[incubator-dlab] 02/02: [terraform] Created terraform scripts for SSN(GCP)

dmysakovets Wed, 29 May 2019 23:36:47 -0700

This is an automated email from the ASF dual-hosted git repository.

dmysakovets pushed a commit to branch terraform
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git


commit 25a3295525ad134d5b4ef7364e84918c6bfb1020
Author: Dyoma33 <[email protected]>
AuthorDate: Thu May 30 09:35:31 2019 +0300

    [terraform] Created terraform scripts for SSN(GCP)
---
 .../src/ssn/mongo-image/create_db.js               | 14 +++++++
 .../src/ssn/mongo-image/mongo-image                | 31 ++++++++++++++
 infrastructure-provisioning/terraform/main/main.tf | 22 +++++-----
 .../terraform/main/variables.tf                    | 15 +++++++
 .../terraform/modules/global/service_accounts.tf   | 22 ----------
 .../terraform/modules/global/variables.tf          | 19 ---------
 .../terraform/modules/global/vpc.tf                |  0
 .../terraform/modules/ssn/instance.tf              | 47 ++++++++++++++++++++++
 .../terraform/modules/ssn/network.tf               | 34 ++++++++++++++++
 .../terraform/modules/ssn/service_accounts.tf      | 22 ++++++++++
 .../terraform/modules/ssn/variables.tf             | 20 +++++++++
 11 files changed, 193 insertions(+), 53 deletions(-)

