zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

GCVE module first release

This commit is contained in:
eliamaldini 2023-08-14 11:48:27 +02:00
parent b7ff8f0933
commit a509756f1b
7 changed files with 445 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
modules/gcve-private-cloud/README.md Normal file
View File

@ -0,0 +1,97 @@
# Google Cloud VMWare Engine Private Cloud Module
This module implements the creation and management of a Google Cloud VMWare Engine Private Cloud with its management cluster. If configured, it also creates the vmware engine network or it can work with an existing one. The creation of the private connection with the user VPC requires the execution of the [Google SDK command](https://cloud.google.com/sdk/gcloud/reference/vmware/private-connections/create#--routing-mode) the module provides as an output.
Be aware that the deployment of this module might requires up to 2 hours depending on the selected private cloud target zone.
## TOC
<!-- BEGIN TOC -->
- [TOC](#toc)
- [Limitations](#limitations)
- [Basic Private Cloud Creation](#basic-private-cloud-creation)
- [Private Cloud Creation with custom nodes and cores count](#private-cloud-creation-with-custom-nodes-and-cores-count)
- [Files](#files)
- [Variables](#variables)
<!-- END TOC -->
## Limitations
At the moment this module doesn't support the following use cases:
- `Single node private cloud`
- `Stretched private cloud`
## Basic Private Cloud Creation
```hcl
module "gcve-pc" {
source = "./fabric/modules/gcve-private-cloud"
name = "gcve-pc"
project_id = "gcve-test-project"
zone = "asia-southeast1-a"
management_cidr = "192.168.0.0/24"
private_connections = {
transit-conn1 = {
name = "transit-conn1",
network_self_link = "projects/test-prj-elia-01/global/networks/default",
peering = "servicenetworking-googleapis-com"
type = "PRIVATE_SERVICE_ACCESS",
routing_mode = "REGIONAL"
}
}
}
# tftest modules=1 resources=2 inventory=basic.yaml
```
## Private Cloud Creation with custom nodes and cores count
```hcl
module "gcve-pc" {
source = "./fabric/modules/gcve-private-cloud"
name = "gcve-pc"
project_id = "gcve-test-project"
zone = "asia-southeast1-a"
management_cidr = "192.168.0.0/24"
management_cluster_config = {
node_type_id = "standard-72"
node_count = 6
custom_core_count = 28
}
private_connections = {
transit-conn1 = {
name = "transit-conn1",
network_self_link = "projects/test-prj-elia-01/global/networks/default",
peering = "servicenetworking-googleapis-com"
type = "PRIVATE_SERVICE_ACCESS",
routing_mode = "REGIONAL"
}
}
}
# tftest modules=1 resources=2 inventory=custom.yaml
```
<!-- TFDOC OPTS files:1 -->
<!-- BEGIN TFDOC -->
## Files
| name | description | resources |
|---|---|---|
| [main.tf](./main.tf) | Module-level locals and resources. | <code>google_vmwareengine_network</code> · <code>google_vmwareengine_private_cloud</code> |
| [output.tf](./output.tf) | None | |
| [variables.tf](./variables.tf) | Module variables. | |
| [versions.tf](./versions.tf) | Version pins. | |
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [management_cidr](variables.tf#L23) | vSphere/vSAN subnets CIDR range. | <code>string</code> | ✓ | |
| [name](variables.tf#L42) | Private cloud name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L74) | Project id. | <code>string</code> | ✓ | |
| [zone](variables.tf#L85) | Private cloud zone. | <code>string</code> | ✓ | |
| [description](variables.tf#L17) | Private cloud description. | <code>string</code> | | <code>&#34;Terraform-managed.&#34;</code> |
| [management_cluster_config](variables.tf#L28) | Management cluster configuration. | <code title="object&#40;&#123;&#10; node_type_id &#61; string&#10; node_count &#61; number,&#10; custom_core_count &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; node_type_id &#61; &#34;standard-72&#34;,&#10; node_count &#61; 3,&#10; custom_core_count &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> |
| [private_connections](variables.tf#L47) | VMWare private connections configuration. It is used to create the gcloud command printed as output. | <code title="map&#40;object&#40;&#123;&#10; name &#61; string&#10; description &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10; network_self_link &#61; string&#10; peering &#61; string&#10; type &#61; optional&#40;string, &#34;REGIONAL&#34;&#41;&#10; routing_mode &#61; optional&#40;string, &#34;PRIVATE_SERVICE_ACCESS&#34;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [vmwareengine_network_create](variables.tf#L79) | Create the VMware Engine network. When set to false, it uses a data source to reference an existing VMware Engine network. | <code>bool</code> | | <code>true</code> |
<!-- END TFDOC -->

