You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by of...@apache.org on 2019/11/06 12:35:22 UTC
[incubator-dlab] 01/01: Created RC1
This is an automated email from the ASF dual-hosted git repository.
ofuks pushed a commit to branch v2.2-RC1
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit b7cd69e79b89eaa763c31e7971296fdba8a3a874
Author: Oleh Fuks <ol...@gmail.com>
AuthorDate: Wed Nov 6 14:34:23 2019 +0200
Created RC1
---
.../aws/computational_resources/main/main.tf | 97 --
.../aws/computational_resources/main/variables.tf | 57 --
.../aws/computational_resources/modules/ami/ami.tf | 40 -
.../modules/ami/variables.tf | 39 -
.../computational_resources/modules/common/iam.tf | 118 ---
.../modules/common/network.tf | 80 --
.../modules/common/variables.tf | 48 -
.../modules/data_engine/instance.tf | 71 --
.../modules/data_engine/variables.tf | 52 -
.../modules/emr/instance.tf | 82 --
.../modules/emr/variables.tf | 59 --
.../modules/notebook/instance.tf | 44 -
.../modules/notebook/variables.tf | 48 -
.../terraform/aws/endpoint/main/README.md | 18 -
.../aws/endpoint/main/files/assume-policy.json | 13 -
.../aws/endpoint/main/files/endpoint-policy.json | 123 ---
.../terraform/aws/endpoint/main/iam.tf | 56 --
.../terraform/aws/endpoint/main/instance.tf | 51 -
.../terraform/aws/endpoint/main/main.tf | 26 -
.../terraform/aws/endpoint/main/network.tf | 128 ---
.../terraform/aws/endpoint/main/variables.tf | 77 --
.../aws/project/main/files/edge-assume-policy.json | 13 -
.../aws/project/main/files/edge-policy.json | 123 ---
.../aws/project/main/files/nb-assume-policy.json | 13 -
.../aws/project/main/files/nb-policy.json | 43 -
.../terraform/aws/project/main/iam.tf | 108 ---
.../terraform/aws/project/main/instance.tf | 50 -
.../terraform/aws/project/main/main.tf | 27 -
.../terraform/aws/project/main/network.tf | 275 ------
.../terraform/aws/project/main/variales.tf | 64 --
.../main/dlab-billing-chart/.helmignore | 43 -
.../main/dlab-billing-chart/Chart.yaml | 26 -
.../main/dlab-billing-chart/templates/NOTES.txt | 42 -
.../main/dlab-billing-chart/templates/_helpers.tpl | 65 --
.../templates/configmap-billing-conf.yaml | 105 --
.../dlab-billing-chart/templates/deployment.yaml | 86 --
.../main/dlab-billing-chart/templates/service.yaml | 38 -
.../main/dlab-billing-chart/values.yaml | 76 --
.../aws/ssn-helm-charts/main/dlab-billing.tf | 56 --
.../ssn-helm-charts/main/dlab-ui-chart/.helmignore | 43 -
.../ssn-helm-charts/main/dlab-ui-chart/Chart.yaml | 26 -
.../main/dlab-ui-chart/templates/NOTES.txt | 42 -
.../main/dlab-ui-chart/templates/_helpers.tpl | 65 --
.../dlab-ui-chart/templates/configmap-ui-conf.yaml | 246 -----
.../main/dlab-ui-chart/templates/deployment.yaml | 103 --
.../main/dlab-ui-chart/templates/ingress.yaml | 57 --
.../main/dlab-ui-chart/templates/service.yaml | 44 -
.../ssn-helm-charts/main/dlab-ui-chart/values.yaml | 62 --
.../terraform/aws/ssn-helm-charts/main/dlab-ui.tf | 46 -
.../main/files/configure_keycloak.sh | 115 ---
.../main/files/dlab/login/resources/css/login.css | 473 ---------
.../files/dlab/login/resources/img/favicon.ico | Bin 4286 -> 0 bytes
.../resources/img/feedback-error-arrow-down.png | Bin 513 -> 0 bytes
.../login/resources/img/feedback-error-sign.png | Bin 343 -> 0 bytes
.../resources/img/feedback-success-arrow-down.png | Bin 678 -> 0 bytes
.../login/resources/img/feedback-success-sign.png | Bin 410 -> 0 bytes
.../resources/img/feedback-warning-arrow-down.png | Bin 513 -> 0 bytes
.../login/resources/img/feedback-warning-sign.png | Bin 646 -> 0 bytes
.../dlab/login/resources/img/keycloak-logo.png | Bin 5281 -> 0 bytes
.../dlab/login/resources/img/login-background.png | Bin 191866 -> 0 bytes
.../files/dlab/login/resources/img/login-icons.png | Bin 3934 -> 0 bytes
.../main/files/dlab/login/resources/img/logo.png | Bin 5268 -> 0 bytes
.../main/files/dlab/login/theme.properties | 69 --
.../main/files/keycloak_values.yaml | 74 --
.../ssn-helm-charts/main/files/mongo_values.yaml | 39 -
.../main/files/mysql_keycloak_values.yaml | 27 -
.../ssn-helm-charts/main/files/nginx_values.yaml | 27 -
.../terraform/aws/ssn-helm-charts/main/keycloak.tf | 70 --
.../terraform/aws/ssn-helm-charts/main/main.tf | 30 -
.../terraform/aws/ssn-helm-charts/main/mongo.tf | 44 -
.../terraform/aws/ssn-helm-charts/main/mysql.tf | 75 --
.../terraform/aws/ssn-helm-charts/main/nginx.tf | 30 -
.../terraform/aws/ssn-helm-charts/main/secrets.tf | 128 ---
.../aws/ssn-helm-charts/main/variables.tf | 173 ----
.../terraform/aws/ssn-k8s/main/README.md | 25 -
.../aws/ssn-k8s/main/auto_scaling_groups.tf | 183 ----
.../aws/ssn-k8s/main/files/assume-policy.json | 13 -
.../aws/ssn-k8s/main/files/masters-user-data.sh | 209 ----
.../aws/ssn-k8s/main/files/ssn-policy.json.tpl | 40 -
.../aws/ssn-k8s/main/files/workers-user-data.sh | 68 --
.../terraform/aws/ssn-k8s/main/lb.tf | 129 ---
.../terraform/aws/ssn-k8s/main/main.tf | 96 --
.../terraform/aws/ssn-k8s/main/role_policy.tf | 56 --
.../terraform/aws/ssn-k8s/main/s3.tf | 50 -
.../terraform/aws/ssn-k8s/main/security_groups.tf | 85 --
.../terraform/aws/ssn-k8s/main/variables.tf | 108 ---
.../terraform/aws/ssn-k8s/main/vpc.tf | 190 ----
.../azure/computational_resources/main/main.tf | 72 --
.../computational_resources/main/variables.tf | 80 --
.../modules/data_engine/instance.tf | 167 ----
.../modules/data_engine/variables.tf | 58 --
.../modules/notebook/instance.tf | 143 ---
.../modules/notebook/variables.tf | 92 --
.../terraform/azure/project/main/instance.tf | 98 --
.../terraform/azure/project/main/main.tf | 27 -
.../terraform/azure/project/main/network.tf | 442 ---------
.../terraform/azure/project/main/variables.tf | 100 --
.../terraform/bin/deploy/__init__.py | 0
.../terraform/bin/deploy/daemon.json | 5 -
.../terraform/bin/deploy/endpoint_fab.py | 680 -------------
.../terraform/bin/deploy/provisioning.yml | 179 ----
.../terraform/bin/deploy/supervisor_svc.conf | 35 -
infrastructure-provisioning/terraform/bin/dlab.py | 1019 --------------------
.../terraform/bin/requirements.txt | 2 -
.../terraform/bin/terraform-cli.py | 659 -------------
.../terraform/gcp/endpoint/daemon.json | 5 -
.../terraform/gcp/endpoint/main/iam.tf | 49 -
.../terraform/gcp/endpoint/main/instance.tf | 74 --
.../terraform/gcp/endpoint/main/main.tf | 27 -
.../terraform/gcp/endpoint/main/network.tf | 72 --
.../terraform/gcp/endpoint/main/variables.tf | 149 ---
.../terraform/gcp/endpoint/provisioning.py | 611 ------------
.../terraform/gcp/endpoint/provisioning.yml | 179 ----
.../terraform/gcp/endpoint/supervisor_svc.conf | 35 -
.../terraform/gcp/main/main.tf | 88 --
.../terraform/gcp/main/variables.tf | 55 --
.../terraform/gcp/modules/common/iam.tf | 36 -
.../terraform/gcp/modules/common/network.tf | 39 -
.../terraform/gcp/modules/common/variables.tf | 39 -
.../terraform/gcp/modules/data_engine/instance.tf | 101 --
.../terraform/gcp/modules/data_engine/variables.tf | 35 -
.../terraform/gcp/modules/dataproc/instance.tf | 42 -
.../terraform/gcp/modules/dataproc/variables.tf | 39 -
.../terraform/gcp/modules/notebook/instance.tf | 65 --
.../terraform/gcp/modules/notebook/variables.tf | 29 -
.../terraform/gcp/ssn-gke/main/main.tf | 71 --
.../gcp/ssn-gke/main/modules/gke/buckets.tf | 45 -
.../terraform/gcp/ssn-gke/main/modules/gke/gke.tf | 105 --
.../terraform/gcp/ssn-gke/main/modules/gke/iam.tf | 52 -
.../gcp/ssn-gke/main/modules/gke/outputs.tf | 40 -
.../gcp/ssn-gke/main/modules/gke/variables.tf | 43 -
.../terraform/gcp/ssn-gke/main/modules/gke/vpc.tf | 49 -
.../helm_charts/dlab-billing-chart/.helmignore | 43 -
.../helm_charts/dlab-billing-chart/Chart.yaml | 26 -
.../dlab-billing-chart/templates/NOTES.txt | 42 -
.../dlab-billing-chart/templates/_helpers.tpl | 65 --
.../templates/configmap-billing-conf.yaml | 49 -
.../dlab-billing-chart/templates/deployment.yaml | 86 --
.../dlab-billing-chart/templates/service.yaml | 38 -
.../helm_charts/dlab-billing-chart/values.yaml | 63 --
.../main/modules/helm_charts/dlab-billing.tf | 43 -
.../modules/helm_charts/dlab-ui-chart/.helmignore | 43 -
.../modules/helm_charts/dlab-ui-chart/Chart.yaml | 26 -
.../helm_charts/dlab-ui-chart/templates/NOTES.txt | 42 -
.../dlab-ui-chart/templates/_helpers.tpl | 65 --
.../dlab-ui-chart/templates/configmap-ui-conf.yaml | 246 -----
.../dlab-ui-chart/templates/deployment.yaml | 101 --
.../dlab-ui-chart/templates/ingress.yaml | 43 -
.../dlab-ui-chart/templates/service.yaml | 43 -
.../modules/helm_charts/dlab-ui-chart/values.yaml | 61 --
.../ssn-gke/main/modules/helm_charts/dlab-ui.tf | 52 -
.../helm_charts/files/configure_keycloak.sh | 115 ---
.../files/dlab/login/resources/css/login.css | 473 ---------
.../files/dlab/login/resources/img/favicon.ico | Bin 4286 -> 0 bytes
.../resources/img/feedback-error-arrow-down.png | Bin 513 -> 0 bytes
.../login/resources/img/feedback-error-sign.png | Bin 343 -> 0 bytes
.../resources/img/feedback-success-arrow-down.png | Bin 678 -> 0 bytes
.../login/resources/img/feedback-success-sign.png | Bin 410 -> 0 bytes
.../resources/img/feedback-warning-arrow-down.png | Bin 513 -> 0 bytes
.../login/resources/img/feedback-warning-sign.png | Bin 646 -> 0 bytes
.../dlab/login/resources/img/keycloak-logo.png | Bin 5281 -> 0 bytes
.../dlab/login/resources/img/login-background.png | Bin 191866 -> 0 bytes
.../files/dlab/login/resources/img/login-icons.png | Bin 3934 -> 0 bytes
.../files/dlab/login/resources/img/logo.png | Bin 5268 -> 0 bytes
.../helm_charts/files/dlab/login/theme.properties | 69 --
.../modules/helm_charts/files/keycloak_values.yaml | 73 --
.../modules/helm_charts/files/mongo_values.yaml | 38 -
.../modules/helm_charts/files/mysql_values.yaml | 25 -
.../modules/helm_charts/files/nginx_values.yaml | 27 -
.../ssn-gke/main/modules/helm_charts/keycloak.tf | 102 --
.../gcp/ssn-gke/main/modules/helm_charts/main.tf | 73 --
.../gcp/ssn-gke/main/modules/helm_charts/mongo.tf | 52 -
.../gcp/ssn-gke/main/modules/helm_charts/mysql.tf | 73 --
.../gcp/ssn-gke/main/modules/helm_charts/nginx.tf | 37 -
.../ssn-gke/main/modules/helm_charts/outputs.tf | 36 -
.../ssn-gke/main/modules/helm_charts/secrets.tf | 128 ---
.../ssn-gke/main/modules/helm_charts/variables.tf | 78 --
.../terraform/gcp/ssn-gke/main/outputs.tf | 48 -
.../terraform/gcp/ssn-gke/main/variables.tf | 194 ----
179 files changed, 14790 deletions(-)
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/main/main.tf b/infrastructure-provisioning/terraform/aws/computational_resources/main/main.tf
deleted file mode 100644
index 1fb08e5..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/main/main.tf
+++ /dev/null
@@ -1,97 +0,0 @@
-provider "aws" {
- access_key = var.access_key_id
- secret_key = var.secret_access_key
- region = var.region
-}
-
-module "common" {
- source = "../modules/common"
- sbn = var.service_base_name
- project_name = var.project_name
- project_tag = var.project_tag
- endpoint_tag = var.endpoint_tag
- user_tag = var.user_tag
- custom_tag = var.custom_tag
- notebook_name = var.notebook_name
- region = var.region
- zone = var.zone
- product = var.product_name
- vpc = var.vpc_id
- cidr_range = var.cidr_range
- traefik_cidr = var.traefik_cidr
- instance_type = var.instance_type
-}
-
-module "notebook" {
- source = "../modules/notebook"
- sbn = var.service_base_name
- project_name = var.project_name
- project_tag = var.project_tag
- endpoint_tag = var.endpoint_tag
- user_tag = var.user_tag
- custom_tag = var.custom_tag
- notebook_name = var.notebook_name
- subnet_id = var.subnet_id
- nb-sg_id = var.nb-sg_id
- iam_profile_name = var.iam_profile_name
- product = var.product_name
- ami = var.ami
- instance_type = var.instance_type
- key_name = var.key_name
-}
-
-module "data_engine" {
- source = "../modules/data_engine"
- sbn = var.service_base_name
- project_name = var.project_name
- project_tag = var.project_tag
- endpoint_tag = var.endpoint_tag
- user_tag = var.user_tag
- custom_tag = var.custom_tag
- notebook_name = var.notebook_name
- subnet_id = var.subnet_id
- nb-sg_id = var.nb-sg_id
- iam_profile_name = var.iam_profile_name
- product = var.product_name
- ami = var.ami
- instance_type = var.instance_type
- key_name = var.key_name
- cluster_name = var.cluster_name
- slave_count = var.slave_count
-}
-
-module "emr" {
- source = "../modules/emr"
- sbn = var.service_base_name
- project_name = var.project_name
- project_tag = var.project_tag
- endpoint_tag = var.endpoint_tag
- user_tag = var.user_tag
- custom_tag = var.custom_tag
- notebook_name = var.notebook_name
- subnet_id = var.subnet_id
- nb-sg_id = var.nb-sg_id
- iam_profile_name = var.iam_profile_name
- product = var.product_name
- ami = var.ami
- emr_template = var.emr_template
- master_shape = var.master_shape
- slave_shape = var.slave_shape
- key_name = var.key_name
- cluster_name = var.cluster_name
- instance_count = var.instance_count
- bid_price = var.bid_price
-}
-
-module "ami" {
- source = "../modules/ami"
- sbn = var.service_base_name
- project_name = var.project_name
- source_instance_id = var.source_instance_id
- project_tag = var.project_tag
- notebook_name = var.notebook_name
- product = var.product_name
- endpoint_tag = var.endpoint_tag
- user_tag = var.user_tag
- custom_tag = var.custom_tag
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/main/variables.tf b/infrastructure-provisioning/terraform/aws/computational_resources/main/variables.tf
deleted file mode 100644
index 13f0d25..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/main/variables.tf
+++ /dev/null
@@ -1,57 +0,0 @@
-variable "access_key_id" {}
-
-variable "secret_access_key" {}
-
-variable "service_base_name" {}
-
-variable "project_name" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "notebook_name" {}
-
-variable "region" {}
-
-variable "zone" {}
-
-variable "product_name" {}
-
-variable "vpc_id" {}
-
-variable "subnet_id" {}
-
-variable "nb-sg_id" {}
-
-variable "iam_profile_name" {}
-
-variable "cidr_range" {}
-
-variable "traefik_cidr" {}
-
-variable "ami" {}
-
-variable "instance_type" {}
-
-variable "key_name" {}
-
-variable "cluster_name" {}
-
-variable "slave_count" {}
-
-variable "emr_template" {}
-
-variable "master_shape" {}
-
-variable "slave_shape" {}
-
-variable "instance_count" {}
-
-variable "bid_price" {}
-
-variable "source_instance_id" {}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/ami/ami.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/ami/ami.tf
deleted file mode 100644
index 1c7117f..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/ami/ami.tf
+++ /dev/null
@@ -1,40 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- ami_name = "${var.sbn}-ami"
-}
-
-resource "aws_ami_from_instance" "ami" {
- name = "${var.project_tag}-${var.notebook_name}-ami"
- source_instance_id = var.source_instance_id
- tags {
- Name = local.ami_name
- "${var.sbn}-Tag" = local.ami_name
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- "user:tag" = "${var.sbn}:${local.ami_name}"
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/ami/variables.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/ami/variables.tf
deleted file mode 100644
index 0402960..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/ami/variables.tf
+++ /dev/null
@@ -1,39 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-
-variable "project_name" {}
-
-variable "sbn" {}
-
-variable "source_instance_id" {}
-
-variable "project_tag" {}
-
-variable "notebook_name" {}
-
-variable "product" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/iam.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/iam.tf
deleted file mode 100644
index 6624f30..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/iam.tf
+++ /dev/null
@@ -1,118 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- role_name = "${var.sbn}-nb-de-Role"
- role_profile = "${var.sbn}-nb-Profile"
- policy_name = "${var.sbn}-strict_to_S3-Policy"
-}
-
-resource "aws_iam_role" "nb_de_role" {
- name = local.role_name
- assume_role_policy = <<EOF
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": {
- "Service": "ec2.amazonaws.com"
- },
- "Effect": "Allow",
- "Sid": ""
- }
- ]
-}
-EOF
-
- tags = {
- Name = local.role_name
- Environment_tag = var.sbn
- "${var.sbn}-Tag" = local.role_name
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- "user:tag" = "${var.sbn}:${local.role_name}"
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
-}
-
-resource "aws_iam_instance_profile" "nb_profile" {
- name = local.role_profile
- role = aws_iam_role.nb_de_role.name
-}
-
-resource "aws_iam_policy" "strict_S3_policy" {
- name = local.policy_name
- description = "Strict Bucket only policy"
- policy = <<EOF
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": "s3:ListAllMyBuckets",
- "Resource": "arn:aws:s3:::*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:ListBucket",
- "s3:GetBucketLocation",
- "s3:PutBucketPolicy",
- "s3:PutEncryptionConfiguration"
- ],
- "Resource": [
- "arn:aws:s3:::${var.sbn}*"
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:GetObject",
- "s3:HeadObject"
- ],
- "Resource": "arn:aws:s3:::${var.sbn}-ssn-bucket/*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:HeadObject",
- "s3:PutObject",
- "s3:GetObject",
- "s3:DeleteObject"
- ],
- "Resource": [
- "arn:aws:s3:::${var.sbn}-bucket/*",
- "arn:aws:s3:::${var.sbn}-shared-bucket/*"
- ]
- }
- ]
-}
-EOF
-}
-
-resource "aws_iam_role_policy_attachment" "strict_S3_policy-attach" {
- role = aws_iam_role.nb_de_role.name
- policy_arn = aws_iam_policy.strict_S3_policy.arn
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/network.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/network.tf
deleted file mode 100644
index 297cf28..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/network.tf
+++ /dev/null
@@ -1,80 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- subnet_name = "${var.sbn}-subnet"
- sg_name = "${var.sbn}-nb-sg" #sg - security group
-}
-
-resource "aws_subnet" "subnet" {
- vpc_id = var.vpc
- cidr_block = var.cidr_range
-
- tags = {
- Name = local.subnet_name
- "${var.sbn}-Tag" = local.subnet_name
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- "user:tag" = "${var.sbn}:${local.subnet_name}"
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
-}
-
-resource "aws_security_group" "nb-sg" {
- name = local.sg_name
- vpc_id = var.vpc
-
- ingress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["${var.cidr_range}", "${var.traefik_cidr}"]
- }
-
- egress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- egress {
- from_port = 443
- to_port = 443
- protocol = "TCP"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- tags = {
- Name = local.sg_name
- "${var.sbn}-Tag" = local.sg_name
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- "user:tag" = "${var.sbn}:${local.sg_name}"
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/variables.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/variables.tf
deleted file mode 100644
index 169b77e..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/variables.tf
+++ /dev/null
@@ -1,48 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "project_name" {}
-
-variable "sbn" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "notebook_name" {}
-
-variable "region" {}
-
-variable "zone" {}
-
-variable "product" {}
-
-variable "vpc" {}
-
-variable "cidr_range" {}
-
-variable "traefik_cidr" {}
-
-variable "instance_type" {}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/data_engine/instance.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/data_engine/instance.tf
deleted file mode 100644
index 7601e35..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/data_engine/instance.tf
+++ /dev/null
@@ -1,71 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- cluster_name = "${var.sbn}-de-${var.notebook_name}-${var.cluster_name}"
- notebook_name = "${var.sbn}-nb-${var.notebook_name}"
-}
-
-resource "aws_instance" "master" {
- ami = var.ami
- instance_type = var.instance_type
- key_name = var.key_name
- subnet_id = var.subnet_id
- security_groups = ["${var.nb-sg_id}"]
- iam_instance_profile = var.iam_profile_name
- tags = {
- Name = "${local.cluster_name}-m"
- Type = "master"
- dataengine_notebook_name = local.notebook_name
- "${var.sbn}-Tag" = "${local.cluster_name}-m"
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- User_tag = var.user_tag
- Endpoint_Tag = var.endpoint_tag
- "user:tag" = "${var.sbn}:${local.cluster_name}"
- Custom_Tag = var.custom_tag
- }
-}
-
-
-resource "aws_instance" "slave" {
- count = var.slave_count
- ami = var.ami
- instance_type = var.instance_type
- key_name = var.key_name
- subnet_id = var.subnet_id
- security_groups = ["${var.nb-sg_id}"]
- iam_instance_profile = var.iam_profile_name
- tags = {
- Name = "${local.cluster_name}-s${count.index + 1}"
- Type = "slave"
- dataengine_notebook_name = local.notebook_name
- "${var.sbn}-Tag" = "${local.cluster_name}-s${count.index + 1}"
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- User_tag = var.user_tag
- Endpoint_Tag = var.endpoint_tag
- "user:tag" = "${var.sbn}:${local.cluster_name}"
- Custom_Tag = var.custom_tag
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/data_engine/variables.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/data_engine/variables.tf
deleted file mode 100644
index c83a942..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/data_engine/variables.tf
+++ /dev/null
@@ -1,52 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "project_name" {}
-
-variable "sbn" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "notebook_name" {}
-
-variable "product" {}
-
-variable "ami" {}
-
-variable "instance_type" {}
-
-variable "key_name" {}
-
-variable "subnet_id" {}
-
-variable "nb-sg_id" {}
-
-variable "iam_profile_name" {}
-
-variable "cluster_name" {}
-
-variable "slave_count" {}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/emr/instance.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/emr/instance.tf
deleted file mode 100644
index 4a03b2d..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/emr/instance.tf
+++ /dev/null
@@ -1,82 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- cluster_name = "${var.sbn}-des-${var.notebook_name}-${var.cluster_name}"
- notebook_name = "${var.sbn}-nb-${var.notebook_name}"
-}
-
-resource "aws_emr_cluster" "cluster" {
- name = local.cluster_name
- release_label = var.emr_template
- applications = ["Spark"]
-
- termination_protection = false
- keep_job_flow_alive_when_no_steps = true
-
- ec2_attributes {
- subnet_id = var.subnet_id
- emr_managed_master_security_group = var.nb-sg_id
- emr_managed_slave_security_group = var.nb-sg_id
- instance_profile = "arn:aws:iam::203753054073:instance-profile/EMR_EC2_DefaultRole"
- }
-
- master_instance_group {
- instance_type = var.master_shape
- }
-
- core_instance_group {
- instance_type = var.slave_shape
- instance_count = "${var.instance_count - 1}"
-
- ebs_config {
- size = "40"
- type = "gp2"
- volumes_per_instance = 1
- }
-
- bid_price = "0.${var.bid_price}"
- }
-
- ebs_root_volume_size = 100
-
- tags = {
- ComputationalName = var.cluster_name
- Name = local.cluster_name
- Notebook = local.notebook_name
- Product = var.product
- "${var.sbn}-Tag" = local.cluster_name
- Project_name = var.project_name
- Project_tag = var.project_tag
- User_tag = var.user_tag
- Endpoint_Tag = var.endpoint_tag
- "user:tag" = "${var.sbn}:${local.cluster_name}"
- Custom_Tag = var.custom_tag
- }
-
- bootstrap_action {
- path = "s3://elasticmapreduce/bootstrap-actions/run-if"
- name = "runif"
- args = ["instance.isMaster=true", "echo running on master node"]
- }
-
- service_role = "arn:aws:iam::203753054073:role/EMR_DefaultRole"
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/emr/variables.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/emr/variables.tf
deleted file mode 100644
index c8c2ae1..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/emr/variables.tf
+++ /dev/null
@@ -1,59 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "project_name" {}
-
-variable "sbn" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "notebook_name" {}
-
-variable "product" {}
-
-variable "ami" {}
-
-variable "emr_template" {}
-
-variable "master_shape" {}
-
-variable "slave_shape" {}
-
-variable "key_name" {}
-
-variable "subnet_id" {}
-
-variable "nb-sg_id" {}
-
-variable "iam_profile_name" {}
-
-variable "cluster_name" {}
-
-variable "instance_count" {}
-
-variable "bid_price" {}
-
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/notebook/instance.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/notebook/instance.tf
deleted file mode 100644
index 374d6da..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/notebook/instance.tf
+++ /dev/null
@@ -1,44 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- node_name = "${var.sbn}-nb-${var.notebook_name}"
-}
-
-resource "aws_instance" "notebook" {
- ami = var.ami
- instance_type = var.instance_type
- key_name = var.key_name
- subnet_id = var.subnet_id
- security_groups = ["${var.nb-sg_id}"]
- iam_instance_profile = var.iam_profile_name
- tags = {
- Name = local.node_name
- "${var.sbn}-Tag" = local.node_name
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_Tag = var.endpoint_tag
- "user:tag" = "${var.sbn}:${local.node_name}"
- Product = var.product
- User_Tag = var.user_tag
- Custom_Tag = var.custom_tag
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/notebook/variables.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/notebook/variables.tf
deleted file mode 100644
index 50c5487..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/notebook/variables.tf
+++ /dev/null
@@ -1,48 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "project_name" {}
-
-variable "sbn" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "notebook_name" {}
-
-variable "product" {}
-
-variable "ami" {}
-
-variable "instance_type" {}
-
-variable "key_name" {}
-
-variable "subnet_id" {}
-
-variable "nb-sg_id" {}
-
-variable "iam_profile_name" {}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/README.md b/infrastructure-provisioning/terraform/aws/endpoint/main/README.md
deleted file mode 100644
index a661513..0000000
--- a/infrastructure-provisioning/terraform/aws/endpoint/main/README.md
+++ /dev/null
@@ -1,18 +0,0 @@
-# Terraform module for deploying DLab Endpoint instance
-
-List of variables which should be provided:
-
-| Variable | Type | Description/Value |
-|--------------------------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
-| service\_base\_name | string | Any infrastructure value (should be unique if multiple SSN’s have been deployed before). Should be same as on ssn |
-| vpc\_id | string | ID of AWS VPC if you already have VPC created. |
-| vpc\_cidr | string | CIDR for VPC creation. Conflicts with _vpc\_id_. Default: 172.31.0.0/16 |
-| subnet\_id | string | ID of AWS Subnet if you already have subnet created. |
-| subnet\_cidr | string | CIDR for Subnet creation. Conflicts with _subnet\_id_. Default: 172.31.0.0/24 |
-| ami | string | **Required** ID of EC2 AMI. Default ubuntu 18.04.1 (debian os): "ami-08692d171e3cf02d6" (aws ami: 258751437250/ami-ubuntu-18.04-1.13.0-00-1543963388|
-| key\_name | string | **Required** Name of EC2 Key pair. (Existed on AWS account) |
-| region | string | Name of AWS region. Default: us-west-2 |
-| zone | string | Name of AWS zone. Default: a |
-| endpoint\_volume\_size | int | Size of root volume in GB. Default: 30 |
-| network\_type | string | Type of created network (if network is not existed and require creation) for endpoint. Default: public |
-| endpoint\_instance\_shape| string | Instance shape of Endpoint. Default: t2.medium |
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/files/assume-policy.json b/infrastructure-provisioning/terraform/aws/endpoint/main/files/assume-policy.json
deleted file mode 100644
index 680b6f8..0000000
--- a/infrastructure-provisioning/terraform/aws/endpoint/main/files/assume-policy.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": {
