends_on = [null_resource.patch_nfs_arch_ppc64le]
source = "./ibmcloud_lb"

ssh_agent = var.ssh_agent
rhel_username = var.rhel_username
connection_timeout = var.connection_timeout
bastion_public_ip = var.bastion_public_ip
private_key_file = var.private_key_file
vpc_region = var.vpc_region
vpc_zone = var.vpc_zone
name_prefix = var.name_prefix
worker_1 = var.worker_1
worker_2 = var.worker_2
worker_3 = var.worker_3
}

0 comments on commit 7053ae8

Please sign in to comment.