Changes for #558 - Integrate LB with backwards compatibility

Signed-off-by: Chandan Abhyankar <chandan.abhyankar@gmail.com>

main.tf

@@ -27,9 +27,10 @@ resource "random_id" "label" {
 locals {
   cluster_id = var.cluster_id == "" ? random_id.label[0].hex : (var.cluster_id_prefix == "" ? var.cluster_id : "${var.cluster_id_prefix}-${var.cluster_id}")
   # Generates vm_id as combination of vm_id_prefix + (random_id or user-defined vm_id)
-  name_prefix = var.name_prefix == "" ? "mac-${random_id.label[0].hex}" : "${var.name_prefix}"
-  node_prefix = var.use_zone_info_for_names ? "${var.powervs_zone}-" : ""
-  vpc_name    = var.vpc_create ? "${local.name_prefix}-vpc" : var.vpc_name
+  name_prefix                 = var.name_prefix == "" ? "mac-${random_id.label[0].hex}" : "${var.name_prefix}"
+  node_prefix                 = var.use_zone_info_for_names ? "${var.powervs_zone}-" : ""
+  vpc_name                    = var.vpc_create ? "${local.name_prefix}-vpc" : var.vpc_name
+  skip_transit_gateway_create = var.ibm_cloud_cis == true ? true : false
 }
 
 ### Prepares the VPC Support Machine
@@ -106,6 +107,7 @@ module "vpc_gateway" {
 
 ### Prepares the VPC Support Machine
 module "pvs_link" {
+  count = var.ibm_cloud_cis ? 0 : 1
   providers = {
     ibm = ibm.powervs
   }
@@ -118,7 +120,7 @@ module "pvs_link" {
 }
 
 module "transit_gateway" {
-  count = var.skip_transit_gateway_create ? 0 : 1
+  count = local.skip_transit_gateway_create ? 0 : 1
   providers = {
     ibm = ibm.vpc
   }
@@ -208,3 +210,4 @@ module "post" {
   worker_3                  = var.worker_3
   cicd_image_pruner_cleanup = var.cicd_image_pruner_cleanup
 }
+

modules/7_post/files/update_lbs.sh → modules/7_post/haproxy_lb/files/update_lbs.sh

@@ -76,4 +76,4 @@ ansible-playbook lb.yaml --extra-vars=@vars.yaml -i inventory
 echo "Restart haproxy"
 sleep 10
 systemctl restart haproxy
-echo "Done with the haproxy"
+echo "Done with the haproxy"

modules/7_post/haproxy_lb/haproxy_lb.tf

@@ -0,0 +1,92 @@
+################################################################
+# Copyright 2023 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+
+locals {
+  ansible_post_path = "/root/ocp4-upi-compute-powervs-ibmcloud/post"
+}
+
+# Dev Note: only on destroy - restore the load balancers
+resource "null_resource" "remove_lbs" {
+  #  depends_on = [null_resource.patch_nfs_arch_ppc64le]
+
+  triggers = {
+    count_1           = var.worker_1["count"]
+    count_2           = var.worker_2["count"]
+    count_3           = var.worker_3["count"]
+    user              = var.rhel_username
+    timeout           = "${var.connection_timeout}m"
+    name_prefix       = "${var.name_prefix}"
+    private_key       = file(var.private_key_file)
+    host              = var.bastion_public_ip
+    agent             = var.ssh_agent
+    ansible_post_path = local.ansible_post_path
+  }
+
+  connection {
+    type        = "ssh"
+    user        = self.triggers.user
+    private_key = self.triggers.private_key
+    host        = self.triggers.host
+    agent       = self.triggers.agent
+    timeout     = self.triggers.timeout
+  }
+
+  provisioner "remote-exec" {
+    inline = [<<EOF
+mkdir -p /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
+EOF
+    ]
+  }
+
+  provisioner "file" {
+    source      = "${path.module}/files/remove_lbs.sh"
+    destination = "/root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/remove_lbs.sh"
+  }
+
+  provisioner "remote-exec" {
+    when       = destroy
+    on_failure = continue
+    inline = [<<EOF
+cd /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
+bash remove_lbs.sh
+EOF
+    ]
+  }
+}
+
+
+resource "null_resource" "updating_load_balancers" {
+  #  depends_on = [null_resource.patch_nfs_arch_ppc64le, null_resource.remove_lbs]
+  connection {
+    type        = "ssh"
+    user        = var.rhel_username
+    private_key = file(var.private_key_file)
+    host        = var.bastion_public_ip
+    agent       = var.ssh_agent
+    timeout     = "${var.connection_timeout}m"
+  }
+
+  provisioner "remote-exec" {
+    inline = [<<EOF
+mkdir -p /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
+EOF
+    ]
+  }
+
+  provisioner "file" {
+    source      = "${path.module}/files/update_lbs.sh"
+    destination = "/root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/update_lbs.sh"
+  }
+
+  # Dev Note: Updates the load balancers
+  provisioner "remote-exec" {
+    inline = [<<EOF
+cd /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
+bash update_lbs.sh
+EOF
+    ]
+  }
+}
+