- "Service": "ec2.amazonaws.com"
- },
- "Effect": "Allow",
- "Sid": ""
- }
- ]
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/files/endpoint-policy.json b/infrastructure-provisioning/terraform/aws/endpoint/main/files/endpoint-policy.json
deleted file mode 100644
index 89f28c5..0000000
--- a/infrastructure-provisioning/terraform/aws/endpoint/main/files/endpoint-policy.json
+++ /dev/null
@@ -1,123 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": [
- "iam:CreateRole",
- "iam:CreateInstanceProfile",
- "iam:CreatePolicy",
- "iam:AttachRolePolicy",
- "iam:AddRoleToInstanceProfile",
- "iam:DetachRolePolicy",
- "iam:DeleteInstanceProfile",
- "iam:DeletePolicy",
- "iam:DeleteRolePolicy",
- "iam:DeleteRole",
- "iam:RemoveRoleFromInstanceProfile",
- "iam:GetRole",
- "iam:GetRolePolicy",
- "iam:GetInstanceProfile",
- "iam:GetPolicy",
- "iam:GetUser",
- "iam:ListUsers",
- "iam:ListAccessKeys",
- "iam:PassRole",
- "iam:ListUserPolicies",
- "iam:PutRolePolicy",
- "iam:ListInstanceProfiles",
- "iam:ListAttachedRolePolicies",
- "iam:ListInstanceProfilesForRole",
- "iam:ListRoles",
- "iam:ListPolicies",
- "iam:ListRolePolicies",
- "iam:TagRole"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "ec2:CreateVpcEndpoint",
- "ec2:CreateSubnet",
- "ec2:CreateTags",
- "ec2:CreateImage",
- "ec2:CreateRoute",
- "ec2:DeregisterImage",
- "ec2:DescribeImages",
- "ec2:DescribeAddresses",
- "ec2:AssociateAddress",
- "ec2:DisassociateAddress",
- "ec2:AllocateAddress",
- "ec2:ReleaseAddress",
- "ec2:CreateRouteTable",
- "ec2:CreateSecurityGroup",
- "ec2:AuthorizeSecurityGroupEgress",
- "ec2:AuthorizeSecurityGroupIngress",
- "ec2:AssociateRouteTable",
- "ec2:DeleteRouteTable",
- "ec2:DeleteSubnet",
- "ec2:DeleteTags",
- "ec2:DeleteSecurityGroup",
- "ec2:DeleteSnapshot",
- "ec2:DescribeRouteTables",
- "ec2:DescribeSpotInstanceRequests",
- "ec2:ModifyVpcEndpoint",
- "ec2:RunInstances",
- "ec2:StartInstances",
- "ec2:StopInstances",
- "ec2:TerminateInstances",
- "ec2:DescribeSubnets",
- "ec2:DescribeVpcs",
- "ec2:DescribeSecurityGroups",
- "ec2:DescribeInstances",
- "ec2:DescribeInstanceStatus",
- "ec2:ModifyInstanceAttribute",
- "ec2:RevokeSecurityGroupEgress",
- "ec2:RevokeSecurityGroupIngress",
- "ec2:AuthorizeSecurityGroupEgress",
- "ec2:AuthorizeSecurityGroupIngress"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "s3:CreateBucket",
- "s3:ListAllMyBuckets",
- "s3:GetBucketLocation",
- "s3:GetBucketTagging",
- "s3:PutBucketTagging",
- "s3:PutBucketPolicy",
- "s3:GetBucketPolicy",
- "s3:DeleteBucket",
- "s3:DeleteObject",
- "s3:GetObject",
- "s3:ListBucket",
- "s3:PutObject",
- "s3:PutEncryptionConfiguration"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "elasticmapreduce:AddTags",
- "elasticmapreduce:RemoveTags",
- "elasticmapreduce:DescribeCluster",
- "elasticmapreduce:ListClusters",
- "elasticmapreduce:RunJobFlow",
- "elasticmapreduce:ListInstances",
- "elasticmapreduce:TerminateJobFlows"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "pricing:GetProducts"
- ],
- "Effect": "Allow",
- "Resource": "*"
- }
- ]
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/iam.tf b/infrastructure-provisioning/terraform/aws/endpoint/main/iam.tf
deleted file mode 100644
index 348a44c..0000000
--- a/infrastructure-provisioning/terraform/aws/endpoint/main/iam.tf
+++ /dev/null
@@ -1,56 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- endpoint_role_name = "${var.service_base_name}-endpoint-role"
- endpoint_role_profile = "${var.service_base_name}-endpoint-profile"
- endpoint_policy_name = "${var.service_base_name}-endpoint-policy"
-}
-
-data "template_file" "endpoint_policy" {
- template = file("./files/endpoint-policy.json")
-}
-
-resource "aws_iam_role" "endpoint_role" {
- name = local.endpoint_role_name
- assume_role_policy = file("./files/assume-policy.json")
- tags = {
- Name = "${local.endpoint_role_name}"
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_role_name}"
- "${var.service_base_name}-Tag" = local.endpoint_role_name
- }
-}
-
-resource "aws_iam_instance_profile" "endpoint_profile" {
- name = local.endpoint_role_profile
- role = aws_iam_role.endpoint_role.name
-}
-
-resource "aws_iam_policy" "endpoint_policy" {
- name = local.endpoint_policy_name
- policy = data.template_file.endpoint_policy.rendered
-}
-
-resource "aws_iam_role_policy_attachment" "endpoint_policy_attach" {
- role = aws_iam_role.endpoint_role.name
- policy_arn = aws_iam_policy.endpoint_policy.arn
-}
diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/instance.tf b/infrastructure-provisioning/terraform/aws/endpoint/main/instance.tf
deleted file mode 100644
index e2000b2..0000000
--- a/infrastructure-provisioning/terraform/aws/endpoint/main/instance.tf
+++ /dev/null
@@ -1,51 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- endpoint_instance_name = "${var.service_base_name}-${var.endpoint_id}-endpoint"
-}
-
-resource "aws_instance" "endpoint" {
- ami = var.ami
- instance_type = var.endpoint_instance_shape
- key_name = var.key_name
- subnet_id = data.aws_subnet.data_subnet.id
- security_groups = [aws_security_group.endpoint_sec_group.id]
- iam_instance_profile = aws_iam_instance_profile.endpoint_profile.name
- root_block_device {
- volume_type = "gp2"
- volume_size = var.endpoint_volume_size
- delete_on_termination = true
- }
- tags = {
- Name = local.endpoint_instance_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_instance_name}"
- "${var.service_base_name}-Tag" = local.endpoint_instance_name
- endpoint_id = var.endpoint_id
- }
-}
-
-resource "aws_eip_association" "e_ip_assoc" {
- instance_id = aws_instance.endpoint.id
- allocation_id = var.endpoint_eip_allocation_id
- count = var.network_type == "public" ? 1 : 0
-}
diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/main.tf b/infrastructure-provisioning/terraform/aws/endpoint/main/main.tf
deleted file mode 100644
index 56d5374..0000000
--- a/infrastructure-provisioning/terraform/aws/endpoint/main/main.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-provider "aws" {
- region = var.region
- access_key = var.access_key_id
- secret_key = var.secret_access_key
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/network.tf b/infrastructure-provisioning/terraform/aws/endpoint/main/network.tf
deleted file mode 100644
index c69bcdf..0000000
--- a/infrastructure-provisioning/terraform/aws/endpoint/main/network.tf
+++ /dev/null
@@ -1,128 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- endpoint_subnet_name = "${var.service_base_name}-subnet"
- endpoint_sg_name = "${var.service_base_name}-sg"
- endpoint_vpc_name = "${var.service_base_name}-endpoint-vpc"
- additional_tag = split(":", var.additional_tag)
- endpoint_igw_name = "${var.service_base_name}-endpoint-igw"
-}
-
-
-resource "aws_vpc" "vpc_create" {
- cidr_block = var.vpc_cidr
- count = var.vpc_id == "" ? 1 : 0
- instance_tenancy = "default"
- enable_dns_hostnames = true
- enable_dns_support = true
- tags = {
- Name = local.endpoint_vpc_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_vpc_name}"
- "${var.service_base_name}-Tag" = local.endpoint_vpc_name
- }
-}
-
-data "aws_vpc" "data_vpc" {
- id = var.vpc_id == "" ? aws_vpc.vpc_create.0.id : var.vpc_id
-}
-
-resource "aws_internet_gateway" "gw" {
- vpc_id = aws_vpc.vpc_create.0.id
- count = var.vpc_id == "" ? 1 : 0
- tags = {
- Name = local.endpoint_igw_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_igw_name}"
- "${var.service_base_name}-Tag" = local.endpoint_igw_name
- }
-}
-
-resource "aws_subnet" "endpoint_subnet" {
- vpc_id = aws_vpc.vpc_create.0.id
- cidr_block = var.subnet_cidr
- availability_zone = "${var.region}${var.zone}"
- tags = {
- Name = local.endpoint_subnet_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_subnet_name}"
- "${var.service_base_name}-Tag" = local.endpoint_subnet_name
- }
- count = var.vpc_id == "" ? 1 : 0
-}
-
-data "aws_subnet" "data_subnet" {
- id = var.ssn_subnet == "" ? aws_subnet.endpoint_subnet.0.id : var.ssn_subnet
-}
-
-resource "aws_route" "route" {
- count = var.vpc_id == "" ? 1 : 0
- route_table_id = aws_vpc.vpc_create.0.main_route_table_id
- destination_cidr_block = "0.0.0.0/0"
- gateway_id = aws_internet_gateway.gw.0.id
-}
-
-resource "aws_security_group" "endpoint_sec_group" {
- name = local.endpoint_sg_name
- vpc_id = data.aws_vpc.data_vpc.id
- ingress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- ingress {
- from_port = 8084
- to_port = 8084
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- ingress {
- from_port = 8085
- to_port = 8085
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- ingress {
- from_port = 4822
- to_port = 4822
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- egress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- tags = {
- Name = local.endpoint_sg_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_sg_name}"
- "${var.service_base_name}-Tag" = local.endpoint_sg_name
- }
-}
diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/variables.tf b/infrastructure-provisioning/terraform/aws/endpoint/main/variables.tf
deleted file mode 100644
index 8cadb45..0000000
--- a/infrastructure-provisioning/terraform/aws/endpoint/main/variables.tf
+++ /dev/null
@@ -1,77 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "service_base_name" {}
-
-variable "access_key_id" {
- default = ""
-}
-variable "secret_access_key" {
- default = ""
-}
-
-variable "region" {}
-
-variable "zone" {}
-
-variable "product" {}
-
-variable "subnet_cidr" {}
-
-variable "endpoint_instance_shape" {}
-
-variable "key_name" {}
-
-variable "ami" {}
-
-variable "vpc_id" {}
-
-variable "ssn_subnet" {}
-
-variable "network_type" {}
-
-variable "vpc_cidr" {}
-
-variable "endpoint_volume_size" {}
-
-variable "endpoint_eip_allocation_id" {}
-
-variable "endpoint_id" {}
-
-variable "ssn_k8s_sg_id" {}
-
-variable "ldap_host" {}
-
-variable "ldap_dn" {}
-
-variable "ldap_user" {}
-
-variable "ldap_bind_creds" {}
-
-variable "ldap_users_group" {}
-
-variable "additional_tag" {
- default = "product:dlab"
-}
-
-variable "tag_resource_id" {
- default = "user:tag"
-}
diff --git a/infrastructure-provisioning/terraform/aws/project/main/files/edge-assume-policy.json b/infrastructure-provisioning/terraform/aws/project/main/files/edge-assume-policy.json
deleted file mode 100644
index 680b6f8..0000000
--- a/infrastructure-provisioning/terraform/aws/project/main/files/edge-assume-policy.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": {
- "Service": "ec2.amazonaws.com"
- },
- "Effect": "Allow",
- "Sid": ""
- }
- ]
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/files/edge-policy.json b/infrastructure-provisioning/terraform/aws/project/main/files/edge-policy.json
deleted file mode 100644
index 89f28c5..0000000
--- a/infrastructure-provisioning/terraform/aws/project/main/files/edge-policy.json
+++ /dev/null
@@ -1,123 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": [
- "iam:CreateRole",
- "iam:CreateInstanceProfile",
- "iam:CreatePolicy",
- "iam:AttachRolePolicy",
- "iam:AddRoleToInstanceProfile",
- "iam:DetachRolePolicy",
- "iam:DeleteInstanceProfile",
- "iam:DeletePolicy",
- "iam:DeleteRolePolicy",
- "iam:DeleteRole",
- "iam:RemoveRoleFromInstanceProfile",
- "iam:GetRole",
- "iam:GetRolePolicy",
- "iam:GetInstanceProfile",
- "iam:GetPolicy",
- "iam:GetUser",
- "iam:ListUsers",
- "iam:ListAccessKeys",
- "iam:PassRole",
- "iam:ListUserPolicies",
- "iam:PutRolePolicy",
- "iam:ListInstanceProfiles",
- "iam:ListAttachedRolePolicies",
- "iam:ListInstanceProfilesForRole",
- "iam:ListRoles",
- "iam:ListPolicies",
- "iam:ListRolePolicies",
- "iam:TagRole"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "ec2:CreateVpcEndpoint",
- "ec2:CreateSubnet",
- "ec2:CreateTags",
- "ec2:CreateImage",
- "ec2:CreateRoute",
- "ec2:DeregisterImage",
- "ec2:DescribeImages",
- "ec2:DescribeAddresses",
- "ec2:AssociateAddress",
- "ec2:DisassociateAddress",
- "ec2:AllocateAddress",
- "ec2:ReleaseAddress",
- "ec2:CreateRouteTable",
- "ec2:CreateSecurityGroup",
- "ec2:AuthorizeSecurityGroupEgress",
- "ec2:AuthorizeSecurityGroupIngress",
- "ec2:AssociateRouteTable",
- "ec2:DeleteRouteTable",
- "ec2:DeleteSubnet",
- "ec2:DeleteTags",
- "ec2:DeleteSecurityGroup",
- "ec2:DeleteSnapshot",
- "ec2:DescribeRouteTables",
- "ec2:DescribeSpotInstanceRequests",
- "ec2:ModifyVpcEndpoint",
- "ec2:RunInstances",
- "ec2:StartInstances",
- "ec2:StopInstances",
- "ec2:TerminateInstances",
- "ec2:DescribeSubnets",
- "ec2:DescribeVpcs",
- "ec2:DescribeSecurityGroups",
- "ec2:DescribeInstances",
- "ec2:DescribeInstanceStatus",
- "ec2:ModifyInstanceAttribute",
- "ec2:RevokeSecurityGroupEgress",
- "ec2:RevokeSecurityGroupIngress",
- "ec2:AuthorizeSecurityGroupEgress",
- "ec2:AuthorizeSecurityGroupIngress"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "s3:CreateBucket",
- "s3:ListAllMyBuckets",
- "s3:GetBucketLocation",
- "s3:GetBucketTagging",
- "s3:PutBucketTagging",
- "s3:PutBucketPolicy",
- "s3:GetBucketPolicy",
- "s3:DeleteBucket",
- "s3:DeleteObject",
- "s3:GetObject",
- "s3:ListBucket",
- "s3:PutObject",
- "s3:PutEncryptionConfiguration"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "elasticmapreduce:AddTags",
- "elasticmapreduce:RemoveTags",
- "elasticmapreduce:DescribeCluster",
- "elasticmapreduce:ListClusters",
- "elasticmapreduce:RunJobFlow",
- "elasticmapreduce:ListInstances",
- "elasticmapreduce:TerminateJobFlows"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "pricing:GetProducts"
- ],
- "Effect": "Allow",
- "Resource": "*"
- }
- ]
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/files/nb-assume-policy.json b/infrastructure-provisioning/terraform/aws/project/main/files/nb-assume-policy.json
deleted file mode 100644
index 680b6f8..0000000
--- a/infrastructure-provisioning/terraform/aws/project/main/files/nb-assume-policy.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": {
- "Service": "ec2.amazonaws.com"
- },
- "Effect": "Allow",
- "Sid": ""
- }
- ]
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/files/nb-policy.json b/infrastructure-provisioning/terraform/aws/project/main/files/nb-policy.json
deleted file mode 100644
index b03af44..0000000
--- a/infrastructure-provisioning/terraform/aws/project/main/files/nb-policy.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": "s3:ListAllMyBuckets",
- "Resource": "arn:aws:s3:::*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:ListBucket",
- "s3:GetBucketLocation",
- "s3:PutBucketPolicy",
- "s3:PutEncryptionConfiguration"
- ],
- "Resource": [
- "arn:aws:s3:::${sbn}*"
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:GetObject",
- "s3:HeadObject"
- ],
- "Resource": "arn:aws:s3:::${sbn}-ssn-bucket/*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:HeadObject",
- "s3:PutObject",
- "s3:GetObject",
- "s3:DeleteObject"
- ],
- "Resource": [
- "arn:aws:s3:::${sbn}-bucket/*",
- "arn:aws:s3:::${sbn}-shared-bucket/*"
- ]
- }
- ]
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/iam.tf b/infrastructure-provisioning/terraform/aws/project/main/iam.tf
deleted file mode 100644
index 42fc02b..0000000
--- a/infrastructure-provisioning/terraform/aws/project/main/iam.tf
+++ /dev/null
@@ -1,108 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- edge_role_name = "${var.service_base_name}-edge-role"
- edge_role_profile = "${var.service_base_name}-edge-profile"
- edge_policy_name = "${var.service_base_name}-edge-policy"
- nb_role_name = "${var.service_base_name}-nb-de-Role"
- nb_role_profile = "${var.service_base_name}-nb-Profile"
- nb_policy_name = "${var.service_base_name}-strict_to_S3-Policy"
-}
-
-data "template_file" "edge_policy" {
- template = file("./files/edge-policy.json")
-}
-
-data "template_file" "nb_policy" {
- template = file("./files/nb-policy.json")
- vars = {
- sbn = var.service_base_name
- }
-}
-
-#################
-### Edge node ###
-#################
-
-resource "aws_iam_role" "edge_role" {
- name = local.edge_role_name
- assume_role_policy = file("./files/edge-assume-policy.json")
- tags = {
- Name = "${local.edge_role_name}"
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.edge_role_name}"
- "${var.service_base_name}-Tag" = local.edge_role_name
- }
-}
-
-resource "aws_iam_instance_profile" "edge_profile" {
- name = local.edge_role_profile
- role = aws_iam_role.edge_role.name
-}
-
-resource "aws_iam_policy" "edge_policy" {
- name = local.edge_policy_name
- policy = data.template_file.edge_policy.rendered
-}
-
-resource "aws_iam_role_policy_attachment" "edge_policy_attach" {
- role = aws_iam_role.edge_role.name
- policy_arn = aws_iam_policy.edge_policy.arn
-}
-
-############################################################
-### Explotratory environment and computational resources ###
-############################################################
-
-resource "aws_iam_role" "nb_de_role" {
- name = local.nb_role_name
- assume_role_policy = file("./files/nb-assume-policy.json")
-
- tags = {
- Name = local.nb_role_name
- Environment_tag = var.service_base_name
- "${var.service_base_name}-Tag" = local.nb_role_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- "user:tag" = "${var.service_base_name}:${local.nb_role_name}"
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
-}
-
-resource "aws_iam_instance_profile" "nb_profile" {
- name = local.nb_role_profile
- role = aws_iam_role.nb_de_role.name
-}
-
-resource "aws_iam_policy" "nb_policy" {
- name = local.nb_policy_name
- description = "Strict Bucket only policy"
- policy = data.template_file.nb_policy.rendered
-}
-
-resource "aws_iam_role_policy_attachment" "nb_policy-attach" {
- role = aws_iam_role.nb_de_role.name
- policy_arn = aws_iam_policy.nb_policy.arn
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/instance.tf b/infrastructure-provisioning/terraform/aws/project/main/instance.tf
deleted file mode 100644
index 7b4cddc..0000000
--- a/infrastructure-provisioning/terraform/aws/project/main/instance.tf
+++ /dev/null
@@ -1,50 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- edge_instance_name = "${var.service_base_name}-edge"
-}
-
-resource "aws_instance" "edge" {
- ami = var.ami
- instance_type = var.instance_type
- key_name = var.key_name
- subnet_id = var.subnet_id
- security_groups = [aws_security_group.edge_sg.id]
- iam_instance_profile = aws_iam_instance_profile.edge_profile.id
- root_block_device {
- volume_type = "gp2"
- volume_size = var.edge_volume_size
- delete_on_termination = true
- }
- tags = {
- Name = local.edge_instance_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.edge_instance_name}"
- "${var.service_base_name}-Tag" = local.edge_instance_name
- "Endpoint_tag" = var.endpoint_tag
- }
-}
-
-resource "aws_eip_association" "edge_ip_assoc" {
- instance_id = aws_instance.edge.id
- allocation_id = aws_eip.edge_ip.id
-}
diff --git a/infrastructure-provisioning/terraform/aws/project/main/main.tf b/infrastructure-provisioning/terraform/aws/project/main/main.tf
deleted file mode 100644
index 6f5ac81..0000000
--- a/infrastructure-provisioning/terraform/aws/project/main/main.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-provider "aws" {
- access_key = var.access_key_id
- secret_key = var.secret_access_key
- region = var.region
-}
-
diff --git a/infrastructure-provisioning/terraform/aws/project/main/network.tf b/infrastructure-provisioning/terraform/aws/project/main/network.tf
deleted file mode 100644
index d1064cd..0000000
--- a/infrastructure-provisioning/terraform/aws/project/main/network.tf
+++ /dev/null
@@ -1,275 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- edge_sg_name = "${var.service_base_name}-${var.project_name}-edge-sg"
- edge_ip_name = "${var.service_base_name}-${var.project_name}-edge-EIP"
- additional_tag = split(":", var.additional_tag)
- nb_subnet_name = "${var.service_base_name}-${var.project_name}-nb-subnet"
- sg_name = "${var.service_base_name}-${var.project_name}-nb-sg" #sg - security group
- sbn = var.service_base_name
-}
-
-#################
-### Edge node ###
-#################
-
-resource "aws_eip" "edge_ip" {
- vpc = true
- tags = {
- Name = local.edge_ip_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.edge_ip_name}"
- "${var.service_base_name}-Tag" = local.edge_ip_name
- }
-}
-
-resource "aws_security_group" "edge_sg" {
- name = local.edge_sg_name
- vpc_id = var.vpc_id
-
- ingress {
- from_port = 0
- protocol = "-1"
- to_port = 0
- cidr_blocks = [var.nb_cidr, var.edge_cidr]
- }
-
- ingress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- ingress {
- from_port = 8080
- to_port = 8080
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- ingress {
- from_port = 80
- to_port = 80
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- ingress {
- from_port = 3128
- to_port = 3128
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- egress {
- from_port = 80
- to_port = 80
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- egress {
- from_port = 8080
- protocol = "tcp"
- to_port = 8080
- cidr_blocks = [var.nb_cidr]
- }
-
- egress {
- from_port = 6006
- protocol = "tcp"
- to_port = 6006
- cidr_blocks = [var.nb_cidr]
- }
-
- egress {
- from_port = 8085
- protocol = "tcp"
- to_port = 8085
- cidr_blocks = [var.nb_cidr]
- }
-
- egress {
- from_port = 18080
- protocol = "tcp"
- to_port = 18080
- cidr_blocks = [var.nb_cidr]
- }
-
- egress {
- from_port = 8088
- protocol = "tcp"
- to_port = 8088
- cidr_blocks = [var.nb_cidr]
- }
-
- egress {
- from_port = 4040
- protocol = "tcp"
- to_port = 4140
- cidr_blocks = [var.nb_cidr]
- }
-
- egress {
- from_port = 50070
- protocol = "tcp"
- to_port = 50070
- cidr_blocks = [var.nb_cidr]
- }
-
- egress {
- from_port = 8888
- protocol = "tcp"
- to_port = 8888
- cidr_blocks = [var.nb_cidr]
- }
-
- egress {
- from_port = 8042
- protocol = "tcp"
- to_port = 8042
- cidr_blocks = [var.nb_cidr]
- }
-
- egress {
- from_port = 20888
- protocol = "tcp"
- to_port = 20888
- cidr_blocks = [var.nb_cidr]
- }
-
- egress {
- from_port = 8787
- protocol = "tcp"
- to_port = 8787
- cidr_blocks = [var.nb_cidr]
- }
-
- egress {
- from_port = 8081
- protocol = "tcp"
- to_port = 8081
- cidr_blocks = [var.nb_cidr]
- }
-
- egress {
- from_port = 53
- to_port = 53
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- egress {
- from_port = 389
- to_port = 389
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- egress {
- from_port = 123
- to_port = 123
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- egress {
- from_port = 443
- to_port = 443
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- egress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- tags = {
- Name = local.edge_sg_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.edge_sg_name}"
- "${var.service_base_name}-Tag" = local.edge_sg_name
- }
-}
-
-############################################################
-### Explotratory environment and computational resources ###
-############################################################
-
-resource "aws_subnet" "private_subnet" {
- vpc_id = var.vpc_id
- cidr_block = var.nb_cidr
-
- tags = {
- Name = local.nb_subnet_name
- "${local.sbn}-Tag" = local.nb_subnet_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- "user:tag" = "${local.sbn}:${local.nb_subnet_name}"
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
-}
-
-resource "aws_security_group" "nb-sg" {
- name = local.sg_name
- vpc_id = var.vpc_id
-
- ingress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = [var.nb_cidr, var.edge_cidr]
- }
-
- egress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- egress {
- from_port = 443
- to_port = 443
- protocol = "TCP"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- tags = {
- Name = local.sg_name
- "${local.sbn}-Tag" = local.sg_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- "user:tag" = "${local.sbn}:${local.sg_name}"
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/variales.tf b/infrastructure-provisioning/terraform/aws/project/main/variales.tf
deleted file mode 100644
index dfa7dc3..0000000
--- a/infrastructure-provisioning/terraform/aws/project/main/variales.tf
+++ /dev/null
@@ -1,64 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "access_key_id" {}
-
-variable "secret_access_key" {}
-
-variable "service_base_name" {}
-
-variable "project_name" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "region" {}
-
-variable "zone" {}
-
-variable "vpc_id" {}
-
-variable "subnet_id" {}
-
-variable "nb_cidr" {}
-
-variable "edge_cidr" {}
-
-variable "ami" {}
-
-variable "instance_type" {}
-
-variable "key_name" {}
-
-variable "edge_volume_size" {}
-
-variable "additional_tag" {
- default = "product:dlab"
-}
-
-variable "tag_resource_id" {
- default = "user:tag"
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/.helmignore b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/.helmignore
deleted file mode 100644
index 4976779..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/.helmignore
+++ /dev/null
@@ -1,43 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/Chart.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/Chart.yaml
deleted file mode 100644
index f6b3a45..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/Chart.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-apiVersion: v1
-appVersion: "1.0"
-description: A Helm chart for Kubernetes
-name: dlab-billing
-version: 0.1.0
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/NOTES.txt b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/NOTES.txt
deleted file mode 100644
index da55760..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/NOTES.txt
+++ /dev/null
@@ -1,42 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
- {{- range .paths }}
- http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
- {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "dlab-billing.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "dlab-billing.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "dlab-billing.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "dlab-billing.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:80
-{{- end }}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/_helpers.tpl b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/_helpers.tpl
deleted file mode 100644
index 777c89b..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/_helpers.tpl
+++ /dev/null
@@ -1,65 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "dlab-billing.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "dlab-billing.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "dlab-billing.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "dlab-billing.labels" -}}
-app.kubernetes.io/name: {{ include "dlab-billing.name" . }}
-helm.sh/chart: {{ include "dlab-billing.chart" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end -}}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/configmap-billing-conf.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/configmap-billing-conf.yaml
deleted file mode 100644
index 1bdf52b..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/configmap-billing-conf.yaml
+++ /dev/null
@@ -1,105 +0,0 @@
-{{- /*
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-*/ -}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "dlab-billing.fullname" . }}-billing-conf
-data:
- billing.yml: |
- # Specify the parameters enclosed in angle brackets.
- # Run the follows command to get help for details of configuration:
- # java -jar billing-1.0.jar --help conf
- # java -jar billing-1.0.jar --help {adapter | parser | filter | logappender} [name]
-
- billingEnabled: true
-
- host: {{ .Values.billing.mongo.host }}
- port: {{ .Values.billing.mongo.port }}
- username: {{ .Values.billing.mongo.username }}
- password: ${MONGO_DB_PASSWORD}
- database: {{ .Values.billing.mongo.db_name }}
-
- scheduler:
- # Schedule is comma separated values of time in format hh[:mm[:ss]]. hh - in the 24-hour clock, at 8:15PM is 20:15.