diff --git a/infrastructure-provisioning/src/ssn/mongo-image/create_db.js 
b/infrastructure-provisioning/src/ssn/mongo-image/create_db.js
new file mode 100644
index 0000000..ee44f95
--- /dev/null
+++ b/infrastructure-provisioning/src/ssn/mongo-image/create_db.js
@@ -0,0 +1,14 @@
+var MongoClient = require('mongodb').MongoClient;
+
+MongoClient.connect("mongodb://localhost:27017/MyDb", function (err, db) {
+    use dlabdb
+    dlabdb.createUser(
+        {
+          user: "admin",
+          pwd: "mongo_passwd",
+          roles: [
+             { role: "userAdminAnyDatabase", db: "admin" },
+             "readWrite"
+          ]
+        }
+    );
diff --git a/infrastructure-provisioning/src/ssn/mongo-image/mongo-image 
b/infrastructure-provisioning/src/ssn/mongo-image/mongo-image
new file mode 100644
index 0000000..383a59b
--- /dev/null
+++ b/infrastructure-provisioning/src/ssn/mongo-image/mongo-image
@@ -0,0 +1,31 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# 
******************************************************************************
+
+FROM mongo:4.0-xenial
+
+COPY create_db.js /tmp/
+COPY mongo_roles.json /tmp/
+
+RUN mongod -f /etc/mongod.conf --fork --logpath /var/log/mongodb.log \
+    && sleep 5 \
+    && mongo admin /tmp/create_db.js
+    && mongoimport --username <user_name> --password <password>
+
diff --git a/infrastructure-provisioning/terraform/main/main.tf 
b/infrastructure-provisioning/terraform/main/main.tf
index 758889a..ea814f5 100644
--- a/infrastructure-provisioning/terraform/main/main.tf
+++ b/infrastructure-provisioning/terraform/main/main.tf
@@ -1,20 +1,18 @@
 provider "google" {
-  source = "../modules/global"
-  project = "${var.project}"
-  credentials = "${var.credentials}"
-  region = "${var.region}"
-}
-module "service_accounts" {
-  source = "../modules/global"
-  service_name = "${var.project}"
+  version     = "~> 2.7"
+  project     = "${var.project_var}"
+  region      = "${var.region_var}"
+  zone        = "${var.zone_var}"
 }
+
+#module "service_accounts" {
+#  source = "../modules/global"
+#}
+
 module "vpc" {
   source = "../modules/global"
-  var_ssn_public_subnet = "${var.ssn_public_subnet}"
-  var_ssn_private_subnet = "${var.ssn_private_subnet}"
 }
+
 module "ssn" {
   source = "../modules/ssn"
-  var_ssn_public_subnet = "${var.ssn_public_subnet}"
-  var_ssn_private_subnet = "${var.ssn_private_subnet}"
 }
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/main/variables.tf 
b/infrastructure-provisioning/terraform/main/variables.tf
new file mode 100644
index 0000000..1e08c1e
--- /dev/null
+++ b/infrastructure-provisioning/terraform/main/variables.tf
@@ -0,0 +1,15 @@
+variable "project_var" {
+  default = "or2-msq-epmc-dlab-t1iylu"
+}
+
+variable "project_name_var" {
+  default = "dem-test-terraform2"
+}
+
+variable "region_var" {
+  default = "us-east1"
+}
+
+variable "zone_var" {
+  default = "us-east1-c"
+}
diff --git 
a/infrastructure-provisioning/terraform/modules/global/service_accounts.tf 
b/infrastructure-provisioning/terraform/modules/global/service_accounts.tf
deleted file mode 100644
index fe6699a..0000000
--- a/infrastructure-provisioning/terraform/modules/global/service_accounts.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-resource "google_service_account" "ssn_sa" {
-  account_id   = "${var.service_name}-ssn-sa"
-  display_name = "${var.service_name}-ssn-sa"
-}
-
-# Create a Service Account key by default
-resource "google_service_account_key" "nodes_sa_key" {
-  depends_on         = ["google_project_iam_member.iam"]
-  service_account_id = "${google_service_account.nodes_sa.name}"
-}
-
-resource "google_project_iam_custom_role" "custom_ssn_role" {
-  role_id = "${var.service_name}-ssn-role"
-  title = "${var.service_name}-ssn-role"
-  permissions = "${var.ssn_policy}"
-}
-
-resource "google_project_iam_member" "iam" {
-  count   = "${length(var.ssn_roles)}"
-  member  = "serviceAccount:${google_service_account.nodes_sa.email}"
-  role    = "${element(var.service_account_iam_roles, count.index)}"
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/modules/global/variables.tf 
b/infrastructure-provisioning/terraform/modules/global/variables.tf
deleted file mode 100644
index 47b3e93..0000000
--- a/infrastructure-provisioning/terraform/modules/global/variables.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-variable "project" {
-  default = "service_base_name"
-}
-
-variable "region" {
-  default = "us-east1"
-}
-
-variable "credentials" {
-  default = "/path/to/service_account.json"
-}
-
-variable "ssn_roles" {
-  default = "/path/to/ssn_roles.json"
-}
-
-variable "ssn_police" {
-  default = "/path/to/ssn_policy.json"
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/modules/global/vpc.tf 
b/infrastructure-provisioning/terraform/modules/global/vpc.tf
