From 7053ae8f214e147edbdb50ff4728f18da0c2ca58 Mon Sep 17 00:00:00 2001
From: Paul Bastide <pbastide@us.ibm.com>
Date: Fri, 15 Dec 2023 21:01:57 -0500
Subject: [PATCH] fix: for the automation

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>
---
 modules/1_vpc_prepare/security_groups.tf      |  6 +-
 .../7_post/ibmcloud_lb/files/remove_lbs.sh    |  8 ++
 .../7_post/ibmcloud_lb/files/update_lbs.sh    | 71 +++++++++++++++
 modules/7_post/ibmcloud_lb/ibmcloud_lb.tf     | 90 +++++++++++++++++++
 modules/7_post/ibmcloud_lb/outputs.tf         |  5 ++
 modules/7_post/ibmcloud_lb/variables.tf       | 16 ++++
 modules/7_post/ibmcloud_lb/versions.tf        |  8 ++
 modules/7_post/post.tf                        | 19 ++++
 8 files changed, 220 insertions(+), 3 deletions(-)
 create mode 100644 modules/7_post/ibmcloud_lb/files/remove_lbs.sh
 create mode 100644 modules/7_post/ibmcloud_lb/files/update_lbs.sh
 create mode 100644 modules/7_post/ibmcloud_lb/ibmcloud_lb.tf
 create mode 100644 modules/7_post/ibmcloud_lb/outputs.tf
 create mode 100644 modules/7_post/ibmcloud_lb/variables.tf
 create mode 100644 modules/7_post/ibmcloud_lb/versions.tf

diff --git a/modules/1_vpc_prepare/security_groups.tf b/modules/1_vpc_prepare/security_groups.tf
index 772aa52..0c36de7 100644
--- a/modules/1_vpc_prepare/security_groups.tf
+++ b/modules/1_vpc_prepare/security_groups.tf
@@ -66,14 +66,14 @@ resource "ibm_is_security_group_rule" "worker_all_powervs_cidr" {
 }
 
 locals {
-  lbs_sg = [for x in data.ibm_is_security_groups.sgs.security_groups : x if endswith(x.name, "-ocp-sec-group")]
+  lbs_sg = [for x in data.ibm_is_security_groups.supp_vm_sgs.security_groups : x if endswith(x.name, "-ocp-sec-group")]
 }
 
 # TCP Inbound 80 - Security group *ocp-sec-group
 # Dev Note: Only opens to the Load Balancers SG
 # If it exists, it implies that the SG needs to be updated.
 resource "ibm_is_security_group_rule" "lbs_to_workers_http" {
-  count     = length(lbs_sg) > 0 ? 1 : 0
+  count     = length(local.lbs_sg) > 0 ? 1 : 0
   group     = ibm_is_security_group.worker_vm_sg[0].id
   direction = "inbound"
   remote    = local.lbs_sg[0].id
@@ -85,7 +85,7 @@ resource "ibm_is_security_group_rule" "lbs_to_workers_http" {
 