- schedule: 8:40, 8:50, 9:00, 9:10, 9:20, 9:30, 16:00, 16:30, 17:00, 17:30, 18:00, 15:45, 16:45, 17:45, 17:15, 18:15, 18:00, 21:00
-
- # Adapter for reading source data. Known types: file, s3file
- adapterIn:
- - type: s3file
- bucket: {{ .Values.billing.bucket }}
- path: {{ .Values.billing.path }}
- awsJobEnabled: {{ .Values.billing.aws_job_enabled }}
- accountId: {{ .Values.billing.account_id }}
- accessKeyId:
- secretAccessKey:
-
- # Adapter for writing converted data. Known types: console, file, s3file, mongodb
- adapterOut:
- - type: mongodlab
- host: {{ .Values.billing.mongo.host }}
- port: {{ .Values.billing.mongo.port }}
- username: {{ .Values.billing.mongo.username }}
- password: ${MONGO_DB_PASSWORD}
- database: {{ .Values.billing.mongo.db_name }}
- # bufferSize: 10000
- upsert: true
-
- # Filter for source and converted data.
- filter:
- - type: aws
- currencyCode: USD
- columnDlabTag: {{ .Values.billing.tag }}
- serviceBaseName: {{ .Values.billing.service_base_name }}
-
-
- # Parser of source data to common format.
- parser:
- - type: csv
- headerLineNo: 1
- skipLines: 1
- columnMapping: >-
- dlab_id={{ .Values.billing.dlab_id }};usage_date={{ .Values.billing.usage_date }};product={{ .Values.billing.product }};
- usage_type={{ .Values.billing.usage_type }};usage={{ .Values.billing.usage }};cost={{ .Values.billing.cost }};
- resource_id={{ .Values.billing.resource_id }};tags={{ .Values.billing.tags }}
- aggregate: day
-
-
- # Logging configuration.
- logging:
- # Default logging level
- level: INFO
- # Logging levels for appenders.
- loggers:
- com.epam: DEBUG
- org.apache.http: WARN
- org.mongodb.driver: WARN
- org.hibernate: WARN
- # Logging appenders
- appenders:
- - type: console
- - type: file
- currentLogFilename: /root/billing.log
- archive: true
- archivedLogFilenamePattern: /root/billing-%d{yyyy-MM-dd}.log.gz
- archivedFileCount: 10
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/deployment.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/deployment.yaml
deleted file mode 100644
index 975cd65..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/deployment.yaml
+++ /dev/null
@@ -1,86 +0,0 @@
-{{- /*
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-*/ -}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "dlab-billing.fullname" . }}
- labels:
-{{ include "dlab-billing.labels" . | indent 4 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app.kubernetes.io/name: {{ include "dlab-billing.name" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- template:
- metadata:
- labels:
- app.kubernetes.io/name: {{ include "dlab-billing.name" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- spec:
- {{- with .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- containers:
- - name: {{ .Chart.Name }}
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- env:
- - name: MONGO_DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mongo-db-password
- key: password
- ports:
- - name: mongo
- containerPort: 21017
- protocol: TCP
- resources:
- {{- toYaml .Values.resources | nindent 12 }}
- volumeMounts:
- - name: billing-yml
- mountPath: /root/billing.yml
- subPath: billing
- readOnly: true
- volumes:
- - name: billing-yml
- configMap:
- name: {{ include "dlab-billing.fullname" . }}-billing-conf
- defaultMode: 0644
- items:
- - key: billing.yml
- path: billing
- {{- with .Values.nodeSelector }}
- nodeSelector:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.affinity }}
- affinity:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.tolerations }}
- tolerations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/service.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/service.yaml
deleted file mode 100644
index 50cc066..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/service.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{- /*
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-*/ -}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "dlab-billing.fullname" . }}
- labels:
-{{ include "dlab-billing.labels" . | indent 4 }}
-spec:
- ports:
- - port: {{ .Values.service.port }}
- targetPort: 27017
- protocol: TCP
- selector:
- app.kubernetes.io/name: {{ include "dlab-billing.name" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
-
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/values.yaml
deleted file mode 100644
index 6b731e7..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/values.yaml
+++ /dev/null
@@ -1,76 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-# Default values for dlab-billing.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
- repository: epamdlab/billing
- tag: '0.1-aws'
- # pullPolicy: IfNotPresent
- pullPolicy: Always
-
-#imagePullSecrets: []
-#nameOverride: ""
-#fullnameOverride: ""
-
-service:
- type: ClusterIP
- port: 58334
-
-ingress:
- enabled: false
- host: ""
- annotations:
- # kubernetes.io/ingress.class: nginx
- # nginx.ingress.kubernetes.io/ssl-redirect: "false"
- # kubernetes.io/tls-acme: "true"
-
- tls: []
- # - secretName: chart-example-tls
- # hosts:
- # - chart-example.local
-labels: {}
-
-billing:
- mongo:
- host: ${mongo_service_name}
- port: ${mongo_port}
- username: ${mongo_user}
- db_name: ${mongo_db_name}
- service_base_name: ${service_base_name}
- tag_resource_id: ${tag_resource_id}
- bucket: ${billing_bucket}
- path: ${billing_bucket_path}
- aws_job_enabled: ${billing_aws_job_enabled}
- account_id: ${billing_aws_account_id}
- tag: ${billing_tag}
- dlab_id: ${billing_dlab_id}
- usage_date: ${billing_usage_date}
- product: ${billing_product}
- usage_type: ${billing_usage_type}
- usage: ${billing_usage}
- cost: ${billing_cost}
- resource_id: ${billing_resource_id}
- tags: ${billing_tags}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing.tf
deleted file mode 100644
index e712406..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing.tf
+++ /dev/null
@@ -1,56 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-data "template_file" "dlab_billing_values" {
- template = file("./dlab-billing-chart/values.yaml")
- vars = {
- mongo_db_name = var.mongo_dbname
- mongo_user = var.mongo_db_username
- mongo_port = var.mongo_service_port
- mongo_service_name = var.mongo_service_name
- service_base_name = var.service_base_name
- tag_resource_id = var.tag_resource_id
- billing_bucket = var.billing_bucket
- billing_bucket_path = var.billing_bucket_path
- billing_aws_job_enabled = var.billing_aws_job_enabled
- billing_aws_account_id = var.billing_aws_account_id
- billing_tag = var.billing_tag
- billing_dlab_id = var.billing_dlab_id
- billing_usage_date = var.billing_usage_date
- billing_product = var.billing_product
- billing_usage_type = var.billing_usage_type
- billing_usage = var.billing_usage
- billing_cost = var.billing_cost
- billing_resource_id = var.billing_resource_id
- billing_tags = var.billing_tags
- }
-}
-
-resource "helm_release" "dlab-billing" {
- name = "dlab-billing"
- chart = "./dlab-billing-chart"
- depends_on = [helm_release.mongodb, kubernetes_secret.mongo_db_password_secret]
- wait = true
-
- values = [
- data.template_file.dlab_billing_values.rendered
- ]
-}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/.helmignore b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/.helmignore
deleted file mode 100644
index 4976779..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/.helmignore
+++ /dev/null
@@ -1,43 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/Chart.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/Chart.yaml
deleted file mode 100644
index 3e7800b..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/Chart.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-apiVersion: v1
-appVersion: "1.0"
-description: A Helm chart for Kubernetes
-name: dlab-ui
-version: 0.1.0
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/NOTES.txt b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/NOTES.txt
deleted file mode 100644
index 9481026..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/NOTES.txt
+++ /dev/null
@@ -1,42 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-1. Get the application URL by running these commands:
-{{- if .Values.ui.ingress.enabled }}
-{{- range $host := .Values.ui.ingress.hosts }}
- {{- range .paths }}
- http{{ if $.Values.ui.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
- {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.ui.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "dlab-ui.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.ui.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "dlab-ui.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "dlab-ui.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.ui.service.http_port }}
-{{- else if contains "ClusterIP" .Values.ui.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "dlab-ui.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:80
-{{- end }}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/_helpers.tpl b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/_helpers.tpl
deleted file mode 100644
index ca4bcd5..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/_helpers.tpl
+++ /dev/null
@@ -1,65 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "dlab-ui.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "dlab-ui.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "dlab-ui.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "dlab-ui.labels" -}}
-app.kubernetes.io/name: {{ include "dlab-ui.name" . }}
-helm.sh/chart: {{ include "dlab-ui.chart" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end -}}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/configmap-ui-conf.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/configmap-ui-conf.yaml
deleted file mode 100644
index 52865e3..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/configmap-ui-conf.yaml
+++ /dev/null
@@ -1,246 +0,0 @@
-{{- /*
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-*/ -}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "dlab-ui.fullname" . }}-ui-conf
-data:
- ssn.yml: |
- <#assign LOG_ROOT_DIR="/var/opt/dlab/log">
- <#assign KEYS_DIR="/root/keys">
- <#assign KEY_STORE_PATH="/root/keys/ssn.keystore.jks">
- <#assign KEY_STORE_PASSWORD="${SSN_KEYSTORE_PASSWORD}">
- <#assign TRUST_STORE_PATH="/usr/lib/jvm/java-1.8-openjdk/jre/lib/security/cacerts">
- <#assign TRUST_STORE_PASSWORD="changeit">
-
- # Available options are aws, azure, gcp
- <#assign CLOUD_TYPE="aws">
- cloudProvider: ${CLOUD_TYPE}
-
- #Switch on/off developer mode here
- <#assign DEV_MODE="false">
- devMode: ${DEV_MODE}
-
- mongo:
- host: {{ .Values.ui.mongo.host }}
- port: {{ .Values.ui.mongo.port }}
- username: {{ .Values.ui.mongo.username }}
- password: ${MONGO_DB_PASSWORD}
- database: {{ .Values.ui.mongo.db_name }}
-
- selfService:
- protocol: https
- host: localhost
- port: {{ .Values.ui.service.https_port }}
- jerseyClient:
- timeout: 3s
- connectionTimeout: 3s
-
- securityService:
- protocol: https
- host: localhost
- port: 8090
- jerseyClient:
- timeout: 20s
- connectionTimeout: 20s
-
- provisioningService:
- jerseyClient:
- timeout: 3s
- connectionTimeout: 3s
-
- # Log out user on inactivity
- inactiveUserTimeoutMillSec: 7200000
-
- self-service.yml: |
- <#include "/root/ssn.yml">
-
- <#if CLOUD_TYPE == "aws">
- # Minimum and maximum number of slave EMR instances than could be created
- minEmrInstanceCount: 2
- maxEmrInstanceCount: 14
- # Minimum and maximum percentage cost for slave EMR spot instances biding
- minEmrSpotInstanceBidPct: 20
- maxEmrSpotInstanceBidPct: 90
- </#if>
-
- <#if CLOUD_TYPE == "gcp">
- # Maximum length for gcp user name (due to gcp restrictions)
- maxUserNameLength: 10
- # Minimum and maximum number of slave Dataproc instances that could be created
- minInstanceCount: 3
- maxInstanceCount: 15
- minDataprocPreemptibleCount: 0
- gcpOuauth2AuthenticationEnabled: false
- </#if>
-
- # Boundaries for Spark cluster creation
- minSparkInstanceCount: 2
- maxSparkInstanceCount: 14
-
- # Timeout for check the status of environment via provisioning service
- checkEnvStatusTimeout: 5m
-
- # Restrict access to DLab features using roles policy
- rolePolicyEnabled: true
- # Default access to DLab features using roles policy
- roleDefaultAccess: true
-
- # Set to true to enable the scheduler of billing report.
- billingSchedulerEnabled: true
- # Name of configuration file for billing report.
- <#if DEV_MODE == "true">
- billingConfFile: ${sys['user.dir']}/../billing/billing.yml
- <#else>
- billingConfFile: ${DLAB_CONF_DIR}/billing.yml
- </#if>
-
- <#if CLOUD_TYPE == "azure">
- azureUseLdap: <LOGIN_USE_LDAP>
- maxSessionDurabilityMilliseconds: 288000000
- </#if>
-
- serviceBaseName: {{ .Values.ui.service_base_name }}
- os: {{ .Values.ui.os }}
- server:
- requestLog:
- appenders:
- - type: file
- currentLogFilename: ${LOG_ROOT_DIR}/ssn/request-selfservice.log
- archive: true
- archivedLogFilenamePattern: ${LOG_ROOT_DIR}/ssn/request-selfservice-%d{yyyy-MM-dd}.log.gz
- archivedFileCount: 10
- rootPath: "/api"
- applicationConnectors:
- - type: http
- port: {{ .Values.ui.service.http_port }}
- - type: https
- port: {{ .Values.ui.service.https_port }}
- certAlias: dlab
- validateCerts: true
- keyStorePath: ${KEY_STORE_PATH}
- keyStorePassword: ${KEY_STORE_PASSWORD}
- trustStorePath: ${TRUST_STORE_PATH}
- trustStorePassword: ${TRUST_STORE_PASSWORD}
- adminConnectors:
- # - type: http
- # port: 8081
- - type: https
- port: 8444
- certAlias: dlab
- validateCerts: true
- keyStorePath: ${KEY_STORE_PATH}
- keyStorePassword: ${KEY_STORE_PASSWORD}
- trustStorePath: ${TRUST_STORE_PATH}
- trustStorePassword: ${TRUST_STORE_PASSWORD}
-
- mongoMigrationEnabled: false
-
- logging:
- level: INFO
- loggers:
- com.epam: TRACE
- com.novemberain: ERROR
- appenders:
- - type: console
- - type: file
- currentLogFilename: ${LOG_ROOT_DIR}/ssn/selfservice.log
- archive: true
- archivedLogFilenamePattern: ${LOG_ROOT_DIR}/ssn/selfservice-%d{yyyy-MM-dd}.log.gz
- archivedFileCount: 10
-
- swaggerConfiguration:
- resourcePackage: com.epam.dlab.backendapi.resources
- title: DLab API
- description: Essential toolset for analytics. Deployed on ${CLOUD_TYPE} provider
- schemes: [https, http]
- version: 2.0
- contact: DLab
- contactUrl: http://dlab.opensource.epam.com/
- license: Apache 2.0
- licenseUrl: https://www.apache.org/licenses/LICENSE-2.0
-
- mavenSearchService:
- protocol: http
- host: search.maven.org
- port: 80
- jerseyClient:
- timeout: 5s
- connectionTimeout: 5s
-
- schedulers:
- inactivity:
- enabled: false
- cron: "0 0 0/2 ? * * *"
- startComputationalScheduler:
- enabled: true
- cron: "*/20 * * ? * * *"
- stopComputationalScheduler:
- enabled: true
- cron: "*/20 * * ? * * *"
- startExploratoryScheduler:
- enabled: true
- cron: "*/20 * * ? * * *"
- stopExploratoryScheduler:
- enabled: true
- cron: "*/20 * * ? * * *"
- terminateComputationalScheduler:
- enabled: true
- cron: "*/20 * * ? * * *"
- checkQuoteScheduler:
- enabled: true
- cron: "0 0 * ? * * *"
- checkUserQuoteScheduler:
- enabled: false
- cron: "0 0 * ? * * *"
- checkProjectQuoteScheduler:
- enabled: true
- cron: "0 * * ? * * *"
-
-
- guacamole:
- connectionProtocol: ssh
- serverPort: 4822
- port: 22
- username: dlab-user
-
- keycloakConfiguration:
- redirectUri: {{ .Values.ui.keycloak.redirect_uri }}
- realm: dlab
- bearer-only: true
- auth-server-url: ${KEYCLOAK_AUTH_URL}
- ssl-required: none
- register-node-at-startup: true
- register-node-period: 600
- resource: dlab-ui
- credentials:
- secret: ${KEYCLOAK_CLIENT_SECRET}
-
- jerseyClient:
- minThreads: 1
- maxThreads: 128
- workQueueSize: 8
- gzipEnabled: true
- gzipEnabledForRequests: false
- chunkedEncodingEnabled: true
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/deployment.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/deployment.yaml
deleted file mode 100644
index bd06092..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/deployment.yaml
+++ /dev/null
@@ -1,103 +0,0 @@
-{{- /*
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-*/ -}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "dlab-ui.fullname" . }}
- labels:
-{{ include "dlab-ui.labels" . | indent 4 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app.kubernetes.io/name: {{ include "dlab-ui.name" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- template:
- metadata:
- labels:
- app.kubernetes.io/name: {{ include "dlab-ui.name" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- spec:
- containers:
- - name: {{ .Chart.Name }}
- image: "{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}"
- imagePullPolicy: {{ .Values.ui.image.pullPolicy }}
- env:
- - name: MONGO_DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mongo-db-password
- key: password
- - name: SSN_KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: ssn-keystore-password
- key: password
- - name: KEYCLOAK_CLIENT_SECRET
- valueFrom:
- secretKeyRef:
- name: keycloak-client-secret
- key: client_secret
- - name: SSN_BUCKET_NAME
- value: {{ .Values.ui.bucketName }}
- - name: KEYCLOAK_AUTH_URL
- value: {{ .Values.ui.keycloak.auth_server_url }}
- ports:
- - name: http
- containerPort: 80
- protocol: TCP
- resources:
- {{- toYaml .Values.resources | nindent 12 }}
- volumeMounts:
- - name: ui-conf
- mountPath: /root/ssn.yml
- subPath: ssn
- readOnly: true
- - name: ui-conf
- mountPath: /root/self-service.yml
- subPath: self-service
- readOnly: true
- volumes:
- - name: ui-conf
- configMap:
- name: {{ include "dlab-ui.fullname" . }}-ui-conf
- defaultMode: 0644
- items:
- - key: ssn.yml
- path: ssn
- - key: self-service.yml
- path: self-service
-
- {{- with .Values.nodeSelector }}
- nodeSelector:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.affinity }}
- affinity:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.tolerations }}
- tolerations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/ingress.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/ingress.yaml
deleted file mode 100644
index d53fb5e..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/ingress.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-{{- /*
-# ******************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-*/ -}}
-
-{{- if .Values.ui.ingress.enabled -}}
-{{- $fullName := include "dlab-ui.fullname" . -}}
-{{ $servicePort := .Values.ui.service.http_port }}
-{{ $host := .Values.ui.ingress.host }}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
- name: {{ $fullName }}
- labels:
-{{ include "dlab-ui.labels" . | indent 4 }}
- annotations:
-{{- with .Values.ui.ingress.annotations }}
-{{ toYaml . | indent 4 }}
- {{- end }}
-spec:
-{{- if .Values.ui.ingress.tls }}
- tls:
- {{- range .Values.ui.ingress.tls }}
- - hosts:
- {{- range .hosts }}
- - {{ . | quote }}
- {{- end }}
- secretName: {{ .secretName }}
- {{- end }}
-{{- end }}
- rules:
- - host: {{ $host }}
- http:
- paths:
- - backend:
- serviceName: {{ $fullName }}
- servicePort: {{ $servicePort }}
- path: /
-{{- end }}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/service.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/service.yaml
deleted file mode 100644
index 87fb9a8..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/service.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-{{- /*
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-*/ -}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "dlab-ui.fullname" . }}
- labels:
-{{ include "dlab-ui.labels" . | indent 4 }}
-spec:
- type: {{ .Values.ui.service.type }}
- ports:
- - port: {{ .Values.ui.service.http_port }}
- targetPort: {{ .Values.ui.service.http_port }}
- protocol: TCP
- name: http
- - port: {{ .Values.ui.service.https_port }}
- targetPort: {{ .Values.ui.service.https_port }}
- nodePort: 30433
- protocol: TCP
- name: https
- selector:
- app.kubernetes.io/name: {{ include "dlab-ui.name" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml
deleted file mode 100644
index f385f01..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml
+++ /dev/null
@@ -1,62 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-# Default values for dlab-ui.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-labels: {}
-
-ui:
- service_base_name: ${service_base_name}
- os: ${os}
- bucketName: ${ssn_bucket_name}
- image:
- repository: epamdlab/ui
- tag: '0.1-aws'
- pullPolicy: Always
- service:
- type: NodePort
- # port: 58443
- http_port: 58080
- https_port: 58443
- ingress:
- enabled: true
- host: ${ssn_k8s_alb_dns_name}
- annotations:
- kubernetes.io/ingress.class: nginx
- nginx.ingress.kubernetes.io/ssl-redirect: "false"
-
- tls: []
- # - secretName: chart-example-tls
- # hosts:
- # - chart-example.local
- mongo:
- host: ${mongo_service_name}
- port: ${mongo_port}
- username: ${mongo_user}
- db_name: ${mongo_db_name}
- provisionService:
- host: ${provision_service_host}
- keycloak:
- auth_server_url: http://${ssn_k8s_alb_dns_name}/auth
- redirect_uri: http://${ssn_k8s_alb_dns_name}/
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
deleted file mode 100644
index 8d1c9da..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
+++ /dev/null
@@ -1,46 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-data "template_file" "dlab_ui_values" {
- template = file("./dlab-ui-chart/values.yaml")
- vars = {
- mongo_db_name = var.mongo_dbname
- mongo_user = var.mongo_db_username
- mongo_port = var.mongo_service_port
- mongo_service_name = var.mongo_service_name
- ssn_k8s_alb_dns_name = var.ssn_k8s_alb_dns_name
- ssn_bucket_name = var.ssn_bucket_name
- provision_service_host = var.endpoint_eip_address
- service_base_name = var.service_base_name
- os = var.env_os
- }
-}
-
-resource "helm_release" "dlab_ui" {
- name = "dlab-ui"
- chart = "./dlab-ui-chart"
- depends_on = [helm_release.mongodb, kubernetes_secret.mongo_db_password_secret]
- wait = true
-
- values = [
- data.template_file.dlab_ui_values.rendered
- ]
-}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
deleted file mode 100644
index a2540b9..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
+++ /dev/null
@@ -1,115 +0,0 @@
-#!/bin/bash
- # *****************************************************************************
- #
- # Licensed to the Apache Software Foundation (ASF) under one
- # or more contributor license agreements. See the NOTICE file
- # distributed with this work for additional information
- # regarding copyright ownership. The ASF licenses this file
- # to you under the Apache License, Version 2.0 (the
- # "License"); you may not use this file except in compliance
- # with the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing,
- # software distributed under the License is distributed on an
- # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- # KIND, either express or implied. See the License for the
- # specific language governing permissions and limitations
- # under the License.
- #
- # ******************************************************************************
-
- # 6 spaces needed as this file will be pasted in keycloak_values.yaml by Terraform
- set -x
- auth () {
- RUN=$(/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://127.0.0.1:8080/auth --realm master \
- --user ${keycloak_user} --password ${keycloak_password} > /dev/null && echo "true" || echo "false")
- }
- check_realm () {
- RUN=$(/opt/jboss/keycloak/bin/kcadm.sh get realms/dlab > /dev/null && echo "true" || echo "false")
- }
- configure_keycloak () {
- # Create Realm
- /opt/jboss/keycloak/bin/kcadm.sh create realms -s realm=dlab -s enabled=true -s loginTheme=dlab \
- -s sslRequired=none
- # Get realm ID
- dlab_realm_id=$(/opt/jboss/keycloak/bin/kcadm.sh get realms/dlab | /usr/bin/jq -r '.id')
- # Create user federation
- /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s name=dlab-ldap -s providerId=ldap \
- -s providerType=org.keycloak.storage.UserStorageProvider -s parentId=$dlab_realm_id -s 'config.priority=["1"]' \
- -s 'config.fullSyncPeriod=["-1"]' -s 'config.changedSyncPeriod=["-1"]' -s 'config.cachePolicy=["DEFAULT"]' \
- -s config.evictionDay=[] -s config.evictionHour=[] -s config.evictionMinute=[] -s config.maxLifespan=[] -s \
- 'config.batchSizeForSync=["1000"]' -s 'config.editMode=["READ_ONLY"]' -s 'config.syncRegistrations=["false"]' \
- -s 'config.vendor=["other"]' -s 'config.usernameLDAPAttribute=["${ldap_usernameAttr}"]' \
- -s 'config.rdnLDAPAttribute=["${ldap_rdnAttr}"]' -s 'config.uuidLDAPAttribute=["${ldap_uuidAttr}"]' \
- -s 'config.userObjectClasses=["inetOrgPerson, organizationalPerson"]' \
- -s 'config.connectionUrl=["ldap://${ldap_host}:389"]' -s 'config.usersDn=["${ldap_users_group},${ldap_dn}"]' \
- -s 'config.authType=["simple"]' -s 'config.bindDn=["${ldap_user},${ldap_dn}"]' \
- -s 'config.bindCredential=["${ldap_bind_creds}"]' -s 'config.searchScope=["1"]' \
- -s 'config.useTruststoreSpi=["ldapsOnly"]' -s 'config.connectionPooling=["true"]' \
- -s 'config.pagination=["true"]' --server http://127.0.0.1:8080/auth
- # Get user federation ID
- user_f_id=$(/opt/jboss/keycloak/bin/kcadm.sh get components -r dlab --query name=dlab-ldap | /usr/bin/jq -er '.[].id')
- # Create user federation email mapper
- /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s name=uid-attribute-to-email-mapper \
- -s providerId=user-attribute-ldap-mapper -s providerType=org.keycloak.storage.ldap.mappers.LDAPStorageMapper \
- -s parentId=$user_f_id -s 'config."user.model.attribute"=["email"]' \
- -s 'config."ldap.attribute"=["uid"]' -s 'config."read.only"=["false"]' \
- -s 'config."always.read.value.from.ldap"=["false"]' -s 'config."is.mandatory.in.ldap"=["false"]'
- # Create user federation group mapper
- /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s name=group_mapper -s providerId=group-ldap-mapper \
- -s providerType=org.keycloak.storage.ldap.mappers.LDAPStorageMapper -s parentId=$user_f_id \
- -s 'config."groups.dn"=["ou=Groups,${ldap_dn}"]' -s 'config."group.name.ldap.attribute"=["cn"]' \
- -s 'config."group.object.classes"=["posixGroup"]' -s 'config."preserve.group.inheritance"=["false"]' \
- -s 'config."membership.ldap.attribute"=["memberUid"]' -s 'config."membership.attribute.type"=["UID"]' \
- -s 'config."groups.ldap.filter"=[]' -s 'config.mode=["IMPORT"]' \
- -s 'config."user.roles.retrieve.strategy"=["LOAD_GROUPS_BY_MEMBER_ATTRIBUTE"]' \
- -s 'config."mapped.group.attributes"=[]' -s 'config."drop.non.existing.groups.during.sync"=["false"]'
- # Create client
- /opt/jboss/keycloak/bin/kcadm.sh create clients -r dlab -s clientId=dlab-ui -s enabled=true -s \
- 'redirectUris=["http://${ssn_k8s_alb_dns_name}/"]' -s secret=${keycloak_client_secret}
- # Get clint ID
- client_id=$(/opt/jboss/keycloak/bin/kcadm.sh get clients -r dlab --query clientId=dlab-ui | /usr/bin/jq -er '.[].id')
- # Create client mapper
- /opt/jboss/keycloak/bin/kcadm.sh create clients/$client_id/protocol-mappers/models \
- -r dlab -s name=group_mapper -s protocol=openid-connect -s protocolMapper="oidc-group-membership-mapper" \
- -s 'config."full.path"="false"' -s 'config."id.token.claim"="true"' -s 'config."access.token.claim"="true"' \
- -s 'config."claim.name"="groups"' -s 'config."userinfo.token.claim"="true"'
- }
- main_func () {
- hostname=$(hostname)
- # Authentication
- count=0
- if [[ $hostname != "keycloak-0" ]];
- then
- echo "Skipping startup script!"
- exit 0
- fi
- while auth
- do
- if [[ $RUN == "false" ]] && (( $count < 120 ));
- then
- echo "Waiting for Keycloak..."
- sleep 5
- count=$((count + 1))
- elif [[ $RUN == "true" ]];
- then
- echo "Authenticated!"
- break
- else
- echo "Timeout error!"
- exit 1
- fi
- done
- # Check if resource is already exist
- check_realm
- # Create resource if it isn't created
- if [[ $RUN == "false" ]];
- then
- configure_keycloak
- else
- echo "Realm is already exist!"