74
modules/gcve-private-cloud/main.tf Normal file
View File

@ -0,0 +1,74 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
region = join("-", slice(split("-", "${var.zone}"), 0, 2))
vmwareengine_network = (
var.vmwareengine_network_create
? try(google_vmwareengine_network.private-cloud-network.0, null)
: try(data.google_vmwareengine_network.private-cloud-network.0, null)
)
psa_peering = {
for k, v in data.google_compute_network_peering.psa_peering : k => slice(split("/", "${v.peer_network}"), 6, 7)[0]
}
}
data "google_vmwareengine_network" "private-cloud-network" {
count = var.vmwareengine_network_create ? 0 : 1
provider = google-beta
project = var.project_id
name = "${local.region}-default"
location = local.region
}
data "google_compute_network_peering" "psa_peering" {
for_each = var.private_connections
name = each.value.peering
network = each.value.network_self_link
}
resource "google_vmwareengine_private_cloud" "private-cloud" {
provider = google-beta
project = var.project_id
location = var.zone
name = var.name
description = var.description
network_config {
management_cidr = var.management_cidr
vmware_engine_network = local.vmwareengine_network.id
}
management_cluster {
cluster_id = "${var.name}-mgmt-cluster"
node_type_configs {
node_type_id = var.management_cluster_config.node_type_id
node_count = var.management_cluster_config.node_count
custom_core_count = var.management_cluster_config.custom_core_count
}
}
}
resource "google_vmwareengine_network" "private-cloud-network" {
count = var.vmwareengine_network_create ? 1 : 0
provider = google-beta
project = var.project_id
name = "${local.region}-default"
location = local.region
type = "LEGACY"
description = "Private cloud ${var.name} network."
}

71
modules/gcve-private-cloud/output.tf Normal file
View File

@ -0,0 +1,71 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
output "hcx" {
description = "Details about a HCX Cloud Manager appliance."
value = google_vmwareengine_private_cloud.private-cloud.hcx
}
output "id" {
description = "ID of the private cloud"
value = google_vmwareengine_private_cloud.private-cloud.id
}
output "management_cluster" {
description = "Details of the management cluster of the private cloud"
value = google_vmwareengine_private_cloud.private-cloud.management_cluster
}
output "network_config" {
description = "Details about the network configuration of the private cloud"
value = google_vmwareengine_private_cloud.private-cloud.network_config
}
output "nsx" {
description = "Details about a NSX Manager appliance."
value = google_vmwareengine_private_cloud.private-cloud.nsx
}
output "private-cloud" {
description = "The private cloud resource"
value = google_vmwareengine_private_cloud.private-cloud
}
output "vcenter" {
description = "Details about a vCenter Server management appliance."
value = google_vmwareengine_private_cloud.private-cloud.vcenter
}
output "state" {
description = "Details about the state of the private cloud"
value = google_vmwareengine_private_cloud.private-cloud.state
}
output "private_connections_setup" {
description = "Cloud SDK commands for the private connections manual setup."
value = {
for k, v in var.private_connections : k => <<EOT
gcloud vmware private-connections create ${v.name} \
--location=${local.region} \
--project=${var.project_id} \
--vmware-engine-network=${local.region}-default \
--description="${v.description}" \
--routing-mode=${v.routing_mode} \
--service-project=${local.psa_peering[k]} \
--type=${v.type}
EOT
}
}

