diff --git a/compute/FlexibleEngine-Compute-terraform-dev.yml b/compute/FlexibleEngine-Compute-terraform-dev.yml index 233ca91..a4b3dee 100644 --- a/compute/FlexibleEngine-Compute-terraform-dev.yml +++ b/compute/FlexibleEngine-Compute-terraform-dev.yml @@ -96,7 +96,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Availability Zone @@ -104,12 +104,12 @@ deployment: mandatory: false description: The availability zone to deploy the service instance. If the value is empty, the service instance will be deployed in a random availability zone. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: admin_passwd @@ -164,221 +164,226 @@ deployment: modificationImpact: isDataLost: true isServiceInterrupted: true - deployer: | - variable "region" { - type = string - description = "The region to deploy the compute instance." - } - - variable "availability_zone" { - type = string - default = "" - description = "The availability zone to deploy the compute instance." - } - - variable "flavor_id" { - type = string - default = "s6.large.2" - description = "The flavor_id of the compute instance." - } - - variable "image_name" { - type = string - default = "OBS Ubuntu 22.04" - description = "The image name of the compute instance." - } - - variable "admin_passwd" { - type = string - default = "" - description = "The root password of the compute instance." - } - - variable "vpc_name" { - type = string - default = "ecs-vpc-default" - description = "The vpc name of the compute instance." - } - - variable "subnet_name" { - type = string - default = "ecs-subnet-default" - description = "The subnet name of the compute instance." - } + scriptFiles: + # The key is the name of the script, the value is the content of the script. + variables.tf: | + variable "region" { + type = string + description = "The region to deploy the compute instance." + } + + variable "availability_zone" { + type = string + default = "" + description = "The availability zone to deploy the compute instance." + } + + variable "flavor_id" { + type = string + default = "s6.large.2" + description = "The flavor_id of the compute instance." + } + + variable "image_name" { + type = string + default = "OBS Ubuntu 22.04" + description = "The image name of the compute instance." + } + + variable "admin_passwd" { + type = string + default = "" + description = "The root password of the compute instance." + } + + variable "vpc_name" { + type = string + default = "ecs-vpc-default" + description = "The vpc name of the compute instance." + } + + variable "subnet_name" { + type = string + default = "ecs-subnet-default" + description = "The subnet name of the compute instance." + } + + variable "secgroup_name" { + type = string + default = "ecs-secgroup-default" + description = "The security group name of the compute instance." + } - variable "secgroup_name" { - type = string - default = "ecs-secgroup-default" - description = "The security group name of the compute instance." - } - - terraform { - required_providers { - flexibleengine = { - source = "FlexibleEngineCloud/flexibleengine" - version = "~> 1.46.0" + provider.tf: | + terraform { + required_providers { + flexibleengine = { + source = "FlexibleEngineCloud/flexibleengine" + version = "~> 1.46.0" + } } } - } - - provider "flexibleengine" { - region = var.region - } - - data "flexibleengine_availability_zones" "osc-az" {} - - data "flexibleengine_vpcs" "existing" { - name = var.vpc_name - } - - resource "flexibleengine_vpc_v1" "new" { - count = length(data.flexibleengine_vpcs.existing.vpcs) == 0 ? 1 : 0 - name = "${var.vpc_name}-${random_id.new.hex}" - cidr = "192.168.0.0/16" - } - - data "flexibleengine_vpc_subnets" "existing" { - name = var.subnet_name - } - resource "flexibleengine_vpc_subnet_v1" "new" { - count = length(data.flexibleengine_vpc_subnets.existing.subnets) == 0 ? 1 : 0 - vpc_id = local.vpc_id - name = "${var.subnet_name}-${random_id.new.hex}" - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - dns_list = ["100.125.0.41", "100.125.12.161"] - } + provider "flexibleengine" { + region = var.region + } - resource "flexibleengine_networking_secgroup_v2" "new" { - name = "${var.secgroup_name}-${random_id.new.hex}" - description = "Compute security group" - } + main.tf: | + data "flexibleengine_availability_zones" "osc-az" {} + + data "flexibleengine_vpcs" "existing" { + name = var.vpc_name + } + + resource "flexibleengine_vpc_v1" "new" { + count = length(data.flexibleengine_vpcs.existing.vpcs) == 0 ? 1 : 0 + name = "${var.vpc_name}-${random_id.new.hex}" + cidr = "192.168.0.0/16" + } + + data "flexibleengine_vpc_subnets" "existing" { + name = var.subnet_name + } + + resource "flexibleengine_vpc_subnet_v1" "new" { + count = length(data.flexibleengine_vpc_subnets.existing.subnets) == 0 ? 1 : 0 + vpc_id = local.vpc_id + name = "${var.subnet_name}-${random_id.new.hex}" + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + dns_list = ["100.125.0.41", "100.125.12.161"] + } + + resource "flexibleengine_networking_secgroup_v2" "new" { + name = "${var.secgroup_name}-${random_id.new.hex}" + description = "Compute security group" + } + + locals { + availability_zone = var.availability_zone == "" ? data.flexibleengine_availability_zones.osc-az.names[0] : var.availability_zone + admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd + vpc_id = length(data.flexibleengine_vpcs.existing.vpcs) > 0 ? data.flexibleengine_vpcs.existing.vpcs[0].id : flexibleengine_vpc_v1.new[0].id + subnet_id = length(data.flexibleengine_vpc_subnets.existing.subnets) > 0 ? data.flexibleengine_vpc_subnets.existing.subnets[0].id : flexibleengine_vpc_subnet_v1.new[0].id + secgroup_id = flexibleengine_networking_secgroup_v2.new.id + secgroup_name = flexibleengine_networking_secgroup_v2.new.name + } + + resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_0" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_1" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8088 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_2" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9090 + port_range_max = 9099 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + resource "flexibleengine_compute_keypair_v2" "keypair" { + name = "keypair-ecs-${random_id.new.hex}" + } + + data "flexibleengine_images_image" "image" { + name = var.image_name + most_recent = true + enterprise_project_id = "0" + } + + resource "flexibleengine_compute_instance_v2" "ecs-tf" { + availability_zone = local.availability_zone + name = "ecs-terraform-${random_id.new.hex}" + flavor_id = var.flavor_id + security_groups = [ local.secgroup_name ] + image_id = data.flexibleengine_images_image.image.id + key_pair = flexibleengine_compute_keypair_v2.keypair.name + network { + uuid = local.subnet_id + } + user_data = < 0 ? data.flexibleengine_vpcs.existing.vpcs[0].id : flexibleengine_vpc_v1.new[0].id - subnet_id = length(data.flexibleengine_vpc_subnets.existing.subnets) > 0 ? data.flexibleengine_vpc_subnets.existing.subnets[0].id : flexibleengine_vpc_subnet_v1.new[0].id - secgroup_id = flexibleengine_networking_secgroup_v2.new.id - secgroup_name = flexibleengine_networking_secgroup_v2.new.name - } - - resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_0" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_1" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8080 - port_range_max = 8088 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_2" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9090 - port_range_max = 9099 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - resource "flexibleengine_compute_keypair_v2" "keypair" { - name = "keypair-ecs-${random_id.new.hex}" - } - - data "flexibleengine_images_image" "image" { - name = var.image_name - most_recent = true - enterprise_project_id = "0" - } - - resource "flexibleengine_compute_instance_v2" "ecs-tf" { - availability_zone = local.availability_zone - name = "ecs-terraform-${random_id.new.hex}" - flavor_id = var.flavor_id - security_groups = [ local.secgroup_name ] - image_id = data.flexibleengine_images_image.image.id - key_pair = flexibleengine_compute_keypair_v2.keypair.name - network { - uuid = local.subnet_id + resource "flexibleengine_blockstorage_volume_v2" "volume" { + name = "volume-tf-${random_id.new.hex}" + description = "my volume" + volume_type = "SSD" + size = 40 + availability_zone = local.availability_zone + tags = { + foo = "bar" + key = "value" + } } - user_data = < 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id - subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id - secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id - } - - resource "huaweicloud_vpc" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - name = var.vpc_name - cidr = "192.168.0.0/16" - } - - resource "huaweicloud_vpc_subnet" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - vpc_id = local.vpc_id - name = var.subnet_name - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "huaweicloud_networking_secgroup" "new" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - name = var.secgroup_name - description = "Kafka cluster security group" - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8080 - port_range_max = 8088 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_2" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9090 - port_range_max = 9099 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - data "huaweicloud_images_image" "image" { - name = var.image_name - most_recent = true - enterprise_project_id = "0" - } + + provider "huaweicloud" { + region = var.region + } - resource "huaweicloud_compute_instance" "ecs-tofu" { - availability_zone = local.availability_zone - name = "ecs-tofu-${random_id.new.hex}" - flavor_id = var.flavor_id - security_group_ids = [ local.secgroup_id ] - image_id = data.huaweicloud_images_image.image.id - admin_pass = local.admin_passwd - network { - uuid = local.subnet_id + main.tf: | + data "huaweicloud_availability_zones" "osc-az" {} + + data "huaweicloud_vpcs" "existing" { + name = var.vpc_name } - } - - resource "huaweicloud_evs_volume" "volume" { - name = "volume-tofu-${random_id.new.hex}" - description = "my volume" - volume_type = "SSD" - size = 40 - availability_zone = local.availability_zone - tags = { - foo = "bar" - key = "value" + + data "huaweicloud_vpc_subnets" "existing" { + name = var.subnet_name } - } - - resource "huaweicloud_compute_volume_attach" "attached" { - instance_id = huaweicloud_compute_instance.ecs-tofu.id - volume_id = huaweicloud_evs_volume.volume.id - } - - resource "huaweicloud_vpc_eip" "eip-tofu" { - publicip { - type = "5_sbgp" + + data "huaweicloud_networking_secgroups" "existing" { + name = var.secgroup_name } - bandwidth { - name = "eip-tofu-${random_id.new.hex}" - size = 5 - share_type = "PER" - charge_mode = "traffic" + + locals { + availability_zone = var.availability_zone == "" ? data.huaweicloud_availability_zones.osc-az.names[0] : var.availability_zone + admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd + vpc_id = length(data.huaweicloud_vpcs.existing.vpcs) > 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id + subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id + secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id + } + + resource "huaweicloud_vpc" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + name = var.vpc_name + cidr = "192.168.0.0/16" + } + + resource "huaweicloud_vpc_subnet" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + vpc_id = local.vpc_id + name = var.subnet_name + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "huaweicloud_networking_secgroup" "new" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + name = var.secgroup_name + description = "Kafka cluster security group" + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8088 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_2" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9090 + port_range_max = 9099 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + data "huaweicloud_images_image" "image" { + name = var.image_name + most_recent = true + enterprise_project_id = "0" + } + + resource "huaweicloud_compute_instance" "ecs-tf" { + availability_zone = local.availability_zone + name = "ecs-tf-${random_id.new.hex}" + flavor_id = var.flavor_id + security_group_ids = [ local.secgroup_id ] + image_id = data.huaweicloud_images_image.image.id + admin_pass = local.admin_passwd + network { + uuid = local.subnet_id + } + } + + resource "huaweicloud_evs_volume" "volume" { + name = "volume-tf-${random_id.new.hex}" + description = "my volume" + volume_type = "SSD" + size = 40 + availability_zone = local.availability_zone + tags = { + foo = "bar" + key = "value" + } + } + + resource "huaweicloud_compute_volume_attach" "attached" { + instance_id = huaweicloud_compute_instance.ecs-tf.id + volume_id = huaweicloud_evs_volume.volume.id + } + + resource "huaweicloud_vpc_eip" "eip-tf" { + publicip { + type = var.region == "eu-west-101" ? "5_bgp" : "5_sbgp" + } + bandwidth { + name = "eip-tf-${random_id.new.hex}" + size = 5 + share_type = "PER" + charge_mode = "traffic" + } + } + + resource "huaweicloud_compute_eip_associate" "associated" { + public_ip = huaweicloud_vpc_eip.eip-tf.address + instance_id = huaweicloud_compute_instance.ecs-tf.id } - } - - resource "huaweicloud_compute_eip_associate" "associated" { - public_ip = huaweicloud_vpc_eip.eip-tofu.address - instance_id = huaweicloud_compute_instance.ecs-tofu.id - } - - output "ecs-host" { - value = huaweicloud_compute_instance.ecs-tofu.access_ip_v4 - } - - output "ecs-public-ip" { - value = huaweicloud_vpc_eip.eip-tofu.address - } - output "admin_passwd" { - value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd - } + outputs.tf: | + output "ecs-host" { + value = huaweicloud_compute_instance.ecs-tf.access_ip_v4 + } + + output "ecs-public-ip" { + value = huaweicloud_vpc_eip.eip-tf.address + } + + output "admin_passwd" { + value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd + } diff --git a/compute/HuaweiCloud-Compute-terraform-dev-autofill.yml b/compute/HuaweiCloud-Compute-terraform-dev-autofill.yml index b493b0b..ab8e1a9 100644 --- a/compute/HuaweiCloud-Compute-terraform-dev-autofill.yml +++ b/compute/HuaweiCloud-Compute-terraform-dev-autofill.yml @@ -331,7 +331,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Availability Zone @@ -339,12 +339,12 @@ deployment: mandatory: false description: The availability zone to deploy the service instance. If the value is empty, the service instance will be deployed in a random availability zone. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: admin_passwd @@ -408,222 +408,221 @@ deployment: modificationImpact: isDataLost: false isServiceInterrupted: true - deployer: | - variable "region" { - type = string - description = "The region to deploy the compute instance." - } - - variable "availability_zone" { - type = string - default = "" - description = "The availability zone to deploy the compute instance." - } - - variable "flavor_id" { - type = string - default = "s6.large.2" - description = "The flavor_id of the compute instance." - } - - variable "image_name" { - type = string - default = "Ubuntu 22.04 server 64bit" - description = "The image name of the compute instance." - } - - variable "admin_passwd" { - type = string - default = "" - description = "The root password of the compute instance." - } - - variable "vpc_name" { - type = string - default = "ecs-vpc-default" - description = "The vpc name of the compute instance." - } - - variable "subnet_name" { - type = string - default = "ecs-subnet-default" - description = "The subnet name of the compute instance." - } + scriptFiles: + # The key is the name of the script, the value is the content of the script. + variables.tf: | + variable "region" { + type = string + description = "The region to deploy the compute instance." + } + + variable "availability_zone" { + type = string + default = "" + description = "The availability zone to deploy the compute instance." + } + + variable "flavor_id" { + type = string + default = "s6.large.2" + description = "The flavor_id of the compute instance." + } + + variable "image_name" { + type = string + default = "Ubuntu 22.04 server 64bit" + description = "The image name of the compute instance." + } + + variable "admin_passwd" { + type = string + default = "" + description = "The root password of the compute instance." + } + + variable "vpc_name" { + type = string + default = "ecs-vpc-default" + description = "The vpc name of the compute instance." + } + + variable "subnet_name" { + type = string + default = "ecs-subnet-default" + description = "The subnet name of the compute instance." + } + + variable "secgroup_name" { + type = string + default = "ecs-secgroup-default" + description = "The security group name of the compute instance." + } - variable "secgroup_name" { - type = string - default = "ecs-secgroup-default" - description = "The security group name of the compute instance." - } - - terraform { - required_providers { - huaweicloud = { - source = "huaweicloud/huaweicloud" - version = "~> 1.61.0" + provider.tf: | + terraform { + required_providers { + huaweicloud = { + source = "huaweicloud/huaweicloud" + version = "~> 1.61.0" + } } } - } - - provider "huaweicloud" { - region = var.region - } - - data "huaweicloud_availability_zones" "osc-az" {} - - data "huaweicloud_vpcs" "existing" { - name = var.vpc_name - } - - data "huaweicloud_vpc_subnets" "existing" { - name = var.subnet_name - } - - data "huaweicloud_networking_secgroups" "existing" { - name = var.secgroup_name - } - - locals { - availability_zone = var.availability_zone == "" ? data.huaweicloud_availability_zones.osc-az.names[0] : var.availability_zone - admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd - vpc_id = length(data.huaweicloud_vpcs.existing.vpcs) > 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id - subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id - secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id - } - - resource "huaweicloud_vpc" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - name = var.vpc_name - cidr = "192.168.0.0/16" - } - - resource "huaweicloud_vpc_subnet" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - vpc_id = local.vpc_id - name = var.subnet_name - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "huaweicloud_networking_secgroup" "new" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - name = var.secgroup_name - description = "Kafka cluster security group" - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8080 - port_range_max = 8088 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_2" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9090 - port_range_max = 9099 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - resource "huaweicloud_kps_keypair" "keypair" { - name = "keypair-ecs-${random_id.new.hex}" - key_file = "keypair-ecs-${random_id.new.hex}.pem" - } - - data "huaweicloud_images_image" "image" { - name = var.image_name - most_recent = true - enterprise_project_id = "0" - } + + provider "huaweicloud" { + region = var.region + } - resource "huaweicloud_compute_instance" "ecs-tf" { - availability_zone = local.availability_zone - name = "ecs-tf-${random_id.new.hex}" - flavor_id = var.flavor_id - security_group_ids = [ local.secgroup_id ] - image_id = data.huaweicloud_images_image.image.id - key_pair = huaweicloud_kps_keypair.keypair.name - admin_pass = local.admin_passwd - network { - uuid = local.subnet_id + main.tf: | + data "huaweicloud_availability_zones" "osc-az" {} + + data "huaweicloud_vpcs" "existing" { + name = var.vpc_name } - } - - resource "huaweicloud_evs_volume" "volume" { - name = "volume-tf-${random_id.new.hex}" - description = "my volume" - volume_type = "SSD" - size = 40 - availability_zone = local.availability_zone - tags = { - foo = "bar" - key = "value" + + data "huaweicloud_vpc_subnets" "existing" { + name = var.subnet_name } - } - - resource "huaweicloud_compute_volume_attach" "attached" { - instance_id = huaweicloud_compute_instance.ecs-tf.id - volume_id = huaweicloud_evs_volume.volume.id - } - - resource "huaweicloud_vpc_eip" "eip-tf" { - publicip { - type = "5_sbgp" + + data "huaweicloud_networking_secgroups" "existing" { + name = var.secgroup_name } - bandwidth { - name = "eip-tf-${random_id.new.hex}" - size = 5 - share_type = "PER" - charge_mode = "traffic" + + locals { + availability_zone = var.availability_zone == "" ? data.huaweicloud_availability_zones.osc-az.names[0] : var.availability_zone + admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd + vpc_id = length(data.huaweicloud_vpcs.existing.vpcs) > 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id + subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id + secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id + } + + resource "huaweicloud_vpc" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + name = var.vpc_name + cidr = "192.168.0.0/16" + } + + resource "huaweicloud_vpc_subnet" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + vpc_id = local.vpc_id + name = var.subnet_name + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "huaweicloud_networking_secgroup" "new" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + name = var.secgroup_name + description = "Kafka cluster security group" + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8088 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_2" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9090 + port_range_max = 9099 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + data "huaweicloud_images_image" "image" { + name = var.image_name + most_recent = true + enterprise_project_id = "0" + } + + resource "huaweicloud_compute_instance" "ecs-tf" { + availability_zone = local.availability_zone + name = "ecs-tf-${random_id.new.hex}" + flavor_id = var.flavor_id + security_group_ids = [ local.secgroup_id ] + image_id = data.huaweicloud_images_image.image.id + admin_pass = local.admin_passwd + network { + uuid = local.subnet_id + } + } + + resource "huaweicloud_evs_volume" "volume" { + name = "volume-tf-${random_id.new.hex}" + description = "my volume" + volume_type = "SSD" + size = 40 + availability_zone = local.availability_zone + tags = { + foo = "bar" + key = "value" + } + } + + resource "huaweicloud_compute_volume_attach" "attached" { + instance_id = huaweicloud_compute_instance.ecs-tf.id + volume_id = huaweicloud_evs_volume.volume.id + } + + resource "huaweicloud_vpc_eip" "eip-tf" { + publicip { + type = var.region == "eu-west-101" ? "5_bgp" : "5_sbgp" + } + bandwidth { + name = "eip-tf-${random_id.new.hex}" + size = 5 + share_type = "PER" + charge_mode = "traffic" + } + } + + resource "huaweicloud_compute_eip_associate" "associated" { + public_ip = huaweicloud_vpc_eip.eip-tf.address + instance_id = huaweicloud_compute_instance.ecs-tf.id } - } - - resource "huaweicloud_compute_eip_associate" "associated" { - public_ip = huaweicloud_vpc_eip.eip-tf.address - instance_id = huaweicloud_compute_instance.ecs-tf.id - } - - output "ecs-host" { - value = huaweicloud_compute_instance.ecs-tf.access_ip_v4 - } - - output "ecs-public-ip" { - value = huaweicloud_vpc_eip.eip-tf.address - } - output "admin_passwd" { - value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd - } + outputs.tf: | + output "ecs-host" { + value = huaweicloud_compute_instance.ecs-tf.access_ip_v4 + } + + output "ecs-public-ip" { + value = huaweicloud_vpc_eip.eip-tf.address + } + + output "admin_passwd" { + value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd + } diff --git a/compute/HuaweiCloud-Compute-terraform-dev-git-repo.yml b/compute/HuaweiCloud-Compute-terraform-dev-git-repo.yml index 8491bc6..3dbd6cf 100644 --- a/compute/HuaweiCloud-Compute-terraform-dev-git-repo.yml +++ b/compute/HuaweiCloud-Compute-terraform-dev-git-repo.yml @@ -331,7 +331,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Availability Zone @@ -339,12 +339,12 @@ deployment: mandatory: false description: The availability zone to deploy the service instance. If the value is empty, the service instance will be deployed in a random availability zone. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: admin_passwd diff --git a/compute/HuaweiCloud-Compute-terraform-dev.yml b/compute/HuaweiCloud-Compute-terraform-dev.yml index 9ba5ef8..9f58788 100644 --- a/compute/HuaweiCloud-Compute-terraform-dev.yml +++ b/compute/HuaweiCloud-Compute-terraform-dev.yml @@ -350,7 +350,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Availability Zone @@ -358,12 +358,12 @@ deployment: mandatory: false description: The availability zone to deploy the service instance. If the value is empty, the service instance will be deployed in a random availability zone. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: admin_passwd @@ -418,216 +418,221 @@ deployment: modificationImpact: isDataLost: false isServiceInterrupted: true - deployer: | - variable "region" { - type = string - description = "The region to deploy the compute instance." - } - - variable "availability_zone" { - type = string - default = "" - description = "The availability zone to deploy the compute instance." - } - - variable "flavor_id" { - type = string - default = "s6.large.2" - description = "The flavor_id of the compute instance." - } - - variable "image_name" { - type = string - default = "Ubuntu 22.04 server 64bit" - description = "The image name of the compute instance." - } - - variable "admin_passwd" { - type = string - default = "" - description = "The root password of the compute instance." - } - - variable "vpc_name" { - type = string - default = "ecs-vpc-default" - description = "The vpc name of the compute instance." - } - - variable "subnet_name" { - type = string - default = "ecs-subnet-default" - description = "The subnet name of the compute instance." - } + scriptFiles: + # The key is the name of the script, the value is the content of the script. + variables.tf: | + variable "region" { + type = string + description = "The region to deploy the compute instance." + } + + variable "availability_zone" { + type = string + default = "" + description = "The availability zone to deploy the compute instance." + } + + variable "flavor_id" { + type = string + default = "s6.large.2" + description = "The flavor_id of the compute instance." + } + + variable "image_name" { + type = string + default = "Ubuntu 22.04 server 64bit" + description = "The image name of the compute instance." + } + + variable "admin_passwd" { + type = string + default = "" + description = "The root password of the compute instance." + } + + variable "vpc_name" { + type = string + default = "ecs-vpc-default" + description = "The vpc name of the compute instance." + } + + variable "subnet_name" { + type = string + default = "ecs-subnet-default" + description = "The subnet name of the compute instance." + } + + variable "secgroup_name" { + type = string + default = "ecs-secgroup-default" + description = "The security group name of the compute instance." + } - variable "secgroup_name" { - type = string - default = "ecs-secgroup-default" - description = "The security group name of the compute instance." - } - - terraform { - required_providers { - huaweicloud = { - source = "huaweicloud/huaweicloud" - version = "~> 1.61.0" + provider.tf: | + terraform { + required_providers { + huaweicloud = { + source = "huaweicloud/huaweicloud" + version = "~> 1.61.0" + } } } - } - - provider "huaweicloud" { - region = var.region - } - - data "huaweicloud_availability_zones" "osc-az" {} - - data "huaweicloud_vpcs" "existing" { - name = var.vpc_name - } - - data "huaweicloud_vpc_subnets" "existing" { - name = var.subnet_name - } - - data "huaweicloud_networking_secgroups" "existing" { - name = var.secgroup_name - } - - locals { - availability_zone = var.availability_zone == "" ? data.huaweicloud_availability_zones.osc-az.names[0] : var.availability_zone - admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd - vpc_id = length(data.huaweicloud_vpcs.existing.vpcs) > 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id - subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id - secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id - } - - resource "huaweicloud_vpc" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - name = var.vpc_name - cidr = "192.168.0.0/16" - } - - resource "huaweicloud_vpc_subnet" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - vpc_id = local.vpc_id - name = var.subnet_name - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "huaweicloud_networking_secgroup" "new" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - name = var.secgroup_name - description = "Kafka cluster security group" - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8080 - port_range_max = 8088 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_2" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9090 - port_range_max = 9099 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - data "huaweicloud_images_image" "image" { - name = var.image_name - most_recent = true - enterprise_project_id = "0" - } + + provider "huaweicloud" { + region = var.region + } - resource "huaweicloud_compute_instance" "ecs-tf" { - availability_zone = local.availability_zone - name = "ecs-tf-${random_id.new.hex}" - flavor_id = var.flavor_id - security_group_ids = [ local.secgroup_id ] - image_id = data.huaweicloud_images_image.image.id - admin_pass = local.admin_passwd - network { - uuid = local.subnet_id + main.tf: | + data "huaweicloud_availability_zones" "osc-az" {} + + data "huaweicloud_vpcs" "existing" { + name = var.vpc_name } - } - - resource "huaweicloud_evs_volume" "volume" { - name = "volume-tf-${random_id.new.hex}" - description = "my volume" - volume_type = "SSD" - size = 40 - availability_zone = local.availability_zone - tags = { - foo = "bar" - key = "value" + + data "huaweicloud_vpc_subnets" "existing" { + name = var.subnet_name } - } - - resource "huaweicloud_compute_volume_attach" "attached" { - instance_id = huaweicloud_compute_instance.ecs-tf.id - volume_id = huaweicloud_evs_volume.volume.id - } - - resource "huaweicloud_vpc_eip" "eip-tf" { - publicip { - type = var.region == "eu-west-101" ? "5_bgp" : "5_sbgp" + + data "huaweicloud_networking_secgroups" "existing" { + name = var.secgroup_name } - bandwidth { - name = "eip-tf-${random_id.new.hex}" - size = 5 - share_type = "PER" - charge_mode = "traffic" + + locals { + availability_zone = var.availability_zone == "" ? data.huaweicloud_availability_zones.osc-az.names[0] : var.availability_zone + admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd + vpc_id = length(data.huaweicloud_vpcs.existing.vpcs) > 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id + subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id + secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id + } + + resource "huaweicloud_vpc" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + name = var.vpc_name + cidr = "192.168.0.0/16" + } + + resource "huaweicloud_vpc_subnet" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + vpc_id = local.vpc_id + name = var.subnet_name + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "huaweicloud_networking_secgroup" "new" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + name = var.secgroup_name + description = "Kafka cluster security group" + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8088 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_2" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9090 + port_range_max = 9099 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + data "huaweicloud_images_image" "image" { + name = var.image_name + most_recent = true + enterprise_project_id = "0" + } + + resource "huaweicloud_compute_instance" "ecs-tf" { + availability_zone = local.availability_zone + name = "ecs-tf-${random_id.new.hex}" + flavor_id = var.flavor_id + security_group_ids = [ local.secgroup_id ] + image_id = data.huaweicloud_images_image.image.id + admin_pass = local.admin_passwd + network { + uuid = local.subnet_id + } + } + + resource "huaweicloud_evs_volume" "volume" { + name = "volume-tf-${random_id.new.hex}" + description = "my volume" + volume_type = "SSD" + size = 40 + availability_zone = local.availability_zone + tags = { + foo = "bar" + key = "value" + } + } + + resource "huaweicloud_compute_volume_attach" "attached" { + instance_id = huaweicloud_compute_instance.ecs-tf.id + volume_id = huaweicloud_evs_volume.volume.id + } + + resource "huaweicloud_vpc_eip" "eip-tf" { + publicip { + type = var.region == "eu-west-101" ? "5_bgp" : "5_sbgp" + } + bandwidth { + name = "eip-tf-${random_id.new.hex}" + size = 5 + share_type = "PER" + charge_mode = "traffic" + } + } + + resource "huaweicloud_compute_eip_associate" "associated" { + public_ip = huaweicloud_vpc_eip.eip-tf.address + instance_id = huaweicloud_compute_instance.ecs-tf.id } - } - - resource "huaweicloud_compute_eip_associate" "associated" { - public_ip = huaweicloud_vpc_eip.eip-tf.address - instance_id = huaweicloud_compute_instance.ecs-tf.id - } - - output "ecs-host" { - value = huaweicloud_compute_instance.ecs-tf.access_ip_v4 - } - - output "ecs-public-ip" { - value = huaweicloud_vpc_eip.eip-tf.address - } - output "admin_passwd" { - value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd - } + outputs.tf: | + output "ecs-host" { + value = huaweicloud_compute_instance.ecs-tf.access_ip_v4 + } + + output "ecs-public-ip" { + value = huaweicloud_vpc_eip.eip-tf.address + } + + output "admin_passwd" { + value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd + } diff --git a/compute/OpenstackTestLab-Compute-terraform-dev.yml b/compute/OpenstackTestLab-Compute-terraform-dev.yml index 8b774b5..75addc3 100644 --- a/compute/OpenstackTestLab-Compute-terraform-dev.yml +++ b/compute/OpenstackTestLab-Compute-terraform-dev.yml @@ -80,7 +80,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Availability Zone @@ -88,12 +88,12 @@ deployment: mandatory: false description: The availability zone to deploy the service instance. If the value is empty, the service instance will be deployed in a random availability zone. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: OS_AUTH_URL @@ -162,192 +162,196 @@ deployment: modificationImpact: isDataLost: false isServiceInterrupted: true - deployer: | - variable "region" { - type = string - description = "The region to deploy the compute instance." - } - - variable "availability_zone" { - type = string - default = "" - description = "The availability zone to deploy the compute instance." - } - - variable "flavor_name" { - type = string - default = "cirros256" - description = "The flavor_name of the compute instance." - } - - variable "image_name" { - type = string - default = "cirros-0.5.2-x86_64-disk" - description = "The image name of the compute instance." - } - - variable "admin_passwd" { - type = string - default = "" - description = "The root password of the compute instance." - } - - variable "vpc_name" { - type = string - default = "ecs-vpc-default" - description = "The vpc name of the compute instance." - } - - variable "subnet_name" { - type = string - default = "ecs-subnet-default" - description = "The subnet name of the compute instance." - } + scriptFiles: + # The key is the name of the script, the value is the content of the script. + variables.tf: | + variable "region" { + type = string + description = "The region to deploy the compute instance." + } + + variable "availability_zone" { + type = string + default = "" + description = "The availability zone to deploy the compute instance." + } + + variable "flavor_name" { + type = string + default = "cirros256" + description = "The flavor_name of the compute instance." + } + + variable "image_name" { + type = string + default = "cirros-0.5.2-x86_64-disk" + description = "The image name of the compute instance." + } + + variable "admin_passwd" { + type = string + default = "" + description = "The root password of the compute instance." + } + + variable "vpc_name" { + type = string + default = "ecs-vpc-default" + description = "The vpc name of the compute instance." + } + + variable "subnet_name" { + type = string + default = "ecs-subnet-default" + description = "The subnet name of the compute instance." + } + + variable "secgroup_name" { + type = string + default = "ecs-secgroup-default" + description = "The security group name of the compute instance." + } - variable "secgroup_name" { - type = string - default = "ecs-secgroup-default" - description = "The security group name of the compute instance." - } - - terraform { - required_providers { - openstack = { - source = "terraform-provider-openstack/openstack" - version = "~> 1.53.0" + provider.tf: | + terraform { + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } } } - } - - provider "openstack" { - region = var.region - } - - data "openstack_compute_availability_zones_v2" "osc-az" {} - - data "openstack_networking_network_v2" "existing" { - name = var.vpc_name - count = length(data.openstack_networking_network_v2.existing) - } - - data "openstack_networking_subnet_v2" "existing" { - name = var.subnet_name - count = length(data.openstack_networking_subnet_v2.existing) - } - - data "openstack_networking_secgroup_v2" "existing" { - name = var.secgroup_name - count = length(data.openstack_networking_secgroup_v2.existing) - } - - locals { - availability_zone = var.availability_zone == "" ? data.openstack_compute_availability_zones_v2.osc-az.names[0] : var.availability_zone - admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd - vpc_id = length(data.openstack_networking_network_v2.existing) > 0 ? data.openstack_networking_network_v2.existing[0].id : openstack_networking_network_v2.new[0].id - subnet_id = length(data.openstack_networking_subnet_v2.existing) > 0 ? data.openstack_networking_subnet_v2.existing[0].id : openstack_networking_subnet_v2.new[0].id - secgroup_id = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].id : openstack_networking_secgroup_v2.new[0].id - secgroup_name = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].name : openstack_networking_secgroup_v2.new[0].name - } - - resource "openstack_networking_network_v2" "new" { - count = length(data.openstack_networking_network_v2.existing) == 0 ? 1 : 0 - name = "${var.vpc_name}-${random_id.new.hex}" - } - - resource "openstack_networking_subnet_v2" "new" { - count = length(data.openstack_networking_subnet_v2.existing) == 0 ? 1 : 0 - network_id = local.vpc_id - name = "${var.subnet_name}-${random_id.new.hex}" - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "openstack_networking_secgroup_v2" "new" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - name = "${var.secgroup_name}-${random_id.new.hex}" - description = "Compute security group" - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_0" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8080 - port_range_max = 8088 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9090 - port_range_max = 9099 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - data "openstack_images_image_v2" "image" { - name = var.image_name - most_recent = true - } - - resource "openstack_compute_instance_v2" "ecs-tf" { - availability_zone = local.availability_zone - name = "ecs-tf-${random_id.new.hex}" - flavor_name = var.flavor_name - security_groups = [ local.secgroup_name ] - image_id = data.openstack_images_image_v2.image.id - admin_pass = local.admin_passwd - network { - uuid = local.vpc_id + + provider "openstack" { + region = var.region } - } - - resource "openstack_blockstorage_volume_v3" "volume" { - name = "volume-tf-${random_id.new.hex}" - description = "my volume" - size = 40 - availability_zone = local.availability_zone - } - - resource "openstack_compute_volume_attach_v2" "attached" { - instance_id = openstack_compute_instance_v2.ecs-tf.id - volume_id = openstack_blockstorage_volume_v3.volume.id - } - - output "ecs-host" { - value = openstack_compute_instance_v2.ecs-tf.access_ip_v4 - } - output "admin_passwd" { - value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd - } + main.tf: | + data "openstack_compute_availability_zones_v2" "osc-az" {} + + data "openstack_networking_network_v2" "existing" { + name = var.vpc_name + count = length(data.openstack_networking_network_v2.existing) + } + + data "openstack_networking_subnet_v2" "existing" { + name = var.subnet_name + count = length(data.openstack_networking_subnet_v2.existing) + } + + data "openstack_networking_secgroup_v2" "existing" { + name = var.secgroup_name + count = length(data.openstack_networking_secgroup_v2.existing) + } + + locals { + availability_zone = var.availability_zone == "" ? data.openstack_compute_availability_zones_v2.osc-az.names[0] : var.availability_zone + admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd + vpc_id = length(data.openstack_networking_network_v2.existing) > 0 ? data.openstack_networking_network_v2.existing[0].id : openstack_networking_network_v2.new[0].id + subnet_id = length(data.openstack_networking_subnet_v2.existing) > 0 ? data.openstack_networking_subnet_v2.existing[0].id : openstack_networking_subnet_v2.new[0].id + secgroup_id = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].id : openstack_networking_secgroup_v2.new[0].id + secgroup_name = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].name : openstack_networking_secgroup_v2.new[0].name + } + + resource "openstack_networking_network_v2" "new" { + count = length(data.openstack_networking_network_v2.existing) == 0 ? 1 : 0 + name = "${var.vpc_name}-${random_id.new.hex}" + } + + resource "openstack_networking_subnet_v2" "new" { + count = length(data.openstack_networking_subnet_v2.existing) == 0 ? 1 : 0 + network_id = local.vpc_id + name = "${var.subnet_name}-${random_id.new.hex}" + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "openstack_networking_secgroup_v2" "new" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + name = "${var.secgroup_name}-${random_id.new.hex}" + description = "Compute security group" + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_0" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8088 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9090 + port_range_max = 9099 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + data "openstack_images_image_v2" "image" { + name = var.image_name + most_recent = true + } + + resource "openstack_compute_instance_v2" "ecs-tf" { + availability_zone = local.availability_zone + name = "ecs-tf-${random_id.new.hex}" + flavor_name = var.flavor_name + security_groups = [ local.secgroup_name ] + image_id = data.openstack_images_image_v2.image.id + admin_pass = local.admin_passwd + network { + uuid = local.vpc_id + } + } + + resource "openstack_blockstorage_volume_v3" "volume" { + name = "volume-tf-${random_id.new.hex}" + description = "my volume" + size = 40 + availability_zone = local.availability_zone + } + + resource "openstack_compute_volume_attach_v2" "attached" { + instance_id = openstack_compute_instance_v2.ecs-tf.id + volume_id = openstack_blockstorage_volume_v3.volume.id + } + + output "ecs-host" { + value = openstack_compute_instance_v2.ecs-tf.access_ip_v4 + } + + output "admin_passwd" { + value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd + } diff --git a/compute/PlusServer-Compute-terraform-dev.yml b/compute/PlusServer-Compute-terraform-dev.yml index 59285f3..31457e3 100644 --- a/compute/PlusServer-Compute-terraform-dev.yml +++ b/compute/PlusServer-Compute-terraform-dev.yml @@ -80,7 +80,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Availability Zone @@ -88,12 +88,12 @@ deployment: mandatory: false description: The availability zone to deploy the service instance. If the value is empty, the service instance will be deployed in a random availability zone. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: OS_AUTH_URL @@ -162,192 +162,196 @@ deployment: modificationImpact: isDataLost: false isServiceInterrupted: true - deployer: | - variable "region" { - type = string - description = "The region to deploy the compute instance." - } - - variable "availability_zone" { - type = string - default = "" - description = "The availability zone to deploy the compute instance." - } - - variable "flavor_name" { - type = string - default = "cirros256" - description = "The flavor_name of the compute instance." - } - - variable "image_name" { - type = string - default = "Ubuntu 20.04" - description = "The image name of the compute instance." - } - - variable "admin_passwd" { - type = string - default = "" - description = "The root password of the compute instance." - } - - variable "vpc_name" { - type = string - default = "ecs-vpc-default" - description = "The vpc name of the compute instance." - } - - variable "subnet_name" { - type = string - default = "ecs-subnet-default" - description = "The subnet name of the compute instance." - } + scriptFiles: + # The key is the name of the script, the value is the content of the script. + variables.tf: | + variable "region" { + type = string + description = "The region to deploy the compute instance." + } + + variable "availability_zone" { + type = string + default = "" + description = "The availability zone to deploy the compute instance." + } + + variable "flavor_name" { + type = string + default = "cirros256" + description = "The flavor_name of the compute instance." + } + + variable "image_name" { + type = string + default = "Ubuntu 20.04" + description = "The image name of the compute instance." + } + + variable "admin_passwd" { + type = string + default = "" + description = "The root password of the compute instance." + } + + variable "vpc_name" { + type = string + default = "ecs-vpc-default" + description = "The vpc name of the compute instance." + } + + variable "subnet_name" { + type = string + default = "ecs-subnet-default" + description = "The subnet name of the compute instance." + } + + variable "secgroup_name" { + type = string + default = "ecs-secgroup-default" + description = "The security group name of the compute instance." + } - variable "secgroup_name" { - type = string - default = "ecs-secgroup-default" - description = "The security group name of the compute instance." - } - - terraform { - required_providers { - openstack = { - source = "terraform-provider-openstack/openstack" - version = "~> 1.53.0" + provider.tf: | + terraform { + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } } } - } - - provider "openstack" { - region = var.region - } - - data "openstack_compute_availability_zones_v2" "osc-az" {} - - data "openstack_networking_network_v2" "existing" { - name = var.vpc_name - count = length(data.openstack_networking_network_v2.existing) - } - - data "openstack_networking_subnet_v2" "existing" { - name = var.subnet_name - count = length(data.openstack_networking_subnet_v2.existing) - } - - data "openstack_networking_secgroup_v2" "existing" { - name = var.secgroup_name - count = length(data.openstack_networking_secgroup_v2.existing) - } - - locals { - availability_zone = var.availability_zone == "" ? data.openstack_compute_availability_zones_v2.osc-az.names[0] : var.availability_zone - admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd - vpc_id = length(data.openstack_networking_network_v2.existing) > 0 ? data.openstack_networking_network_v2.existing[0].id : openstack_networking_network_v2.new[0].id - subnet_id = length(data.openstack_networking_subnet_v2.existing) > 0 ? data.openstack_networking_subnet_v2.existing[0].id : openstack_networking_subnet_v2.new[0].id - secgroup_id = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].id : openstack_networking_secgroup_v2.new[0].id - secgroup_name = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].name : openstack_networking_secgroup_v2.new[0].name - } - - resource "openstack_networking_network_v2" "new" { - count = length(data.openstack_networking_network_v2.existing) == 0 ? 1 : 0 - name = "${var.vpc_name}-${random_id.new.hex}" - } - - resource "openstack_networking_subnet_v2" "new" { - count = length(data.openstack_networking_subnet_v2.existing) == 0 ? 1 : 0 - network_id = local.vpc_id - name = "${var.subnet_name}-${random_id.new.hex}" - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "openstack_networking_secgroup_v2" "new" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - name = "${var.secgroup_name}-${random_id.new.hex}" - description = "Compute security group" - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_0" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8080 - port_range_max = 8088 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9090 - port_range_max = 9099 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - data "openstack_images_image_v2" "image" { - name = var.image_name - most_recent = true - } - - resource "openstack_compute_instance_v2" "ecs-tf" { - availability_zone = local.availability_zone - name = "ecs-tf-${random_id.new.hex}" - flavor_name = var.flavor_name - security_groups = [ local.secgroup_name ] - image_id = data.openstack_images_image_v2.image.id - admin_pass = local.admin_passwd - network { - uuid = local.vpc_id + + provider "openstack" { + region = var.region } - } - - resource "openstack_blockstorage_volume_v3" "volume" { - name = "volume-tf-${random_id.new.hex}" - description = "my volume" - size = 40 - availability_zone = local.availability_zone - } - - resource "openstack_compute_volume_attach_v2" "attached" { - instance_id = openstack_compute_instance_v2.ecs-tf.id - volume_id = openstack_blockstorage_volume_v3.volume.id - } - - output "ecs-host" { - value = openstack_compute_instance_v2.ecs-tf.access_ip_v4 - } - output "admin_passwd" { - value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd - } + main.tf: | + data "openstack_compute_availability_zones_v2" "osc-az" {} + + data "openstack_networking_network_v2" "existing" { + name = var.vpc_name + count = length(data.openstack_networking_network_v2.existing) + } + + data "openstack_networking_subnet_v2" "existing" { + name = var.subnet_name + count = length(data.openstack_networking_subnet_v2.existing) + } + + data "openstack_networking_secgroup_v2" "existing" { + name = var.secgroup_name + count = length(data.openstack_networking_secgroup_v2.existing) + } + + locals { + availability_zone = var.availability_zone == "" ? data.openstack_compute_availability_zones_v2.osc-az.names[0] : var.availability_zone + admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd + vpc_id = length(data.openstack_networking_network_v2.existing) > 0 ? data.openstack_networking_network_v2.existing[0].id : openstack_networking_network_v2.new[0].id + subnet_id = length(data.openstack_networking_subnet_v2.existing) > 0 ? data.openstack_networking_subnet_v2.existing[0].id : openstack_networking_subnet_v2.new[0].id + secgroup_id = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].id : openstack_networking_secgroup_v2.new[0].id + secgroup_name = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].name : openstack_networking_secgroup_v2.new[0].name + } + + resource "openstack_networking_network_v2" "new" { + count = length(data.openstack_networking_network_v2.existing) == 0 ? 