- fi
- }
- main_func &
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/css/login.css b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/css/login.css
deleted file mode 100644
index 8c24bca..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/css/login.css
+++ /dev/null
@@ -1,473 +0,0 @@
-.login-pf body {
- background: url("../img/login-background.png") no-repeat center center fixed;
- background-size: cover;
-}
-
-.alert-error {
- background-color: #ffffff;
- border-color: #cc0000;
- color: #333333;
-}
-
-#kc-locale ul {
- display: none;
- position: absolute;
- background-color: #fff;
- list-style: none;
- right: 0;
- top: 20px;
- min-width: 100px;
- padding: 2px 0;
- border: solid 1px #bbb;
-}
-
-#kc-locale:hover ul {
- display: block;
- margin: 0;
-}
-
-#kc-locale ul li a {
- display: block;
- padding: 5px 14px;
- color: #000 !important;
- text-decoration: none;
- line-height: 20px;
-}
-
-#kc-locale ul li a:hover {
- color: #4d5258;
- background-color: #d4edfa;
-}
-
-#kc-locale-dropdown a {
- color: #4d5258;
- background: 0 0;
- padding: 0 15px 0 0;
- font-weight: 300;
-}
-
-#kc-locale-dropdown a:hover {
- text-decoration: none;
-}
-
-a#kc-current-locale-link {
- display: block;
- padding: 0 5px;
-}
-
-a#kc-current-locale-link::after {
- content: "\2c5";
- margin-left: 4px;
-}
-
-.login-pf .container {
- padding-top: 40px;
-}
-
-.login-pf a:hover {
- color: #0099d3;
-}
-
-#kc-logo {
- width: 100%;
-}
-
-#kc-logo-wrapper {
- background-image: url(../img/keycloak-logo-2.png);
- background-repeat: no-repeat;
- background-size: contain;
- width: 340px;
- height: 240px;
- margin: 62px auto 0;
-}
-
-div.kc-logo-text {
- background-image: url(../img/logo.png);
- background-repeat: no-repeat;
- background-size: cover;
- height: 240px;
- width: 340px;
- margin: 0 auto;
-}
-
-div.kc-logo-text span {
- display: none;
-}
-
-#kc-header {
- color: #ededed;
- overflow: visible;
- white-space: nowrap;
-}
-
-#kc-header-wrapper {
- font-size: 29px;
- text-transform: uppercase;
- letter-spacing: 3px;
- line-height: 1.2em;
- padding-top: 50px;
- white-space: normal;
-}
-
-#kc-content {
- width: 100%;
-}
-
-#kc-info {
- padding-bottom: 200px;
- margin-bottom: -200px;
-}
-
-#kc-info-wrapper {
- font-size: 13px;
-}
-
-#kc-form-options span {
- display: block;
-}
-
-#kc-form-options .checkbox {
- margin-top: 0;
- color: #72767b;
-}
-
-#kc-terms-text {
- margin-bottom: 20px;
-}
-
-#kc-registration {
- margin-bottom: 15px;
-}
-
-/* TOTP */
-
-ol#kc-totp-settings {
- margin: 0;
- padding-left: 20px;
-}
-
-ul#kc-totp-supported-apps {
- margin-bottom: 10px;
-}
-
-#kc-totp-secret-qr-code {
- max-width: 150px;
- max-height: 150px;
-}
-
-#kc-totp-secret-key {
- background-color: #fff;
- color: #333333;
- font-size: 16px;
- padding: 10px 0;
-}
-
-/* OAuth */
-
-#kc-oauth h3 {
- margin-top: 0;
-}
-
-#kc-oauth ul {
- list-style: none;
- padding: 0;
- margin: 0;
-}
-
-#kc-oauth ul li {
- border-top: 1px solid rgba(255, 255, 255, 0.1);
- font-size: 12px;
- padding: 10px 0;
-}
-
-#kc-oauth ul li:first-of-type {
- border-top: 0;
-}
-
-#kc-oauth .kc-role {
- display: inline-block;
- width: 50%;
-}
-
-/* Code */
-#kc-code textarea {
- width: 100%;
- height: 8em;
-}
-
-/* Social */
-
-#kc-social-providers ul {
- padding: 0;
-}
-
-#kc-social-providers li {
- display: block;
-}
-
-#kc-social-providers li:first-of-type {
- margin-top: 0;
-}
-
-.zocial,
-a.zocial {
- width: 100%;
- font-weight: normal;
- font-size: 14px;
- text-shadow: none;
- border: 0;
- background: #f5f5f5;
- color: #72767b;
- border-radius: 0;
- white-space: normal;
-}
-
-.zocial:before {
- border-right: 0;
- margin-right: 0;
-}
-
-.zocial span:before {
- padding: 7px 10px;
- font-size: 14px;
-}
-
-.zocial:hover {
- background: #ededed !important;
-}
-
-.zocial.facebook,
-.zocial.github,
-.zocial.google,
-.zocial.microsoft,
-.zocial.stackoverflow,
-.zocial.linkedin,
-.zocial.twitter {
- background-image: none;
- border: 0;
-
- box-shadow: none;
- text-shadow: none;
-}
-
-/* Copy of zocial windows classes to be used for microsoft's social provider button */
-.zocial.microsoft:before {
- content: "\f15d";
-}
-
-.zocial.stackoverflow:before {
- color: inherit;
-}
-
-
-@media (min-width: 768px) {
- #kc-container-wrapper {
- position: absolute;
- width: 100%;
- }
-
- .login-pf .container {
- padding-right: 80px;
- }
-
- #kc-locale {
- position: relative;
- text-align: right;
- z-index: 9999;
- }
-}
-
-@media (max-width: 767px) {
-
- .login-pf body {
- background: white;
- }
-
- #kc-header {
- padding-left: 15px;
- padding-right: 15px;
- float: none;
- text-align: left;
- }
-
- #kc-header-wrapper {
- font-size: 16px;
- font-weight: bold;
- padding: 20px 60px 0 0;
- color: #72767b;
- letter-spacing: 0;
- }
-
- div.kc-logo-text {
- margin: 0;
- width: 150px;
- height: 32px;
- background-size: 100%;
- }
-
- #kc-form {
- float: none;
- }
-
- #kc-info-wrapper {
- border-top: 1px solid rgba(255, 255, 255, 0.1);
- margin-top: 15px;
- padding-top: 15px;
- padding-left: 0px;
- padding-right: 15px;
- }
-
- #kc-social-providers li {
- display: block;
- margin-right: 5px;
- }
-
- .login-pf .container {
- padding-top: 15px;
- padding-bottom: 15px;
- }
-
- #kc-locale {
- position: absolute;
- width: 200px;
- top: 20px;
- right: 20px;
- text-align: right;
- z-index: 9999;
- }
-
- #kc-logo-wrapper {
- background-size: 100px 21px;
- height: 21px;
- width: 100px;
- margin: 20px 0 0 20px;
- }
-
-}
-
-@media (min-height: 646px) {
- #kc-container-wrapper {
- bottom: 12%;
- }
-}
-
-@media (max-height: 645px) {
- #kc-container-wrapper {
- padding-top: 50px;
- top: 20%;
- }
-}
-
-.card-pf form.form-actions .btn {
- float: right;
- margin-left: 10px;
-}
-
-#kc-form-buttons {
- margin-top: 40px;
-}
-
-.login-pf-page .login-pf-brand {
- margin-top: 20px;
- max-width: 360px;
- width: 40%;
-}
-
-.card-pf {
- background: #fff;
- margin: 0 auto;
- padding: 0 20px;
- max-width: 500px;
- border-top: 0;
- box-shadow: 0 0 0;
-}
-
-/*tablet*/
-@media (max-width: 840px) {
- .login-pf-page .card-pf {
- max-width: none;
- margin-left: 20px;
- margin-right: 20px;
- padding: 20px 20px 30px 20px;
- }
-}
-
-@media (max-width: 767px) {
- .login-pf-page .card-pf {
- max-width: none;
- margin-left: 0;
- margin-right: 0;
- padding-top: 0;
- }
-
- .card-pf.login-pf-accounts {
- max-width: none;
- }
-}
-
-.login-pf-page .login-pf-signup {
- font-size: 15px;
- color: #72767b;
-}
-
-#kc-content-wrapper .row {
- margin-left: 0;
- margin-right: 0;
-}
-
-@media (min-width: 768px) {
- .login-pf-page .login-pf-social-section:first-of-type {
- padding-right: 39px;
- border-right: 1px solid #d1d1d1;
- margin-right: -1px;
- }
-
- .login-pf-page .login-pf-social-section:last-of-type {
- padding-left: 40px;
- }
-
- .login-pf-page .login-pf-social-section .login-pf-social-link:last-of-type {
- margin-bottom: 0;
- }
-}
-
-.login-pf-page .login-pf-social-link {
- margin-bottom: 25px;
-}
-
-.login-pf-page .login-pf-social-link a {
- padding: 2px 0;
-}
-
-.login-pf-page.login-pf-page-accounts {
- margin-left: auto;
- margin-right: auto;
-}
-
-.login-pf-page .btn-primary {
- margin-top: 0;
- height: 38px;
- background-color: #5bc0de;
- color: #fff;
- border-color: #46b8da;
- background-image: none;
-}
-
-.login-pf-page .form-control {
- width: 100%;
- height: 36px;
- padding: 0 10px;
- border: 1px solid #5bc0de;
- background: #fafafa;
- transition: border .1s ease-out;
- outline: 0;
-}
-
-.login-pf-page .control-label {
- font-size: 14px;
- font-weight: 400;
-}
-
-.login-pf-page .login-pf-header h1 {
- display: none;
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/favicon.ico b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/favicon.ico
deleted file mode 100644
index 2bb416d..0000000
Binary files a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/favicon.ico and /dev/null differ
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-error-arrow-down.png b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-error-arrow-down.png
deleted file mode 100644
index 6f2d9d2..0000000
Binary files a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-error-arrow-down.png and /dev/null differ
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-error-sign.png b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-error-sign.png
deleted file mode 100644
index 0dd5004..0000000
Binary files a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-error-sign.png and /dev/null differ
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-success-arrow-down.png b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-success-arrow-down.png
deleted file mode 100644
index 03cc0c4..0000000
Binary files a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-success-arrow-down.png and /dev/null differ
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-success-sign.png b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-success-sign.png
deleted file mode 100644
index 640bd71..0000000
Binary files a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-success-sign.png and /dev/null differ
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-warning-arrow-down.png b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-warning-arrow-down.png
deleted file mode 100644
index 6f2d9d2..0000000
Binary files a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-warning-arrow-down.png and /dev/null differ
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-warning-sign.png b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-warning-sign.png
deleted file mode 100644
index f9392a3..0000000
Binary files a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/feedback-warning-sign.png and /dev/null differ
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/keycloak-logo.png b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/keycloak-logo.png
deleted file mode 100644
index ffa5b0b..0000000
Binary files a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/keycloak-logo.png and /dev/null differ
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/login-background.png b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/login-background.png
deleted file mode 100644
index 7e1fdf2..0000000
Binary files a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/login-background.png and /dev/null differ
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/login-icons.png b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/login-icons.png
deleted file mode 100644
index f1a018b..0000000
Binary files a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/login-icons.png and /dev/null differ
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/logo.png b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/logo.png
deleted file mode 100644
index f6d7806..0000000
Binary files a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/resources/img/logo.png and /dev/null differ
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/theme.properties b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/theme.properties
deleted file mode 100644
index ed1c3c1..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/dlab/login/theme.properties
+++ /dev/null
@@ -1,69 +0,0 @@
-parent=base
-import=common/keycloak
-
-styles=node_modules/patternfly/dist/css/patternfly.css node_modules/patternfly/dist/css/patternfly-additions.css lib/zocial/zocial.css css/login.css
-meta=viewport==width=device-width,initial-scale=1
-
-kcHtmlClass=login-pf
-kcLoginClass=login-pf-page
-
-kcLogoLink=http://www.keycloak.org
-
-kcLogoClass=login-pf-brand
-
-kcContainerClass=container-fluid
-kcContentClass=col-sm-8 col-sm-offset-2 col-md-6 col-md-offset-3 col-lg-6 col-lg-offset-3
-kcContentWrapperClass=row
-
-kcHeaderClass=login-pf-page-header
-kcFeedbackAreaClass=col-md-12
-kcLocaleClass=col-xs-12 col-sm-1
-kcAlertIconClasserror=pficon pficon-error-circle-o
-
-kcFormAreaClass=col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-8 col-lg-offset-2
-kcFormCardClass=card-pf
-kcFormCardAccountClass=login-pf-accounts
-kcFormSocialAccountClass=login-pf-social-section
-kcFormSocialAccountContentClass=col-xs-12 col-sm-6
-kcFormSocialAccountListClass=login-pf-social list-unstyled login-pf-social-all
-kcFormSocialAccountDoubleListClass=login-pf-social-double-col
-kcFormSocialAccountListLinkClass=login-pf-social-link
-kcFormHeaderClass=login-pf-header
-
-kcFeedbackErrorIcon=pficon pficon-error-circle-o
-kcFeedbackWarningIcon=pficon pficon-warning-triangle-o
-kcFeedbackSuccessIcon=pficon pficon-ok
-kcFeedbackInfoIcon=pficon pficon-info
-
-
-kcFormClass=form-horizontal
-kcFormGroupClass=form-group
-kcFormGroupErrorClass=has-error
-kcLabelClass=control-label
-kcLabelWrapperClass=col-xs-12 col-sm-12 col-md-12 col-lg-12
-kcInputClass=form-control
-kcInputWrapperClass=col-xs-12 col-sm-12 col-md-12 col-lg-12
-kcFormOptionsClass=col-xs-12 col-sm-12 col-md-12 col-lg-12
-kcFormButtonsClass=col-xs-12 col-sm-12 col-md-12 col-lg-12
-kcFormSettingClass=login-pf-settings
-kcTextareaClass=form-control
-kcSignUpClass=login-pf-signup
-
-
-kcInfoAreaClass=col-xs-12 col-sm-4 col-md-4 col-lg-5 details
-
-##### css classes for form buttons
-# main class used for all buttons
-kcButtonClass=btn
-# classes defining priority of the button - primary or default (there is typically only one priority button for the form)
-kcButtonPrimaryClass=btn-primary
-kcButtonDefaultClass=btn-default
-# classes defining size of the button
-kcButtonLargeClass=btn-lg
-kcButtonBlockClass=btn-block
-
-##### css classes for input
-kcInputLargeClass=input-lg
-
-##### css classes for form accessability
-kcSrOnlyClass=sr-only
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml
deleted file mode 100644
index 2232784..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/keycloak_values.yaml
+++ /dev/null
@@ -1,74 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-keycloak:
- replicas: 1
- basepath: auth
- username: ${keycloak_user}
- password: "${keycloak_password}"
-
- persistence:
- dbVendor: mysql
- dbName: ${mysql_db_name}
- dbHost: keycloak-mysql
- dbPort: 3306
- dbUser: ${mysql_user}
- dbPassword: "${mysql_user_password}"
-
- service:
- type: NodePort
- nodePort: 31088
-
- ingress:
- enabled: true
- annotations:
- kubernetes.io/ingress.class: nginx
- nginx.ingress.kubernetes.io/ssl-redirect: "false"
- nginx.ingress.kubernetes.io/rewrite-target: /auth
- path: /auth
- hosts:
- - ${ssn_k8s_alb_dns_name}
-
- startupScripts:
- mystartup.sh: |
- ${configure_keycloak_file}
-
- extraInitContainers: |
- - name: theme-provider
- image: epamdlab/ui-theme:0.1
- imagePullPolicy: Always
- command:
- - sh
- args:
- - -c
- - |
- echo "Copying theme..."
- cp -R /dlab/* /theme
- volumeMounts:
- - name: theme
- mountPath: /theme
- extraVolumeMounts: |
- - name: theme
- mountPath: /opt/jboss/keycloak/themes/dlab
-
- extraVolumes: |
- - name: theme
- emptyDir: {}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/mongo_values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/mongo_values.yaml
deleted file mode 100644
index e4a95c7..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/mongo_values.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-replicaSet:
- enabled: true
-
-mongodbRootPassword: "${mongo_root_pwd}"
-mongodbUsername: ${mongo_db_username}
-mongodbDatabase: ${mongo_dbname}
-mongodbPassword: "${mongo_db_pwd}"
-
-image:
- tag: ${mongo_image_tag}
-
-persistence:
- enabled: false
-
-service:
- type: NodePort
- port: ${mongo_service_port}
- nodePort: ${mongo_node_port}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/mysql_keycloak_values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/mysql_keycloak_values.yaml
deleted file mode 100644
index 6d07125..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/mysql_keycloak_values.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-mysqlRootPassword: "${mysql_root_password}"
-mysqlUser: ${mysql_user}
-mysqlPassword: "${mysql_user_password}"
-mysqlDatabase: ${mysql_db_name}
-persistence:
- existingClaim: ${mysql_volume_claim}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/nginx_values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/nginx_values.yaml
deleted file mode 100644
index a4ac2f0..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/nginx_values.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-controller:
- service:
- nodePorts:
- http: 31080
- https: 31443
- type: NodePort
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
deleted file mode 100644
index 87e3c06..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
+++ /dev/null
@@ -1,70 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-data "template_file" "configure_keycloak" {
- template = file("./files/configure_keycloak.sh")
- vars = {
- ssn_k8s_alb_dns_name = var.ssn_k8s_alb_dns_name
- keycloak_user = var.keycloak_user
- keycloak_password = random_string.keycloak_password.result
- keycloak_client_secret = random_uuid.keycloak_client_secret.result
- ldap_usernameAttr = var.ldap_usernameAttr
- ldap_rdnAttr = var.ldap_rdnAttr
- ldap_uuidAttr = var.ldap_uuidAttr
- ldap_host = var.ldap_host
- ldap_users_group = var.ldap_users_group
- ldap_dn = var.ldap_dn
- ldap_user = var.ldap_user
- ldap_bind_creds = var.ldap_bind_creds
- }
-}
-
-data "template_file" "keycloak_values" {
- template = file("./files/keycloak_values.yaml")
- vars = {
- keycloak_user = var.keycloak_user
- keycloak_password = random_string.keycloak_password.result
- ssn_k8s_alb_dns_name = var.ssn_k8s_alb_dns_name
- configure_keycloak_file = data.template_file.configure_keycloak.rendered
- mysql_db_name = var.mysql_keycloak_db_name
- mysql_user = var.mysql_keycloak_user
- mysql_user_password = random_string.mysql_keycloak_user_password.result
- # replicas_count = var.ssn_k8s_workers_count > 3 ? 3 : var.ssn_k8s_workers_count
- }
-}
-
-data "helm_repository" "codecentric" {
- name = "codecentric"
- url = "https://codecentric.github.io/helm-charts"
-}
-
-resource "helm_release" "keycloak" {
- name = "keycloak"
- repository = data.helm_repository.codecentric.metadata.0.name
- chart = "codecentric/keycloak"
- wait = true
- timeout = 600
-
- values = [
- data.template_file.keycloak_values.rendered
- ]
- depends_on = [helm_release.keycloak-mysql, kubernetes_secret.keycloak_password_secret]
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/main.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/main.tf
deleted file mode 100644
index 5dc3b3b..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/main.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-provider "helm" {
- install_tiller = true
- namespace = "kube-system"
- service_account = "tiller"
- tiller_image = "gcr.io/kubernetes-helm/tiller:v2.14.1"
-}
-
-output "keycloak_client_secret" {
- value = random_uuid.keycloak_client_secret.result
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mongo.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mongo.tf
deleted file mode 100644
index 3eccb93..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mongo.tf
+++ /dev/null
@@ -1,44 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-data "template_file" "mongo_values" {
- template = file("./files/mongo_values.yaml")
- vars = {
- mongo_root_pwd = random_string.mongo_root_password.result
- mongo_db_username = var.mongo_db_username
- mongo_dbname = var.mongo_dbname
- mongo_db_pwd = random_string.mongo_db_password.result
- mongo_image_tag = var.mongo_image_tag
- mongo_service_port = var.mongo_service_port
- mongo_node_port = var.mongo_node_port
- }
-}
-
-resource "helm_release" "mongodb" {
- name = "mongo-ha"
- chart = "stable/mongodb"
- wait = true
- values = [
- data.template_file.mongo_values.rendered
- ]
- depends_on = [helm_release.nginx, kubernetes_secret.mongo_db_password_secret,
- kubernetes_secret.mongo_root_password_secret]
-}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mysql.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mysql.tf
deleted file mode 100644
index 3a34b6b..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mysql.tf
+++ /dev/null
@@ -1,75 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-data "template_file" "keycloak-mysql-values" {
- template = file("./files/mysql_keycloak_values.yaml")
- vars = {
- mysql_root_password = random_string.mysql_root_password.result
- mysql_user = var.mysql_keycloak_user
- mysql_user_password = random_string.mysql_keycloak_user_password.result
- mysql_db_name = var.mysql_keycloak_db_name
- mysql_volume_claim = kubernetes_persistent_volume_claim.mysql-keycloak-pvc.metadata.0.name
- }
-}
-
-resource "helm_release" "keycloak-mysql" {
- name = "keycloak-mysql"
- chart = "stable/mysql"
- wait = true
- values = [
- data.template_file.keycloak-mysql-values.rendered
- ]
- depends_on = [kubernetes_secret.mysql_root_password_secret, kubernetes_secret.mysql_keycloak_user_password_secret]
-}
-
-provider "kubernetes" {}
-
-resource "kubernetes_persistent_volume" "mysql-keycloak-pv" {
- metadata {
- name = "mysql-keycloak-pv"
- }
- spec {
- capacity = {
- storage = "8Gi"
- }
- access_modes = ["ReadWriteMany"]
- persistent_volume_source {
- host_path {
- path = "/home/dlab-user/keycloak-pv"
- }
- }
- }
-}
-
-resource "kubernetes_persistent_volume_claim" "mysql-keycloak-pvc" {
- metadata {
- name = "mysql-keycloak-pvc"
- }
- spec {
- access_modes = ["ReadWriteMany"]
- resources {
- requests = {
- storage = "5Gi"
- }
- }
- volume_name = kubernetes_persistent_volume.mysql-keycloak-pv.metadata.0.name
- }
-}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/nginx.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/nginx.tf
deleted file mode 100644
index 541b961..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/nginx.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-resource "helm_release" "nginx" {
- name = "nginx-ingress"
- chart = "stable/nginx-ingress"
- wait = true
-
- values = [
- file("files/nginx_values.yaml")
- ]
-}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
deleted file mode 100644
index 85d37af..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
+++ /dev/null
@@ -1,128 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-resource "random_uuid" "keycloak_client_secret" {}
-
-resource "kubernetes_secret" "keycloak_client_secret" {
- metadata {
- name = "keycloak-client-secret"
- }
-
- data = {
- client_secret = random_uuid.keycloak_client_secret.result
- }
-}
-
-resource "random_string" "keycloak_password" {
- length = 16
- special = false
-}
-
-
-resource "kubernetes_secret" "keycloak_password_secret" {
- metadata {
- name = "keycloak-password"
- }
-
- data = {
- password = random_string.keycloak_password.result
- }
-}
-
-resource "random_string" "mongo_root_password" {
- length = 16
- special = false
-}
-
-resource "kubernetes_secret" "mongo_root_password_secret" {
- metadata {
- name = "mongo-root-password"
- }
-
- data = {
- password = random_string.mongo_root_password.result
- }
-}
-
-resource "random_string" "mongo_db_password" {
- length = 16
- special = false
-}
-
-resource "kubernetes_secret" "mongo_db_password_secret" {
- metadata {
- name = "mongo-db-password"
- }
-
- data = {
- password = random_string.mongo_db_password.result
- }
-}
-
-resource "random_string" "mysql_root_password" {
- length = 16
- special = false
-}
-
-resource "kubernetes_secret" "mysql_root_password_secret" {
- metadata {
- name = "mysql-root-password"
- }
-
- data = {
- password = random_string.mysql_root_password.result
- }
-}
-
-resource "random_string" "mysql_keycloak_user_password" {
- length = 16
- special = false
-}
-
-resource "kubernetes_secret" "mysql_keycloak_user_password_secret" {
- metadata {
- name = "mysql-keycloak-user-password"
- }
-
- data = {
- password = random_string.mysql_keycloak_user_password.result
- }
-}
-
-resource "kubernetes_secret" "ssn_keystore_password" {
- metadata {
- name = "ssn-keystore-password"
- }
-
- data = {
- password = var.ssn_keystore_password
- }
-}
-
-resource "kubernetes_secret" "endpoint_keystore_password" {
- metadata {
- name = "endpoint-keystore-password"
- }
-
- data = {
- password = var.endpoint_keystore_password
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf
deleted file mode 100644
index 49e85b1..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf
+++ /dev/null
@@ -1,173 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "ssn_k8s_alb_dns_name" {
- default = ""
-}
-
-variable "keycloak_user" {
- default = "dlab-admin"
-}
-
-variable "mysql_keycloak_user" {
- default = "keycloak"
-}
-
-variable "mysql_keycloak_db_name" {
- default = "keycloak"
-}
-
-variable "ldap_usernameAttr" {
- default = "uid"
-}
-
-variable "ldap_rdnAttr" {
- default = "uid"
-}
-
-variable "ldap_uuidAttr" {
- default = "uid"
-}
-
-variable "ldap_users_group" {
- default = "ou=People"
-}
-
-variable "ldap_dn" {
- default = "dc=example,dc=com"
-}
-
-variable "ldap_user" {
- default = "cn=admin"
-}
-
-variable "ldap_bind_creds" {
- default = ""
-}
-
-variable "ldap_host" {
- default = ""
-}
-
-variable "mongo_db_username" {
- default = "admin"
-}
-
-variable "mongo_dbname" {
- default = "dlabdb"
-}
-
-variable "mongo_image_tag" {
- default = "4.0.10-debian-9-r13"
- description = "MongoDB Image tag"
-}
-
-variable "mongo_service_port" {
- default = "27017"
-}
-
-variable "mongo_node_port" {
- default = "31017"
-}
-
-variable "mongo_service_name" {
- default = "mongo-ha-mongodb"
-}
-
-variable "ssn_k8s_workers_count" {
- default = "2"
-}
-
-variable "ssn_keystore_password" {}
-
-variable "endpoint_keystore_password" {}
-
-variable "ssn_bucket_name" {}
-
-variable "endpoint_eip_address" {}
-
-variable "service_base_name" {}
-
-variable "tag_resource_id" {}
-
-variable "billing_bucket" {
- default = ""
-}
-
-variable "billing_bucket_path" {
- default = ""
-}
-
-variable "billing_aws_job_enabled" {
- default = "false"
-}
-
-variable "billing_aws_account_id" {
- default = ""
-}
-
-variable "billing_tag" {
- default = "dlab"
-}
-
-variable "billing_dlab_id" {
- default = "resource_tags_user_user_tag"
-}
-
-variable "billing_usage_date" {
- default = "line_item_usage_start_date"
-}
-
-variable "billing_product" {
- default = "product_product_name"
-}
-
-variable "billing_usage_type" {
- default = "line_item_usage_type"
-}
-
-variable "billing_usage" {
- default = "line_item_usage_amount"
-}
-
-variable "billing_cost" {
- default = "line_item_blended_cost"
-}
-
-variable "billing_resource_id" {
- default = "line_item_resource_id"
-}
-
-variable "billing_tags" {
- default = "line_item_operation,line_item_line_item_description"
-}
-
-variable "env_os" {
- default = "debian"
-}
-//variable "nginx_http_port" {
-// default = "31080"
-// description = "Sets the nodePort that maps to the Ingress' port 80"
-//}
-//variable "nginx_https_port" {
-// default = "31443"
-// description = "Sets the nodePort that maps to the Ingress' port 443"
-//}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/README.md b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/README.md
deleted file mode 100644
index d91e5e0..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/README.md
+++ /dev/null
@@ -1,25 +0,0 @@
-# Terraform module for deploying DLab SSN K8S cluster
-
-List of variables which should be provided:
-
-| Variable | Type | Description/Value |
-|--------------------------|--------|-----------------------------------------------------------------------------------------------------------|
-| access\_key\_id | string | **Required.** AWS Access Key ID. |
-| secret\_access\_key | string | **Required.** AWS Secret Access Key. |
-| service\_base\_name | string | Any infrastructure value (should be unique if multiple SSN’s have been deployed before). Default: dlab-k8s|
-| vpc\_id | string | ID of AWS VPC if you already have VPC created. |
-| vpc\_cidr | string | CIDR for VPC creation. Conflicts with _vpc\_id_. Default: 172.31.0.0/16 |
-| subnet\_id | string | ID of AWS Subnet if you already have subnet created. |
-| subnet\_cidr | string | CIDR for Subnet creation. Conflicts with _subnet\_id_. Default: 172.31.0.0/24 |
-| env\_os | string | OS type. Available options: debian, redhat. Default: debian |
-| ami | string | **Required.** ID of EC2 AMI. |
-| key\_name | string | **Required.** Name of EC2 Key pair. |
-| region | string | Name of AWS region. Default: us-west-2 |
-| zone | string | Name of AWS zone. Default: a |
-| ssn\_k8s\_masters\_count | int | Count of K8S masters. Default: 3 |
-| ssn\_k8s\_workers\_count | int | Count of K8S workers. Default: 2 |
-| ssn\_root\_volume\_size | int | Size of root volume in GB. Default: 30 |
-| allowed\_cidrs | list | CIDR to allow acces to SSN K8S cluster. Default: 0.0.0.0/0 |
-| ssn\_k8s\_masters\_shape | string | Shape for SSN K8S masters. Default: t2.medium |
-| ssn\_k8s\_workers\_shape | string | Shape for SSN K8S workers. Default: t2.medium |
-| os\_user | string | Name of DLab service user. Default: dlab-user |
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/auto_scaling_groups.tf b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/auto_scaling_groups.tf
deleted file mode 100644
index 4c428e3..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/auto_scaling_groups.tf
+++ /dev/null
@@ -1,183 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- subnet_c_id = data.aws_subnet.k8s-subnet-c-data == [] ? "" : data.aws_subnet.k8s-subnet-c-data.0.id
- ssn_k8s_launch_conf_masters_name = "${var.service_base_name}-ssn-launch-conf-masters"
- ssn_k8s_launch_conf_workers_name = "${var.service_base_name}-ssn-launch-conf-workers"
- ssn_k8s_ag_masters_name = "${var.service_base_name}-ssn-masters"
- ssn_k8s_ag_workers_name = "${var.service_base_name}-ssn-workers"
-}
-
-resource "random_string" "ssn_keystore_password" {
- length = 16
- special = false
-}
-
-resource "random_string" "endpoint_keystore_password" {
- length = 16
- special = false
-}
-
-data "template_file" "ssn_k8s_masters_user_data" {
- template = file("./files/masters-user-data.sh")
- vars = {
- k8s-asg = local.ssn_k8s_ag_masters_name
- k8s-region = var.region
- k8s-bucket-name = aws_s3_bucket.ssn_k8s_bucket.id
- k8s-nlb-dns-name = aws_lb.ssn_k8s_nlb.dns_name
- k8s-tg-arn = aws_lb_target_group.ssn_k8s_nlb_api_target_group.arn
- k8s_os_user = var.os_user
- ssn_keystore_password = random_string.ssn_keystore_password.result
- endpoint_keystore_password = random_string.endpoint_keystore_password.result
- endpoint_elastic_ip = aws_eip.k8s-endpoint-eip.public_ip
- kubernetes_version = var.kubernetes_version
- }
-}
-
-data "template_file" "ssn_k8s_workers_user_data" {
- template = file("./files/workers-user-data.sh")
- vars = {
- k8s-bucket-name = aws_s3_bucket.ssn_k8s_bucket.id
- k8s_os_user = var.os_user
- kubernetes_version = var.kubernetes_version
- }
-}
-
-resource "aws_launch_configuration" "ssn_k8s_launch_conf_masters" {
- name = local.ssn_k8s_launch_conf_masters_name
- image_id = var.ami
- instance_type = var.ssn_k8s_masters_shape
- key_name = var.key_name
- security_groups = [aws_security_group.ssn_k8s_sg.id]
- iam_instance_profile = aws_iam_instance_profile.k8s-profile.name
- root_block_device {
- volume_type = "gp2"
- volume_size = var.ssn_root_volume_size
- delete_on_termination = true
- }
-
- lifecycle {
- create_before_destroy = true
- }
- user_data = data.template_file.ssn_k8s_masters_user_data.rendered
-}
-
-resource "aws_launch_configuration" "ssn_k8s_launch_conf_workers" {
- name = local.ssn_k8s_launch_conf_workers_name
- image_id = var.ami
- instance_type = var.ssn_k8s_workers_shape
- key_name = var.key_name
- security_groups = [aws_security_group.ssn_k8s_sg.id]
- iam_instance_profile = aws_iam_instance_profile.k8s-profile.name
- root_block_device {
- volume_type = "gp2"
- volume_size = var.ssn_root_volume_size
- delete_on_termination = true
- }
-
- lifecycle {
- create_before_destroy = true
- }
- user_data = data.template_file.ssn_k8s_workers_user_data.rendered
-}
-
-resource "aws_autoscaling_group" "ssn_k8s_autoscaling_group_masters" {
- name = local.ssn_k8s_ag_masters_name
- launch_configuration = aws_launch_configuration.ssn_k8s_launch_conf_masters.name
- min_size = var.ssn_k8s_masters_count
- max_size = var.ssn_k8s_masters_count
- vpc_zone_identifier = compact([data.aws_subnet.k8s-subnet-a-data.id, data.aws_subnet.k8s-subnet-b-data.id,
- local.subnet_c_id])
- target_group_arns = [aws_lb_target_group.ssn_k8s_nlb_api_target_group.arn,
- aws_lb_target_group.ssn_k8s_nlb_ss_target_group.arn,
- aws_lb_target_group.ssn_k8s_alb_target_group.arn]
-
- lifecycle {
- create_before_destroy = true
- }
- tags = [
- {
- key = "Name"
- value = local.ssn_k8s_ag_masters_name
- propagate_at_launch = true
- },
- {
- key = local.additional_tag[0]
- value = local.additional_tag[1]
- propagate_at_launch = true
- },
- {
- key = var.tag_resource_id
- value = "${var.service_base_name}:${local.ssn_k8s_ag_masters_name}"
- propagate_at_launch = true
- },
- {
- key = "${var.service_base_name}-Tag"
- value = local.ssn_k8s_ag_masters_name
- propagate_at_launch = true
- }
- ]
-}
-
-resource "aws_autoscaling_group" "ssn_k8s_autoscaling_group_workers" {
- name = local.ssn_k8s_ag_workers_name
- launch_configuration = aws_launch_configuration.ssn_k8s_launch_conf_workers.name
- min_size = var.ssn_k8s_workers_count
- max_size = var.ssn_k8s_workers_count
- vpc_zone_identifier = compact([data.aws_subnet.k8s-subnet-a-data.id, data.aws_subnet.k8s-subnet-b-data.id,
- local.subnet_c_id])
-
- lifecycle {
- create_before_destroy = true
- }
- tags = [
- {
- key = "Name"
- value = local.ssn_k8s_ag_workers_name
- propagate_at_launch = true
- },
- {
- key = local.additional_tag[0]
- value = local.additional_tag[1]
- propagate_at_launch = true
- },
- {
- key = var.tag_resource_id
- value = "${var.service_base_name}:${local.ssn_k8s_ag_workers_name}"
- propagate_at_launch = true
- },
- {
- key = "${var.service_base_name}-Tag"
- value = local.ssn_k8s_ag_workers_name
- propagate_at_launch = true
- }
- ]
-}
-
-data "aws_instances" "ssn_k8s_masters_instances" {
- instance_tags = {
- Name = aws_autoscaling_group.ssn_k8s_autoscaling_group_masters.name
- }
-
- instance_state_names = ["running"]
- depends_on = [aws_autoscaling_group.ssn_k8s_autoscaling_group_masters]
-}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/assume-policy.json b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/assume-policy.json
deleted file mode 100644
index 680b6f8..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/assume-policy.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": {
- "Service": "ec2.amazonaws.com"
- },
- "Effect": "Allow",
- "Sid": ""
- }
- ]
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/masters-user-data.sh b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/masters-user-data.sh
deleted file mode 100644
index 40ab2be..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/masters-user-data.sh
+++ /dev/null
@@ -1,209 +0,0 @@
-#!/bin/bash
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-set -ex
-
-check_tokens () {
-RUN=$(aws s3 ls s3://${k8s-bucket-name}/k8s/masters/ > /dev/null && echo "true" || echo "false")
-sleep 5
-}
-
-check_elb_status () {
-RUN=$(aws elbv2 describe-target-health --target-group-arn ${k8s-tg-arn} --region ${k8s-region} | \
- jq -r '.TargetHealthDescriptions[].TargetHealth.State' | \
- grep "^healthy" > /dev/null && echo "true" || echo "false")
-sleep 5
-}
-
-# Creating DLab user
-sudo useradd -m -G sudo -s /bin/bash ${k8s_os_user}
-sudo bash -c 'echo "${k8s_os_user} ALL = NOPASSWD:ALL" >> /etc/sudoers'
-sudo mkdir /home/${k8s_os_user}/.ssh
-sudo bash -c 'cat /home/ubuntu/.ssh/authorized_keys > /home/${k8s_os_user}/.ssh/authorized_keys'
-sudo chown -R ${k8s_os_user}:${k8s_os_user} /home/${k8s_os_user}/
-sudo chmod 700 /home/${k8s_os_user}/.ssh
-sudo chmod 600 /home/${k8s_os_user}/.ssh/authorized_keys
-
-sudo apt-get update
-sudo apt-get install -y python-pip jq unzip
-sudo apt-get install -y default-jre
-sudo apt-get install -y default-jdk
-sudo pip install -U pip
-sudo pip install awscli
-
-local_ip=$(curl http://169.254.169.254/latest/meta-data/local-ipv4)
-first_master_ip=$(aws autoscaling describe-auto-scaling-instances --region ${k8s-region} --output text --query \
- "AutoScalingInstances[?AutoScalingGroupName=='${k8s-asg}'].InstanceId" | xargs -n1 aws ec2 \
- describe-instances --instance-ids $ID --region ${k8s-region} --query \
- "Reservations[].Instances[].PrivateIpAddress" --output text | sort | head -n1)
-
-# installing Docker
-sudo bash -c 'curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -'
-sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-sudo apt-get update
-sudo apt-get install -y docker-ce
-sudo systemctl enable docker
-# installing kubeadm, kubelet and kubectl
-sudo apt-get install -y apt-transport-https curl
-sudo bash -c 'curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -'
-sudo bash -c 'echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list'
-sudo apt-get update
-sudo apt-get install -y kubelet=${kubernetes_version} kubeadm=${kubernetes_version} kubectl=${kubernetes_version}
-
-check_tokens
-if [[ $local_ip == "$first_master_ip" ]] && [[ $RUN == "false" ]];then
-cat <<EOF > /tmp/kubeadm-config.yaml
-apiVersion: kubeadm.k8s.io/v1beta2
-kind: ClusterConfiguration
-kubernetesVersion: stable
-apiServerCertSANs:
- - ${k8s-nlb-dns-name}
-controlPlaneEndpoint: "${k8s-nlb-dns-name}:6443"
-EOF
-sudo kubeadm init --config=/tmp/kubeadm-config.yaml --upload-certs
-while check_elb_status
-do
- if [[ $RUN == "false" ]];
- then
- echo "Waiting for NLB healthy status..."