 # TCP Inbound 443 - Security group *ocp-sec-group
 resource "ibm_is_security_group_rule" "lbs_to_workers_https" {
-  count     = length(lbs_sg) > 0 ? 1 : 0
+  count     = length(local.lbs_sg) > 0 ? 1 : 0
   group     = ibm_is_security_group.worker_vm_sg[0].id
   direction = "inbound"
   remote    = local.lbs_sg[0].id
diff --git a/modules/7_post/ibmcloud_lb/files/remove_lbs.sh b/modules/7_post/ibmcloud_lb/files/remove_lbs.sh
new file mode 100644
index 0000000..bc5d27a
--- /dev/null
+++ b/modules/7_post/ibmcloud_lb/files/remove_lbs.sh
@@ -0,0 +1,8 @@
+################################################################
+# Copyright 2023 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+
+# The script removes the workers from the pools.
+
+ibmcloud 
\ No newline at end of file
diff --git a/modules/7_post/ibmcloud_lb/files/update_lbs.sh b/modules/7_post/ibmcloud_lb/files/update_lbs.sh
new file mode 100644
index 0000000..c777818
--- /dev/null
+++ b/modules/7_post/ibmcloud_lb/files/update_lbs.sh
@@ -0,0 +1,71 @@
+################################################################
+# Copyright 2023 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+
+# The script updates the ibmcloud entries for the new Intel nodes pool
+REGION=$1
+RESOURCE_GROUP=$2
+VPC_NAME=$3
+
+ibmcloud target -r ${REGION} -g ${RESOURCE_GROUP}
+ibmcloud is vpc ${VPC_NAME} --output json
+ibmcloud is load-balancers --resource-group-name ${RESOURCE_GROUP} --output json
+--- figure out which ones are in the vpc 
+
+GET THE INTERNAL IP.
+oc get nodes -lkubernetes.io/arch=amd64 -owide --no-headers=true | awk '{print $6}' 
+
+LB=
+POOL=
+ibmcloud is load-balancer-pool-member-create \
+	"${INGRESS_HTTP_LB}" "${HTTP_POOL}" 80 ${IP} --output JSON
+
+ibmcloud is load-balancer-pool-member-create \
+	"${INGRESS_HTTPS_LB}" "${HTTPS_POOL}" 443 ${IP} --output JSON
+
+
+load-balancer-pools
+load-balancer-pool-member-create, lb-pmc                                        Create a load balancer pool member
+    load-balancer-pool-member-delete, lb-pmd                                        Delete one or more members from a load balancer pool.
+    
+
+
+    load-balancer, lb                                                               View details of a load balancer
+    load-balancer-create, lbc                                                       Create a load balancer
+    load-balancer-delete, lbd                                                       Delete one or more load balancers.
+    load-balancer-listener, lb-l                                                    View details of a load balancer listener
+    load-balancer-listener-create, lb-lc                                            Create a load balancer listener
+    load-balancer-listener-delete, lb-ld                                            Delete one or more load balancer listeners.
+    load-balancer-listener-policies, lb-lps                                         List all load balancer policies
+    load-balancer-listener-policy, lb-lp                                            View details of load balancer listener policy
+    load-balancer-listener-policy-create, lb-lpc                                    Create a load balancer listener policy
+    load-balancer-listener-policy-delete, lb-lpd                                    Delete one or more policies from a load balancer listener.
+    load-balancer-listener-policy-rule, lb-lpr                                      List single load balancer policy rule
+    load-balancer-listener-policy-rule-create, lb-lprc                              Create a load balancer listener policy rule
+    load-balancer-listener-policy-rule-delete, lb-lprd                              Delete one or more policies from a load balancer listener.
+    load-balancer-listener-policy-rule-update, lb-lpru                              Update a rule of a load balancer listener policy
+    load-balancer-listener-policy-rules, lb-lprs                                    List all load balancer policy rules
+    load-balancer-listener-policy-update, lb-lpu                                    Update a policy of a load balancer listener
+    load-balancer-listener-update, lb-lu                                            Update a load balancer listener
+    load-balancer-listeners, lb-ls                                                  List all load balancer listeners
+    load-balancer-pool, lb-p                                                        View details of a load balancer pool
+    load-balancer-pool-create, lb-pc                                                Create a load balancer pool
+    load-balancer-pool-delete, lb-pd                                                Delete one or more pools from a load balancer.
+    load-balancer-pool-member, lb-pm                                                View details of load balancer pool member
+    load-balancer-pool-member-create, lb-pmc                                        Create a load balancer pool member
+    load-balancer-pool-member-delete, lb-pmd                                        Delete one or more members from a load balancer pool.
+    load-balancer-pool-member-update, lb-pmu                                        Update a member of a load balancer pool
+    load-balancer-pool-members, lb-pms                                              List all the members of a load balancer pool
+    load-balancer-pool-members-update, lb-pmsu                                      Update members of the load balancer pool
+    load-balancer-pool-update, lb-pu                                                Update a pool of a load balancer