1 : 0 + name = "${var.vpc_name}-${random_id.new.hex}" + } + + resource "openstack_networking_subnet_v2" "new" { + count = length(data.openstack_networking_subnet_v2.existing) == 0 ? 1 : 0 + network_id = local.vpc_id + name = "${var.subnet_name}-${random_id.new.hex}" + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "openstack_networking_secgroup_v2" "new" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + name = "${var.secgroup_name}-${random_id.new.hex}" + description = "Compute security group" + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_0" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8088 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9090 + port_range_max = 9099 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + data "openstack_images_image_v2" "image" { + name = var.image_name + most_recent = true + } + + resource "openstack_compute_instance_v2" "ecs-tf" { + availability_zone = local.availability_zone + name = "ecs-tf-${random_id.new.hex}" + flavor_name = var.flavor_name + security_groups = [ local.secgroup_name ] + image_id = data.openstack_images_image_v2.image.id + admin_pass = local.admin_passwd + network { + uuid = local.vpc_id + } + } + + resource "openstack_blockstorage_volume_v3" "volume" { + name = "volume-tf-${random_id.new.hex}" + description = "my volume" + size = 40 + availability_zone = local.availability_zone + } + + resource "openstack_compute_volume_attach_v2" "attached" { + instance_id = openstack_compute_instance_v2.ecs-tf.id + volume_id = openstack_blockstorage_volume_v3.volume.id + } + + output "ecs-host" { + value = openstack_compute_instance_v2.ecs-tf.access_ip_v4 + } + + output "admin_passwd" { + value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd + } diff --git a/compute/RegioCloud-Compute-terraform-dev.yml b/compute/RegioCloud-Compute-terraform-dev.yml index 6298e2d..c0bacbc 100644 --- a/compute/RegioCloud-Compute-terraform-dev.yml +++ b/compute/RegioCloud-Compute-terraform-dev.yml @@ -77,7 +77,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Availability Zone @@ -85,12 +85,12 @@ deployment: mandatory: false description: The availability zone to deploy the service instance. If the value is empty, the service instance will be deployed in a random availability zone. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: OS_AUTH_URL @@ -159,192 +159,196 @@ deployment: modificationImpact: isDataLost: false isServiceInterrupted: true - deployer: | - variable "region" { - type = string - description = "The region to deploy the compute instance." - } - - variable "availability_zone" { - type = string - default = "" - description = "The availability zone to deploy the compute instance." - } - - variable "flavor_name" { - type = string - default = "cirros256" - description = "The flavor_name of the compute instance." - } - - variable "image_name" { - type = string - default = "Ubuntu 20.04" - description = "The image name of the compute instance." - } - - variable "admin_passwd" { - type = string - default = "" - description = "The root password of the compute instance." - } - - variable "vpc_name" { - type = string - default = "ecs-vpc-default" - description = "The vpc name of the compute instance." - } - - variable "subnet_name" { - type = string - default = "ecs-subnet-default" - description = "The subnet name of the compute instance." - } + scriptFiles: + # The key is the name of the script, the value is the content of the script. + variables.tf: | + variable "region" { + type = string + description = "The region to deploy the compute instance." + } + + variable "availability_zone" { + type = string + default = "" + description = "The availability zone to deploy the compute instance." + } + + variable "flavor_name" { + type = string + default = "cirros256" + description = "The flavor_name of the compute instance." + } + + variable "image_name" { + type = string + default = "Ubuntu 20.04" + description = "The image name of the compute instance." + } + + variable "admin_passwd" { + type = string + default = "" + description = "The root password of the compute instance." + } + + variable "vpc_name" { + type = string + default = "ecs-vpc-default" + description = "The vpc name of the compute instance." + } + + variable "subnet_name" { + type = string + default = "ecs-subnet-default" + description = "The subnet name of the compute instance." + } + + variable "secgroup_name" { + type = string + default = "ecs-secgroup-default" + description = "The security group name of the compute instance." + } - variable "secgroup_name" { - type = string - default = "ecs-secgroup-default" - description = "The security group name of the compute instance." - } - - terraform { - required_providers { - openstack = { - source = "terraform-provider-openstack/openstack" - version = "~> 1.53.0" + provider.tf: | + terraform { + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } } } - } - - provider "openstack" { - region = var.region - } - - data "openstack_compute_availability_zones_v2" "osc-az" {} - - data "openstack_networking_network_v2" "existing" { - name = var.vpc_name - count = length(data.openstack_networking_network_v2.existing) - } - - data "openstack_networking_subnet_v2" "existing" { - name = var.subnet_name - count = length(data.openstack_networking_subnet_v2.existing) - } - - data "openstack_networking_secgroup_v2" "existing" { - name = var.secgroup_name - count = length(data.openstack_networking_secgroup_v2.existing) - } - - locals { - availability_zone = var.availability_zone == "" ? data.openstack_compute_availability_zones_v2.osc-az.names[0] : var.availability_zone - admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd - vpc_id = length(data.openstack_networking_network_v2.existing) > 0 ? data.openstack_networking_network_v2.existing[0].id : openstack_networking_network_v2.new[0].id - subnet_id = length(data.openstack_networking_subnet_v2.existing) > 0 ? data.openstack_networking_subnet_v2.existing[0].id : openstack_networking_subnet_v2.new[0].id - secgroup_id = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].id : openstack_networking_secgroup_v2.new[0].id - secgroup_name = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].name : openstack_networking_secgroup_v2.new[0].name - } - - resource "openstack_networking_network_v2" "new" { - count = length(data.openstack_networking_network_v2.existing) == 0 ? 1 : 0 - name = "${var.vpc_name}-${random_id.new.hex}" - } - - resource "openstack_networking_subnet_v2" "new" { - count = length(data.openstack_networking_subnet_v2.existing) == 0 ? 1 : 0 - network_id = local.vpc_id - name = "${var.subnet_name}-${random_id.new.hex}" - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "openstack_networking_secgroup_v2" "new" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - name = "${var.secgroup_name}-${random_id.new.hex}" - description = "Compute security group" - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_0" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8080 - port_range_max = 8088 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9090 - port_range_max = 9099 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - data "openstack_images_image_v2" "image" { - name = var.image_name - most_recent = true - } - - resource "openstack_compute_instance_v2" "ecs-tf" { - availability_zone = local.availability_zone - name = "ecs-tf-${random_id.new.hex}" - flavor_name = var.flavor_name - security_groups = [ local.secgroup_name ] - image_id = data.openstack_images_image_v2.image.id - admin_pass = local.admin_passwd - network { - uuid = local.vpc_id + + provider "openstack" { + region = var.region } - } - - resource "openstack_blockstorage_volume_v3" "volume" { - name = "volume-tf-${random_id.new.hex}" - description = "my volume" - size = 40 - availability_zone = local.availability_zone - } - - resource "openstack_compute_volume_attach_v2" "attached" { - instance_id = openstack_compute_instance_v2.ecs-tf.id - volume_id = openstack_blockstorage_volume_v3.volume.id - } - - output "ecs-host" { - value = openstack_compute_instance_v2.ecs-tf.access_ip_v4 - } - output "admin_passwd" { - value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd - } + main.tf: | + data "openstack_compute_availability_zones_v2" "osc-az" {} + + data "openstack_networking_network_v2" "existing" { + name = var.vpc_name + count = length(data.openstack_networking_network_v2.existing) + } + + data "openstack_networking_subnet_v2" "existing" { + name = var.subnet_name + count = length(data.openstack_networking_subnet_v2.existing) + } + + data "openstack_networking_secgroup_v2" "existing" { + name = var.secgroup_name + count = length(data.openstack_networking_secgroup_v2.existing) + } + + locals { + availability_zone = var.availability_zone == "" ? data.openstack_compute_availability_zones_v2.osc-az.names[0] : var.availability_zone + admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd + vpc_id = length(data.openstack_networking_network_v2.existing) > 0 ? data.openstack_networking_network_v2.existing[0].id : openstack_networking_network_v2.new[0].id + subnet_id = length(data.openstack_networking_subnet_v2.existing) > 0 ? data.openstack_networking_subnet_v2.existing[0].id : openstack_networking_subnet_v2.new[0].id + secgroup_id = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].id : openstack_networking_secgroup_v2.new[0].id + secgroup_name = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].name : openstack_networking_secgroup_v2.new[0].name + } + + resource "openstack_networking_network_v2" "new" { + count = length(data.openstack_networking_network_v2.existing) == 0 ? 1 : 0 + name = "${var.vpc_name}-${random_id.new.hex}" + } + + resource "openstack_networking_subnet_v2" "new" { + count = length(data.openstack_networking_subnet_v2.existing) == 0 ? 1 : 0 + network_id = local.vpc_id + name = "${var.subnet_name}-${random_id.new.hex}" + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "openstack_networking_secgroup_v2" "new" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + name = "${var.secgroup_name}-${random_id.new.hex}" + description = "Compute security group" + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_0" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8088 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9090 + port_range_max = 9099 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + data "openstack_images_image_v2" "image" { + name = var.image_name + most_recent = true + } + + resource "openstack_compute_instance_v2" "ecs-tf" { + availability_zone = local.availability_zone + name = "ecs-tf-${random_id.new.hex}" + flavor_name = var.flavor_name + security_groups = [ local.secgroup_name ] + image_id = data.openstack_images_image_v2.image.id + admin_pass = local.admin_passwd + network { + uuid = local.vpc_id + } + } + + resource "openstack_blockstorage_volume_v3" "volume" { + name = "volume-tf-${random_id.new.hex}" + description = "my volume" + size = 40 + availability_zone = local.availability_zone + } + + resource "openstack_compute_volume_attach_v2" "attached" { + instance_id = openstack_compute_instance_v2.ecs-tf.id + volume_id = openstack_blockstorage_volume_v3.volume.id + } + + output "ecs-host" { + value = openstack_compute_instance_v2.ecs-tf.access_ip_v4 + } + + output "admin_passwd" { + value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd + } diff --git a/compute/with-agent/huaweicloud/HuaweiCloud-Compute-terraform-dev.yml b/compute/with-agent/huaweicloud/HuaweiCloud-Compute-terraform-dev.yml index cc4909e..dcd5d3c 100644 --- a/compute/with-agent/huaweicloud/HuaweiCloud-Compute-terraform-dev.yml +++ b/compute/with-agent/huaweicloud/HuaweiCloud-Compute-terraform-dev.yml @@ -350,7 +350,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Availability Zone @@ -358,12 +358,12 @@ deployment: mandatory: false description: The availability zone to deploy the service instance. If the value is empty, the service instance will be deployed in a random availability zone. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: admin_passwd diff --git a/container/HuaweiCloud-K8S-autofill.yml b/container/HuaweiCloud-K8S-autofill.yml index d41c8c2..5503d05 100644 --- a/container/HuaweiCloud-K8S-autofill.yml +++ b/container/HuaweiCloud-K8S-autofill.yml @@ -142,7 +142,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for executing the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Availability Zone @@ -150,12 +150,12 @@ deployment: mandatory: false description: The availability zone to deploy the service instance. If the value is empty, the service instance will be deployed in a random availability zone. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: admin_passwd @@ -209,188 +209,191 @@ deployment: modificationImpact: isDataLost: true isServiceInterrupted: true - deployer: | - variable "region" { - type = string - description = "The region to deploy the K8S cluster instance." - } - - variable "availability_zone" { - type = string - default = "" - description = "The availability zone to deploy the K8S cluster instance." - } - - variable "flavor_id" { - type = string - default = "s6.large.2" - description = "The flavor_id of all nodes in the K8S cluster instance." - } - - variable "worker_nodes_count" { - type = string - default = 3 - description = "The worker nodes count in the K8S cluster instance." - } - - variable "admin_passwd" { - type = string - default = "" - description = "The root password of all nodes in the K8S cluster instance." - } - - variable "vpc_name" { - type = string - default = "k8s-vpc-default" - description = "The vpc name of all nodes in the K8S cluster instance." - } - - variable "subnet_name" { - type = string - default = "k8s-subnet-default" - description = "The subnet name of all nodes in the K8S cluster instance." - } + scriptFiles: + # The key is the name of the script, the value is the content of the script. + variables.tf: | + variable "region" { + type = string + description = "The region to deploy the K8S cluster instance." + } + + variable "availability_zone" { + type = string + default = "" + description = "The availability zone to deploy the K8S cluster instance." + } + + variable "flavor_id" { + type = string + default = "s6.large.2" + description = "The flavor_id of all nodes in the K8S cluster instance." + } + + variable "worker_nodes_count" { + type = string + default = 3 + description = "The worker nodes count in the K8S cluster instance." + } + + variable "admin_passwd" { + type = string + default = "" + description = "The root password of all nodes in the K8S cluster instance." + } + + variable "vpc_name" { + type = string + default = "k8s-vpc-default" + description = "The vpc name of all nodes in the K8S cluster instance." + } + + variable "subnet_name" { + type = string + default = "k8s-subnet-default" + description = "The subnet name of all nodes in the K8S cluster instance." + } + + variable "secgroup_name" { + type = string + default = "k8s-secgroup-default" + description = "The security group name of all nodes in the K8S cluster instance." + } - variable "secgroup_name" { - type = string - default = "k8s-secgroup-default" - description = "The security group name of all nodes in the K8S cluster instance." - } - - terraform { - required_providers { - huaweicloud = { - source = "huaweicloud/huaweicloud" - version = "~> 1.61.0" + provider.tf: | + terraform { + required_providers { + huaweicloud = { + source = "huaweicloud/huaweicloud" + version = "~> 1.61.0" + } } } - } - - provider "huaweicloud" { - region = var.region - } - - data "huaweicloud_availability_zones" "osc-az" {} - - data "huaweicloud_vpcs" "existing" { - name = var.vpc_name - } - - data "huaweicloud_vpc_subnets" "existing" { - name = var.subnet_name - } - - data "huaweicloud_networking_secgroups" "existing" { - name = var.secgroup_name - } - - locals { - availability_zone = var.availability_zone == "" ? data.huaweicloud_availability_zones.osc-az.names[0] : var.availability_zone - admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd - vpc_id = length(data.huaweicloud_vpcs.existing.vpcs) > 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id - subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id - secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id - } - - resource "huaweicloud_vpc" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - name = var.vpc_name - cidr = "192.168.0.0/16" - } - - resource "huaweicloud_vpc_subnet" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - vpc_id = local.vpc_id - name = var.subnet_name - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "huaweicloud_networking_secgroup" "new" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - name = var.secgroup_name - description = "k8s cluster security group" - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - resource "huaweicloud_kps_keypair" "keypair" { - name = "keypair-k8s-${random_id.new.hex}" - key_file = "keypair-kafka-${random_id.new.hex}.pem" - } - - data "huaweicloud_images_image" "image" { - name = "K8S-v1.26.2_Centos-7.9" - most_recent = true - enterprise_project_id = "0" - } - - resource "huaweicloud_compute_instance" "k8s-master" { - availability_zone = local.availability_zone - name = "k8s-master-${random_id.new.hex}" - flavor_id = var.flavor_id - security_group_ids = [ local.secgroup_id ] - image_id = data.huaweicloud_images_image.image.id - key_pair = huaweicloud_kps_keypair.keypair.name - network { - uuid = local.subnet_id + + provider "huaweicloud" { + region = var.region } - user_data = < /root/init.log - EOF - } - resource "huaweicloud_compute_instance" "k8s-node" { - count = var.worker_nodes_count - availability_zone = local.availability_zone - name = "k8s-node-${random_id.new.hex}-${count.index}" - flavor_id = var.flavor_id - security_group_ids = [ local.secgroup_id ] - image_id = data.huaweicloud_images_image.image.id - key_pair = huaweicloud_kps_keypair.keypair.name - network { - uuid = local.subnet_id + main.tf: | + data "huaweicloud_availability_zones" "osc-az" {} + + data "huaweicloud_vpcs" "existing" { + name = var.vpc_name + } + + data "huaweicloud_vpc_subnets" "existing" { + name = var.subnet_name + } + + data "huaweicloud_networking_secgroups" "existing" { + name = var.secgroup_name + } + + locals { + availability_zone = var.availability_zone == "" ? data.huaweicloud_availability_zones.osc-az.names[0] : var.availability_zone + admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd + vpc_id = length(data.huaweicloud_vpcs.existing.vpcs) > 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id + subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id + secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id + } + + resource "huaweicloud_vpc" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + name = var.vpc_name + cidr = "192.168.0.0/16" + } + + resource "huaweicloud_vpc_subnet" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + vpc_id = local.vpc_id + name = var.subnet_name + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "huaweicloud_networking_secgroup" "new" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + name = var.secgroup_name + description = "k8s cluster security group" + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + resource "huaweicloud_kps_keypair" "keypair" { + name = "keypair-k8s-${random_id.new.hex}" + key_file = "keypair-kafka-${random_id.new.hex}.pem" + } + + data "huaweicloud_images_image" "image" { + name = "K8S-v1.26.2_Centos-7.9" + most_recent = true + enterprise_project_id = "0" + } + + resource "huaweicloud_compute_instance" "k8s-master" { + availability_zone = local.availability_zone + name = "k8s-master-${random_id.new.hex}" + flavor_id = var.flavor_id + security_group_ids = [ local.secgroup_id ] + image_id = data.huaweicloud_images_image.image.id + key_pair = huaweicloud_kps_keypair.keypair.name + network { + uuid = local.subnet_id + } + user_data = < /root/init.log + EOF + } + + resource "huaweicloud_compute_instance" "k8s-node" { + count = var.worker_nodes_count + availability_zone = local.availability_zone + name = "k8s-node-${random_id.new.hex}-${count.index}" + flavor_id = var.flavor_id + security_group_ids = [ local.secgroup_id ] + image_id = data.huaweicloud_images_image.image.id + key_pair = huaweicloud_kps_keypair.keypair.name + network { + uuid = local.subnet_id + } + user_data = < /root/init.log + EOF + depends_on = [ + huaweicloud_compute_instance.k8s-master + ] } - user_data = < /root/init.log - EOF - depends_on = [ - huaweicloud_compute_instance.k8s-master - ] - } - - output "k8s_master_host" { - value = huaweicloud_compute_instance.k8s-master.access_ip_v4 - } - output "admin_passwd" { - value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd - } + output "k8s_master_host" { + value = huaweicloud_compute_instance.k8s-master.access_ip_v4 + } + + output "admin_passwd" { + value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd + } diff --git a/container/HuaweiCloud-K8S.yml b/container/HuaweiCloud-K8S.yml index cba0962..3b3f897 100644 --- a/container/HuaweiCloud-K8S.yml +++ b/container/HuaweiCloud-K8S.yml @@ -142,7 +142,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for executing the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Availability Zone @@ -150,12 +150,12 @@ deployment: mandatory: false description: The availability zone to deploy the service instance. If the value is empty, the service instance will be deployed in a random availability zone. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: admin_passwd @@ -200,188 +200,191 @@ deployment: modificationImpact: isDataLost: true isServiceInterrupted: true - deployer: | - variable "region" { - type = string - description = "The region to deploy the K8S cluster instance." - } - - variable "availability_zone" { - type = string - default = "" - description = "The availability zone to deploy the K8S cluster instance." - } - - variable "flavor_id" { - type = string - default = "s6.large.2" - description = "The flavor_id of all nodes in the K8S cluster instance." - } - - variable "worker_nodes_count" { - type = string - default = 3 - description = "The worker nodes count in the K8S cluster instance." - } - - variable "admin_passwd" { - type = string - default = "" - description = "The root password of all nodes in the K8S cluster instance." - } - - variable "vpc_name" { - type = string - default = "k8s-vpc-default" - description = "The vpc name of all nodes in the K8S cluster instance." - } - - variable "subnet_name" { - type = string - default = "k8s-subnet-default" - description = "The subnet name of all nodes in the K8S cluster instance." - } + scriptFiles: + # The key is the name of the script, the value is the content of the script. + variables.tf: | + variable "region" { + type = string + description = "The region to deploy the K8S cluster instance." + } + + variable "availability_zone" { + type = string + default = "" + description = "The availability zone to deploy the K8S cluster instance." + } + + variable "flavor_id" { + type = string + default = "s6.large.2" + description = "The flavor_id of all nodes in the K8S cluster instance." + } + + variable "worker_nodes_count" { + type = string + default = 3 + description = "The worker nodes count in the K8S cluster instance." + } + + variable "admin_passwd" { + type = string + default = "" + description = "The root password of all nodes in the K8S cluster instance." + } + + variable "vpc_name" { + type = string + default = "k8s-vpc-default" + description = "The vpc name of all nodes in the K8S cluster instance." + } + + variable "subnet_name" { + type = string + default = "k8s-subnet-default" + description = "The subnet name of all nodes in the K8S cluster instance." + } + + variable "secgroup_name" { + type = string + default = "k8s-secgroup-default" + description = "The security group name of all nodes in the K8S cluster instance." + } - variable "secgroup_name" { - type = string - default = "k8s-secgroup-default" - description = "The security group name of all nodes in the K8S cluster instance." - } - - terraform { - required_providers { - huaweicloud = { - source = "huaweicloud/huaweicloud" - version = "~> 1.61.0" + provider.tf: | + terraform { + required_providers { + huaweicloud = { + source = "huaweicloud/huaweicloud" + version = "~> 1.61.0" + } } } - } - - provider "huaweicloud" { - region = var.region - } - - data "huaweicloud_availability_zones" "osc-az" {} - - data "huaweicloud_vpcs" "existing" { - name = var.vpc_name - } - - data "huaweicloud_vpc_subnets" "existing" { - name = var.subnet_name - } - - data "huaweicloud_networking_secgroups" "existing" { - name = var.secgroup_name - } - - locals { - availability_zone = var.availability_zone == "" ? data.huaweicloud_availability_zones.osc-az.names[0] : var.availability_zone - admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd - vpc_id = length(data.huaweicloud_vpcs.existing.vpcs) > 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id - subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id - secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id - } - - resource "huaweicloud_vpc" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - name = var.vpc_name - cidr = "192.168.0.0/16" - } - - resource "huaweicloud_vpc_subnet" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - vpc_id = local.vpc_id - name = var.subnet_name - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "huaweicloud_networking_secgroup" "new" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - name = var.secgroup_name - description = "k8s cluster security group" - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - resource "huaweicloud_kps_keypair" "keypair" { - name = "keypair-k8s-${random_id.new.hex}" - key_file = "keypair-kafka-${random_id.new.hex}.pem" - } - - data "huaweicloud_images_image" "image" { - name = "K8S-v1.26.2_Centos-7.9" - most_recent = true - enterprise_project_id = "0" - } - - resource "huaweicloud_compute_instance" "k8s-master" { - availability_zone = local.availability_zone - name = "k8s-master-${random_id.new.hex}" - flavor_id = var.flavor_id - security_group_ids = [ local.secgroup_id ] - image_id = data.huaweicloud_images_image.image.id - key_pair = huaweicloud_kps_keypair.keypair.name - network { - uuid = local.subnet_id + + provider "huaweicloud" { + region = var.region } - user_data = < /root/init.log - EOF - } - resource "huaweicloud_compute_instance" "k8s-node" { - count = var.worker_nodes_count - availability_zone = local.availability_zone - name = "k8s-node-${random_id.new.hex}-${count.index}" - flavor_id = var.flavor_id - security_group_ids = [ local.secgroup_id ] - image_id = data.huaweicloud_images_image.image.id - key_pair = huaweicloud_kps_keypair.keypair.name - network { - uuid = local.subnet_id + main.tf: | + data "huaweicloud_availability_zones" "osc-az" {} + + data "huaweicloud_vpcs" "existing" { + name = var.vpc_name + } + + data "huaweicloud_vpc_subnets" "existing" { + name = var.subnet_name + } + + data "huaweicloud_networking_secgroups" "existing" { + name = var.secgroup_name + } + + locals { + availability_zone = var.availability_zone == "" ? data.huaweicloud_availability_zones.osc-az.names[0] : var.availability_zone + admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd + vpc_id = length(data.huaweicloud_vpcs.existing.vpcs) > 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id + subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id + secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id + } + + resource "huaweicloud_vpc" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + name = var.vpc_name + cidr = "192.168.0.0/16" + } + + resource "huaweicloud_vpc_subnet" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + vpc_id = local.vpc_id + name = var.subnet_name + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "huaweicloud_networking_secgroup" "new" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + name = var.secgroup_name + description = "k8s cluster security group" + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + resource "huaweicloud_kps_keypair" "keypair" { + name = "keypair-k8s-${random_id.new.hex}" + key_file = "keypair-kafka-${random_id.new.hex}.pem" + } + + data "huaweicloud_images_image" "image" { + name = "K8S-v1.26.2_Centos-7.9" + most_recent = true + enterprise_project_id = "0" + } + + resource "huaweicloud_compute_instance" "k8s-master" { + availability_zone = local.availability_zone + name = "k8s-master-${random_id.new.hex}" + flavor_id = var.flavor_id + security_group_ids = [ local.secgroup_id ] + image_id = data.huaweicloud_images_image.image.id + key_pair = huaweicloud_kps_keypair.keypair.name + network { + uuid = local.subnet_id + } + user_data = < /root/init.log + EOF + } + + resource "huaweicloud_compute_instance" "k8s-node" { + count = var.worker_nodes_count + availability_zone = local.availability_zone + name = "k8s-node-${random_id.new.hex}-${count.index}" + flavor_id = var.flavor_id + security_group_ids = [ local.secgroup_id ] + image_id = data.huaweicloud_images_image.image.id + key_pair = huaweicloud_kps_keypair.keypair.name + network { + uuid = local.subnet_id + } + user_data = < /root/init.log + EOF + depends_on = [ + huaweicloud_compute_instance.k8s-master + ] } - user_data = < /root/init.log - EOF - depends_on = [ - huaweicloud_compute_instance.k8s-master - ] - } - - output "k8s_master_host" { - value = huaweicloud_compute_instance.k8s-master.access_ip_v4 - } - output "admin_passwd" { - value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd - } + output "k8s_master_host" { + value = huaweicloud_compute_instance.k8s-master.access_ip_v4 + } + + output "admin_passwd" { + value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd + } diff --git a/container/flexibleEngine-K8S.yml b/container/flexibleEngine-K8S.yml index ad5989e..5a0cced 100644 --- a/container/flexibleEngine-K8S.yml +++ b/container/flexibleEngine-K8S.yml @@ -76,7 +76,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for executing the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Availability Zone @@ -84,12 +84,12 @@ deployment: mandatory: false description: The availability zone to deploy the service instance. If the value is empty, the service instance will be deployed in a random availability zone. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it the deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: admin_passwd @@ -134,192 +134,195 @@ deployment: modificationImpact: isDataLost: true isServiceInterrupted: true - deployer: | - variable "region" { - type = string - description = "The region to deploy the K8S cluster instance." - } - - variable "availability_zone" { - type = string - default = "" - description = "The availability zone to deploy the K8S cluster instance." - } - - variable "flavor_id" { - type = string - default = "s6.large.2" - description = "The flavor_id of all nodes in the K8S cluster instance." - } - - variable "image_name" { - type = string - default = "OBS Ubuntu 22.04" - description = "The image name of the compute instance." - } - - variable "worker_nodes_count" { - type = string - default = 3 - description = "The worker nodes count in the K8S cluster instance." - } - - variable "admin_passwd" { - type = string - default = "" - description = "The root password of all nodes in the K8S cluster instance." - } - - variable "vpc_name" { - type = string - default = "k8s-vpc-default" - description = "The vpc name of all nodes in the K8S cluster instance." - } - - variable "subnet_name" { - type = string - default = "k8s-subnet-default" - description = "The subnet name of all nodes in the K8S cluster instance." - } - - variable "secgroup_name" { - type = string - default = "k8s-secgroup-default" - description = "The security group name of all nodes in the K8S cluster instance." - } - - terraform { - required_providers { - flexibleengine = { - source = "FlexibleEngineCloud/flexibleengine" - version = "~> 1.46.0" + scriptFiles: + # The key is the name of the script, the value is the content of the script. + variables.tf: | + variable "region" { + type = string + description = "The region to deploy the K8S cluster instance." + } + + variable "availability_zone" { + type = string + default = "" + description = "The availability zone to deploy the K8S cluster instance." + } + + variable "flavor_id" { + type = string + default = "s6.large.2" + description = "The flavor_id of all nodes in the K8S cluster instance." + } + + variable "image_name" { + type = string + default = "OBS Ubuntu 22.04" + description = "The image name of the compute instance." + } + + variable "worker_nodes_count" { + type = string + default = 3 + description = "The worker nodes count in the K8S cluster instance." + } + + variable "admin_passwd" { + type = string + default = "" + description = "The root password of all nodes in the K8S cluster instance." + } + + variable "vpc_name" { + type = string + default = "k8s-vpc-default" + description = "The vpc name of all nodes in the K8S cluster instance." + } + + variable "subnet_name" { + type = string + default = "k8s-subnet-default" + description = "The subnet name of all nodes in the K8S cluster instance." + } + + variable "secgroup_name" { + type = string + default = "k8s-secgroup-default" + description = "The security group name of all nodes in the K8S cluster instance." + } + provider.tf: | + terraform { + required_providers { + flexibleengine = { + source = "FlexibleEngineCloud/flexibleengine" + version = "~> 1.46.0" + } } } - } - - provider "flexibleengine" { - region = var.region - } - - data "flexibleengine_availability_zones" "osc-az" {} - - data "flexibleengine_vpcs" "existing" { - name = var.vpc_name - } - - resource "flexibleengine_vpc_v1" "new" { - count = length(data.flexibleengine_vpcs.existing.vpcs) == 0 ? 