- else
- echo "LB status is healthy!"
- break
- fi
-done
-sudo mkdir -p /home/${k8s_os_user}/.kube
-sudo cp -i /etc/kubernetes/admin.conf /home/${k8s_os_user}/.kube/config
-sudo chown -R ${k8s_os_user}:${k8s_os_user} /home/${k8s_os_user}/.kube
-sudo kubeadm token create --print-join-command > /tmp/join_command
-sudo kubeadm init phase upload-certs --upload-certs | grep -v "upload-certs" > /tmp/cert_key
-sudo -i -u ${k8s_os_user} kubectl apply -f \
- "https://cloud.weave.works/k8s/net?k8s-version=$(sudo -i -u ${k8s_os_user} kubectl version | base64 | tr -d '\n')"
-sudo -i -u ${k8s_os_user} bash -c 'curl -L https://git.io/get_helm.sh | bash'
-cat <<EOF > /tmp/rbac-config.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: tiller
- namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: tiller
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
- - kind: ServiceAccount
- name: tiller
- namespace: kube-system
-EOF
-sudo -i -u ${k8s_os_user} kubectl create -f /tmp/rbac-config.yaml
-sudo -i -u ${k8s_os_user} helm init --service-account tiller --history-max 200
-# Generating Java SSL certs
-sudo mkdir -p /home/${k8s_os_user}/keys
-sudo keytool -genkeypair -alias dlab -keyalg RSA -validity 730 -storepass ${ssn_keystore_password} \
- -keypass ${ssn_keystore_password} -keystore /home/${k8s_os_user}/keys/ssn.keystore.jks \
- -keysize 2048 -dname "CN=${k8s-nlb-dns-name}" -ext SAN=dns:localhost,dns:${k8s-nlb-dns-name}
-sudo keytool -exportcert -alias dlab -storepass ${ssn_keystore_password} -file /home/${k8s_os_user}/keys/ssn.crt \
- -keystore /home/${k8s_os_user}/keys/ssn.keystore.jks
-
-aws s3 cp /home/${k8s_os_user}/keys/ssn.keystore.jks s3://${k8s-bucket-name}/dlab/certs/ssn/ssn.keystore.jks
-aws s3 cp /home/${k8s_os_user}/keys/ssn.crt s3://${k8s-bucket-name}/dlab/certs/ssn/ssn.crt
-
-sudo keytool -genkeypair -alias dlab -keyalg RSA -validity 730 -storepass ${endpoint_keystore_password} \
- -keypass ${endpoint_keystore_password} -keystore /home/${k8s_os_user}/keys/endpoint.keystore.jks \
- -keysize 2048 -dname "CN=${endpoint_elastic_ip}" -ext SAN=dns:localhost,dns:${endpoint_elastic_ip}
-sudo keytool -exportcert -alias dlab -storepass ${endpoint_keystore_password} -file /home/${k8s_os_user}/keys/endpoint.crt \
- -keystore /home/${k8s_os_user}/keys/endpoint.keystore.jks
-
-aws s3 cp /home/${k8s_os_user}/keys/endpoint.keystore.jks s3://${k8s-bucket-name}/dlab/certs/endpoint/endpoint.keystore.jks
-aws s3 cp /home/${k8s_os_user}/keys/endpoint.crt s3://${k8s-bucket-name}/dlab/certs/endpoint/endpoint.crt
-sleep 60
-aws s3 cp /tmp/join_command s3://${k8s-bucket-name}/k8s/masters/join_command
-aws s3 cp /tmp/cert_key s3://${k8s-bucket-name}/k8s/masters/cert_key
-sudo rm -f /tmp/join_command
-sudo rm -f /tmp/cert_key
-else
-while check_tokens
-do
- if [[ $RUN == "false" ]];
- then
- echo "Waiting for initial cluster initialization..."
- else
- echo "Initial cluster initialized!"
- break
- fi
-done
-aws s3 cp s3://${k8s-bucket-name}/k8s/masters/join_command /tmp/join_command
-aws s3 cp s3://${k8s-bucket-name}/k8s/masters/cert_key /tmp/cert_key
-join_command=$(cat /tmp/join_command)
-cert_key=$(cat /tmp/cert_key)
-sudo $join_command --control-plane --certificate-key "$cert_key"
-sudo mkdir -p /home/${k8s_os_user}/.kube
-sudo cp -i /etc/kubernetes/admin.conf /home/${k8s_os_user}/.kube/config
-sudo chown -R ${k8s_os_user}:${k8s_os_user} /home/${k8s_os_user}/.kube
-sudo -i -u ${k8s_os_user} bash -c 'curl -L https://git.io/get_helm.sh | bash'
-sudo -i -u ${k8s_os_user} helm init --client-only --history-max 200
-fi
-cat <<EOF > /tmp/update_files.sh
-#!/bin/bash
-sudo kubeadm token create --print-join-command > /tmp/join_command
-sudo kubeadm init phase upload-certs --upload-certs | grep -v "upload-certs" > /tmp/cert_key
-aws s3 cp /tmp/join_command s3://${k8s-bucket-name}/k8s/masters/join_command
-aws s3 cp /tmp/cert_key s3://${k8s-bucket-name}/k8s/masters/cert_key
-sudo rm -f /tmp/join_command
-sudo rm -f /tmp/cert_key
-EOF
-sudo mv /tmp/update_files.sh /usr/local/bin/update_files.sh
-sudo chmod 755 /usr/local/bin/update_files.sh
-sudo bash -c 'echo "0 0 * * * root /usr/local/bin/update_files.sh" >> /etc/crontab'
-
-#cat <<EOF > /tmp/remove-etcd-member.sh
-##!/bin/bash
-#hostname=\$(/bin/hostname)
-#not_ready_node=\$(/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl get nodes | grep NotReady | grep master | awk '{print \$1}')
-#if [[ \$not_ready_node != "" ]]; then
-#etcd_pod_name=\$(/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl get pods -n kube-system | /bin/grep etcd \
-# | /bin/grep "\$hostname" | /usr/bin/awk '{print \$1}')
-#etcd_member_id=\$(/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl -n kube-system exec -it \$etcd_pod_name \
-# -- /bin/sh -c "ETCDCTL_API=3 etcdctl member list --endpoints=https://[127.0.0.1]:2379 \
-# --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt \
-# --key=/etc/kubernetes/pki/etcd/healthcheck-client.key" | /bin/grep ", \$not_ready_node" | /usr/bin/awk -F',' '{print \$1}')
-#/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl -n kube-system exec -it \$etcd_pod_name \
-# -- /bin/sh -c "ETCDCTL_API=3 etcdctl member remove \$etcd_member_id --endpoints=https://[127.0.0.1]:2379 \
-# --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt \
-# --key=/etc/kubernetes/pki/etcd/healthcheck-client.key"
-#/usr/bin/sudo -i -u ${k8s_os_user} /usr/bin/kubectl delete node \$not_ready_node
-#
-#fi
-#
-#EOF
-# sudo mv /tmp/remove-etcd-member.sh /usr/local/bin/remove-etcd-member.sh
-# sudo chmod 755 /usr/local/bin/remove-etcd-member.sh
-# sleep 300
-# sudo bash -c 'echo "* * * * * root /usr/local/bin/remove-etcd-member.sh >> /var/log/cron_k8s.log 2>&1" >> /etc/crontab'
-sudo -i -u ${k8s_os_user} helm repo update
-wget https://releases.hashicorp.com/terraform/0.12.3/terraform_0.12.3_linux_amd64.zip -O /tmp/terraform_0.12.3_linux_amd64.zip
-unzip /tmp/terraform_0.12.3_linux_amd64.zip -d /tmp/
-sudo mv /tmp/terraform /usr/local/bin/
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/ssn-policy.json.tpl b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/ssn-policy.json.tpl
deleted file mode 100644
index d0d058a..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/ssn-policy.json.tpl
+++ /dev/null
@@ -1,40 +0,0 @@
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": [
- "s3:CreateBucket",
- "s3:ListAllMyBuckets",
- "s3:GetBucketLocation",
- "s3:GetBucketTagging",
- "s3:PutBucketTagging",
- "s3:PutBucketPolicy",
- "s3:GetBucketPolicy",
- "s3:DeleteBucket",
- "s3:DeleteObject",
- "s3:GetObject",
- "s3:ListBucket",
- "s3:PutObject",
- "s3:PutEncryptionConfiguration"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "autoscaling:DescribeAutoScalingInstances",
- "ec2:DescribeInstances",
- "elasticloadbalancing:DescribeTargetHealth"
- ],
- "Resource": "*"
- },
- {
- "Action": [
- "pricing:GetProducts"
- ],
- "Effect": "Allow",
- "Resource": "*"
- }
- ]
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/workers-user-data.sh b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/workers-user-data.sh
deleted file mode 100644
index 0864fcc..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/workers-user-data.sh
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/bash
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-set -e
-
-check_tokens () {
-RUN=$(aws s3 ls s3://${k8s-bucket-name}/k8s/masters/ > /dev/null && echo "true" || echo "false")
-sleep 5
-}
-
-# Creating DLab user
-sudo useradd -m -G sudo -s /bin/bash ${k8s_os_user}
-sudo bash -c 'echo "${k8s_os_user} ALL = NOPASSWD:ALL" >> /etc/sudoers'
-sudo mkdir /home/${k8s_os_user}/.ssh
-sudo bash -c 'cat /home/ubuntu/.ssh/authorized_keys > /home/${k8s_os_user}/.ssh/authorized_keys'
-sudo chown -R ${k8s_os_user}:${k8s_os_user} /home/${k8s_os_user}/
-sudo chmod 700 /home/${k8s_os_user}/.ssh
-sudo chmod 600 /home/${k8s_os_user}/.ssh/authorized_keys
-
-sudo apt-get update
-sudo apt-get install -y python-pip
-sudo pip install -U pip
-sudo pip install awscli
-
-# installing Docker
-sudo bash -c 'curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -'
-sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-sudo apt-get update
-sudo apt-get install -y docker-ce
-sudo systemctl enable docker
-# installing kubeadm, kubelet and kubectl
-sudo apt-get install -y apt-transport-https curl
-sudo bash -c 'curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -'
-sudo bash -c 'echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list'
-sudo apt-get update
-sudo apt-get install -y kubelet=${kubernetes_version} kubeadm=${kubernetes_version} kubectl=${kubernetes_version}
-while check_tokens
-do
- if [[ $RUN == "false" ]];
- then
- echo "Waiting for initial cluster initialization..."
- else
- echo "Initial cluster initialized!"
- break
- fi
-done
-aws s3 cp s3://${k8s-bucket-name}/k8s/masters/join_command /tmp/join_command
-join_command=$(cat /tmp/join_command)
-sudo $join_command
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/lb.tf b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/lb.tf
deleted file mode 100644
index 266340c..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/lb.tf
+++ /dev/null
@@ -1,129 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- ssn_nlb_name = "${var.service_base_name}-ssn-nlb"
- ssn_alb_name = "${var.service_base_name}-ssn-alb"
- ssn_k8s_nlb_api_tg_name = "${var.service_base_name}-ssn-nlb-api-tg"
- ssn_k8s_nlb_ss_tg_name = "${var.service_base_name}-ssn-nlb-ss-tg"
- ssn_k8s_alb_tg_name = "${var.service_base_name}-ssn-alb-tg"
-}
-
-resource "aws_lb" "ssn_k8s_nlb" {
- name = local.ssn_nlb_name
- load_balancer_type = "network"
- subnets = compact([data.aws_subnet.k8s-subnet-a-data.id, data.aws_subnet.k8s-subnet-b-data.id,
- local.subnet_c_id])
- tags = {
- Name = local.ssn_nlb_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_nlb_name}"
- "${var.service_base_name}-Tag" = local.ssn_nlb_name
- }
-}
-
-resource "aws_lb" "ssn_k8s_alb" {
- name = local.ssn_alb_name
- internal = false
- load_balancer_type = "application"
- security_groups = [aws_security_group.ssn_k8s_sg.id]
- subnets = compact([data.aws_subnet.k8s-subnet-a-data.id, data.aws_subnet.k8s-subnet-b-data.id,
- local.subnet_c_id])
-
- tags = {
- Name = local.ssn_alb_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_alb_name}"
- "${var.service_base_name}-Tag" = local.ssn_alb_name
- }
-}
-
-resource "aws_lb_target_group" "ssn_k8s_nlb_api_target_group" {
- name = local.ssn_k8s_nlb_api_tg_name
- port = 6443
- protocol = "TCP"
- vpc_id = data.aws_vpc.ssn_k8s_vpc_data.id
- tags = {
- Name = local.ssn_k8s_nlb_api_tg_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_k8s_nlb_api_tg_name}"
- "${var.service_base_name}-Tag" = local.ssn_k8s_nlb_api_tg_name
- }
-}
-
-resource "aws_lb_target_group" "ssn_k8s_nlb_ss_target_group" {
- name = local.ssn_k8s_nlb_ss_tg_name
- port = 30433
- protocol = "TCP"
- vpc_id = data.aws_vpc.ssn_k8s_vpc_data.id
- tags = {
- Name = local.ssn_k8s_nlb_ss_tg_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_k8s_nlb_ss_tg_name}"
- "${var.service_base_name}-Tag" = local.ssn_k8s_nlb_ss_tg_name
- }
-}
-
-resource "aws_lb_target_group" "ssn_k8s_alb_target_group" {
- name = local.ssn_k8s_alb_tg_name
- port = 31080
- protocol = "HTTP"
- vpc_id = data.aws_vpc.ssn_k8s_vpc_data.id
- tags = {
- Name = local.ssn_k8s_alb_tg_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_k8s_alb_tg_name}"
- "${var.service_base_name}-Tag" = local.ssn_k8s_alb_tg_name
- }
-}
-
-resource "aws_lb_listener" "ssn_k8s_alb_listener" {
- load_balancer_arn = aws_lb.ssn_k8s_alb.arn
- port = "80"
- protocol = "HTTP"
-
- default_action {
- type = "forward"
- target_group_arn = aws_lb_target_group.ssn_k8s_alb_target_group.arn
- }
-}
-
-resource "aws_lb_listener" "ssn_k8s_nlb_api_listener" {
- load_balancer_arn = aws_lb.ssn_k8s_nlb.arn
- port = "6443"
- protocol = "TCP"
-
- default_action {
- type = "forward"
- target_group_arn = aws_lb_target_group.ssn_k8s_nlb_api_target_group.arn
- }
-}
-
-resource "aws_lb_listener" "ssn_k8s_nlb_ss_listener" {
- load_balancer_arn = aws_lb.ssn_k8s_nlb.arn
- port = "8443"
- protocol = "TCP"
-
- default_action {
- type = "forward"
- target_group_arn = aws_lb_target_group.ssn_k8s_nlb_ss_target_group.arn
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/main.tf b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/main.tf
deleted file mode 100644
index 459190c..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/main.tf
+++ /dev/null
@@ -1,96 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-provider "aws" {
- region = var.region
- access_key = var.access_key_id
- secret_key = var.secret_access_key
-}
-
-output "ssn_k8s_alb_dns_name" {
- value = aws_lb.ssn_k8s_alb.dns_name
-}
-
-output "ssn_k8s_nlb_dns_name" {
- value = aws_lb.ssn_k8s_nlb.dns_name
-}
-
-output "ssn_k8s_masters_ip_addresses" {
- value = data.aws_instances.ssn_k8s_masters_instances.public_ips
- depends_on = [data.aws_instances.ssn_k8s_masters_instances]
-}
-
-output "ssn_bucket_name" {
- value = aws_s3_bucket.ssn_k8s_bucket.id
-}
-
-output "ssn_vpc_id" {
- value = data.aws_vpc.ssn_k8s_vpc_data.id
-}
-
-output "ssn_subnet" {
- # value = compact([data.aws_subnet.k8s-subnet-a-data.id, data.aws_subnet.k8s-subnet-b-data.id, local.subnet_c_id])
- value = data.aws_subnet.k8s-subnet-a-data.id
-}
-
-output "ssn_k8s_sg_id" {
- value = aws_security_group.ssn_k8s_sg.id
-}
-
-output "endpoint_eip_allocation_id" {
- value = aws_eip.k8s-endpoint-eip.id
-}
-
-output "endpoint_eip_address" {
- value = aws_eip.k8s-endpoint-eip.public_ip
-}
-
-output "ssn_keystore_password" {
- value = random_string.ssn_keystore_password.result
-}
-
-output "endpoint_keystore_password" {
- value = random_string.endpoint_keystore_password.result
-}
-
-output "region" {
- value = var.region
-}
-
-output "service_base_name" {
- value = var.service_base_name
-}
-
-output "env_os" {
- value = var.env_os
-}
-
-output "ssn_k8s_masters_shape" {
- value = var.ssn_k8s_masters_shape
-}
-
-output "zone" {
- value = var.zone
-}
-
-output "tag_resource_id" {
- value = var.tag_resource_id
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/role_policy.tf b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/role_policy.tf
deleted file mode 100644
index ed85b5d..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/role_policy.tf
+++ /dev/null
@@ -1,56 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- ssn_policy_name = "${var.service_base_name}-ssn-policy"
- ssn_role_name = "${var.service_base_name}-ssn-role"
-}
-
-data "template_file" "ssn_k8s_s3_policy" {
- template = file("./files/ssn-policy.json.tpl")
-}
-
-resource "aws_iam_policy" "ssn_k8s_policy" {
- name = local.ssn_policy_name
- description = "Policy for SSN K8S"
- policy = data.template_file.ssn_k8s_s3_policy.rendered
-}
-
-resource "aws_iam_role" "ssn_k8s_role" {
- name = local.ssn_role_name
- assume_role_policy = file("./files/assume-policy.json")
- tags = {
- Name = local.ssn_role_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_role_name}"
- "${var.service_base_name}-Tag" = local.ssn_role_name
- }
-}
-
-resource "aws_iam_role_policy_attachment" "ssn_k8s_policy_attachment" {
- role = aws_iam_role.ssn_k8s_role.name
- policy_arn = aws_iam_policy.ssn_k8s_policy.arn
-}
-
-resource "aws_iam_instance_profile" "k8s-profile" {
- name = "${var.service_base_name}-instance-profile"
- role = aws_iam_role.ssn_k8s_role.name
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/s3.tf b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/s3.tf
deleted file mode 100644
index 3026189..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/s3.tf
+++ /dev/null
@@ -1,50 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- ssn_s3_name = "${var.service_base_name}-ssn-bucket"
- ssn_s3_shared_name = "${var.service_base_name}-shared-bucket"
-}
-
-resource "aws_s3_bucket" "ssn_k8s_bucket" {
- bucket = local.ssn_s3_name
- acl = "private"
- tags = {
- Name = local.ssn_s3_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_s3_name}"
- "${var.service_base_name}-Tag" = local.ssn_s3_name
- }
- force_destroy = true
-}
-
-resource "aws_s3_bucket" "ssn_k8s_shared_bucket" {
- bucket = local.ssn_s3_shared_name
- acl = "private"
- tags = {
- Name = local.ssn_s3_shared_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_s3_shared_name}"
- "${var.service_base_name}-Tag" = local.ssn_s3_shared_name
- }
- force_destroy = true
-}
-
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/security_groups.tf b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/security_groups.tf
deleted file mode 100644
index 3f363a7..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/security_groups.tf
+++ /dev/null
@@ -1,85 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-//data "aws_eip" "ssn_k8s_lb_eip_a" {
-// id = aws_eip.k8s-lb-eip-a.id
-// depends_on = [aws_lb_listener.ssn_k8s_nlb_listener]
-//}
-//
-//data "aws_eip" "ssn_k8s_lb_eip_a" {
-// id = aws_eip.k8s-lb-eip-b.id # Need to be refactored
-// depends_on = [aws_lb_listener.ssn_k8s_nlb_listener]
-//}
-//
-//data "aws_eip" "ssn_k8s_lb_eip_a" {
-// id = aws_eip.k8s-lb-eip-a.id
-// depends_on = [aws_lb_listener.ssn_k8s_nlb_listener]
-//}
-
-locals {
- ssn_sg_name = "${var.service_base_name}-ssn-sg"
-}
-
-resource "aws_security_group" "ssn_k8s_sg" {
- name = local.ssn_sg_name
- description = "SG for SSN K8S cluster"
- vpc_id = data.aws_vpc.ssn_k8s_vpc_data.id
-
- ingress {
- from_port = 0
- to_port = 0
- protocol = -1
- cidr_blocks = [data.aws_vpc.ssn_k8s_vpc_data.cidr_block]
- }
- ingress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
- cidr_blocks = var.allowed_cidrs
- }
- ingress {
- from_port = 0
- to_port = 0
- protocol = -1
- cidr_blocks = ["0.0.0.0/0"]
- description = "Need to be changed in the future"
- }
-// ingress {
-// from_port = 0
-// to_port = 0 # Need to be refactored
-// protocol = -1
-// cidr_blocks = ["${data.aws_eip.ssn_k8s_lb_eip.public_ip}/32", "${data.aws_eip.ssn_k8s_lb_eip.private_ip}/32"]
-// }
-
- egress {
- from_port = 0
- protocol = -1
- to_port = 0
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- tags = {
- Name = local.ssn_sg_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_sg_name}"
- "${var.service_base_name}-Tag" = local.ssn_sg_name
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/variables.tf b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/variables.tf
deleted file mode 100644
index cba8220..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/variables.tf
+++ /dev/null
@@ -1,108 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-// AWS info
-variable "access_key_id" {
- default = ""
-}
-variable "secret_access_key" {
- default = ""
-}
-variable "region" {
- default = "us-west-2"
-}
-variable "zone" {
- default = "a"
-}
-
-// Common
-variable "env_os" {
- default = "debian"
-}
-variable "key_name" {
- default = "BDCC-DSS-POC"
-}
-variable "allowed_cidrs" {
- type = list
- default = ["0.0.0.0/0"]
-}
-variable "os_user" {
- default = "dlab-user"
-}
-
-variable "project_tag" {
- default = ""
-}
-
-variable "additional_tag" {
- default = "product:dlab"
-}
-
-variable "tag_resource_id" {
- default = "user:tag"
-}
-
-// SSN
-variable "service_base_name" {
- default = "dlab-k8s"
-}
-variable "vpc_id" {
- default = ""
-}
-variable "vpc_cidr" {
- default = "172.31.0.0/16"
-}
-variable "subnet_id_a" {
- default = ""
-}
-variable "subnet_id_b" {
- default = ""
-}
-variable "subnet_cidr_a" {
- default = "172.31.0.0/24"
-}
-variable "subnet_cidr_b" {
- default = "172.31.1.0/24"
-}
-variable "subnet_cidr_c" {
- default = "172.31.2.0/24"
-}
-variable "ami" {
- default = "ami-07b4f3c02c7f83d59"
-}
-variable "ssn_k8s_masters_count" {
- default = 3
-}
-variable "ssn_k8s_workers_count" {
- default = 2
-}
-variable "ssn_root_volume_size" {
- default = 30
-}
-variable "ssn_k8s_masters_shape" {
- default = "t2.medium"
-}
-variable "ssn_k8s_workers_shape" {
- default = "t2.medium"
-}
-variable "kubernetes_version" {
- default = "1.15.4-00"
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/vpc.tf b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/vpc.tf
deleted file mode 100644
index e768823..0000000
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/vpc.tf
+++ /dev/null
@@ -1,190 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- additional_tag = split(":", var.additional_tag)
- ssn_vpc_name = "${var.service_base_name}-ssn-vpc"
- ssn_igw_name = "${var.service_base_name}-ssn-igw"
- ssn_subnet_a_name = "${var.service_base_name}-ssn-subnet-az-a"
- ssn_subnet_b_name = "${var.service_base_name}-ssn-subnet-az-b"
- ssn_subnet_c_name = "${var.service_base_name}-ssn-subnet-az-c"
- endpoint_ip_name = "${var.service_base_name}-endpoint-eip"
- endpoint_rt_name = "${var.service_base_name}-endpoint-rt"
- endpoint_s3_name = "${var.service_base_name}-endpoint-s3"
-}
-
-resource "aws_vpc" "ssn_k8s_vpc" {
- count = var.vpc_id == "" ? 1 : 0
- cidr_block = var.vpc_cidr
- instance_tenancy = "default"
- enable_dns_hostnames = true
- enable_dns_support = true
-
- tags = {
- Name = local.ssn_vpc_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_vpc_name}"
- "${var.service_base_name}-Tag" = local.ssn_vpc_name
- }
-}
-
-resource "aws_internet_gateway" "ssn_k8s_igw" {
- count = var.vpc_id == "" ? 1 : 0
- vpc_id = aws_vpc.ssn_k8s_vpc.0.id
-
- tags = {
- Name = local.ssn_igw_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_igw_name}"
- "${var.service_base_name}-Tag" = local.ssn_igw_name
- }
-}
-
-resource "aws_route" "ssn_k8s_route" {
- count = var.vpc_id == "" ? 1 : 0
- route_table_id = aws_vpc.ssn_k8s_vpc.0.main_route_table_id
- destination_cidr_block = "0.0.0.0/0"
- gateway_id = aws_internet_gateway.ssn_k8s_igw.0.id
-}
-
-data "aws_vpc" "ssn_k8s_vpc_data" {
- id = var.vpc_id == "" ? aws_vpc.ssn_k8s_vpc.0.id : var.vpc_id
-}
-
-resource "aws_subnet" "ssn_k8s_subnet_a" {
- count = var.subnet_id_a == "" ? 1 : 0
- vpc_id = data.aws_vpc.ssn_k8s_vpc_data.id
- availability_zone = "${var.region}a"
- cidr_block = var.subnet_cidr_a
- map_public_ip_on_launch = true
-
- tags = {
- Name = local.ssn_subnet_a_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_subnet_a_name}"
- "${var.service_base_name}-Tag" = local.ssn_subnet_a_name
- }
-}
-
-resource "aws_subnet" "ssn_k8s_subnet_b" {
- count = var.subnet_id_b == "" ? 1 : 0
- vpc_id = data.aws_vpc.ssn_k8s_vpc_data.id
- availability_zone = "${var.region}b"
- cidr_block = var.subnet_cidr_b
- map_public_ip_on_launch = true
-
- tags = {
- Name = local.ssn_subnet_b_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_subnet_b_name}"
- "${var.service_base_name}-Tag" = local.ssn_subnet_b_name
- }
-}
-
-resource "aws_subnet" "ssn_k8s_subnet_c" {
- count = var.ssn_k8s_masters_count > 2 ? 1 : 0
- vpc_id = data.aws_vpc.ssn_k8s_vpc_data.id
- availability_zone = "${var.region}c"
- cidr_block = var.subnet_cidr_c
- map_public_ip_on_launch = true
-
- tags = {
- Name = local.ssn_subnet_c_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_subnet_c_name}"
- "${var.service_base_name}-Tag" = local.ssn_subnet_c_name
- }
-}
-
-data "aws_subnet" "k8s-subnet-a-data" {
- id = var.subnet_id_a == "" ? aws_subnet.ssn_k8s_subnet_a.0.id : var.subnet_id_a
-}
-
-data "aws_subnet" "k8s-subnet-b-data" {
- id = var.subnet_id_b == "" ? aws_subnet.ssn_k8s_subnet_b.0.id : var.subnet_id_b
-}
-
-data "aws_subnet" "k8s-subnet-c-data" {
- count = var.ssn_k8s_masters_count > 2 ? 1 : 0
- id = aws_subnet.ssn_k8s_subnet_c.0.id
-}
-
-resource "aws_eip" "k8s-endpoint-eip" {
- vpc = true
- tags = {
- Name = local.endpoint_ip_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_ip_name}"
- "${var.service_base_name}-Tag" = local.endpoint_ip_name
- }
-}
-
-resource "aws_route_table" "ssn-k8s-users-route-table" {
- vpc_id = data.aws_vpc.ssn_k8s_vpc_data.id
- tags = {
- Name = local.endpoint_rt_name
- "${var.service_base_name}-Tag" = var.service_base_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_rt_name}"
- }
-}
-
-resource "aws_vpc_endpoint" "ssn-k8s-users-s3-endpoint" {
- vpc_id = data.aws_vpc.ssn_k8s_vpc_data.id
- service_name = "com.amazonaws.${var.region}.s3"
- tags = {
- Name = local.endpoint_s3_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_s3_name}"
- "${var.service_base_name}-Tag" = local.endpoint_s3_name
- }
-}
-
-resource "aws_vpc_endpoint_route_table_association" "ssn-k8s-users-s3-route" {
- route_table_id = aws_route_table.ssn-k8s-users-route-table.id
- vpc_endpoint_id = aws_vpc_endpoint.ssn-k8s-users-s3-endpoint.id
-}
-
-//resource "aws_eip" "k8s-lb-eip-a" {
-// vpc = true
-// tags = {
-// Name = "${var.service_base_name}-ssn-eip-a"
-// }
-//}
-//
-//resource "aws_eip" "k8s-lb-eip-b" {
-// vpc = true
-// tags = {
-// Name = "${var.service_base_name}-ssn-eip-b"
-// }
-//}
-//
-//resource "aws_eip" "k8s-lb-eip-c" {
-// count = var.ssn_k8s_masters_count > 2 ? 1 : 0
-// vpc = true
-// tags = {
-// Name = "${var.service_base_name}-ssn-eip-c"
-// }
-//}
-//
-//data "aws_eip" "k8s-lb-eip-c-data" {