modules/7_post/haproxy_lb/outputs.tf

@@ -0,0 +1,5 @@
+################################################################
+# Copyright 2023 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+

modules/7_post/haproxy_lb/variables.tf

@@ -0,0 +1,16 @@
+################################################################
+# Copyright 2023 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+
+variable "ssh_agent" {}
+variable "connection_timeout" {}
+variable "rhel_username" {}
+variable "bastion_public_ip" {}
+variable "private_key_file" {}
+variable "vpc_region" {}
+variable "vpc_zone" {}
+variable "name_prefix" {}
+variable "worker_1" {}
+variable "worker_2" {}
+variable "worker_3" {}

modules/7_post/haproxy_lb/versions.tf

@@ -0,0 +1,8 @@
+################################################################
+# Copyright 2023 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+
+terraform {
+  required_version = ">= 1.5.0"
+}

modules/7_post/post.tf

@@ -187,85 +187,19 @@ EOF
   }
 }
 
-# Dev Note: only on destroy - restore the load balancers
-resource "null_resource" "remove_lbs" {
-  depends_on = [null_resource.patch_nfs_arch_ppc64le]
-
-  triggers = {
-    count_1           = var.worker_1["count"]
-    count_2           = var.worker_2["count"]
-    count_3           = var.worker_3["count"]
-    user              = var.rhel_username
-    timeout           = "${var.connection_timeout}m"
-    name_prefix       = "${var.name_prefix}"
-    private_key       = file(var.private_key_file)
-    host              = var.bastion_public_ip
-    agent             = var.ssh_agent
-    ansible_post_path = local.ansible_post_path
-  }
-
-  connection {
-    type        = "ssh"
-    user        = self.triggers.user
-    private_key = self.triggers.private_key
-    host        = self.triggers.host
-    agent       = self.triggers.agent
-    timeout     = self.triggers.timeout
-  }
-
-  provisioner "remote-exec" {
-    inline = [<<EOF
-mkdir -p /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
-EOF
-    ]
-  }
-
-  provisioner "file" {
-    source      = "${path.module}/files/remove_lbs.sh"
-    destination = "/root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/remove_lbs.sh"
-  }
-
-  provisioner "remote-exec" {
-    when       = destroy
-    on_failure = continue
-    inline = [<<EOF
-cd /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
-bash remove_lbs.sh
-EOF
-    ]
-  }
+module "haproxy_lb_support" {
+  source = "./haproxy_lb"
+
+  ssh_agent          = var.ssh_agent
+  rhel_username      = var.rhel_username
+  connection_timeout = var.connection_timeout
+  bastion_public_ip  = var.bastion_public_ip
+  private_key_file   = var.private_key_file
+  vpc_region         = var.vpc_region
+  vpc_zone           = var.vpc_zone
+  name_prefix        = var.name_prefix
+  worker_1           = var.worker_1
+  worker_2           = var.worker_2
+  worker_3           = var.worker_3
 }
 
-
-resource "null_resource" "updating_load_balancers" {
-  depends_on = [null_resource.patch_nfs_arch_ppc64le, null_resource.remove_lbs]
-  connection {
-    type        = "ssh"
-    user        = var.rhel_username
-    private_key = file(var.private_key_file)
-    host        = var.bastion_public_ip
-    agent       = var.ssh_agent
-    timeout     = "${var.connection_timeout}m"
-  }
-
-  provisioner "remote-exec" {
-    inline = [<<EOF
-mkdir -p /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
-EOF
-    ]
-  }
-
-  provisioner "file" {
-    source      = "${path.module}/files/update_lbs.sh"
-    destination = "/root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/update_lbs.sh"
-  }
-
-  # Dev Note: Updates the load balancers
-  provisioner "remote-exec" {
-    inline = [<<EOF
-cd /root/ocp4-upi-compute-powervs-ibmcloud/intel/lbs/
-bash update_lbs.sh
-EOF
-    ]
-  }
-}

var.tfvars

@@ -26,4 +26,8 @@ worker_3 = { count = "0", profile = "cx2-8x16", "zone" = "au-syd-3" }
 
 # Public and Private Key for Bastion Nodes
 public_key_file  = "data/id_rsa.pub"
-private_key_file = "data/id_rsa"
+private_key_file = "data/id_rsa"
+
+# Required for Ignition and Automation to Run
+powervs_bastion_private_ip = "<Private IP Address of Bastion> e.g. 192.168.200.x"
+powervs_bastion_ip         = "<Public IP Address of Bastion>"

variables.tf

@@ -104,6 +104,7 @@ variable "powervs_network_name" {
   }
 }
 
+
 ################################################################
 # Configure the Intel workers to be added to the compute plane
 ################################################################
@@ -351,3 +352,9 @@ variable "skip_route_creation" {
   default     = false
 }
 
+variable "ibm_cloud_cis" {
+  type        = bool
+  description = "ibm_cloud_cis flag which indicates LoadBalancer and Security Groups are created by UPI automation"
+  default     = false
+}
+