Merge pull request #2 from nasusoba/arc-iac-rhioe

Add Quick Start Template
nasusoba · Oct 21, 2024 · 73dcf20 · 73dcf20
2 parents b65b5a6 + 6df6bd3
commit 73dcf20
Show file tree

Hide file tree

Showing 33 changed files with 1,516 additions and 0 deletions.
diff --git a/dev/mysiteid/.gitignore b/dev/mysiteid/.gitignore
@@ -0,0 +1 @@
+*.tfvars
diff --git a/dev/mysiteid/backend.tf b/dev/mysiteid/backend.tf
@@ -0,0 +1,10 @@
+terraform {
+  backend "azurerm" {
+    resource_group_name  = "runyutestiac"
+    storage_account_name = "runyutestiacsa"
+    container_name       = "runyutestiaccontainer"
+    key                  = "mysiteid.tfstate"
+    use_azuread_auth     = true
+    subscription_id      = "de3c4d5e-af08-451a-a873-438d86ab6f4b"
+  }
+}
diff --git a/dev/mysiteid/imports.tf b/dev/mysiteid/imports.tf
@@ -0,0 +1,6 @@
+# # Uncomment the following lines to import the resource group when Arc servers are provisioned by yourself.
+
+# import {
+#   id = "/subscriptions/<subscription_id>/resourceGroups/<resourceGroup>"
+#   to = module.base.azurerm_resource_group.rg
+# }
diff --git a/dev/mysiteid/main.tf b/dev/mysiteid/main.tf
@@ -0,0 +1,70 @@
+module "base" {
+  source           = "../../modules/runyutesttemplate"
+  location         = "eastus"
+  site_id          = basename(abspath(path.module))
+  domain_fqdn      = "jumpstart.local"
+  starting_address = "192.168.1.55"
+  ending_address   = "192.168.1.65"
+  default_gateway  = "192.168.1.1"
+  dns_servers      = ["192.168.1.254"]
+  adou_suffix      = "DC=jumpstart,DC=local"
+  dc_ip            = "192.168.1.100"
+  servers = [
+    {
+      name         = "HOST1",
+      ipv4Address = "192.168.1.12"
+    },
+    {
+      name        = "HOST2",
+      ipv4Address = "192.168.1.13"
+    }
+  ]
+  management_adapters = ["FABRIC", "FABRIC2"]
+  storage_networks = [
+    {
+      name               = "Storage1Network",
+      networkAdapterName = "StorageA",
+      vlanId             = "711"
+    },
+    {
+      name               = "Storage2Network",
+      networkAdapterName = "StorageB",
+      vlanId             = "712"
+    }
+  ]
+  rdma_enabled                    = false     // Change to true if RDMA is enabled.
+  storage_connectivity_switchless = false     // Change to true if storage connectivity is switchless.
+  enable_provisioners             = true      // Change to false when Arc servers are connected by yourself.
+  authentication_method           = "Credssp" // or "Default"
+  subscription_id                 = var.subscription_id
+  domain_admin_user               = var.domain_admin_user
+  domain_admin_password           = var.domain_admin_password
+  local_admin_user                = var.local_admin_user
+  local_admin_password            = var.local_admin_password
+  deployment_user_password        = var.deployment_user_password
+  service_principal_id            = var.service_principal_id
+  service_principal_secret        = var.service_principal_secret
+  rp_service_principal_object_id  = var.rp_service_principal_object_id
+
+  # Region HCI logical network parameters
+  lnet_starting_address = "192.168.1.171"
+  lnet_ending_address   = "192.168.1.190"   # This IP range should not overlap with HCI infra IP range.
+  lnet_address_prefix   = "192.168.1.0/24"  # E.g., 192.168.1.0/24
+  lnet_default_gateway  = "192.168.1.1"     # Default gateway can be same as HCI infra default gateway.
+  lnet_dns_servers      = ["192.168.1.254"] # DNS servers can be same as HCI infra DNS servers.
+
+  # Region AKS Arc parameters
+  aks_arc_control_plane_ip    = "192.168.1.190"      # An IP address in the logical network IP range.
+  rbac_admin_group_object_ids = ["11111111-6655-4844-9922-030049995000"] # An AAD group that will have the admin permission of this AKS Arc cluster. Check ./doc/AKS-Arc-Admin-Groups.md for details
+
+  # Region HCI VM parameters
+  # Uncomment this section will create a windows server VM on HCI.
+  # download_win_server_image = true
+  # vm_admin_password         = var.vm_admin_password
+  # domain_join_password      = var.domain_join_password
+
+  # Region site manager parameters
+  # Uncomment this section will create site manager instance for the resource group.
+  # Check ./doc/Add-Site-Manager.md for more information
+  # country = "<country>"
+}
diff --git a/dev/mysiteid/provider.tf b/dev/mysiteid/provider.tf
@@ -0,0 +1,9 @@
+provider "azurerm" {
+  features {
+  }
+  subscription_id = var.subscription_id
+}
+
+provider "azapi" {
+  subscription_id = var.subscription_id
+}
diff --git a/dev/mysiteid/terraform.tf b/dev/mysiteid/terraform.tf
@@ -0,0 +1,15 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+    azapi = {
+      source = "azure/azapi"
+    }
+  }
+}
diff --git a/dev/mysiteid/variables.tf b/dev/mysiteid/variables.tf
@@ -0,0 +1,66 @@
+variable "subscription_id" {
+  description = "The subscription id to register this environment."
+  type        = string
+}
+
+variable "local_admin_user" {
+  description = "The username of the local administrator account."
+  sensitive   = true
+  type        = string
+}
+
+variable "local_admin_password" {
+  description = "The password of the local administrator account."
+  sensitive   = true
+  type        = string
+}
+
+variable "domain_admin_user" {
+  description = "The username of the domain account."
+  sensitive   = true
+  type        = string
+}
+
+variable "domain_admin_password" {
+  description = "The password of the domain account."
+  sensitive   = true
+  type        = string
+}
+
+variable "deployment_user_password" {
+  sensitive   = true
+  type        = string
+  description = "The password for deployment user."
+}
+
+variable "service_principal_id" {
+  description = "The id of service principal to create hci cluster."
+  sensitive   = true
+  type        = string
+}
+
+variable "service_principal_secret" {
+  description = "The secret of service principal to create hci cluster."
+  sensitive   = true
+  type        = string
+}
+
+variable "rp_service_principal_object_id" {
+  default     = ""
+  type        = string
+  description = "The object ID of the HCI resource provider service principal."
+}
+
+variable "vm_admin_password" {
+  description = "Admin password for the VM"
+  type        = string
+  sensitive   = true
+  default     = ""
+}
+
+variable "domain_join_password" {
+  description = "Password of User with permissions to join the domain."
+  type        = string
+  sensitive   = true
+  default     = ""
+}
diff --git a/modules/runyutesttemplate/checks.tf b/modules/runyutesttemplate/checks.tf
@@ -0,0 +1,16 @@
+locals {
+  is_windows = length(regexall("^[a-z]:", lower(abspath(path.root)))) > 0
+  program = local.is_windows ? "powershell.exe" : "pwsh"
+}
+
+data "external" "lnet_ip_check" {
+  program = [local.program, "-File", "${abspath(path.module)}/scripts/ip-range-overlap.ps1", var.starting_address, var.ending_address, var.lnet_starting_address, var.lnet_ending_address]
+
+  lifecycle {
+    postcondition {
+      condition     = self.result.result == "ok"
+      error_message = "AKS Arc IP range overlaps with HCI IP range."
+    }
+  }
+}
+