-// id = aws_eip.k8s-lb-eip-c.0.id
-//}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/computational_resources/main/main.tf b/infrastructure-provisioning/terraform/azure/computational_resources/main/main.tf
deleted file mode 100644
index 9ded494..0000000
--- a/infrastructure-provisioning/terraform/azure/computational_resources/main/main.tf
+++ /dev/null
@@ -1,72 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-provider "azurerm" {
- subscription_id = var.subscription_id
- client_id = var.client_id
- client_secret = var.client_secret
- tenant_id = var.tenant_id
-}
-
-module "notebook" {
- source = "../modules/notebook"
- sbn = var.service_base_name
- project_name = var.project_name
- project_tag = var.project_tag
- endpoint_tag = var.endpoint_tag
- user_tag = var.user_tag
- custom_tag = var.custom_tag
- os_env = var.os_env
- notebook_name = var.notebook_name
- region = var.region
- subnet_id = var.subnet_id
- nb-sg_id = var.nb-sg_id
- product = var.product_name
- ami = var.ami
- custom_ami = var.custom_ami
- instance_type = var.instance_type
- ssh_key = var.ssh_key
- initial_user = var.initial_user
- resource_group = var.resource_group
-}
-
-module "data_engine" {
- source = "../modules/data_engine"
- sbn = var.service_base_name
- project_name = var.project_name
- project_tag = var.project_tag
- endpoint_tag = var.endpoint_tag
- user_tag = var.user_tag
- custom_tag = var.custom_tag
- notebook_name = var.notebook_name
- region = var.region
- subnet_id = var.subnet_id
- nb-sg_id = var.nb-sg_id
- product = var.product_name
- ami = var.ami
- master_shape = var.master_shape
- slave_shape = var.slave_shape
- ssh_key = var.ssh_key
- initial_user = var.initial_user
- cluster_name = var.cluster_name
- slave_count = var.slave_count
- resource_group = var.resource_group
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/computational_resources/main/variables.tf b/infrastructure-provisioning/terraform/azure/computational_resources/main/variables.tf
deleted file mode 100644
index f82d9f7..0000000
--- a/infrastructure-provisioning/terraform/azure/computational_resources/main/variables.tf
+++ /dev/null
@@ -1,80 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "subscription_id" {}
-
-variable "client_id" {}
-
-variable "client_secret" {}
-
-variable "tenant_id" {}
-
-variable "service_base_name" {}
-
-variable "resource_group" {}
-
-variable "project_name" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "os_env" {}
-
-variable "notebook_name" {}
-
-variable "region" {}
-
-variable "product_name" {}
-
-variable "vpc_id" {}
-
-variable "subnet_id" {}
-
-variable "nb-sg_id" {}
-
-variable "cidr_range" {}
-
-variable "traefik_cidr" {}
-
-variable "ami" {}
-
-variable "custom_ami" {}
-
-variable "instance_type" {}
-
-variable "ssh_key" {}
-
-variable "initial_user" {}
-
-variable "cluster_name" {}
-
-variable "slave_count" {}
-
-variable "master_shape" {}
-
-variable "slave_shape" {}
-
-variable "source_instance_id" {}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/computational_resources/modules/data_engine/instance.tf b/infrastructure-provisioning/terraform/azure/computational_resources/modules/data_engine/instance.tf
deleted file mode 100644
index 470e474..0000000
--- a/infrastructure-provisioning/terraform/azure/computational_resources/modules/data_engine/instance.tf
+++ /dev/null
@@ -1,167 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- cluster_name = "${var.sbn}-de-${var.notebook_name}-${var.cluster_name}"
- notebook_name = "${var.sbn}-nb-${var.notebook_name}"
- nic = "${var.sbn}-de-${var.notebook_name}-${var.cluster_name}-nic"
-}
-
-resource "azurerm_network_interface" "master-nic" {
- name = "${local.nic}-m"
- location = var.region
- resource_group_name = var.resource_group
- network_security_group_id = var.nb-sg_id
-
- ip_configuration {
- name = "${local.nic}-m-IPconigurations"
- subnet_id = var.subnet_id
- private_ip_address_allocation = "Dynamic"
- }
-
- tags = {
- Name = "${local.nic}-m"
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_Tag = var.endpoint_tag
- Product = var.product
- SBN = var.sbn
- User_Tag = var.user_tag
- Custom_Tag = var.custom_tag
- }
-}
-
-resource "azurerm_virtual_machine" "master" {
- name = "${local.cluster_name}-m"
- location = var.region
- resource_group_name = var.resource_group
- network_interface_ids = ["${azurerm_network_interface.master-nic.id}"]
- vm_size = var.master_shape
-
- storage_os_disk {
- name = "${local.cluster_name}-m-disk0"
- caching = "ReadWrite"
- create_option = "FromImage"
- managed_disk_type = "Premium_LRS"
- }
-
- storage_image_reference {
- id = var.ami
- }
-
- os_profile {
- computer_name = "${local.cluster_name}-m"
- admin_username = var.initial_user
- }
-
- os_profile_linux_config {
- disable_password_authentication = true
- ssh_keys {
- path = "/home/${var.initial_user}/.ssh/authorized_keys"
- key_data = "${file("${var.ssh_key}")}"
- }
- }
-
- tags = {
- Name = "${local.cluster_name}-m"
- Type = "master"
- dataengine_notebook_name = local.notebook_name
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- User_tag = var.user_tag
- Endpoint_Tag = var.endpoint_tag
- SBN = var.sbn
- Custom_Tag = var.custom_tag
- }
-}
-
-
-resource "azurerm_network_interface" "slave-nic" {
- count = var.slave_count
- name = "${local.nic}-s-${count.index + 1}"
- location = var.region
- resource_group_name = var.resource_group
- network_security_group_id = var.nb-sg_id
-
- ip_configuration {
- name = "${local.nic}-s-${count.index + 1}-IPconigurations"
- subnet_id = var.subnet_id
- private_ip_address_allocation = "Dynamic"
- }
-
- tags = {
- Name = "${local.cluster_name}-s-${count.index + 1}"
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_Tag = var.endpoint_tag
- SBN = var.sbn
- Product = var.product
- User_Tag = var.user_tag
- Custom_Tag = var.custom_tag
- }
-}
-
-resource "azurerm_virtual_machine" "slave" {
- count = var.slave_count
- name = "${local.cluster_name}-s-${count.index + 1}"
- location = var.region
- resource_group_name = var.resource_group
- network_interface_ids = ["${azurerm_network_interface.slave-nic[count.index].id}"]
- vm_size = var.slave_shape
-
- storage_os_disk {
- name = "${local.notebook_name}-s-${count.index + 1}-disk0"
- caching = "ReadWrite"
- create_option = "FromImage"
- managed_disk_type = "Premium_LRS"
- }
-
- storage_image_reference {
- id = var.ami
- }
-
- os_profile {
- computer_name = "${local.cluster_name}-s-${count.index + 1}"
- admin_username = var.initial_user
- }
-
- os_profile_linux_config {
- disable_password_authentication = true
- ssh_keys {
- path = "/home/${var.initial_user}/.ssh/authorized_keys"
- key_data = "${file("${var.ssh_key}")}"
- }
- }
-
- tags = {
- Name = "${local.cluster_name}-s-${count.index + 1}"
- Type = "slave"
- dataengine_notebook_name = local.notebook_name
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- User_tag = var.user_tag
- Endpoint_Tag = var.endpoint_tag
- SBN = var.sbn
- Custom_Tag = var.custom_tag
- }
-}
diff --git a/infrastructure-provisioning/terraform/azure/computational_resources/modules/data_engine/variables.tf b/infrastructure-provisioning/terraform/azure/computational_resources/modules/data_engine/variables.tf
deleted file mode 100644
index e18e812..0000000
--- a/infrastructure-provisioning/terraform/azure/computational_resources/modules/data_engine/variables.tf
+++ /dev/null
@@ -1,58 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "project_name" {}
-
-variable "sbn" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "notebook_name" {}
-
-variable "region" {}
-
-variable "product" {}
-
-variable "ami" {}
-
-variable "master_shape" {}
-
-variable "slave_shape" {}
-
-variable "ssh_key" {}
-
-variable "initial_user" {}
-
-variable "subnet_id" {}
-
-variable "nb-sg_id" {}
-
-variable "cluster_name" {}
-
-variable "slave_count" {}
-
-variable "resource_group" {}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/computational_resources/modules/notebook/instance.tf b/infrastructure-provisioning/terraform/azure/computational_resources/modules/notebook/instance.tf
deleted file mode 100644
index 0283038..0000000
--- a/infrastructure-provisioning/terraform/azure/computational_resources/modules/notebook/instance.tf
+++ /dev/null
@@ -1,143 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- node_name = "${var.sbn}-nb-${var.notebook_name}"
- nic = "${var.sbn}-nb-${var.notebook_name}-nic"
-}
-
-resource "azurerm_network_interface" "nic" {
- name = local.nic
- location = var.region
- resource_group_name = var.resource_group
- network_security_group_id = var.nb-sg_id
-
- ip_configuration {
- name = "${local.nic}-IPconigurations"
- subnet_id = var.subnet_id
- private_ip_address_allocation = "dynamic"
- }
-
- tags = {
- Exploratory = var.notebook_name
- SBN = var.sbn
- Name = local.node_name
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_Tag = var.endpoint_tag
- Product = var.product
- User_Tag = var.user_tag
- Custom_Tag = var.custom_tag
- }
-}
-
-resource "azurerm_virtual_machine" "instance" {
- count = var.custom_ami == true ? 0 : 1
- name = local.node_name
- location = var.region
- resource_group_name = var.resource_group
- network_interface_ids = ["${azurerm_network_interface.nic.id}"]
- vm_size = var.instance_type
-
- storage_os_disk {
- name = "${local.node_name}-disk0"
- caching = "ReadWrite"
- create_option = "FromImage"
- managed_disk_type = "Premium_LRS"
- }
-
- storage_image_reference {
- publisher = var.ami_publisher[var.os_env]
- offer = var.ami_offer[var.os_env]
- sku = var.ami_sku[var.os_env]
- version = var.ami_version[var.os_env]
- }
-
- os_profile {
- computer_name = local.node_name
- admin_username = var.initial_user
- }
-
- os_profile_linux_config {
- disable_password_authentication = true
- ssh_keys {
- path = "/home/${var.initial_user}/.ssh/authorized_keys"
- key_data = "${file("${var.ssh_key}")}"
- }
- }
-
- tags = {
- Exploratory = var.notebook_name
- SBN = var.sbn
- Name = local.node_name
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_Tag = var.endpoint_tag
- Product = var.product
- User_Tag = var.user_tag
- Custom_Tag = var.custom_tag
- }
-}
-
-resource "azurerm_virtual_machine" "instance_custom" {
- count = var.custom_ami == true ? 1 : 0
- name = local.node_name
- location = var.region
- resource_group_name = var.resource_group
- network_interface_ids = ["${azurerm_network_interface.nic.id}"]
- vm_size = var.instance_type
-
- storage_os_disk {
- name = "${local.node_name}-disk0"
- caching = "ReadWrite"
- create_option = "FromImage"
- managed_disk_type = "Premium_LRS"
- }
-
- storage_image_reference {
- id = var.ami
- }
-
- os_profile {
- computer_name = local.node_name
- admin_username = var.initial_user
- }
-
- os_profile_linux_config {
- disable_password_authentication = true
- ssh_keys {
- path = "/home/${var.initial_user}/.ssh/authorized_keys"
- key_data = "${file("${var.ssh_key}")}"
- }
- }
-
- tags = {
- Exploratory = var.notebook_name
- SBN = var.sbn
- Name = local.node_name
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_Tag = var.endpoint_tag
- Product = var.product
- User_Tag = var.user_tag
- Custom_Tag = var.custom_tag
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/computational_resources/modules/notebook/variables.tf b/infrastructure-provisioning/terraform/azure/computational_resources/modules/notebook/variables.tf
deleted file mode 100644
index 547dce0..0000000
--- a/infrastructure-provisioning/terraform/azure/computational_resources/modules/notebook/variables.tf
+++ /dev/null
@@ -1,92 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "project_name" {}
-
-variable "sbn" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "notebook_name" {}
-
-variable "region" {}
-
-variable "product" {}
-
-variable "ami" {}
-
-variable "instance_type" {}
-
-variable "ssh_key" {}
-
-variable "initial_user" {}
-
-variable "subnet_id" {}
-
-variable "nb-sg_id" {}
-
-variable "resource_group" {}
-
-variable "ami_publisher" {
- type = "map"
- default = {
- debian = "Canonical"
- redhat = "RedHat"
- custom = ""
- }
-}
-
-variable "ami_offer" {
- type = "map"
- default = {
- debian = "UbuntuServer"
- redhat = "RHEL"
- custom = ""
- }
-}
-
-variable "ami_sku" {
- type = "map"
- default = {
- debian = "16.04-LTS"
- redhat = "7.3"
- custom = ""
- }
-}
-
-variable "ami_version" {
- type = "map"
- default = {
- debian = "16.04.201907290"
- redhat = "7.3.2017090800"
- custom = ""
- }
-}
-
-variable "custom_ami" {}
-
-variable "os_env" {}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/project/main/instance.tf b/infrastructure-provisioning/terraform/azure/project/main/instance.tf
deleted file mode 100644
index d7ec3aa..0000000
--- a/infrastructure-provisioning/terraform/azure/project/main/instance.tf
+++ /dev/null
@@ -1,98 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- node_name = "${var.service_base_name}-${var.project_tag}-edge"
- nic = "${var.service_base_name}-${var.project_tag}-edge-nic"
-}
-
-resource "azurerm_network_interface" "nic" {
- name = local.nic
- location = var.region
- resource_group_name = var.resource_group
- network_security_group_id = azurerm_network_security_group.edge_sg.id
-
- ip_configuration {
- name = "${local.nic}-IPconigurations"
- subnet_id = var.subnet_id
- #private_ip_address_allocation = "Dynamic"
- private_ip_address_allocation = "Static"
- private_ip_address = var.edge_private_ip
- public_ip_address_id = azurerm_public_ip.edge_ip.id
- }
-
- tags = {
- SBN = var.service_base_name
- Name = local.node_name
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_Tag = var.endpoint_tag
- Product = var.product
- User_Tag = var.user_tag
- Custom_Tag = var.custom_tag
- }
-}
-
-resource "azurerm_virtual_machine" "instance" {
- name = local.node_name
- location = var.region
- resource_group_name = var.resource_group
- network_interface_ids = [azurerm_network_interface.nic.id]
- vm_size = var.instance_type
-
- storage_os_disk {
- name = "${local.node_name}-disk0"
- caching = "ReadWrite"
- create_option = "FromImage"
- managed_disk_type = "Premium_LRS"
- }
-
- storage_image_reference {
- publisher = var.ami_publisher[var.os_env]
- offer = var.ami_offer[var.os_env]
- sku = var.ami_sku[var.os_env]
- version = var.ami_version[var.os_env]
- }
-
- os_profile {
- computer_name = local.node_name
- admin_username = var.initial_user
- }
-
- os_profile_linux_config {
- disable_password_authentication = true
- ssh_keys {
- path = "/home/${var.initial_user}/.ssh/authorized_keys"
- key_data = "${file("${var.ssh_key}")}"
- }
- }
-
- tags = {
- SBN = var.service_base_name
- Name = local.node_name
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_Tag = var.endpoint_tag
- Product = var.product
- User_Tag = var.user_tag
- Custom_Tag = var.custom_tag
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/project/main/main.tf b/infrastructure-provisioning/terraform/azure/project/main/main.tf
deleted file mode 100644
index 249c945..0000000
--- a/infrastructure-provisioning/terraform/azure/project/main/main.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-provider "azurerm" {
- subscription_id = var.subscription_id
- client_id = var.client_id
- client_secret = var.client_secret
- tenant_id = var.tenant_id
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/project/main/network.tf b/infrastructure-provisioning/terraform/azure/project/main/network.tf
deleted file mode 100644
index e1a93b1..0000000
--- a/infrastructure-provisioning/terraform/azure/project/main/network.tf
+++ /dev/null
@@ -1,442 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- edge_sg_name = "${var.service_base_name}-${var.project_tag}-edge-sg"
- edge_ip_name = "${var.service_base_name}-${var.project_tag}-edge-ip"
- ps_subnet_name = "${var.service_base_name}-${var.project_tag}-ps-subnet"
- ps_sg_name = "${var.service_base_name}-${var.project_tag}-ps-sg"
-}
-
-#################
-### Edge node ###
-#################
-
-resource "azurerm_public_ip" "edge_ip" {
- location = var.region
- name = local.edge_ip_name
- resource_group_name = var.resource_group
- allocation_method = "Static"
- tags = {
- SBN = var.service_base_name
- Name = local.edge_ip_name
- Project_tag = var.project_tag
- Endpoint_Tag = var.endpoint_tag
- Product = var.product
- User_Tag = var.user_tag
- Custom_Tag = var.custom_tag
- }
-}
-
-resource "azurerm_network_security_group" "edge_sg" {
- name = local.edge_sg_name
- location = var.region
- resource_group_name = var.resource_group
-
- security_rule {
- name = "in-1"
- priority = 100
- direction = "Inbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "${var.ps_cidr}"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "in-2"
- priority = 110
- direction = "Inbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "22"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "in-3"
- priority = 120
- direction = "Inbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "3128"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "in-4"
- priority = 130
- direction = "Inbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "80"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-1"
- priority = 100
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "22"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-2"
- priority = 110
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "8888"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-3"
- priority = 120
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "8080"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-4"
- priority = 130
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "8787"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-5"
- priority = 140
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "6006"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-6"
- priority = 150
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "20888"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-7"
- priority = 160
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "8088"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-8"
- priority = 170
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "18080"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-9"
- priority = 180
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "50070"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-10"
- priority = 190
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "8085"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-11"
- priority = 200
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "8081"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-12"
- priority = 210
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "4040-4140"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-13"
- priority = 220
- direction = "Outbound"
- access = "Allow"
- protocol = "UDP"
- source_port_range = "*"
- destination_port_range = "53"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-14"
- priority = 230
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "80"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-15"
- priority = 240
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "443"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-16"
- priority = 250
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "389"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-17"
- priority = 260
- direction = "Outbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "8042"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-18"
- priority = 270
- direction = "Outbound"
- access = "Allow"
- protocol = "UDP"
- source_port_range = "*"
- destination_port_range = "123"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-19"
- priority = 280
- direction = "Outbound"
- access = "Deny"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-}
-
-############################################################
-### Explotratory environment and computational resources ###
-############################################################
-
-
-resource "azurerm_subnet" "ps_subnet" {
- name = local.ps_subnet_name
- resource_group_name = var.resource_group
- virtual_network_name = var.vpc_id
- address_prefix = var.ps_cidr
-}
-
-resource "azurerm_network_security_group" "ps_sg" {
- name = local.ps_sg_name
- location = var.region
- resource_group_name = var.resource_group
-
- security_rule {
- name = "in-1"
- priority = 100
- direction = "Inbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "${var.ps_cidr}"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "in-2"
- priority = 110
- direction = "Inbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "${var.edge_cidr}"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "in-3"
- priority = 200
- direction = "Inbound"
- access = "Deny"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-1"
- priority = 100
- direction = "Outbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-2"
- priority = 110
- direction = "Outbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "${var.edge_cidr}"
- }
-
- security_rule {
- name = "out-3"
- priority = 120
- direction = "Outbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "443"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-4"
- priority = 200
- direction = "Outbound"
- access = "Deny"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- tags = {
- Name = local.ps_subnet_name
- SBN = var.service_base_name
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/project/main/variables.tf b/infrastructure-provisioning/terraform/azure/project/main/variables.tf
deleted file mode 100644
index e3395fd..0000000
--- a/infrastructure-provisioning/terraform/azure/project/main/variables.tf
+++ /dev/null
@@ -1,100 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "subscription_id" {}
-
-variable "client_id" {}
-
-variable "client_secret" {}
-
-variable "tenant_id" {}
-
-variable "service_base_name" {}
-
-variable "resource_group" {}
-
-variable "project_name" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "os_env" {}
-
-variable "region" {}
-
-variable "product" {}
-
-variable "vpc_id" {}
-
-variable "subnet_id" {}
-
-variable "ps_cidr" {}
-
-variable "edge_cidr" {}
-
-variable "edge_private_ip" {}
-
-variable "instance_type" {}
-
-variable "ssh_key" {}
-
-variable "initial_user" {}
-
-variable "ami_publisher" {
- type = "map"
- default = {
- debian = "Canonical"
- redhat = "RedHat"
- custom = ""
- }
-}
-
-variable "ami_offer" {
- type = "map"
- default = {
- debian = "UbuntuServer"
- redhat = "RHEL"
- custom = ""
- }
-}
-
-variable "ami_sku" {
- type = "map"
- default = {
- debian = "16.04-LTS"
- redhat = "7.3"
- custom = ""
- }
-}
-
-variable "ami_version" {
- type = "map"
- default = {
- debian = "16.04.201907290"
- redhat = "7.3.2017090800"
- custom = ""
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/bin/deploy/__init__.py b/infrastructure-provisioning/terraform/bin/deploy/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/infrastructure-provisioning/terraform/bin/deploy/daemon.json b/infrastructure-provisioning/terraform/bin/deploy/daemon.json
deleted file mode 100644
index b99eac2..0000000
--- a/infrastructure-provisioning/terraform/bin/deploy/daemon.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- DNS_IP_RESOLVE
- "insecure-registries": ["REPOSITORY"],
- "disable-legacy-registry": true
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py b/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py
deleted file mode 100644
index 5359851..0000000
--- a/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py
+++ /dev/null
@@ -1,680 +0,0 @@
-from fabric import Connection
-from patchwork.files import exists
-import logging
-import argparse
-import sys
-import traceback
-import time
-import string
-import random
-
-conn = None
-args = None
-java_home = None
-
-
-def create_user():
- initial_user = 'ubuntu'
- sudo_group = 'sudo'
- with Connection(host=args.hostname, user=initial_user,
- connect_kwargs={'key_filename': args.pkey}) as conn:
- try:
- if not exists(conn,
- '/home/{}/.ssh_user_ensured'.format(initial_user)):
- conn.sudo('useradd -m -G {1} -s /bin/bash {0}'
- .format(args.os_user, sudo_group))
- conn.sudo(
- 'bash -c \'echo "{} ALL = NOPASSWD:ALL" >> /etc/sudoers\''.format(args.os_user, initial_user))
- conn.sudo('mkdir /home/{}/.ssh'.format(args.os_user))
- conn.sudo('chown -R {0}:{0} /home/{1}/.ssh/'
- .format(initial_user, args.os_user))
- conn.sudo('cat /home/{0}/.ssh/authorized_keys > '
- '/home/{1}/.ssh/authorized_keys'
- .format(initial_user, args.os_user))
- conn.sudo(
- 'chown -R {0}:{0} /home/{0}/.ssh/'.format(args.os_user))
- conn.sudo('chmod 700 /home/{0}/.ssh'.format(args.os_user))
- conn.sudo('chmod 600 /home/{0}/.ssh/authorized_keys'
- .format(args.os_user))
- conn.sudo(
- 'touch /home/{}/.ssh_user_ensured'.format(initial_user))
- except Exception as err:
- logging.error('Failed to create new os_user: ', str(err))
- sys.exit(1)
-
-
-def copy_keys():
- try:
- conn.put(args.pkey, '/home/{0}/keys/'.format(args.os_user))