1 : 0 - name = "${var.vpc_name}-${random_id.new.hex}" - cidr = "192.168.0.0/16" - } - - data "flexibleengine_vpc_subnets" "existing" { - name = var.subnet_name - } - - resource "flexibleengine_vpc_subnet_v1" "new" { - count = length(data.flexibleengine_vpc_subnets.existing.subnets) == 0 ? 1 : 0 - vpc_id = local.vpc_id - name = "${var.subnet_name}-${random_id.new.hex}" - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - dns_list = ["100.125.0.41", "100.125.12.161"] - } - - resource "flexibleengine_networking_secgroup_v2" "new" { - name = "${var.secgroup_name}-${random_id.new.hex}" - description = "K8S cluster security group" - } - - locals { - availability_zone = var.availability_zone == "" ? data.flexibleengine_availability_zones.osc-az.names[0] : var.availability_zone - admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd - vpc_id = length(data.flexibleengine_vpcs.existing.vpcs) > 0 ? data.flexibleengine_vpcs.existing.vpcs[0].id : flexibleengine_vpc_v1.new[0].id - subnet_id = length(data.flexibleengine_vpc_subnets.existing.subnets) > 0 ? data.flexibleengine_vpc_subnets.existing.subnets[0].id : flexibleengine_vpc_subnet_v1.new[0].id - secgroup_id = flexibleengine_networking_secgroup_v2.new.id - secgroup_name = flexibleengine_networking_secgroup_v2.new.name - } - - - resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_0" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - resource "flexibleengine_compute_keypair_v2" "keypair" { - name = "keypair-k8s-${random_id.new.hex}" - } - - data "flexibleengine_images_image" "image" { - name = var.image_name - most_recent = true - enterprise_project_id = "0" - } + + provider "flexibleengine" { + region = var.region + } - resource "flexibleengine_compute_instance_v2" "k8s-master" { - availability_zone = local.availability_zone - name = "k8s-master-${random_id.new.hex}" - flavor_id = var.flavor_id - security_groups = [ local.secgroup_name ] - image_id = data.flexibleengine_images_image.image.id - key_pair = flexibleengine_compute_keypair_v2.keypair.name - network { - uuid = local.subnet_id + main.tf: | + data "flexibleengine_availability_zones" "osc-az" {} + + data "flexibleengine_vpcs" "existing" { + name = var.vpc_name + } + + resource "flexibleengine_vpc_v1" "new" { + count = length(data.flexibleengine_vpcs.existing.vpcs) == 0 ? 1 : 0 + name = "${var.vpc_name}-${random_id.new.hex}" + cidr = "192.168.0.0/16" + } + + data "flexibleengine_vpc_subnets" "existing" { + name = var.subnet_name + } + + resource "flexibleengine_vpc_subnet_v1" "new" { + count = length(data.flexibleengine_vpc_subnets.existing.subnets) == 0 ? 1 : 0 + vpc_id = local.vpc_id + name = "${var.subnet_name}-${random_id.new.hex}" + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + dns_list = ["100.125.0.41", "100.125.12.161"] + } + + resource "flexibleengine_networking_secgroup_v2" "new" { + name = "${var.secgroup_name}-${random_id.new.hex}" + description = "K8S cluster security group" + } + + locals { + availability_zone = var.availability_zone == "" ? data.flexibleengine_availability_zones.osc-az.names[0] : var.availability_zone + admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd + vpc_id = length(data.flexibleengine_vpcs.existing.vpcs) > 0 ? data.flexibleengine_vpcs.existing.vpcs[0].id : flexibleengine_vpc_v1.new[0].id + subnet_id = length(data.flexibleengine_vpc_subnets.existing.subnets) > 0 ? data.flexibleengine_vpc_subnets.existing.subnets[0].id : flexibleengine_vpc_subnet_v1.new[0].id + secgroup_id = flexibleengine_networking_secgroup_v2.new.id + secgroup_name = flexibleengine_networking_secgroup_v2.new.name + } + + + resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_0" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id } - user_data = < /root/init.log + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + resource "flexibleengine_compute_keypair_v2" "keypair" { + name = "keypair-k8s-${random_id.new.hex}" + } + + data "flexibleengine_images_image" "image" { + name = var.image_name + most_recent = true + enterprise_project_id = "0" + } + + resource "flexibleengine_compute_instance_v2" "k8s-master" { + availability_zone = local.availability_zone + name = "k8s-master-${random_id.new.hex}" + flavor_id = var.flavor_id + security_groups = [ local.secgroup_name ] + image_id = data.flexibleengine_images_image.image.id + key_pair = flexibleengine_compute_keypair_v2.keypair.name + network { + uuid = local.subnet_id + } + user_data = < /root/init.log + EOF + } + + resource "flexibleengine_compute_instance_v2" "k8s-node" { + count = var.worker_nodes_count + availability_zone = local.availability_zone + name = "k8s-node-${random_id.new.hex}-${count.index}" + flavor_id = var.flavor_id + security_groups = [ local.secgroup_name ] + image_id = data.flexibleengine_images_image.image.id + key_pair = flexibleengine_compute_keypair_v2.keypair.name + network { + uuid = local.subnet_id + } + user_data = < /root/init.log EOF - } - - resource "flexibleengine_compute_instance_v2" "k8s-node" { - count = var.worker_nodes_count - availability_zone = local.availability_zone - name = "k8s-node-${random_id.new.hex}-${count.index}" - flavor_id = var.flavor_id - security_groups = [ local.secgroup_name ] - image_id = data.flexibleengine_images_image.image.id - key_pair = flexibleengine_compute_keypair_v2.keypair.name - network { - uuid = local.subnet_id + depends_on = [ + flexibleengine_compute_instance_v2.k8s-master + ] + } + + output "k8s_master_host" { + value = flexibleengine_compute_instance_v2.k8s-master.access_ip_v4 + } + + output "admin_passwd" { + value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd } - user_data = < /root/init.log - EOF - depends_on = [ - flexibleengine_compute_instance_v2.k8s-master - ] - } - - output "k8s_master_host" { - value = flexibleengine_compute_instance_v2.k8s-master.access_ip_v4 - } - - output "admin_passwd" { - value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd - } diff --git a/database/HuaweiCloud-MySql-git-repo.yml b/database/HuaweiCloud-MySql-git-repo.yml index 6df8c17..9811608 100644 --- a/database/HuaweiCloud-MySql-git-repo.yml +++ b/database/HuaweiCloud-MySql-git-repo.yml @@ -158,7 +158,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for executing the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Primary AZ @@ -170,12 +170,12 @@ deployment: mandatory: true description: The secondary availability zone to deploy the service instance. Different from primary_az. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: admin_passwd diff --git a/database/HuaweiCloud-MySql.yml b/database/HuaweiCloud-MySql.yml index d5eaaf6..d92e7cc 100644 --- a/database/HuaweiCloud-MySql.yml +++ b/database/HuaweiCloud-MySql.yml @@ -158,7 +158,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for executing the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Primary AZ @@ -170,12 +170,12 @@ deployment: mandatory: true description: The secondary availability zone to deploy the service instance. Different from primary_az. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: admin_passwd @@ -220,252 +220,257 @@ deployment: modificationImpact: isDataLost: false isServiceInterrupted: true - deployer: | - variable "region" { - type = string - description = "The region to deploy the mysql service instance." - } - - variable "primary_az" { - type = string - description = "The primary availability zone to deploy the mysql service instance." - } - - variable "secondary_az" { - type = string - description = "The secondary availability zone to deploy the mysql service instance." - } - - variable "flavor_id" { - type = string - description = "The flavor_id of the mysql service instance." - } - - variable "db_version" { - type = string - default = "8.0" - description = "The version of the database to create in the mysql service instance." - } - - variable "admin_passwd" { - type = string - default = "" - description = "The root password of the mysql service instance." - } - - variable "db_name" { - type = string - default = "test" - description = "The database name to create in the mysql service instance." - } - - variable "db_port" { - type = number - default = 3306 - description = "The port of the created database in the mysql service instance." - } - - variable "user_name" { - type = string - default = "test" - description = "The user name of the created database." - } - - variable "vpc_name" { - type = string - default = "rds-vpc-default" - description = "The vpc name of the mysql service instance." - } - - variable "subnet_name" { - type = string - default = "rds-subnet-default" - description = "The subnet name of the mysql service instance." - } - - variable "secgroup_name" { - type = string - default = "rds-secgroup-default" - description = "The security group name of the mysql service instance." - } + scriptFiles: + # The key is the name of the script, the value is the content of the script. + variables.tf: | + variable "region" { + type = string + description = "The region to deploy the mysql service instance." + } + + variable "primary_az" { + type = string + description = "The primary availability zone to deploy the mysql service instance." + } + + variable "secondary_az" { + type = string + description = "The secondary availability zone to deploy the mysql service instance." + } + + variable "flavor_id" { + type = string + description = "The flavor_id of the mysql service instance." + } + + variable "db_version" { + type = string + default = "8.0" + description = "The version of the database to create in the mysql service instance." + } + + variable "admin_passwd" { + type = string + default = "" + description = "The root password of the mysql service instance." + } + + variable "db_name" { + type = string + default = "test" + description = "The database name to create in the mysql service instance." + } + + variable "db_port" { + type = number + default = 3306 + description = "The port of the created database in the mysql service instance." + } + + variable "user_name" { + type = string + default = "test" + description = "The user name of the created database." + } + + variable "vpc_name" { + type = string + default = "rds-vpc-default" + description = "The vpc name of the mysql service instance." + } + + variable "subnet_name" { + type = string + default = "rds-subnet-default" + description = "The subnet name of the mysql service instance." + } + + variable "secgroup_name" { + type = string + default = "rds-secgroup-default" + description = "The security group name of the mysql service instance." + } - terraform { - required_providers { - huaweicloud = { - source = "huaweicloud/huaweicloud" - version = "~> 1.61.0" + provider.tf: | + terraform { + required_providers { + huaweicloud = { + source = "huaweicloud/huaweicloud" + version = "~> 1.61.0" + } } } - } - - provider "huaweicloud" { - region = var.region - } - - data "huaweicloud_vpcs" "existing" { - name = var.vpc_name - } - - data "huaweicloud_vpc_subnets" "existing" { - name = var.subnet_name - } - - data "huaweicloud_networking_secgroups" "existing" { - name = var.secgroup_name - } - - locals { - admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd - vpc_id = length(data.huaweicloud_vpcs.existing.vpcs) > 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id - subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id - secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id - } - - resource "huaweicloud_vpc" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - name = var.vpc_name - cidr = "192.168.0.0/16" - } - - resource "huaweicloud_vpc_subnet" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - vpc_id = local.vpc_id - name = var.subnet_name - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "huaweicloud_networking_secgroup" "new" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - name = var.secgroup_name - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = var.db_port - port_range_max = var.db_port - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } + + provider "huaweicloud" { + region = var.region + } - resource "huaweicloud_vpc_eip" "eip-tf" { - publicip { - type = "5_sbgp" + main.tf: | + data "huaweicloud_vpcs" "existing" { + name = var.vpc_name } - bandwidth { - name = "rds-tf-${random_id.new.hex}" - size = 5 - share_type = "PER" - charge_mode = "traffic" + + data "huaweicloud_vpc_subnets" "existing" { + name = var.subnet_name } - } - - - resource "huaweicloud_rds_instance" "instance" { - name = "rds-tf-${random_id.new.hex}" - flavor = var.flavor_id - ha_replication_mode = "async" - vpc_id = local.vpc_id - subnet_id = local.subnet_id - security_group_id = local.secgroup_id - availability_zone = [ - var.primary_az, - var.secondary_az] - - db { - type = "MySQL" - version = var.db_version - password = local.admin_passwd - port = var.db_port + + data "huaweicloud_networking_secgroups" "existing" { + name = var.secgroup_name } - - volume { - type = "CLOUDSSD" - size = 40 + + locals { + admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd + vpc_id = length(data.huaweicloud_vpcs.existing.vpcs) > 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id + subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id + secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id } - - backup_strategy { - start_time = "01:00-02:00" - keep_days = 1 + + resource "huaweicloud_vpc" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + name = var.vpc_name + cidr = "192.168.0.0/16" } - - parameters { - name = "lower_case_table_names" - value = 1 + + resource "huaweicloud_vpc_subnet" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + vpc_id = local.vpc_id + name = var.subnet_name + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "huaweicloud_networking_secgroup" "new" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + name = var.secgroup_name + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = var.db_port + port_range_max = var.db_port + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + resource "huaweicloud_vpc_eip" "eip-tf" { + publicip { + type = "5_sbgp" + } + bandwidth { + name = "rds-tf-${random_id.new.hex}" + size = 5 + share_type = "PER" + charge_mode = "traffic" + } + } + + + resource "huaweicloud_rds_instance" "instance" { + name = "rds-tf-${random_id.new.hex}" + flavor = var.flavor_id + ha_replication_mode = "async" + vpc_id = local.vpc_id + subnet_id = local.subnet_id + security_group_id = local.secgroup_id + availability_zone = [ + var.primary_az, + var.secondary_az] + + db { + type = "MySQL" + version = var.db_version + password = local.admin_passwd + port = var.db_port + } + + volume { + type = "CLOUDSSD" + size = 40 + } + + backup_strategy { + start_time = "01:00-02:00" + keep_days = 1 + } + + parameters { + name = "lower_case_table_names" + value = 1 + } + } + + resource "huaweicloud_vpc_eip_associate" "associated" { + public_ip = huaweicloud_vpc_eip.eip-tf.address + network_id = local.subnet_id + fixed_ip = huaweicloud_rds_instance.instance.fixed_ip + } + + resource "huaweicloud_rds_mysql_database" "db" { + instance_id = huaweicloud_rds_instance.instance.id + name = var.db_name + character_set = "utf8" + } + + resource "huaweicloud_rds_mysql_account" "user" { + instance_id = huaweicloud_rds_instance.instance.id + name = var.user_name + password = local.admin_passwd + } + + resource "huaweicloud_rds_mysql_database_privilege" "privilege" { + instance_id = huaweicloud_rds_instance.instance.id + db_name = var.db_name + users { + name = var.user_name + readonly = false + } + depends_on = [ + huaweicloud_rds_mysql_database.db, huaweicloud_rds_mysql_account.user + ] + } + + resource "huaweicloud_rds_mysql_binlog" "test" { + instance_id = huaweicloud_rds_instance.instance.id + binlog_retention_hours = 6 } - } - - resource "huaweicloud_vpc_eip_associate" "associated" { - public_ip = huaweicloud_vpc_eip.eip-tf.address - network_id = local.subnet_id - fixed_ip = huaweicloud_rds_instance.instance.fixed_ip - } - - resource "huaweicloud_rds_mysql_database" "db" { - instance_id = huaweicloud_rds_instance.instance.id - name = var.db_name - character_set = "utf8" - } - - resource "huaweicloud_rds_mysql_account" "user" { - instance_id = huaweicloud_rds_instance.instance.id - name = var.user_name - password = local.admin_passwd - } - - resource "huaweicloud_rds_mysql_database_privilege" "privilege" { - instance_id = huaweicloud_rds_instance.instance.id - db_name = var.db_name - users { - name = var.user_name - readonly = false - } - depends_on = [ - huaweicloud_rds_mysql_database.db, huaweicloud_rds_mysql_account.user - ] - } - - resource "huaweicloud_rds_mysql_binlog" "test" { - instance_id = huaweicloud_rds_instance.instance.id - binlog_retention_hours = 6 - } - - output "rds_instance_public_ips" { - value = huaweicloud_vpc_eip.eip-tf.address - } - - output "rds_instance_private_ips" { - value = join(",", huaweicloud_rds_instance.instance.private_ips) - } - output "admin_passwd" { - value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd - } \ No newline at end of file + outputs.tf: | + output "rds_instance_public_ips" { + value = huaweicloud_vpc_eip.eip-tf.address + } + + output "rds_instance_private_ips" { + value = join(",", huaweicloud_rds_instance.instance.private_ips) + } + + output "admin_passwd" { + value = var.admin_passwd == "" ? nonsensitive(local.admin_passwd) : local.admin_passwd + } \ No newline at end of file diff --git a/middleware/HuaweiCloud-Kafka-autofill.yml b/middleware/HuaweiCloud-Kafka-autofill.yml index f5e7654..08065dc 100644 --- a/middleware/HuaweiCloud-Kafka-autofill.yml +++ b/middleware/HuaweiCloud-Kafka-autofill.yml @@ -306,7 +306,7 @@ deployment: deployerTool: # kind, Supported values are terraform, opentofu. kind: terraform - # version, the required version of the deployer tool for the deployer scripts. + # version, the required version of the deployer tool for executing the deployment scripts. version: "=1.6.0" serviceAvailabilityConfig: - displayName: Availability Zone @@ -314,12 +314,12 @@ deployment: mandatory: false description: The availability zone to deploy the service instance. If the value is empty, the service instance will be deployed in a random availability zone. # Context for deployment: the context including some kind of parameters for the deployment, such as fix_env, fix_variable, env, variable, env_env, env_variable. - # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as environment variables. This variable is not visible to the end user. - # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to deployer as usual variables. This variable is not visible to the end user. - # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a environment variable to the deployer. - # - variable: Value for a variable of this type can be provided by end user. . If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provided it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployer. - # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a environment variable to the deployer. End user cannot see or change this variable. - # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployer. End user cannot see or change this variable. + # - fix_env: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as environment variables. This variable is not visible to the end user. + # - fix_variable: Values for variable of this type are defined by the managed service provider in the OCL template. Runtime will inject it to the deployment scripts as usual variables. This variable is not visible to the end user. + # - env: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as an environment variable to the deployment scripts. + # - variable: Value for a variable of this type can be provided by end user. If marked as mandatory then end user must provide value to this variable. If marked as optional and if end user does not provide it, then the fallback value to this variable is read by runtime (it can read from other sources, e.g., OS env variables). This variable is injected as a regular variable to the deployment scripts. + # - env_env: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as an environment variable to the deployment scripts. End user cannot see or change this variable. + # - env_variable: Value to this variable is read by runtime (it can read from other sources, e.g., OS env variables) and injected as a regular variable to the deployment scripts. End user cannot see or change this variable. # The parameters will be used to generate the API of the managed service. variables: - name: admin_passwd @@ -373,214 +373,218 @@ deployment: modificationImpact: isDataLost: true isServiceInterrupted: true - deployer: | - variable "region" { - type = string - description = "The region to deploy the Kafka cluster instance." - } - - variable "availability_zone" { - type = string - default = "" - description = "The availability zone to deploy the Kafka cluster instance." - } - - variable "flavor_id" { - type = string - default = "s6.large.2" - description = "The flavor_id of all nodes in the Kafka cluster instance." - } - - variable "worker_nodes_count" { - type = string - default = 3 - description = "The worker nodes count in the Kafka cluster instance." - } - - variable "admin_passwd" { - type = string - default = "" - description = "The root password of all nodes in the Kafka cluster instance." - } - - variable "vpc_name" { - type = string - default = "kafka-vpc-default" - description = "The vpc name of all nodes in the Kafka cluster instance." - } - - variable "subnet_name" { - type = string - default = "kafka-subnet-default" - description = "The subnet name of all nodes in the Kafka cluster instance." - } + scriptFiles: + # The key is the name of the script, the value is the content of the script. + variables.tf: | + variable "region" { + type = string + description = "The region to deploy the Kafka cluster instance." + } + + variable "availability_zone" { + type = string + default = "" + description = "The availability zone to deploy the Kafka cluster instance." + } + + variable "flavor_id" { + type = string + default = "s6.large.2" + description = "The flavor_id of all nodes in the Kafka cluster instance." + } + + variable "worker_nodes_count" { + type = string + default = 3 + description = "The worker nodes count in the Kafka cluster instance." + } + + variable "admin_passwd" { + type = string + default = "" + description = "The root password of all nodes in the Kafka cluster instance." + } + + variable "vpc_name" { + type = string + default = "kafka-vpc-default" + description = "The vpc name of all nodes in the Kafka cluster instance." + } + + variable "subnet_name" { + type = string + default = "kafka-subnet-default" + description = "The subnet name of all nodes in the Kafka cluster instance." + } + + variable "secgroup_name" { + type = string + default = "kafka-secgroup-default" + description = "The security group name of all nodes in the Kafka cluster instance." + } - variable "secgroup_name" { - type = string - default = "kafka-secgroup-default" - description = "The security group name of all nodes in the Kafka cluster instance." - } - - terraform { - required_providers { - huaweicloud = { - source = "huaweicloud/huaweicloud" - version = "~> 1.61.0" + provider.tf: | + terraform { + required_providers { + huaweicloud = { + source = "huaweicloud/huaweicloud" + version = "~> 1.61.0" + } } } - } - - provider "huaweicloud" { - region = var.region - } - - data "huaweicloud_availability_zones" "osc-az" {} - - data "huaweicloud_vpcs" "existing" { - name = var.vpc_name - } - - data "huaweicloud_vpc_subnets" "existing" { - name = var.subnet_name - } - - data "huaweicloud_networking_secgroups" "existing" { - name = var.secgroup_name - } - - locals { - availability_zone = var.availability_zone == "" ? data.huaweicloud_availability_zones.osc-az.names[0] : var.availability_zone - admin_passwd = var.admin_passwd == "" ? random_password.password.result : var.admin_passwd - vpc_id = length(data.huaweicloud_vpcs.existing.vpcs) > 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id - subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id - secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id - } - - resource "huaweicloud_vpc" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - name = var.vpc_name - cidr = "192.168.0.0/16" - } - - resource "huaweicloud_vpc_subnet" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - vpc_id = local.vpc_id - name = var.subnet_name - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "huaweicloud_networking_secgroup" "new" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - name = var.secgroup_name - description = "Kafka cluster security group" - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 2181 - port_range_max = 2181 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_2" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9092 - port_range_max = 9093 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - resource "huaweicloud_kps_keypair" "keypair" { - name = "keypair-kafka-${random_id.new.hex}" - key_file = "keypair-kafka-${random_id.new.hex}.pem" - } - - data "huaweicloud_images_image" "image" { - name = "Kafka-v3.3.2_Ubuntu-20.04" - most_recent = true - enterprise_project_id = "0" - } - - resource "huaweicloud_compute_instance" "zookeeper" { - availability_zone = local.availability_zone - name = "kafka-zookeeper-${random_id.new.hex}" - flavor_id = var.flavor_id - security_group_ids = [ local.secgroup_id ] - image_id = data.huaweicloud_images_image.image.id - key_pair = huaweicloud_kps_keypair.keypair.name - network { - uuid = local.subnet_id + + provider "huaweicloud" { + region = var.region } - user_data = < 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id + subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id + secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id + } + + resource "huaweicloud_vpc" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + name = var.vpc_name + cidr = "192.168.0.0/16" + } + + resource "huaweicloud_vpc_subnet" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + vpc_id = local.vpc_id + name = var.subnet_name + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "huaweicloud_networking_secgroup" "new" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + name = var.secgroup_name + description = "Kafka cluster security group" + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 2181 + port_range_max = 2181 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_2" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9092 + port_range_max = 9093 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + resource "huaweicloud_kps_keypair" "keypair" { + name = "keypair-kafka-${random_id.new.hex}" + key_file = "keypair-kafka-${random_id.new.hex}.pem" + } + + data "huaweicloud_images_image" "image" { + name = "Kafka-v3.3.2_Ubuntu-20.04" + most_recent = true + enterprise_project_id = "0" + } + + resource "huaweicloud_compute_instance" "zookeeper" { + availability_zone = local.availability_zone + name = "kafka-zookeeper-${random_id.new.hex}" + flavor_id = var.flavor_id + security_group_ids = [ local.secgroup_id ] + image_id = data.huaweicloud_images_image.image.id + key_pair = huaweicloud_kps_keypair.keypair.name + network { + uuid = local.subnet_id + } + user_data = < 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id - subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id - secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id - } - - resource "huaweicloud_vpc" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - name = var.vpc_name - cidr = "192.168.0.0/16" - } - - resource "huaweicloud_vpc_subnet" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - vpc_id = local.vpc_id - name = var.subnet_name - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "huaweicloud_networking_secgroup" "new" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - name = var.secgroup_name - description = "Kafka cluster security group" - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 2181 - port_range_max = 2181 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_2" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9092 - port_range_max = 9093 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - resource "huaweicloud_compute_keypair" "keypair" { - name = "keypair-kafka-${random_id.new.hex}" - } - - data "huaweicloud_images_image" "image" { - name = "Kafka-v3.3.2_Ubuntu-20.04" - most_recent = true - enterprise_project_id = "0" - } - - module "ecs_kafka_service" { - source = "git@github.com:terraform-huaweicloud-modules/terraform-huaweicloud-ecs.git" - count = var.worker_nodes_count - availability_zone = local.availability_zone - subnet_id = local.subnet_id - instance_name = "kafka-broker-module${random_id.new.hex}-${count.index}" - instance_flavor_id = var.flavor_id - instance_image_id = data.huaweicloud_images_image.image.id - security_group_ids = [ local.secgroup_id ] - system_disk_size = 50 - admin_password = local.admin_passwd - keypair_name = huaweicloud_compute_keypair.keypair.name - user_data = < 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id + subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id + secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id + } + + resource "huaweicloud_vpc" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + name = var.vpc_name + cidr = "192.168.0.0/16" + } + + resource "huaweicloud_vpc_subnet" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + vpc_id = local.vpc_id + name = var.subnet_name + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "huaweicloud_networking_secgroup" "new" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + name = var.secgroup_name + description = "Kafka cluster security group" + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 2181 + port_range_max = 2181 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_2" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9092 + port_range_max = 9093 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + resource "huaweicloud_compute_keypair" "keypair" { + name = "keypair-kafka-${random_id.new.hex}" + } + + data "huaweicloud_images_image" "image" { + name = "Kafka-v3.3.2_Ubuntu-20.04" + most_recent = true + enterprise_project_id = "0" + } + + module "ecs_kafka_service" { + source = "git@github.com:terraform-huaweicloud-modules/terraform-huaweicloud-ecs.git" + count = var.worker_nodes_count + availability_zone = local.availability_zone + subnet_id = local.subnet_id + instance_name = "kafka-broker-module${random_id.new.hex}-${count.index}" + instance_flavor_id = var.flavor_id + instance_image_id = data.huaweicloud_images_image.image.id + security_group_ids = [ local.secgroup_id ] + system_disk_size = 50 + admin_password = local.admin_passwd + keypair_name = huaweicloud_compute_keypair.keypair.name + user_data = < 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id - subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id - secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id - } - - resource "huaweicloud_vpc" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - name = var.vpc_name - cidr = "192.168.0.0/16" - } - - resource "huaweicloud_vpc_subnet" "new" { - count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 - vpc_id = local.vpc_id - name = var.subnet_name - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "huaweicloud_networking_secgroup" "new" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - name = var.secgroup_name - description = "Kafka cluster security group" - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 2181 - port_range_max = 2181 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_2" { - count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9092 - port_range_max = 9093 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - resource "huaweicloud_kps_keypair" "keypair" { - name = "keypair-kafka-${random_id.new.hex}" - key_file = "keypair-kafka-${random_id.new.hex}.pem" - } - - data "huaweicloud_images_image" "image" { - name = "Kafka-v3.3.2_Ubuntu-20.04" - most_recent = true - enterprise_project_id = "0" - } - - resource "huaweicloud_compute_instance" "zookeeper" { - availability_zone = local.availability_zone - name = "kafka-zookeeper-${random_id.new.hex}" - flavor_id = var.flavor_id - security_group_ids = [ local.secgroup_id ] - image_id = data.huaweicloud_images_image.image.id - key_pair = huaweicloud_kps_keypair.keypair.name - network { - uuid = local.subnet_id + + provider "huaweicloud" { + region = var.region } - user_data = < 0 ? data.huaweicloud_vpcs.existing.vpcs[0].id : huaweicloud_vpc.new[0].id + subnet_id = length(data.huaweicloud_vpc_subnets.existing.subnets)> 0 ? data.huaweicloud_vpc_subnets.existing.subnets[0].id : huaweicloud_vpc_subnet.new[0].id + secgroup_id = length(data.huaweicloud_networking_secgroups.existing.security_groups) > 0 ? data.huaweicloud_networking_secgroups.existing.security_groups[0].id : huaweicloud_networking_secgroup.new[0].id + } + + resource "huaweicloud_vpc" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + name = var.vpc_name + cidr = "192.168.0.0/16" + } + + resource "huaweicloud_vpc_subnet" "new" { + count = length(data.huaweicloud_vpcs.existing.vpcs) == 0 ? 