Merge pull request #250 from cloudfoundry-incubator/develop

Promote Develop

ci/credentials.yml.tpl

@@ -23,30 +23,10 @@ google_json_key_data: |
 # The following configuration values are names of resources that will be
 # automatically created and destroyed in the pipeline. They must not conflict
 # with existing resources in {{google_project}}
-# Name of a service account that will be used in integration tests
-google_service_account: google-cpi-ci-service-account
 # Name of an auto-configured network in {{google_project}}
 google_auto_network: google-cpi-ci-auto-network
 # Name of a manually-configured network in {{google_project}}
 google_network: google-cpi-ci-network
-# Name of a manually-configured subnetwork in {{google_network}}
-google_subnetwork: google-cpi-ci-subnetwork
-# Name of firewall for internal access
-google_firewall_internal: google-cpi-ci-firewall-internal
-# Name of firewall for external access
-google_firewall_external: google-cpi-ci-firewall-external
-# Name of an external IP address used in integration tests
-google_address_int_ubuntu: google-cpi-ci-ip-int-ubuntu
-# Name of an external IP address used in BATS tests
-google_address_bats_ubuntu: google-cpi-ci-ip-bats-ubuntu
-# Name of an external IP address used to create a director
-google_address_director_ubuntu: google-cpi-ci-ip-director-ubuntu
-# Name of a network target pool
-google_target_pool: google-cpi-ci-target-pool
-# Name of a backend service
-google_backend_service: google-cpi-ci-backend-service
-# Name of a region backend service
-google_region_backend_service: google-cpi-ci-regional-backend-service
 
 # Networking configuration
 # The CIDR range of {{google_subnetwork}}
@@ -57,24 +37,18 @@ google_subnetwork_gw: 10.0.0.1
 # All of the following IP addresses must be within {{google_subnetwork}}'s CIDR
 # and be unique.
 # Three comma-delimited IP address in {{google_subnetwork}}
-google_address_static_int_ubuntu: 10.0.0.100,10.0.0.101,10.0.0.102
+google_address_static_int: 10.0.0.100,10.0.0.101,10.0.0.102
 # A private IP address in {{google_subnetwork}}
-google_address_static_director_ubuntu: 10.0.0.6
+google_address_static_director: 10.0.0.6
 # A private IP address in {{google_subnetwork}}
-google_address_static_bats_ubuntu: 10.0.0.20
+google_address_static_bats: 10.0.0.20
 # Two comma-delimited IP address in {{google_subnetwork}}
-google_address_static_pair_bats_ubuntu: 10.0.0.20,10.0.0.21
-# Hyphen-delimited range that contains {{google_address_static_pair_bats_ubuntu}} and {{google_address_static_bats_ubuntu}}
-google_address_static_bats_available_range_ubuntu: 10.0.0.20-10.0.0.30
+google_address_static_pair_bats: 10.0.0.20,10.0.0.21
+# Hyphen-delimited range that contains {{google_address_static_pair_bats}} and {{google_address_static_bats}}
+google_address_static_bats_available_range: 10.0.0.20-10.0.0.30
 
 # SSH and auth information
 private_key_user: vcap
 private_key_data: |
   # Contents of a private key whose public key component is set as a project-wide SSH
   # key in {{google_project}}
-bat_vcap_password: # A password to use for bats
-
-# Do not change
-director_username: admin
-director_password: admin
-

ci/infrastructure/.gitignore

@@ -0,0 +1,2 @@
+terraform*
+.terraform/*

ci/infrastructure/inputs.tf

@@ -0,0 +1,10 @@
+variable "google_project" {}
+variable "google_region" {}
+variable "google_zone" {}
+variable "google_json_key_data" {}
+variable "google_subnetwork_range" {}
+variable "google_firewall_internal" {}
+variable "google_firewall_external" {}
+variable "prefix" {}
+variable "google_network" {}
+variable "google_auto_network" {}

ci/infrastructure/outputs.tf

@@ -0,0 +1,63 @@
+output "google_project" {
+  value = "${var.google_project}"
+}
+
+output "google_region" {
+  value = "${var.google_region}"
+}
+
+output "google_zone" {
+  value = "${var.google_zone}"
+}
+
+output "google_json_key_data" {
+  value = "${var.google_json_key_data}"
+}
+
+output "google_auto_network" {
+  value = "${google_compute_network.auto.name}"
+}
+
+output "google_network" {
+  value = "${google_compute_network.manual.name}"
+}
+
+output "google_subnetwork" {
+  value = "${google_compute_subnetwork.subnetwork.name}"
+}
+
+output "google_firewall_internal" {
+  value = "${var.google_firewall_internal}"
+}
+
+output "google_firewall_external" {
+  value = "${var.google_firewall_external}"
+}
+
+output "google_backend_service" {
+  value = "${google_compute_backend_service.backend_service.name}"
+}
+
+output "google_region_backend_service" {
+  value = "${google_compute_region_backend_service.region_backend_service.name}"
+}
+
+output "google_target_pool" {
+  value = "${google_compute_target_pool.regional.name}"
+}
+
+output "google_address_director_ip" {
+  value = "${google_compute_address.director.address}"
+}
+
+output "google_address_bats_ip" {
+  value = "${google_compute_address.bats.address}"
+}
+
+output "google_address_int_ip" {
+  value = "${google_compute_address.int.address}"
+}
+
+output "google_service_account" {
+  value = "${google_service_account.service_account.email}"
+}