- conn.sudo('chown -R {0}:{0} /home/{0}/keys'.format(args.os_user))
- except Exception as err:
- logging.error('Failed to copy admin key: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def ensure_dir_endpoint():
- try:
- if not exists(conn, '/home/{}/.ensure_dir'.format(args.os_user)):
- conn.sudo('mkdir /home/{}/.ensure_dir'.format(args.os_user))
- except Exception as err:
- logging.error('Failed to create ~/.ensure_dir/: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def ensure_logs_endpoint():
- log_root_dir = "/var/opt/dlab/log"
- supervisor_log_file = "/var/log/application/provision-service.log"
- try:
- if not exists(conn, '/home/' + args.os_user + '/.ensure_dir/logs_ensured'):
- if not exists(conn, args.dlab_path):
- conn.sudo("mkdir -p " + args.dlab_path)
- conn.sudo("chown -R " + args.os_user + ' ' + args.dlab_path)
- if not exists(conn, log_root_dir):
- conn.sudo('mkdir -p ' + log_root_dir + '/provisioning')
- conn.sudo('touch ' + log_root_dir + '/provisioning/provisioning.log')
- if not exists(conn, supervisor_log_file):
- conn.sudo("mkdir -p /var/log/application")
- conn.sudo("touch " + supervisor_log_file)
- conn.sudo("chown -R {0} {1}".format(args.os_user, log_root_dir))
- conn.sudo('touch /home/' + args.os_user + '/.ensure_dir/logs_ensured')
- except Exception as err:
- print('Failed to configure logs and dlab directory: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def ensure_jre_jdk_endpoint():
- try:
- if not exists(conn, '/home/{}/.ensure_dir/jre_jdk_ensured'.format(args.os_user)):
- conn.sudo('apt-get install -y openjdk-8-jre-headless')
- conn.sudo('apt-get install -y openjdk-8-jdk-headless')
- conn.sudo('touch /home/{}/.ensure_dir/jre_jdk_ensured'
- .format(args.os_user))
- except Exception as err:
- logging.error('Failed to install Java JDK: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def ensure_supervisor_endpoint():
- try:
- if not exists(conn, '/home/{}/.ensure_dir/superv_ensured'.format(args.os_user)):
- conn.sudo('apt-get -y install supervisor')
- conn.sudo('update-rc.d supervisor defaults')
- conn.sudo('update-rc.d supervisor enable')
- conn.sudo('touch /home/{}/.ensure_dir/superv_ensured'
- .format(args.os_user))
- except Exception as err:
- logging.error('Failed to install Supervisor: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def ensure_docker_endpoint():
- try:
- if not exists(conn, '/home/{}/.ensure_dir/docker_ensured'.format(args.os_user)):
- conn.sudo("bash -c "
- "'curl -fsSL https://download.docker.com/linux/ubuntu/gpg"
- " | apt-key add -'")
- conn.sudo('add-apt-repository "deb [arch=amd64] '
- 'https://download.docker.com/linux/ubuntu '
- '$(lsb_release -cs) stable"')
- conn.sudo('apt-get update')
- conn.sudo('apt-cache policy docker-ce')
- conn.sudo('apt-get install -y docker-ce={}'
- .format(args.docker_version))
- if not exists(conn, '{}/tmp'.format(args.dlab_path)):
- conn.run('mkdir -p {}/tmp'.format(args.dlab_path))
- conn.put('./daemon.json',
- '{}/tmp/daemon.json'.format(args.dlab_path))
- conn.sudo('sed -i "s|REPOSITORY|{}:{}|g" {}/tmp/daemon.json'
- .format(args.repository_address,
- args.repository_port,
- args.dlab_path))
- if args.cloud_provider == "aws":
- dns_ip_resolve = (conn.run("systemd-resolve --status "
- "| grep -A 5 'Current Scopes: DNS' "
- "| grep 'DNS Servers:' "
- "| awk '{print $3}'")
- .stdout.rstrip("\n\r"))
- conn.sudo("sed -i 's|DNS_IP_RESOLVE|\"dns\": [\"{0}\"],|g' {1}/tmp/daemon.json"
- .format(dns_ip_resolve, args.dlab_path))
- elif args.cloud_provider == "gcp":
- dns_ip_resolve = ""
- conn.sudo('sed -i "s|DNS_IP_RESOLVE||g" {1}/tmp/daemon.json'
- .format(dns_ip_resolve, args.dlab_path))
- conn.sudo('mv {}/tmp/daemon.json /etc/docker'
- .format(args.dlab_path))
- conn.sudo('usermod -a -G docker ' + args.os_user)
- conn.sudo('update-rc.d docker defaults')
- conn.sudo('update-rc.d docker enable')
- conn.sudo('service docker restart')
- conn.sudo('touch /home/{}/.ensure_dir/docker_ensured'
- .format(args.os_user))
- except Exception as err:
- logging.error('Failed to install Docker: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def create_key_dir_endpoint():
- try:
- if not exists(conn, '/home/{}/keys'.format(args.os_user)):
- conn.run('mkdir /home/{}/keys'.format(args.os_user))
- except Exception as err:
- logging.error('Failed create keys directory as ~/keys: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def configure_keystore_endpoint(os_user):
- try:
- if args.cloud_provider == "aws":
- conn.sudo('apt-get install -y awscli')
- if not exists(conn, '/home/' + args.os_user + '/keys/endpoint.keystore.jks'):
- conn.sudo('aws s3 cp s3://{0}/dlab/certs/endpoint/endpoint.keystore.jks '
- '/home/{1}/keys/endpoint.keystore.jks'
- .format(args.ssn_bucket_name, args.os_user))
- if not exists(conn, '/home/' + args.os_user + '/keys/dlab.crt'):
- conn.sudo('aws s3 cp s3://{0}/dlab/certs/endpoint/endpoint.crt'
- ' /home/{1}/keys/endpoint.crt'.format(args.ssn_bucket_name, args.os_user))
- if not exists(conn, '/home/' + args.os_user + '/keys/ssn.crt'):
- conn.sudo('aws s3 cp '
- 's3://{0}/dlab/certs/ssn/ssn.crt /home/{1}/keys/ssn.crt'
- .format(args.ssn_bucket_name, args.os_user))
- elif args.cloud_provider == "gcp":
- if not exists(conn, '/home/' + args.os_user + '/keys/endpoint.keystore.jks'):
- conn.sudo('gsutil -m cp -r gs://{0}/dlab/certs/endpoint/endpoint.keystore.jks '
- '/home/{1}/keys/'
- .format(args.ssn_bucket_name, args.os_user))
- if not exists(conn, '/home/' + args.os_user + '/keys/dlab.crt'):
- conn.sudo('gsutil -m cp -r gs://{0}/dlab/certs/endpoint/endpoint.crt'
- ' /home/{1}/keys/'.format(args.ssn_bucket_name, args.os_user))
- if not exists(conn, '/home/' + args.os_user + '/keys/ssn.crt'):
- conn.sudo('gsutil -m cp -r '
- 'gs://{0}/dlab/certs/ssn/ssn.crt /home/{1}/keys/'
- .format(args.ssn_bucket_name, args.os_user))
- if not exists(conn, '/home/' + args.os_user + '/.ensure_dir/cert_imported'):
- conn.sudo('keytool -importcert -trustcacerts -alias dlab -file /home/{0}/keys/endpoint.crt -noprompt \
- -storepass changeit -keystore {1}/lib/security/cacerts'.format(os_user, java_home))
- conn.sudo('keytool -importcert -trustcacerts -file /home/{0}/keys/ssn.crt -noprompt \
- -storepass changeit -keystore {1}/lib/security/cacerts'.format(os_user, java_home))
- conn.sudo('touch /home/' + args.os_user + '/.ensure_dir/cert_imported')
- print("Certificates are imported.")
- except Exception as err:
- print('Failed to configure Keystore certificates: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def configure_supervisor_endpoint():
- try:
- if not exists(conn,
- '/home/{}/.ensure_dir/configure_supervisor_ensured'.format(args.os_user)):
- supervisor_conf = '/etc/supervisor/conf.d/supervisor_svc.conf'
- if not exists(conn, '{}/tmp'.format(args.dlab_path)):
- conn.run('mkdir -p {}/tmp'.format(args.dlab_path))
- conn.put('./supervisor_svc.conf',
- '{}/tmp/supervisor_svc.conf'.format(args.dlab_path))
- dlab_conf_dir = '{}/conf/'.format(args.dlab_path)
- if not exists(conn, dlab_conf_dir):
- conn.run('mkdir -p {}'.format(dlab_conf_dir))
- web_path = '{}/webapp'.format(args.dlab_path)
- if not exists(conn, web_path):
- conn.run('mkdir -p {}'.format(web_path))
- if args.cloud_provider == 'aws':
- interface = conn.sudo('curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/').stdout
- args.vpc_id = conn.sudo('curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/{}/'
- 'vpc-id'.format(interface)).stdout
- args.subnet_id = conn.sudo('curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/{}/'
- 'subnet-id'.format(interface)).stdout
- args.vpc2_id = args.vpc_id
- args.subnet2_id = args.subnet_id
- conn.sudo('sed -i "s|OS_USR|{}|g" {}/tmp/supervisor_svc.conf'
- .format(args.os_user, args.dlab_path))
- conn.sudo('sed -i "s|WEB_CONF|{}|g" {}/tmp/supervisor_svc.conf'
- .format(dlab_conf_dir, args.dlab_path))
- conn.sudo('sed -i \'s=WEB_APP_DIR={}=\' {}/tmp/supervisor_svc.conf'
- .format(web_path, args.dlab_path))
- conn.sudo('cp {}/tmp/supervisor_svc.conf {}'
- .format(args.dlab_path, supervisor_conf))
- conn.put('./provisioning.yml', '{}provisioning.yml'
- .format(dlab_conf_dir))
- conn.sudo('sed -i "s|KEYNAME|{}|g" {}provisioning.yml'
- .format(args.key_name, dlab_conf_dir))
- conn.sudo('sed -i "s|KEYSTORE_PASSWORD|{}|g" {}provisioning.yml'
- .format(args.endpoint_keystore_password, dlab_conf_dir))
- conn.sudo('sed -i "s|JRE_HOME|{}|g" {}provisioning.yml'
- .format(java_home, dlab_conf_dir))
- conn.sudo('sed -i "s|CLOUD_PROVIDER|{}|g" {}provisioning.yml'
- .format(args.cloud_provider, dlab_conf_dir))
-
- conn.sudo('sed -i "s|MONGO_HOST|{}|g" {}provisioning.yml'
- .format(args.mongo_host, dlab_conf_dir))
- conn.sudo('sed -i "s|MONGO_PORT|{}|g" {}provisioning.yml'
- .format(args.mongo_port, dlab_conf_dir))
- conn.sudo('sed -i "s|SS_HOST|{}|g" {}provisioning.yml'
- .format(args.ss_host, dlab_conf_dir))
- conn.sudo('sed -i "s|SS_PORT|{}|g" {}provisioning.yml'
- .format(args.ss_port, dlab_conf_dir))
- conn.sudo('sed -i "s|KEYCLOACK_HOST|{}|g" {}provisioning.yml'
- .format(args.keycloack_host, dlab_conf_dir))
- conn.sudo('sed -i "s|CLIENT_ID|{}|g" {}provisioning.yml'
- .format(args.keycloak_client_id, dlab_conf_dir))
- conn.sudo('sed -i "s|CLIENT_SECRET|{}|g" {}provisioning.yml'
- .format(args.keycloak_client_secret, dlab_conf_dir))
- # conn.sudo('sed -i "s|MONGO_PASSWORD|{}|g" {}provisioning.yml'
- # .format(args.mongo_password, dlab_conf_dir))
- conn.sudo('sed -i "s|CONF_OS|{}|g" {}provisioning.yml'
- .format(args.env_os, dlab_conf_dir))
- conn.sudo('sed -i "s|SERVICE_BASE_NAME|{}|g" {}provisioning.yml'
- .format(args.service_base_name, dlab_conf_dir))
- conn.sudo('sed -i "s|EDGE_INSTANCE_SIZE|{}|g" {}provisioning.yml'
- .format(args.edge_instence_size, dlab_conf_dir))
- conn.sudo('sed -i "s|SUBNET_ID|{}|g" {}provisioning.yml'
- .format(args.subnet_id, dlab_conf_dir))
- conn.sudo('sed -i "s|REGION|{}|g" {}provisioning.yml'
- .format(args.region, dlab_conf_dir))
- conn.sudo('sed -i "s|ZONE|{}|g" {}provisioning.yml'
- .format(args.zone, dlab_conf_dir))
- conn.sudo('sed -i "s|TAG_RESOURCE_ID|{}|g" {}provisioning.yml'
- .format(args.tag_resource_id, dlab_conf_dir))
- conn.sudo('sed -i "s|SG_IDS|{}|g" {}provisioning.yml'
- .format(args.ssn_k8s_sg_id, dlab_conf_dir))
- conn.sudo('sed -i "s|SSN_INSTANCE_SIZE|{}|g" {}provisioning.yml'
- .format(args.ssn_instance_size, dlab_conf_dir))
- conn.sudo('sed -i "s|VPC2_ID|{}|g" {}provisioning.yml'
- .format(args.vpc2_id, dlab_conf_dir))
- conn.sudo('sed -i "s|SUBNET2_ID|{}|g" {}provisioning.yml'
- .format(args.subnet2_id, dlab_conf_dir))
- conn.sudo('sed -i "s|CONF_KEY_DIR|{}|g" {}provisioning.yml'
- .format(args.conf_key_dir, dlab_conf_dir))
- conn.sudo('sed -i "s|VPC_ID|{}|g" {}provisioning.yml'
- .format(args.vpc_id, dlab_conf_dir))
- conn.sudo('sed -i "s|PEERING_ID|{}|g" {}provisioning.yml'
- .format(args.peering_id, dlab_conf_dir))
- conn.sudo('sed -i "s|AZURE_RESOURCE_GROUP_NAME|{}|g" {}provisioning.yml'
- .format(args.azure_resource_group_name, dlab_conf_dir))
- conn.sudo('sed -i "s|AZURE_SSN_STORAGE_ACCOUNT_TAG|{}|g" {}provisioning.yml'
- .format(args.azure_ssn_storage_account_tag, dlab_conf_dir))
- conn.sudo('sed -i "s|AZURE_SHARED_STORAGE_ACCOUNT_TAG|{}|g" {}provisioning.yml'
- .format(args.azure_shared_storage_account_tag, dlab_conf_dir))
- conn.sudo('sed -i "s|AZURE_DATALAKE_TAG|{}|g" {}provisioning.yml'
- .format(args.azure_datalake_tag, dlab_conf_dir))
- conn.sudo('sed -i "s|AZURE_CLIENT_ID|{}|g" {}provisioning.yml'
- .format(args.azure_client_id, dlab_conf_dir))
- conn.sudo('sed -i "s|GCP_PROJECT_ID|{}|g" {}provisioning.yml'
- .format(args.gcp_project_id, dlab_conf_dir))
- conn.sudo('sed -i "s|LDAP_HOST|{}|g" {}provisioning.yml'
- .format(args.ldap_host, dlab_conf_dir))
- conn.sudo('sed -i "s|LDAP_DN|{}|g" {}provisioning.yml'
- .format(args.ldap_dn, dlab_conf_dir))
- conn.sudo('sed -i "s|LDAP_OU|{}|g" {}provisioning.yml'
- .format(args.ldap_users_group, dlab_conf_dir))
- conn.sudo('sed -i "s|LDAP_USER_NAME|{}|g" {}provisioning.yml'
- .format(args.ldap_user, dlab_conf_dir))
- conn.sudo('sed -i "s|LDAP_USER_PASSWORD|{}|g" {}provisioning.yml'
- .format(args.ldap_bind_creds, dlab_conf_dir))
- conn.sudo('touch /home/{}/.ensure_dir/configure_supervisor_ensured'
- .format(args.os_user))
- except Exception as err:
- logging.error('Failed to configure Supervisor: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def ensure_jar_endpoint():
- try:
- ensure_file = ('/home/{}/.ensure_dir/backend_jar_ensured'
- .format(args.os_user))
- if not exists(conn, ensure_file):
- web_path = '{}/webapp'.format(args.dlab_path)
- if not exists(conn, web_path):
- conn.run('mkdir -p {}'.format(web_path))
- if args.cloud_provider == "aws":
- conn.run('wget -P {} --user={} --password={} '
- 'https://{}/repository/packages/aws/provisioning-service-'
- '2.1.jar --no-check-certificate'
- .format(web_path, args.repository_user,
- args.repository_pass, args.repository_address))
- elif args.cloud_provider == "gcp":
- conn.run('wget -P {} --user={} --password={} '
- 'https://{}/repository/packages/gcp/provisioning-service-'
- '2.1.jar --no-check-certificate'
- .format(web_path, args.repository_user,
- args.repository_pass, args.repository_address))
- conn.run('mv {0}/*.jar {0}/provisioning-service.jar'
- .format(web_path))
- conn.sudo('touch {}'.format(ensure_file))
- except Exception as err:
- logging.error('Failed to download jar-provisioner: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def start_supervisor_endpoint():
- try:
- conn.sudo("service supervisor restart")
- except Exception as err:
- logging.error('Unable to start Supervisor: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def get_sources():
- try:
- conn.run("git clone https://github.com/apache/incubator-dlab.git {0}/sources".format(args.dlab_path))
- if args.branch_name != "":
- conn.run("cd {0}/sources && git checkout {1} && cd".format(args.dlab_path, args.branch_name))
- except Exception as err:
- logging.error('Failed to download sources: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def pull_docker_images():
- try:
- ensure_file = ('/home/{}/.ensure_dir/docker_images_pulled'
- .format(args.os_user))
- if not exists(conn, ensure_file):
- conn.sudo('docker login -u {} -p {} {}:{}'
- .format(args.repository_user,
- args.repository_pass,
- args.repository_address,
- args.repository_port))
- conn.sudo('docker pull {}:{}/docker.dlab-base-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker pull {}:{}/docker.dlab-edge-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker pull {}:{}/docker.dlab-project-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker pull {}:{}/docker.dlab-jupyter-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker pull {}:{}/docker.dlab-rstudio-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker pull {}:{}/docker.dlab-zeppelin-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker pull {}:{}/docker.dlab-tensor-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker pull {}:{}/docker.dlab-tensor-rstudio-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker pull {}:{}/docker.dlab-deeplearning-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker pull {}:{}/docker.dlab-dataengine-service-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker pull {}:{}/docker.dlab-dataengine-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker tag {}:{}/docker.dlab-base-{} docker.dlab-base'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker tag {}:{}/docker.dlab-edge-{} docker.dlab-edge'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker tag {}:{}/docker.dlab-project-{} docker.dlab-project'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker tag {}:{}/docker.dlab-jupyter-{} docker.dlab-jupyter'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker tag {}:{}/docker.dlab-rstudio-{} docker.dlab-rstudio'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker tag {}:{}/docker.dlab-zeppelin-{} '
- 'docker.dlab-zeppelin'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker tag {}:{}/docker.dlab-tensor-{} docker.dlab-tensor'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker tag {}:{}/docker.dlab-tensor-rstudio-{} '
- 'docker.dlab-tensor-rstudio'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker tag {}:{}/docker.dlab-deeplearning-{} '
- 'docker.dlab-deeplearning'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker tag {}:{}/docker.dlab-dataengine-service-{} '
- 'docker.dlab-dataengine-service'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker tag {}:{}/docker.dlab-dataengine-{} '
- 'docker.dlab-dataengine'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker rmi {}:{}/docker.dlab-base-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker rmi {}:{}/docker.dlab-edge-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker rmi {}:{}/docker.dlab-project-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker rmi {}:{}/docker.dlab-jupyter-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker rmi {}:{}/docker.dlab-rstudio-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker rmi {}:{}/docker.dlab-zeppelin-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker rmi {}:{}/docker.dlab-tensor-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker rmi {}:{}/docker.dlab-tensor-rstudio-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker rmi {}:{}/docker.dlab-deeplearning-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker rmi {}:{}/docker.dlab-dataengine-service-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('docker rmi {}:{}/docker.dlab-dataengine-{}'
- .format(args.repository_address, args.repository_port, args.cloud_provider))
- conn.sudo('chown -R {0}:docker /home/{0}/.docker/'
- .format(args.os_user))
- conn.sudo('touch {}'.format(ensure_file))
- except Exception as err:
- logging.error('Failed to pull Docker images: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def id_generator(size=10, chars=string.digits + string.ascii_letters):
- return ''.join(random.choice(chars) for _ in range(size))
-
-
-def configure_guacamole():
- try:
- mysql_pass = id_generator()
- conn.sudo('docker run --name guacd --restart unless-stopped -d -p 4822:4822 guacamole/guacd')
- conn.sudo('docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql')
- conn.sudo('mkdir /tmp/scripts')
- conn.sudo('cp initdb.sql /tmp/scripts')
- conn.sudo('mkdir -p /opt/mysql')
- conn.sudo('docker run --name guac-mysql --restart unless-stopped -v /tmp/scripts:/tmp/scripts '
- ' -v /opt/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD={} -d mysql:latest'.format(mysql_pass))
- time.sleep(180)
- conn.sudo('touch /opt/mysql/dock-query.sql')
- conn.sudo('chown {0}:{0} /opt/mysql/dock-query.sql'.format(args.os_user))
- conn.sudo("""echo "CREATE DATABASE guacamole; CREATE USER 'guacamole' IDENTIFIED BY '{}';"""
- """ GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole';" > /opt/mysql/dock-query.sql"""
- .format(mysql_pass))
- conn.sudo('docker exec -i guac-mysql /bin/bash -c "mysql -u root -p{} < /var/lib/mysql/dock-query.sql"'
- .format(mysql_pass))
- conn.sudo('docker exec -i guac-mysql /bin/bash -c "cat /tmp/scripts/initdb.sql | mysql -u root -p{} guacamole"'
- .format(mysql_pass))
- conn.sudo("docker run --name guacamole --restart unless-stopped --link guacd:guacd --link guac-mysql:mysql"
- " -e MYSQL_DATABASE='guacamole' -e MYSQL_USER='guacamole' -e MYSQL_PASSWORD='{}'"
- " -d -p 8080:8080 guacamole/guacamole".format(mysql_pass))
- # create cronjob for run containers on reboot
- conn.sudo('mkdir -p /opt/dlab/cron')
- conn.sudo('touch /opt/dlab/cron/mysql.sh')
- conn.sudo('chmod 755 /opt/dlab/cron/mysql.sh')
- conn.sudo('chown {0}:{0} //opt/dlab/cron/mysql.sh'.format(args.os_user))
- conn.sudo('echo "docker start guacd" >> /opt/dlab/cron/mysql.sh')
- conn.sudo('echo "docker start guac-mysql" >> /opt/dlab/cron/mysql.sh')
- conn.sudo('echo "docker rm guacamole" >> /opt/dlab/cron/mysql.sh')
- conn.sudo("""echo "docker run --name guacamole --restart unless-stopped --link guacd:guacd"""
- """ --link guac-mysql:mysql -e MYSQL_DATABASE='guacamole' -e MYSQL_USER='guacamole' """
- """-e MYSQL_PASSWORD='{}' -d -p 8080:8080 guacamole/guacamole" >> """
- """/opt/dlab/cron/mysql.sh""".format(mysql_pass))
- conn.sudo('''/bin/bash -c '(crontab -l 2>/dev/null; echo "@reboot sh /opt/dlab/cron/mysql.sh") |'''
- ''' crontab - ' ''')
- except Exception as err:
- traceback.print_exc()
- print('Failed to configure guacamole: ', str(err))
- return False
-
-
-def init_args():
- global args
- parser = argparse.ArgumentParser()
- parser.add_argument('--dlab_path', type=str, default='/opt/dlab')
- parser.add_argument('--key_name', type=str, default='', help='Name of admin key without .pem extension')
- parser.add_argument('--endpoint_eip_address', type=str)
- parser.add_argument('--pkey', type=str, default='')
- parser.add_argument('--hostname', type=str, default='')
- parser.add_argument('--os_user', type=str, default='dlab-user')
- parser.add_argument('--cloud_provider', type=str, default='')
- parser.add_argument('--mongo_host', type=str, default='MONGO_HOST')
- parser.add_argument('--mongo_port', type=str, default='27017')
- parser.add_argument('--ss_host', type=str, default='')
- parser.add_argument('--ss_port', type=str, default='8443')
- parser.add_argument('--keycloack_host', type=str, default='')
- # parser.add_argument('--mongo_password', type=str, default='')
- parser.add_argument('--repository_address', type=str, default='')
- parser.add_argument('--repository_port', type=str, default='')
- parser.add_argument('--repository_user', type=str, default='')
- parser.add_argument('--repository_pass', type=str, default='')
- parser.add_argument('--docker_version', type=str,
- default='18.06.3~ce~3-0~ubuntu')
- parser.add_argument('--ssn_bucket_name', type=str, default='')
- parser.add_argument('--endpoint_keystore_password', type=str, default='')
- parser.add_argument('--keycloak_client_id', type=str, default='')
- parser.add_argument('--keycloak_client_secret', type=str, default='')
- parser.add_argument('--branch_name', type=str, default='DLAB-terraform') # change default
- parser.add_argument('--env_os', type=str, default='debian')
- parser.add_argument('--service_base_name', type=str, default='')
- parser.add_argument('--edge_instence_size', type=str, default='t2.medium')
- parser.add_argument('--subnet_id', type=str, default='')
- parser.add_argument('--region', type=str, default='')
- parser.add_argument('--zone', type=str, default='')
- parser.add_argument('--tag_resource_id', type=str, default='user:tag')
- parser.add_argument('--ssn_k8s_sg_id', type=str, default='')
- parser.add_argument('--ssn_instance_size', type=str, default='t2.large')
- parser.add_argument('--vpc2_id', type=str, default='')
- parser.add_argument('--subnet2_id', type=str, default='')
- parser.add_argument('--conf_key_dir', type=str, default='/root/keys/', help='Should end by symbol /')
- parser.add_argument('--vpc_id', type=str, default='')
- parser.add_argument('--peering_id', type=str, default='')
- parser.add_argument('--azure_resource_group_name', type=str, default='')
- parser.add_argument('--azure_ssn_storage_account_tag', type=str, default='')
- parser.add_argument('--azure_shared_storage_account_tag', type=str, default='')
- parser.add_argument('--azure_datalake_tag', type=str, default='')
- parser.add_argument('--azure_client_id', type=str, default='')
- parser.add_argument('--gcp_project_id', type=str, default='')
- parser.add_argument('--ldap_host', type=str, default='')
- parser.add_argument('--ldap_dn', type=str, default='')
- parser.add_argument('--ldap_users_group', type=str, default='')
- parser.add_argument('--ldap_user', type=str, default='')
- parser.add_argument('--ldap_bind_creds', type=str, default='')
-
- # TEMPORARY
- parser.add_argument('--ssn_k8s_nlb_dns_name', type=str, default='')
- parser.add_argument('--ssn_k8s_alb_dns_name', type=str, default='')
- # TEMPORARY
-
- print(parser.parse_known_args())
- args = parser.parse_known_args()[0]
-
-
-def update_system():
- conn.sudo('apt-get update')
-
-
-def init_dlab_connection(ip=None, user=None,
- pkey=None):
- global conn
- if not ip:
- ip = args.hostname
- if not user:
- user = args.os_user
- if not pkey:
- pkey = args.pkey
- try:
- conn = Connection(ip, user, connect_kwargs={'key_filename': pkey})
- except Exception as err:
- logging.error('Failed connect as dlab-user: ', str(err))
- traceback.print_exc()
- sys.exit(1)
-
-
-def set_java_home():
- global java_home
- command = ('bash -c "update-alternatives --query java | grep \'Value: \' '
- '| grep -o \'/.*/jre\'" ')
- java_home = (conn.sudo(command).stdout.rstrip("\n\r"))
-
-
-def close_connection():
- global conn
- conn.close()
-
-
-def start_deploy():
- global args
- init_args()
- print(args)
- if args.hostname == "":
- args.hostname = args.endpoint_eip_address
-
- print("Start provisioning of Endpoint.")