92
modules/gcve-private-cloud/variables.tf Normal file
View File

@ -0,0 +1,92 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "description" {
description = "Private cloud description."
type = string
default = "Terraform-managed."
}
variable "management_cidr" {
description = "vSphere/vSAN subnets CIDR range."
type = string
}
variable "management_cluster_config" {
description = "Management cluster configuration."
type = object({
node_type_id = string
node_count = number,
custom_core_count = number
})
default = {
node_type_id = "standard-72",
node_count = 3,
custom_core_count = null
}
}
variable "name" {
description = "Private cloud name."
type = string
}
variable "private_connections" {
description = "VMWare private connections configuration. It is used to create the gcloud command printed as output."
type = map(object({
name = string
description = optional(string, "Terraform-managed.")
network_self_link = string
peering = string
type = optional(string, "REGIONAL")
routing_mode = optional(string, "PRIVATE_SERVICE_ACCESS")
}))
default = {}
validation {
condition = alltrue([
for r in var.private_connections :
contains(["GLOBAL", "REGIONAL"], r.routing_mode)
])
error_message = "Routing mode must be one of GLOBAL, REGIONAL."
}
validation {
condition = alltrue([
for r in var.private_connections :
contains(["DELL_POWERSCALE", "NETAPP_CLOUD_VOLUMES", "PRIVATE_SERVICE_ACCESS", "THIRD_PARTY_SERVICE"], r.type)
])
error_message = "Type must be one of DELL_POWERSCALE, NETAPP_CLOUD_VOLUMES, PRIVATE_SERVICE_ACCESS, THIRD_PARTY_SERVICE."
}
}
variable "project_id" {
description = "Project id."
type = string
}
variable "vmwareengine_network_create" {
description = "Create the VMware Engine network. When set to false, it uses a data source to reference an existing VMware Engine network."
type = bool
default = true
}
variable "zone" {
description = "Private cloud zone."
type = string
}

29
modules/gcve-private-cloud/versions.tf Normal file
View File

@ -0,0 +1,29 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
terraform {
required_version = ">= 1.4.4"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.76.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.76.0" # tftest
}
}
}

40
tests/modules/gcve_private_cloud/examples/basic.yaml Normal file
View File

@ -0,0 +1,40 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.gcve-pc.google_vmwareengine_network.private-cloud-network[0]:
location: asia-southeast1
name: asia-southeast1-default
project: gcve-test-project
timeouts: null
type: LEGACY
module.gcve-pc.google_vmwareengine_private_cloud.private-cloud:
location: asia-southeast1-a
management_cluster:
- cluster_id: gcve-pc-mgmt-cluster
node_type_configs:
- custom_core_count: 0
node_count: 3
node_type_id: standard-72
name: gcve-pc
network_config:
- management_cidr: 192.168.0.0/24
project: gcve-test-project
timeouts: null
counts:
google_vmwareengine_network: 1
google_vmwareengine_private_cloud: 1
modules: 1
resources: 2

42
tests/modules/gcve_private_cloud/examples/custom.yaml Normal file
View File

@ -0,0 +1,42 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.gcve-pc.google_vmwareengine_network.private-cloud-network[0]:
description: Private cloud gcve-pc network.
location: asia-southeast1
name: asia-southeast1-default
project: gcve-test-project
timeouts: null
type: LEGACY
module.gcve-pc.google_vmwareengine_private_cloud.private-cloud:
description: Terraform-managed.
location: asia-southeast1-a
management_cluster:
- cluster_id: gcve-pc-mgmt-cluster
node_type_configs:
- custom_core_count: 28
node_count: 6
node_type_id: standard-72
name: gcve-pc
network_config:
- management_cidr: 192.168.0.0/24
project: gcve-test-project
timeouts: null
counts:
google_vmwareengine_network: 1
google_vmwareengine_private_cloud: 1
modules: 1
resources: 2