ci/infrastructure/provider.tf

@@ -0,0 +1,11 @@
+provider "google" {
+  version = "v1.5.0"
+
+  project     = "${var.google_project}"
+  region      = "${var.google_region}"
+  credentials = "${var.google_json_key_data}"
+}
+
+provider "random" {
+  version = "~> 1.1.0"
+}

ci/infrastructure/resources.tf

@@ -0,0 +1,155 @@
+resource "random_string" "account_suffix" {
+  length  = 4
+  upper   = false
+  special = false
+  lower   = true
+  number  = true
+}
+
+resource "google_service_account" "service_account" {
+  account_id = "${var.prefix}-sa-${random_string.account_suffix.result}"
+}
+
+resource "google_compute_address" "director" {
+  name = "${var.prefix}-dir"
+}
+
+resource "google_compute_address" "bats" {
+  name = "${var.prefix}-bats"
+}
+
+resource "google_compute_address" "int" {
+  name = "${var.prefix}-int"
+}
+
+resource "google_compute_network" "auto" {
+  name                    = "${var.google_auto_network}"
+  auto_create_subnetworks = true
+}
+
+resource "google_compute_network" "manual" {
+  name                    = "${var.google_network}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "subnetwork" {
+  name          = "${var.prefix}"
+  ip_cidr_range = "${var.google_subnetwork_range}"
+  network       = "${google_compute_network.manual.self_link}"
+}
+
+resource "google_compute_firewall" "internal" {
+  name        = "${var.prefix}-int"
+  description = "BOSH CI Internal Traffic"
+  network     = "${google_compute_network.manual.self_link}"
+  source_tags = ["${var.google_firewall_internal}"]
+  target_tags = ["${var.google_firewall_internal}"]
+
+  allow {
+    protocol = "tcp"
+  }
+
+  allow {
+    protocol = "udp"
+  }
+
+  allow {
+    protocol = "icmp"
+  }
+}
+
+resource "google_compute_firewall" "external" {
+  name        = "${var.prefix}-ext"
+  description = "BOSH CI External Traffic"
+  network     = "${google_compute_network.manual.self_link}"
+  target_tags = ["${var.google_firewall_external}"]
+
+  allow {
+    protocol = "tcp"
+    ports    = ["22", "443", "4222", "6868", "25250", "25555", "25777"]
+  }
+
+  allow {
+    protocol = "udp"
+    ports    = ["53"]
+  }
+
+  allow {
+    protocol = "icmp"
+  }
+}
+
+# Target Pool
+resource "google_compute_target_pool" "regional" {
+  name   = "${var.prefix}-r"
+  region = "${var.google_region}"
+}
+
+# Backend Service
+resource "google_compute_instance_group" "backend_service" {
+  name = "${var.prefix}"
+  zone = "${var.google_zone}"
+}
+
+resource "google_compute_http_health_check" "backend_service" {
+  name = "${var.prefix}"
+}
+
+resource "google_compute_backend_service" "backend_service" {
+  health_checks = ["${google_compute_http_health_check.backend_service.self_link}"]
+  name          = "${var.prefix}"
+  port_name     = "http"
+  timeout_sec   = "30"
+
+  backend {
+    group           = "${google_compute_instance_group.backend_service.self_link}"
+    balancing_mode  = "UTILIZATION"
+    capacity_scaler = "1"
+    max_utilization = "0.8"
+  }
+}
+
+# Regional Backend Service
+resource "google_compute_health_check" "region_backend_service" {
+  name = "${var.prefix}-r"
+
+  tcp_health_check {
+    port = "8080"
+  }
+}
+
+resource "google_compute_instance_group" "region_backend_service" {
+  name      = "${var.prefix}-r"
+  zone      = "${var.google_zone}"
+  instances = ["${google_compute_instance.hack.self_link}"]
+}
+
+// HACK to work around: googleapi: Error 400: Invalid value for field 'resource.backends[0].group': 'https://www.googleapis.com/compute/v1/projects/pivotal-cloudfoundry/zones/us-west1-a/instanceGroups/ci-bosh-deployment-r'. Instance group must have a network to be attached to a backend service. Add an instance to give the instance group a network., invalid
+resource "google_compute_instance" "hack" {
+  boot_disk = {
+    initialize_params {
+      image = "debian-cloud/debian-8"
+    }
+  }
+
+  machine_type = "f1-micro"
+  name         = "${var.prefix}-hack"
+
+  network_interface = {
+    subnetwork = "${google_compute_subnetwork.subnetwork.self_link}"
+  }
+
+  zone = "${var.google_zone}"
+}
+
+resource "google_compute_region_backend_service" "region_backend_service" {
+  name          = "${var.prefix}-r"
+  health_checks = ["${google_compute_health_check.region_backend_service.self_link}"]
+  region        = "${var.google_region}"
+  protocol      = "TCP"
+  timeout_sec   = "30"
+
+  backend {
+    group = "${google_compute_instance_group.region_backend_service.self_link}"
+  }
+}