+    load-balancer-pools, lb-ps                                                      List all pools of a load balancer
+    load-balancer-statistics, lb-statistics                                         List all statistics of a load balancer
+    load-balancer-update, lbu                                                       Update a load balancer
+    load-balancers, lbs       
+
+ibmcloud is load-balancer-pool-members --vpc ${VPC_NAME}
+
+
+ingress-https
+ingress-http 
\ No newline at end of file
diff --git a/modules/7_post/ibmcloud_lb/ibmcloud_lb.tf b/modules/7_post/ibmcloud_lb/ibmcloud_lb.tf
new file mode 100644
index 0000000..cfc52b4
--- /dev/null
+++ b/modules/7_post/ibmcloud_lb/ibmcloud_lb.tf
@@ -0,0 +1,90 @@
+################################################################
+# Copyright 2023 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+
+locals {
+  ansible_post_path = "/root/ocp4-upi-compute-powervs-ibmcloud/post"
+}
+
+# Dev Note: only on destroy - restore the load balancers
+resource "null_resource" "remove_lbs" {
+
+  triggers = {
+    count_1           = var.worker_1["count"]
+    count_2           = var.worker_2["count"]
+    count_3           = var.worker_3["count"]
+    user              = var.rhel_username
+    timeout           = "${var.connection_timeout}m"
+    name_prefix       = "${var.name_prefix}"
+    private_key       = sensitive(file(var.private_key_file))
+    host              = var.bastion_public_ip
+    agent             = var.ssh_agent
+    ansible_post_path = local.ansible_post_path
+  }
+
+  connection {
+    type        = "ssh"
+    user        = self.triggers.user
+    private_key = self.triggers.private_key
+    host        = self.triggers.host
+    agent       = self.triggers.agent
+    timeout     = self.triggers.timeout
+  }
+
+  provisioner "remote-exec" {
+    inline = [<<EOF
+mkdir -p /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
+EOF
+    ]
+  }
+
+  provisioner "file" {
+    source      = "${path.module}/files/remove_lbs.sh"
+    destination = "/root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/remove_lbs.sh"
+  }
+
+  provisioner "remote-exec" {
+    when       = destroy
+    on_failure = continue
+    inline = [<<EOF
+cd /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
+bash remove_lbs.sh
+EOF
+    ]
+  }
+}
+
+resource "null_resource" "updating_load_balancers" {
+  depends_on = [null_resource.remove_lbs]
+  connection {
+    type        = "ssh"
+    user        = var.rhel_username
+    private_key = file(var.private_key_file)
+    host        = var.bastion_public_ip
+    agent       = var.ssh_agent
+    timeout     = "${var.connection_timeout}m"
+  }
+
+  provisioner "remote-exec" {
+    inline = [<<EOF
+mkdir -p /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
+EOF
+    ]
+  }
+
+  provisioner "file" {
+    source      = "${path.module}/files/update_lbs.sh"
+    destination = "/root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/update_lbs.sh"
+  }
+
+  # Dev Note: Updates the load balancers
+  provisioner "remote-exec" {
+    inline = [<<EOF
+cd /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
+bash update_lbs.sh
+EOF
+    ]
+  }
+}
+
diff --git a/modules/7_post/ibmcloud_lb/outputs.tf b/modules/7_post/ibmcloud_lb/outputs.tf
new file mode 100644
index 0000000..46a2711
--- /dev/null
+++ b/modules/7_post/ibmcloud_lb/outputs.tf
@@ -0,0 +1,5 @@
+################################################################
+# Copyright 2023 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+
diff --git a/modules/7_post/ibmcloud_lb/variables.tf b/modules/7_post/ibmcloud_lb/variables.tf
new file mode 100644
index 0000000..6a7358d
--- /dev/null
+++ b/modules/7_post/ibmcloud_lb/variables.tf
@@ -0,0 +1,16 @@
+################################################################
+# Copyright 2023 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+
+variable "ssh_agent" {}
+variable "connection_timeout" {}
+variable "rhel_username" {}
+variable "bastion_public_ip" {}
+variable "private_key_file" {}
+variable "vpc_region" {}
+variable "vpc_zone" {}
+variable "name_prefix" {}
+variable "worker_1" {}
+variable "worker_2" {}
+variable "worker_3" {}
diff --git a/modules/7_post/ibmcloud_lb/versions.tf b/modules/7_post/ibmcloud_lb/versions.tf
new file mode 100644
index 0000000..37c7d42
--- /dev/null
+++ b/modules/7_post/ibmcloud_lb/versions.tf
@@ -0,0 +1,8 @@
+################################################################
+# Copyright 2023 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+
+terraform {
+  required_version = ">= 1.5.0"
+}
diff --git a/modules/7_post/post.tf b/modules/7_post/post.tf
index ab7118a..d5b9cb5 100644
--- a/modules/7_post/post.tf
+++ b/modules/7_post/post.tf
@@ -205,3 +205,22 @@ module "haproxy_lb_support" {
   worker_2           = var.worker_2
   worker_3           = var.worker_3
 }
+
+# Dev Note: we only execute when CIS, Security Groups and Load Balancers are used
+module "ibmcloud_lb_support" {
+  count      = var.ibm_cloud_cis ? 1 : 0
+  depends_on = [null_resource.patch_nfs_arch_ppc64le]
+  source     = "./ibmcloud_lb"
+
+  ssh_agent          = var.ssh_agent
+  rhel_username      = var.rhel_username
+  connection_timeout = var.connection_timeout
+  bastion_public_ip  = var.bastion_public_ip
+  private_key_file   = var.private_key_file
+  vpc_region         = var.vpc_region
+  vpc_zone           = var.vpc_zone
+  name_prefix        = var.name_prefix
+  worker_1           = var.worker_1
+  worker_2           = var.worker_2
+  worker_3           = var.worker_3
+}
\ No newline at end of file