1 : 0 + vpc_id = local.vpc_id + name = var.subnet_name + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "huaweicloud_networking_secgroup" "new" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + name = var.secgroup_name + description = "Kafka cluster security group" + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_0" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_1" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 2181 + port_range_max = 2181 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "huaweicloud_networking_secgroup_rule" "secgroup_rule_2" { + count = length(data.huaweicloud_networking_secgroups.existing.security_groups) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9092 + port_range_max = 9093 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + resource "huaweicloud_kps_keypair" "keypair" { + name = "keypair-kafka-${random_id.new.hex}" + key_file = "keypair-kafka-${random_id.new.hex}.pem" + } + + data "huaweicloud_images_image" "image" { + name = "Kafka-v3.3.2_Ubuntu-20.04" + most_recent = true + enterprise_project_id = "0" + } + + resource "huaweicloud_compute_instance" "zookeeper" { + availability_zone = local.availability_zone + name = "kafka-zookeeper-${random_id.new.hex}" + flavor_id = var.flavor_id + security_group_ids = [ local.secgroup_id ] + image_id = data.huaweicloud_images_image.image.id + key_pair = huaweicloud_kps_keypair.keypair.name + network { + uuid = local.subnet_id + } + user_data = < 0 ? data.openstack_networking_network_v2.existing[0].id : openstack_networking_network_v2.new[0].id - subnet_id = length(data.openstack_networking_subnet_v2.existing) > 0 ? data.openstack_networking_subnet_v2.existing[0].id : openstack_networking_subnet_v2.new[0].id - secgroup_id = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].id : openstack_networking_secgroup_v2.new[0].id - secgroup_name = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].name : openstack_networking_secgroup_v2.new[0].name - } - - resource "openstack_networking_network_v2" "new" { - count = length(data.openstack_networking_network_v2.existing) == 0 ? 1 : 0 - name = "${var.vpc_name}-${random_id.new.hex}" - } - - resource "openstack_networking_subnet_v2" "new" { - count = length(data.openstack_networking_subnet_v2.existing) == 0 ? 1 : 0 - network_id = local.vpc_id - name = "${var.subnet_name}-${random_id.new.hex}" - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "openstack_networking_secgroup_v2" "new" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - name = "${var.secgroup_name}-${random_id.new.hex}" - description = "Kafka cluster security group" - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_0" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 2181 - port_range_max = 2181 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9092 - port_range_max = 9093 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - resource "openstack_compute_keypair_v2" "keypair" { - name = "keypair-k8s-${random_id.new.hex}" - } - - data "openstack_images_image_v2" "image" { - name = "cirros-0.5.2-x86_64-disk" - most_recent = true - } - - resource "openstack_compute_instance_v2" "zookeeper" { - availability_zone = local.availability_zone - name = "kafka-zookeeper-${random_id.new.hex}" - flavor_name = var.flavor_name - security_groups = [ local.secgroup_name ] - image_id = data.openstack_images_image_v2.image.id - key_pair = openstack_compute_keypair_v2.keypair.name - network { - uuid = local.vpc_id + + provider "openstack" { + region = var.region } - user_data = < 0 ? data.openstack_networking_network_v2.existing[0].id : openstack_networking_network_v2.new[0].id + subnet_id = length(data.openstack_networking_subnet_v2.existing) > 0 ? data.openstack_networking_subnet_v2.existing[0].id : openstack_networking_subnet_v2.new[0].id + secgroup_id = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].id : openstack_networking_secgroup_v2.new[0].id + secgroup_name = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].name : openstack_networking_secgroup_v2.new[0].name + } + + resource "openstack_networking_network_v2" "new" { + count = length(data.openstack_networking_network_v2.existing) == 0 ? 1 : 0 + name = "${var.vpc_name}-${random_id.new.hex}" + } + + resource "openstack_networking_subnet_v2" "new" { + count = length(data.openstack_networking_subnet_v2.existing) == 0 ? 1 : 0 + network_id = local.vpc_id + name = "${var.subnet_name}-${random_id.new.hex}" + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "openstack_networking_secgroup_v2" "new" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + name = "${var.secgroup_name}-${random_id.new.hex}" + description = "Kafka cluster security group" + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_0" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 2181 + port_range_max = 2181 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9092 + port_range_max = 9093 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + resource "openstack_compute_keypair_v2" "keypair" { + name = "keypair-k8s-${random_id.new.hex}" + } + + data "openstack_images_image_v2" "image" { + name = "cirros-0.5.2-x86_64-disk" + most_recent = true + } + + resource "openstack_compute_instance_v2" "zookeeper" { + availability_zone = local.availability_zone + name = "kafka-zookeeper-${random_id.new.hex}" + flavor_name = var.flavor_name + security_groups = [ local.secgroup_name ] + image_id = data.openstack_images_image_v2.image.id + key_pair = openstack_compute_keypair_v2.keypair.name + network { + uuid = local.vpc_id + } + user_data = < 0 ? data.openstack_networking_network_v2.existing[0].id : openstack_networking_network_v2.new[0].id - subnet_id = length(data.openstack_networking_subnet_v2.existing) > 0 ? data.openstack_networking_subnet_v2.existing[0].id : openstack_networking_subnet_v2.new[0].id - secgroup_id = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].id : openstack_networking_secgroup_v2.new[0].id - secgroup_name = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].name : openstack_networking_secgroup_v2.new[0].name - } - - resource "openstack_networking_network_v2" "new" { - count = length(data.openstack_networking_network_v2.existing) == 0 ? 1 : 0 - name = "${var.vpc_name}-${random_id.new.hex}" - } - - resource "openstack_networking_subnet_v2" "new" { - count = length(data.openstack_networking_subnet_v2.existing) == 0 ? 1 : 0 - network_id = local.vpc_id - name = "${var.subnet_name}-${random_id.new.hex}" - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "openstack_networking_secgroup_v2" "new" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - name = "${var.secgroup_name}-${random_id.new.hex}" - description = "Kafka cluster security group" - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_0" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 2181 - port_range_max = 2181 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9092 - port_range_max = 9093 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - resource "openstack_compute_keypair_v2" "keypair" { - name = "keypair-k8s-${random_id.new.hex}" - } - - resource "openstack_compute_instance_v2" "zookeeper" { - availability_zone = local.availability_zone - name = "kafka-zookeeper-${random_id.new.hex}" - flavor_name = var.flavor_name - security_groups = [ local.secgroup_name ] - image_name = var.image_name - key_pair = openstack_compute_keypair_v2.keypair.name - network { - uuid = local.vpc_id + + provider "openstack" { + region = var.region } - user_data = < 0 ? data.openstack_networking_network_v2.existing[0].id : openstack_networking_network_v2.new[0].id + subnet_id = length(data.openstack_networking_subnet_v2.existing) > 0 ? data.openstack_networking_subnet_v2.existing[0].id : openstack_networking_subnet_v2.new[0].id + secgroup_id = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].id : openstack_networking_secgroup_v2.new[0].id + secgroup_name = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].name : openstack_networking_secgroup_v2.new[0].name + } + + resource "openstack_networking_network_v2" "new" { + count = length(data.openstack_networking_network_v2.existing) == 0 ? 1 : 0 + name = "${var.vpc_name}-${random_id.new.hex}" + } + + resource "openstack_networking_subnet_v2" "new" { + count = length(data.openstack_networking_subnet_v2.existing) == 0 ? 1 : 0 + network_id = local.vpc_id + name = "${var.subnet_name}-${random_id.new.hex}" + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "openstack_networking_secgroup_v2" "new" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + name = "${var.secgroup_name}-${random_id.new.hex}" + description = "Kafka cluster security group" + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_0" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 2181 + port_range_max = 2181 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9092 + port_range_max = 9093 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + resource "openstack_compute_keypair_v2" "keypair" { + name = "keypair-k8s-${random_id.new.hex}" + } + + resource "openstack_compute_instance_v2" "zookeeper" { + availability_zone = local.availability_zone + name = "kafka-zookeeper-${random_id.new.hex}" + flavor_name = var.flavor_name + security_groups = [ local.secgroup_name ] + image_name = var.image_name + key_pair = openstack_compute_keypair_v2.keypair.name + network { + uuid = local.vpc_id + } + user_data = < 0 ? data.openstack_networking_network_v2.existing[0].id : openstack_networking_network_v2.new[0].id - subnet_id = length(data.openstack_networking_subnet_v2.existing) > 0 ? data.openstack_networking_subnet_v2.existing[0].id : openstack_networking_subnet_v2.new[0].id - secgroup_id = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].id : openstack_networking_secgroup_v2.new[0].id - secgroup_name = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].name : openstack_networking_secgroup_v2.new[0].name - } - - resource "openstack_networking_network_v2" "new" { - count = length(data.openstack_networking_network_v2.existing) == 0 ? 1 : 0 - name = "${var.vpc_name}-${random_id.new.hex}" - } - - resource "openstack_networking_subnet_v2" "new" { - count = length(data.openstack_networking_subnet_v2.existing) == 0 ? 1 : 0 - network_id = local.vpc_id - name = "${var.subnet_name}-${random_id.new.hex}" - cidr = "192.168.10.0/24" - gateway_ip = "192.168.10.1" - } - - resource "openstack_networking_secgroup_v2" "new" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - name = "${var.secgroup_name}-${random_id.new.hex}" - description = "Kafka cluster security group" - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_0" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 2181 - port_range_max = 2181 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { - count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9092 - port_range_max = 9093 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - resource "openstack_compute_keypair_v2" "keypair" { - name = "keypair-k8s-${random_id.new.hex}" - } - - resource "openstack_compute_instance_v2" "zookeeper" { - availability_zone = local.availability_zone - name = "kafka-zookeeper-${random_id.new.hex}" - flavor_name = var.flavor_name - security_groups = [ local.secgroup_name ] - image_name = var.image_name - key_pair = openstack_compute_keypair_v2.keypair.name - network { - uuid = local.vpc_id + + provider "openstack" { + region = var.region } - user_data = < 0 ? data.openstack_networking_network_v2.existing[0].id : openstack_networking_network_v2.new[0].id + subnet_id = length(data.openstack_networking_subnet_v2.existing) > 0 ? data.openstack_networking_subnet_v2.existing[0].id : openstack_networking_subnet_v2.new[0].id + secgroup_id = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].id : openstack_networking_secgroup_v2.new[0].id + secgroup_name = length(data.openstack_networking_secgroup_v2.existing) > 0 ? data.openstack_networking_secgroup_v2.existing[0].name : openstack_networking_secgroup_v2.new[0].name + } + + resource "openstack_networking_network_v2" "new" { + count = length(data.openstack_networking_network_v2.existing) == 0 ? 1 : 0 + name = "${var.vpc_name}-${random_id.new.hex}" + } + + resource "openstack_networking_subnet_v2" "new" { + count = length(data.openstack_networking_subnet_v2.existing) == 0 ? 1 : 0 + network_id = local.vpc_id + name = "${var.subnet_name}-${random_id.new.hex}" + cidr = "192.168.10.0/24" + gateway_ip = "192.168.10.1" + } + + resource "openstack_networking_secgroup_v2" "new" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + name = "${var.secgroup_name}-${random_id.new.hex}" + description = "Kafka cluster security group" + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_0" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 2181 + port_range_max = 2181 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { + count = length(data.openstack_networking_secgroup_v2.existing) == 0 ? 1 : 0 + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9092 + port_range_max = 9093 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + resource "openstack_compute_keypair_v2" "keypair" { + name = "keypair-k8s-${random_id.new.hex}" + } + + resource "openstack_compute_instance_v2" "zookeeper" { + availability_zone = local.availability_zone + name = "kafka-zookeeper-${random_id.new.hex}" + flavor_name = var.flavor_name + security_groups = [ local.secgroup_name ] + image_name = var.image_name + key_pair = openstack_compute_keypair_v2.keypair.name + network { + uuid = local.vpc_id + } + user_data = < 0 ? data.flexibleengine_vpcs.existing.vpcs[0].id : flexibleengine_vpc_v1.new[0].id - subnet_id = length(data.flexibleengine_vpc_subnets.existing.subnets) > 0 ? data.flexibleengine_vpc_subnets.existing.subnets[0].id : flexibleengine_vpc_subnet_v1.new[0].id - secgroup_id = flexibleengine_networking_secgroup_v2.new.id - secgroup_name = flexibleengine_networking_secgroup_v2.new.name - } - - resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_0" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_1" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 2181 - port_range_max = 2181 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_2" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9092 - port_range_max = 9093 - remote_ip_prefix = "121.37.117.211/32" - security_group_id = local.secgroup_id - } - - resource "random_id" "new" { - byte_length = 4 - } - - resource "random_password" "password" { - length = 12 - upper = true - lower = true - numeric = true - special = true - min_special = 1 - override_special = "#%@" - } - - resource "flexibleengine_compute_keypair_v2" "keypair" { - name = "keypair-k8s-${random_id.new.hex}" - } - - data "flexibleengine_images_image" "image" { - name = var.image_name - most_recent = true - enterprise_project_id = "0" - } - - resource "flexibleengine_compute_instance_v2" "zookeeper" { - availability_zone = local.availability_zone - name = "kafka-zookeeper-${random_id.new.hex}" - flavor_id = var.flavor_id - security_groups = [ local.secgroup_name ] - image_id = data.flexibleengine_images_image.image.id - key_pair = flexibleengine_compute_keypair_v2.keypair.name - network { - uuid = local.subnet_id + + provider "flexibleengine" { + region = var.region } - user_data = < 0 ? data.flexibleengine_vpcs.existing.vpcs[0].id : flexibleengine_vpc_v1.new[0].id + subnet_id = length(data.flexibleengine_vpc_subnets.existing.subnets) > 0 ? data.flexibleengine_vpc_subnets.existing.subnets[0].id : flexibleengine_vpc_subnet_v1.new[0].id + secgroup_id = flexibleengine_networking_secgroup_v2.new.id + secgroup_name = flexibleengine_networking_secgroup_v2.new.name + } + + resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_0" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_1" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 2181 + port_range_max = 2181 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "flexibleengine_networking_secgroup_rule_v2" "secgroup_rule_2" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9092 + port_range_max = 9093 + remote_ip_prefix = "121.37.117.211/32" + security_group_id = local.secgroup_id + } + + resource "random_id" "new" { + byte_length = 4 + } + + resource "random_password" "password" { + length = 12 + upper = true + lower = true + numeric = true + special = true + min_special = 1 + override_special = "#%@" + } + + resource "flexibleengine_compute_keypair_v2" "keypair" { + name = "keypair-k8s-${random_id.new.hex}" + } + + data "flexibleengine_images_image" "image" { + name = var.image_name + most_recent = true + enterprise_project_id = "0" + } + + resource "flexibleengine_compute_instance_v2" "zookeeper" { + availability_zone = local.availability_zone + name = "kafka-zookeeper-${random_id.new.hex}" + flavor_id = var.flavor_id + security_groups = [ local.secgroup_name ] + image_id = data.flexibleengine_images_image.image.id + key_pair = flexibleengine_compute_keypair_v2.keypair.name + network { + uuid = local.subnet_id + } + user_data = <