deleted file mode 100644
index e69de29..0000000
diff --git a/infrastructure-provisioning/terraform/modules/ssn/instance.tf 
b/infrastructure-provisioning/terraform/modules/ssn/instance.tf
index e69de29..c42d139 100644
--- a/infrastructure-provisioning/terraform/modules/ssn/instance.tf
+++ b/infrastructure-provisioning/terraform/modules/ssn/instance.tf
@@ -0,0 +1,47 @@
+provider "google" {
+  project     = "${var.project_var}"
+  region = "${var.region}"
+}
+
+resource "google_compute_address" "ssn-ip" {
+  name = "${var.project_name_var}-ssn-ip"
+  address_type = "EXTERNAL"
+}
+
+resource "google_compute_instance" "ssn" {
+  name = "${var.project_name_var}-ssn"
+  machine_type         = "n1-standard-1"
+  tags = ["${var.project_name_var}-ssn"]
+  zone  = "${var.zone}"
+
+  boot_disk {
+    initialize_params {
+      image = "${var.image_name}"
+      size  = 20
+    }
+  }
+
+  labels = {
+    name = "${var.project_name_var}-ssn"
+    product = "dlab"
+    sbn = "${var.project_name_var}"
+  }
+
+  metadata = {
+    ssh-keys = "ubuntu:${file("~/keys/id_rsa.pub")}"
+  }
+
+/*  service_account {
+    email = 
"${var.project_name_var}-ssn-sa@${var.project_var}.iam.gserviceaccount.com"
+    scopes = ["https://www.googleapis.com/auth/cloud-platform";, 
"https://www.googleapis.com/auth/compute";]
+  }
+*/
+  network_interface {
+    network = "${var.project_name_var}-vpc"
+    subnetwork = "${var.project_name_var}-subnet"
+    access_config {
+      nat_ip = "${google_compute_address.ssn-ip.address}"
+    }
+  }
+}
+
diff --git a/infrastructure-provisioning/terraform/modules/ssn/network.tf 
b/infrastructure-provisioning/terraform/modules/ssn/network.tf
index e69de29..386e191 100644
--- a/infrastructure-provisioning/terraform/modules/ssn/network.tf
+++ b/infrastructure-provisioning/terraform/modules/ssn/network.tf
@@ -0,0 +1,34 @@
+resource "google_compute_network" "vpc" {
+  name          =  "${var.project_name_var}-vpc"
+  auto_create_subnetworks = "false"
+  routing_mode            = "GLOBAL"
+}
+
+resource "google_compute_subnetwork" "subnet" {
+  name          = "${var.project_name_var}-subnet"
+  ip_cidr_range = "172.31.0.0/20"
+  region        = "us-east1"
+  network       = "${google_compute_network.vpc.self_link}"
+}
+
+resource "google_compute_firewall" "firewall-ingress" {
+  name    = "${var.project_name_var}-ssn-firewall-ingress"
+  network = "${google_compute_network.vpc.name}"
+  allow {
+    protocol = "tcp"
+    ports    = ["22", "80", "443"]
+  }
+  target_tags = ["${var.project_name_var}-ssn"]
+  source_ranges = ["0.0.0.0/0"]
+}
+
+resource "google_compute_firewall" "firewall-egress" {
+  name    = "${var.project_name_var}-ssn-firewall-egress"
+  network = "${google_compute_network.vpc.name}"
+  direction = "EGRESS"
+  allow {
+    protocol = "all"
+  }
+  target_tags = ["${var.project_name_var}-ssn"]
+  destination_ranges = ["0.0.0.0/0"]
+}
diff --git 
a/infrastructure-provisioning/terraform/modules/ssn/service_accounts.tf 
b/infrastructure-provisioning/terraform/modules/ssn/service_accounts.tf
new file mode 100644
index 0000000..37c4e5f
--- /dev/null
+++ b/infrastructure-provisioning/terraform/modules/ssn/service_accounts.tf
@@ -0,0 +1,22 @@
+resource "google_service_account" "ssn_sa" {
+  account_id   = "${var.service_name}-ssn-sa"
+  display_name = "${var.service_name}-ssn-sa"
+}
+
+# Create a Service Account key by default
+resource "google_service_account_key" "ssn_sa_key" {
+  depends_on         = [google_project_iam_member.iam]
+  service_account_id = google_service_account.ssn_sa.name
+}
+
+resource "google_project_iam_custom_role" "custom_ssn_role" {
+  role_id     = "${var.service_name}-ssn-role"
+  title       = "${var.service_name}-ssn-role"
+  permissions = "${var.ssn_policy}"
+}
+
+resource "google_project_iam_member" "iam" {
+  count  = "${length(var.ssn_roles)}"
+  member = "serviceAccount:${google_service_account.ssn_sa.email}"
+  role   = "${element(var.ssn_roles, count.index)}"
+}
diff --git a/infrastructure-provisioning/terraform/modules/ssn/variables.tf 
b/infrastructure-provisioning/terraform/modules/ssn/variables.tf
index e69de29..c1f5a09 100644
--- a/infrastructure-provisioning/terraform/modules/ssn/variables.tf
+++ b/infrastructure-provisioning/terraform/modules/ssn/variables.tf
@@ -0,0 +1,20 @@
+variable "project_var" {
+  default = "or2-msq-epmc-dlab-t1iylu"
+}
+
+variable "project_name_var" {
+  default = "dem-test-terraform"
+}
+
+variable "region" {
+  default = "us-east1"
+}
+
+variable "zone" {
+  default = "us-east1-c"
+}
+
+
+variable "image_name" {
+  default = "ubuntu-1604-xenial-v20170721"
+}


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[incubator-dlab] 02/02: [terraform] Created terraform scripts for SSN(GCP)

Reply via email to