- time.sleep(40)
-
-# TEMPORARY!!!
- args.keycloack_host = args.ssn_k8s_alb_dns_name
- args.ss_host = args.ssn_k8s_nlb_dns_name
-# TEMPORARY!!!
-
- print(args)
- logging.info("Creating dlab-user")
- create_user()
-
- init_dlab_connection()
- update_system()
-
- logging.info("Configuring ensure dir")
- ensure_dir_endpoint()
-
- logging.info("Configuring Logs")
- ensure_logs_endpoint()
-
- logging.info("Installing Java")
- ensure_jre_jdk_endpoint()
-
- set_java_home()
-
- logging.info("Installing Supervisor")
- ensure_supervisor_endpoint()
-
- logging.info("Installing Docker")
- ensure_docker_endpoint()
-
- logging.info("Configuring Supervisor")
- configure_supervisor_endpoint()
-
- logging.info("Creating key directory")
- create_key_dir_endpoint()
-
- logging.info("Copying admin key")
- copy_keys()
-
- logging.info("Configuring certificates")
- configure_keystore_endpoint(args.os_user)
-
- logging.info("Ensure jar")
- ensure_jar_endpoint()
-
- logging.info("Downloading sources")
- get_sources()
-
- logging.info("Pulling docker images")
- pull_docker_images()
-
- logging.info("Configuring guacamole")
- configure_guacamole()
-
- logging.info("Starting supervisor")
- start_supervisor_endpoint()
-
- close_connection()
- print("Done provisioning of Endpoint.")
-
-
-if __name__ == "__main__":
- start_deploy()
diff --git a/infrastructure-provisioning/terraform/bin/deploy/provisioning.yml b/infrastructure-provisioning/terraform/bin/deploy/provisioning.yml
deleted file mode 100644
index 7460139..0000000
--- a/infrastructure-provisioning/terraform/bin/deploy/provisioning.yml
+++ /dev/null
@@ -1,179 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-<#assign LOG_ROOT_DIR="/var/opt/dlab/log">
-<#assign KEYS_DIR="/home/${sys['user.name']}/keys">
-<#assign KEY_STORE_PATH="${KEYS_DIR}/endpoint.keystore.jks">
-<#assign KEY_STORE_PASSWORD="KEYSTORE_PASSWORD">
-<#assign TRUST_STORE_PATH="JRE_HOME/lib/security/cacerts">
-<#assign TRUST_STORE_PASSWORD="changeit">
-
-# Available options are aws, azure, gcp
-<#assign CLOUD_TYPE="CLOUD_PROVIDER">
-cloudProvider: ${CLOUD_TYPE}
-
-#Switch on/off developer mode here
-<#assign DEV_MODE="false">
-devMode: ${DEV_MODE}
-
-
-mongo:
- host: MONGO_HOST
- port: MONGO_PORT
- username: admin
- password: MONGO_PASSWORD
- database: dlabdb
-
-selfService:
- protocol: https
- host: SS_HOST
- port: SS_PORT
- jerseyClient:
- timeout: 3s
- connectionTimeout: 3s
-
-securityService:
- protocol: https
- host: localhost
- port: 8090
- jerseyClient:
- timeout: 20s
- connectionTimeout: 20s
-
-
-provisioningService:
- protocol: https
- host: localhost
- port: 8084
- jerseyClient:
- timeout: 3s
- connectionTimeout: 3s
-
-# Log out user on inactivity
-inactiveUserTimeoutMillSec: 7200000
-
-backupScriptPath: /opt/dlab/tmp/backup.py
-backupDirectory: /opt/dlab/tmp/result
-keyDirectory: ${KEYS_DIR}
-responseDirectory: /opt/dlab/tmp
-handlerDirectory: /opt/dlab/handlers
-dockerLogDirectory: ${LOG_ROOT_DIR}
-warmupPollTimeout: 25s
-resourceStatusPollTimeout: 300m
-keyLoaderPollTimeout: 30m
-requestEnvStatusTimeout: 50s
-adminKey: KEYNAME
-edgeImage: docker.dlab-edge
-fileLengthCheckDelay: 500ms
-
-<#if CLOUD_TYPE == "aws">
-emrEC2RoleDefault: EMR_EC2_DefaultRole
-emrServiceRoleDefault: EMR_DefaultRole
-</#if>
-
-processMaxThreadsPerJvm: 50
-processMaxThreadsPerUser: 5
-processTimeout: 180m
-
-handlersPersistenceEnabled: true
-
-server:
- requestLog:
- appenders:
- - type: file
- currentLogFilename: ${LOG_ROOT_DIR}/provisioning/request-provisioning.log
- archive: true
- archivedLogFilenamePattern: ${LOG_ROOT_DIR}/provisioning/request-provisioning-%d{yyyy-MM-dd}.log.gz
- archivedFileCount: 10
- applicationConnectors:
-# - type: http
- - type: https
- port: 8084
- certAlias: dlab
- validateCerts: true
- keyStorePath: ${KEY_STORE_PATH}
- keyStorePassword: ${KEY_STORE_PASSWORD}
- trustStorePath: ${TRUST_STORE_PATH}
- trustStorePassword: ${TRUST_STORE_PASSWORD}
- adminConnectors:
-# - type: http
- - type: https
- port: 8085
- certAlias: dlab
- validateCerts: true
- keyStorePath: ${KEY_STORE_PATH}
- keyStorePassword: ${KEY_STORE_PASSWORD}
- trustStorePath: ${TRUST_STORE_PATH}
- trustStorePassword: ${TRUST_STORE_PASSWORD}
-
-logging:
- level: INFO
- loggers:
- com.epam: TRACE
- com.aegisql: INFO
- appenders:
-<#if DEV_MODE == "true">
- - type: console
-</#if>
- - type: file
- currentLogFilename: ${LOG_ROOT_DIR}/provisioning/provisioning.log
- archive: true
- archivedLogFilenamePattern: ${LOG_ROOT_DIR}/provisioning/provisioning-%d{yyyy-MM-dd}.log.gz
- archivedFileCount: 10
-
-keycloakConfiguration:
- realm: dlab
- bearer-only: true
- auth-server-url: http://KEYCLOACK_HOST/auth
- ssl-required: none
- register-node-at-startup: true
- register-node-period: 600
- resource: CLIENT_ID
- credentials:
- secret: CLIENT_SECRET
-
-cloudProperties:
- os: CONF_OS
- serviceBaseName: SERVICE_BASE_NAME
- edgeInstanceSize: EDGE_INSTANCE_SIZE
- subnetId: SUBNET_ID
- region: REGION
- zone: ZONE
- confTagResourceId: TAG_RESOURCE_ID
- securityGroupIds: SG_IDS
- ssnInstanceSize: SSN_INSTANCE_SIZE
- notebookVpcId: VPC2_ID
- notebookSubnetId: SUBNET2_ID
- confKeyDir: CONF_KEY_DIR
- vpcId: VPC_ID
- peeringId: PEERING_ID
- azureResourceGroupName: AZURE_RESOURCE_GROUP_NAME
- ssnStorageAccountTagName: AZURE_SSN_STORAGE_ACCOUNT_TAG
- sharedStorageAccountTagName: AZURE_SHARED_STORAGE_ACCOUNT_TAG
- datalakeTagName: AZURE_DATALAKE_TAG
- azureClientId: AZURE_CLIENT_ID
- gcpProjectId: GCP_PROJECT_ID
- ldap:
- host: LDAP_HOST
- dn: LDAP_DN
- ou: LDAP_OU
- user: LDAP_USER_NAME
- password: LDAP_USER_PASSWORD
diff --git a/infrastructure-provisioning/terraform/bin/deploy/supervisor_svc.conf b/infrastructure-provisioning/terraform/bin/deploy/supervisor_svc.conf
deleted file mode 100644
index 7bb19b2..0000000
--- a/infrastructure-provisioning/terraform/bin/deploy/supervisor_svc.conf
+++ /dev/null
@@ -1,35 +0,0 @@
-; *****************************************************************************
-;
-; Licensed to the Apache Software Foundation (ASF) under one
-; or more contributor license agreements. See the NOTICE file
-; distributed with this work for additional information
-; regarding copyright ownership. The ASF licenses this file
-; to you under the Apache License, Version 2.0 (the
-; "License"); you may not use this file except in compliance
-; with the License. You may obtain a copy of the License at
-;
-; http://www.apache.org/licenses/LICENSE-2.0
-;
-; Unless required by applicable law or agreed to in writing,
-; software distributed under the License is distributed on an
-; "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-; KIND, either express or implied. See the License for the
-; specific language governing permissions and limitations
-; under the License.
-;
-; ******************************************************************************
-
-[supervisorctl]
-
-[inet_http_server]
-port = 127.0.0.1:9001
-
-[program:provserv]
-command=java -Xmx1024M -jar -Duser.timezone=UTC -Dfile.encoding=UTF-8 WEB_APP_DIR/provisioning-service.jar server WEB_CONFprovisioning.yml
-directory=WEB_APP_DIR
-autorestart=true
-priority=20
-user=OS_USR
-stdout_logfile=/var/log/application/provision-service.log
-redirect_stderr=true
-environment=DLAB_CONF_DIR="WEB_CONF"
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/bin/dlab.py b/infrastructure-provisioning/terraform/bin/dlab.py
deleted file mode 100644
index 0aeb851..0000000
--- a/infrastructure-provisioning/terraform/bin/dlab.py
+++ /dev/null
@@ -1,1019 +0,0 @@
-import argparse
-import itertools
-import json
-import logging
-import os
-import re
-import shutil
-import subprocess
-import sys
-import time
-from abc import abstractmethod
-
-from fabric import Connection
-from patchwork.transfers import rsync
-from deploy.endpoint_fab import start_deploy
-
-sys.path.append(os.path.join(os.path.dirname(__file__), '..'))
-logging.basicConfig(level=logging.INFO, format='%(levelname)s-%(message)s')
-INITIAL_LOCATION = os.path.dirname(os.path.abspath(__file__))
-
-
-class TerraformOutputBase:
- @property
- @abstractmethod
- def output_path(self):
- pass
-
- @abstractmethod
- def write(self, obj):
- pass
-
- @abstractmethod
- def extract(self):
- pass
-
-
-class LocalStorageOutputProcessor(TerraformOutputBase):
- output_path = None
-
- def __init__(self, path):
- self.output_path = path
-
- def write(self, obj):
- """Write json string to local file
- :param obj: json string
- """
- existed_data = {}
- if os.path.isfile(self.output_path):
- with open(self.output_path, 'r') as fp:
- output = fp.read()
- if len(output):
- existed_data = json.loads(output)
- existed_data.update(obj)
-
- with open(self.output_path, 'w') as fp:
- json.dump(existed_data, fp)
- pass
-
- def extract(self):
- """Extract data from local file
- :return: dict
- """
- if os.path.isfile(self.output_path):
- with open(self.output_path, 'r') as fp:
- output = fp.read()
- if len(output):
- return json.loads(output)
-
-
-def extract_args(cli_args):
- args = []
- for key, value in cli_args.items():
- if not value:
- continue
- if type(value) == list:
- quoted_list = ['"{}"'.format(item) for item in value]
- joined_values = ', '.join(quoted_list)
- value = '[{}]'.format(joined_values)
- args.append((key, value))
- return args
-
-
-def get_var_args_string(cli_args):
- """Convert dict of cli argument into string
-
- Args:
- cli_args: dict of cli arguments
- Returns:
- str: string of joined key=values
- """
- args = extract_args(cli_args)
- args = ["-var '{0}={1}'".format(key, value) for key, value in args]
- return ' '.join(args)
-
-
-def get_args_string(cli_args):
- """Convert dict of cli argument into string
-
- Args:
- cli_args: dict of cli arguments
- Returns:
- str: string of joined key=values
- """
-
- args = extract_args(cli_args)
- args = ["{0} {1}".format(key, value) for key, value in args]
- return ' '.join(args)
-
-
-class ParamsBuilder:
-
- def __init__(self):
- self.__params = []
-
- def add(self, arg_type, name, desc, **kwargs):
- default_group = ['all_args']
- if isinstance(kwargs.get('group'), str):
- default_group.append(kwargs.get('group'))
- if isinstance(kwargs.get('group'), (list, tuple)):
- default_group.extend(kwargs.get('group'))
-
- parameter = {
- 'group': default_group,
- 'name': name,
- 'props': {
- 'help': desc,
- 'type': arg_type,
- 'default': kwargs.get('default'),
- 'choices': kwargs.get('choices'),
- 'nargs': kwargs.get('nargs'),
- 'action': kwargs.get('action'),
- 'required': kwargs.get('required'),
- }
- }
- self.__params.append(parameter)
- return self
-
- def add_str(self, name, desc, **kwargs):
- return self.add(str, name, desc, **kwargs)
-
- def add_bool(self, name, desc, **kwargs):
- return self.add(bool, name, desc, **kwargs)
-
- def add_int(self, name, desc, **kwargs):
- return self.add(int, name, desc, **kwargs)
-
- def build(self):
- return self.__params
-
-
-class Console:
-
- @staticmethod
- def execute_to_command_line(command):
- """ Execute cli command
-
- Args:
- command: str cli command
- Returns:
- str: command result
- """
- process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE,
- stderr=subprocess.STDOUT,
- universal_newlines=True)
-
- while True:
- nextline = process.stdout.readline()
- print(nextline)
- if nextline == '' and process.poll() is not None:
- break
- if 'error' in nextline.lower():
- sys.exit(0)
-
- @staticmethod
- def execute(command):
- """ Execute cli command
-
- Args:
- command: str cli command
- Returns:
- str: command result
- """
- return os.popen(command).read()
-
- @staticmethod
- def ssh(ip, name, pkey):
- attempt = 0
- while attempt < 12:
- logging.info('connection attempt {}'.format(attempt))
- connection = Connection(
- host=ip,
- user=name,
- connect_kwargs={'key_filename': pkey,
- 'allow_agent': False,
- 'look_for_keys': False,
- })
- try:
- connection.run('ls')
- return connection
- except Exception as ex:
- logging.error(ex)
- attempt += 1
- time.sleep(10)
-
-
-class TerraformProviderError(Exception):
- """
- Raises errors while terraform provision
- """
- pass
-
-
-class TerraformProvider:
-
- def __init__(self, no_color=False):
- self.no_color = '-no-color' if no_color else ''
-
- def initialize(self):
- """Initialize terraform
-
- Returns:
- bool: init successful
- Raises:
- TerraformProviderError: if initialization was not succeed
- """
- logging.info('terraform init')
- terraform_success_init = 'Terraform has been successfully initialized!'
- command = 'terraform init {}'.format(self.no_color)
- terraform_init_result = Console.execute(command)
- logging.info(terraform_init_result)
- if terraform_success_init not in terraform_init_result:
- raise TerraformProviderError(terraform_init_result)
-
- def validate(self):
- """Validate terraform
-
- Returns:
- bool: validation successful
- Raises:
- TerraformProviderError: if validation status was not succeed
-
- """
- logging.info('terraform validate')
- terraform_success_validate = 'Success!'
- terraform_validate_result = Console.execute(
- 'terraform validate {}'.format(self.no_color))
- logging.info(terraform_validate_result)
- if terraform_success_validate not in terraform_validate_result:
- raise TerraformProviderError(terraform_validate_result)
-
- def apply(self, tf_params, cli_args):
- """Run terraform
-
- Args:
- tf_params: dict of terraform parameters
- cli_args: dict of parameters
- Returns:
- None
- """
- logging.info('terraform apply')
-
- args_str = get_var_args_string(cli_args)
- params_str = get_args_string(tf_params)
- command = ('terraform apply -auto-approve {} {} {}'
- .format(self.no_color, params_str, args_str))
- logging.info(command)
- Console.execute_to_command_line(command)
-
- def destroy(self, tf_params, cli_args):
- """Destroy terraform
-
- Args:
- tf_params: dict of terraform parameters
- cli_args: dict of parameters
- Returns:
- None
- """
- logging.info('terraform destroy')
- args_str = get_var_args_string(cli_args)
- params_str = get_args_string(tf_params)
- command = ('terraform destroy -auto-approve {} {} {}'
- .format(self.no_color, params_str, args_str))
- logging.info(command)
- Console.execute_to_command_line(command)
- state_file = tf_params['-state']
- state_file_backup = tf_params['-state'] + '.backup'
- if os.path.isfile(state_file):
- os.remove(state_file)
- if os.path.isfile(state_file_backup):
- os.remove(state_file_backup)
-
- @staticmethod
- def output(tf_params, *args):
- """Get terraform output
-
- Args:
- tf_params: dict of terraform parameters
- *args: list of str parameters
- Returns:
- str: terraform output result
- """
- params = get_args_string(tf_params)
- return Console.execute('terraform output {} {}'
- .format(params, ' '.join(args)))
-
-
-class AbstractDeployBuilder:
- def __init__(self):
-
- args = self.parse_args()
- self.service_args = args.get('service')
- self.no_color = self.service_args.get('no_color')
- state_dir = self.service_args.get('state')
- if not state_dir:
- self.output_dir = None
- self.tf_output = os.path.join(INITIAL_LOCATION, 'output.json')
- self.tf_params = {}
- else:
- if os.path.isdir(state_dir) and os.access(state_dir, os.W_OK):
- service_name = (args.get(self.terraform_args_group_name)
- .get('service_base_name'))
- self.output_dir = (os.path.join(state_dir, service_name))
- self.tf_output = os.path.join(self.output_dir, 'output.json')
- self.tf_params = {
- '-state': os.path.join(
- self.output_dir, '{}.tfstate'.format(self.name))
- }
- else:
- sys.stdout.write('path doesn\'t exist')
- sys.exit(1)
- if self.use_tf_output_file:
- self.fill_sys_argv_from_file()
- self.terraform_args = self.parse_args().get(
- self.terraform_args_group_name)
-
- @property
- @abstractmethod
- def terraform_location(self):
- """ get Terraform location
-
- Returns:
- str: TF script location
- """
- raise NotImplementedError
-
- @property
- @abstractmethod
- def name(self):
- """ get Terraform name
-
- Returns:
- str: TF name
- """
- raise NotImplementedError
-
- @property
- @abstractmethod
- def terraform_args_group_name(self):
- """ get Terraform location
-
- Returns:
- str: TF script location
- """
- raise NotImplementedError
-
- @property
- @abstractmethod
- def cli_args(self):
- """Get cli arguments
-
- Returns:
- dict: dictionary of client arguments
- with name as key and props as value
- """
- raise NotImplementedError
-
- @abstractmethod
- def deploy(self):
- """Post terraform execution
-
- Returns:
- None
- """
- raise NotImplementedError
-
- @property
- def use_tf_output_file(self):
- return False
-
- def apply(self):
- """Apply terraform"""
- terraform = TerraformProvider(self.no_color)
- terraform.apply(self.tf_params, self.terraform_args)
-
- def destroy(self):
- """Destory terraform"""
- terraform = TerraformProvider(self.no_color)
- terraform.destroy(self.tf_params, self.terraform_args)
-
- def store_output_to_file(self):
- """Extract terraform output and store to file"""
- terraform = TerraformProvider(self.no_color)
- output = terraform.output(self.tf_params, '-json')
- output = {key: value.get('value')
- for key, value in json.loads(output).items()}
- output_writer = LocalStorageOutputProcessor(self.tf_output)
- output_writer.write(output)
-
- def update_extracted_file_data(self, obj):
- """
- :param obj:
- :return:
- Override method if you need to modify extracted from file data
- """
- pass
-
- def fill_sys_argv_from_file(self):
- """Extract data from file and fill sys args"""
- output_processor = LocalStorageOutputProcessor(self.tf_output)
- output = output_processor.extract()
- if output:
- self.update_extracted_file_data(output)
- for key, value in output.items():
- key = '--' + key
- if key not in sys.argv:
- sys.argv.extend([key, value])
-
- def parse_args(self):
- """Get dict of arguments
-
- Returns:
- dict: CLI arguments
- """
- parsers = {}
- args = []
-
- for arg in self.cli_args:
- group = arg.get('group')
- if isinstance(group, (list, tuple)):
- for item in group:
- args.append(dict(arg.copy(), **{'group': item}))
- else:
- args.append(arg)
-
- cli_args = sorted(args, key=lambda x: x.get('group'))
- args_groups = itertools.groupby(cli_args, lambda x: x.get('group'))
- for group, args in args_groups:
- parser = argparse.ArgumentParser()
- for arg in args:
- parser.add_argument(arg.get('name'), **arg.get('props'))
- parsers[group] = parser
- return {
- group: vars(parser.parse_known_args()[0])
- for group, parser in parsers.items()
- }
-
- def validate_params(self):
- params = self.parse_args()[self.terraform_args_group_name]
- if len(params.get('service_base_name')) > 12:
- sys.stderr.write('service_base_name length should be less then 12')
- sys.exit(1)
- if not re.match("^[a-z0-9\-]+$", params.get('service_base_name')):
- sys.stderr.write('service_base_name should contain only lowercase '
- 'alphanumetic characters and hyphens')
- sys.exit(1)
-
- def provision(self):
- """Execute terraform script
-
- Returns:
- None
- Raises:
- TerraformProviderError: if init or validate fails
- """
- self.validate_params()
- tf_location = self.terraform_location
- terraform = TerraformProvider(self.no_color)
- os.chdir(tf_location)
- try:
- terraform.initialize()
- terraform.validate()
- except TerraformProviderError as ex:
- raise Exception('Error while provisioning {}'.format(ex))
-
-
-class AWSK8sSourceBuilder(AbstractDeployBuilder):
-
- def __init__(self):
- super(AWSK8sSourceBuilder, self).__init__()
- self._args = self.parse_args()
- self._ip = None
- self._user_name = self.args.get(self.terraform_args_group_name).get(
- 'os_user')
- self._pkey_path = self.args.get('service').get('pkey')
-
- @property
- def name(self):
- return 'ssn-k8s'
-
- @property
- def args(self):
- return self._args
-
- @property
- def ip(self):
- return self._ip
-
- @ip.setter
- def ip(self, ip):
- self._ip = ip
-
- @property
- def user_name(self):
- return self._user_name
-
- @property
- def pkey_path(self):
- return self._pkey_path
-
- @property
- def terraform_location(self):
- tf_dir = os.path.abspath(os.path.join(os.getcwd(), os.path.pardir))
- return os.path.join(tf_dir, 'aws/ssn-k8s/main')
-
- @property
- def terraform_args_group_name(self):
- return 'k8s'
-
- def validate_params(self):
- super(AWSK8sSourceBuilder, self).validate_params()
- params = self.parse_args()['all_args']
- if params.get('ssn_k8s_masters_count', 1) < 1:
- sys.stderr.write('ssn_k8s_masters_count should be greater then 0')
- sys.exit(1)
- if params.get('ssn_k8s_workers_count', 3) < 3:
- sys.stderr.write('ssn_k8s_masters_count should be minimum 3')
- sys.exit(1)
- # Temporary condition for Jenkins job
- if 'endpoint_id' in params and len(params.get('endpoint_id')) > 12:
- sys.stderr.write('endpoint_id length should be less then 12')
- sys.exit(1)
-
- @property
- def cli_args(self):
- params = ParamsBuilder()
- (params
- .add_bool('--no_color', 'no color console_output', group='service',
- default=False)
- .add_str('--state', 'State file path', group='service')
- .add_str('--access_key_id', 'AWS Access Key ID', required=True,
- group='k8s')
- .add_str('--allowed_cidrs',
- 'CIDR to allow acces to SSN K8S cluster.',
- default=["0.0.0.0/0"], action='append', group='k8s')
- .add_str('--ami', 'ID of EC2 AMI.', required=True, group='k8s')
- .add_str('--env_os', 'OS type.', default='debian',
- choices=['debian', 'redhat'], group=('k8s'))
- .add_str('--key_name', 'Name of EC2 Key pair.', required=True,
- group='k8s')
- .add_str('--os_user', 'Name of DLab service user.',
- default='dlab-user', group='k8s')
- .add_str('--pkey', 'path to key', required=True, group='service')
- .add_str('--region', 'Name of AWS region.', default='us-west-2',
- group=('k8s'))
- .add_str('--secret_access_key', 'AWS Secret Access Key',
- required=True,
- group='k8s')
- .add_str('--service_base_name',
- 'Any infrastructure value (should be unique if '
- 'multiple SSN\'s have been deployed before).',
- default='k8s', group=('k8s', 'helm_charts'))
- .add_int('--ssn_k8s_masters_count', 'Count of K8S masters.',
- default=3,
- group='k8s')
- .add_int('--ssn_k8s_workers_count', 'Count of K8S workers', default=2,
- group=('k8s', 'helm_charts'))
- .add_str('--ssn_k8s_masters_shape', 'Shape for SSN K8S masters.',
- default='t2.medium', group=('k8s'))
- .add_str('--ssn_k8s_workers_shape', 'Shape for SSN K8S workers.',
- default='t2.medium', group='k8s')
- .add_int('--ssn_root_volume_size', 'Size of root volume in GB.',
- default=30, group='k8s')
- .add_str('--subnet_cidr_a',
- 'CIDR for Subnet creation in zone a. Conflicts with subnet_id_a.',
- default='172.31.0.0/24', group='k8s')
- .add_str('--subnet_cidr_b',
- 'CIDR for Subnet creation in zone b. Conflicts with subnet_id_b.',
- default='172.31.1.0/24', group='k8s')
- .add_str('--subnet_cidr_c',
- 'CIDR for Subnet creation in zone c. Conflicts with subnet_id_c.',
- default='172.31.2.0/24', group='k8s')
- .add_str('--subnet_id_a',
- 'ID of AWS Subnet in zone a if you already have subnet created.',
- group='k8s')
- .add_str('--subnet_id_b',
- 'ID of AWS Subnet in zone b if you already have subnet created.',
- group='k8s')
- .add_str('--subnet_id_c',
- 'ID of AWS Subnet in zone c if you already have subnet created.',
- group='k8s')
- .add_str('--vpc_cidr', 'CIDR for VPC creation. Conflicts with vpc_id',
- default='172.31.0.0/16', group='k8s')
- .add_str('--vpc_id', 'ID of AWS VPC if you already have VPC created.',
- group='k8s')
- .add_str('--zone', 'Name of AWS zone', default='a',
- group=('k8s'))
- .add_str('--ssn_keystore_password', 'ssn_keystore_password',
- group='helm_charts')
- .add_str('--endpoint_keystore_password', 'endpoint_keystore_password',
- group='helm_charts')
- .add_str('--ssn_bucket_name', 'ssn_bucket_name',
- group='helm_charts')
- .add_str('--endpoint_eip_address', 'endpoint_eip_address',
- group='helm_charts')
- .add_str('--ldap_host', 'ldap host', required=True,
- group='helm_charts')
- .add_str('--ldap_dn', 'ldap dn', required=True,
- group='helm_charts')
- .add_str('--ldap_user', 'ldap user', required=True,
- group='helm_charts')
- .add_str('--ldap_bind_creds', 'ldap bind creds', required=True,
- group='helm_charts')
- .add_str('--ldap_users_group', 'ldap users group', required=True,
- group='helm_charts')
- .add_str('--tag_resource_id', 'Tag resource ID.',
- default='user:tag', group=('k8s', 'helm_charts'))
- .add_str('--additional_tag', 'Additional tag.',
- default='product:dlab', group='k8s')
- .add_str('--billing_bucket', 'Billing bucket name',
- group='helm_charts')
- .add_str('--billing_bucket_path',
- 'The path to billing reports directory in S3 bucket',
- default='',
- group='helm_charts')
- .add_str('--billing_aws_job_enabled',
- 'Billing format. Available options: true (aws), false(epam)',
- default='false',
- group='helm_charts')
- .add_str('--billing_aws_account_id',
- 'The ID of Amazon account', default='',
- group='helm_charts')
- .add_str('--billing_dlab_id',
- 'Column name in report file that contains dlab id tag',
- default='resource_tags_user_user_tag',
- group='helm_charts')
- .add_str('--billing_usage_date',
- 'Column name in report file that contains usage date tag',
- default='line_item_usage_start_date',
- group='helm_charts')
- .add_str('--billing_product',
- 'Column name in report file that contains product name tag',
- default='product_product_name',
- group='helm_charts')
- .add_str('--billing_usage_type',
- 'Column name in report file that contains usage type tag',
- default='line_item_usage_type',
- group='helm_charts')
- .add_str('--billing_usage',
- 'Column name in report file that contains usage tag',
- default='line_item_usage_amount',
- group='helm_charts')
- .add_str('--billing_cost',
- 'Column name in report file that contains cost tag',
- default='line_item_blended_cost',
- group='helm_charts')
- .add_str('--billing_resource_id',
- 'Column name in report file that contains dlab resource id tag',
- default='line_item_resource_id',
- group='helm_charts')
- .add_str('--billing_tags',
- 'Column name in report file that contains tags',
- default='line_item_operation,line_item_line_item_description',
- group='helm_charts')
- .add_str('--billing_tag', 'Billing tag', default='dlab',
- group='helm_charts')
- # Tmp for jenkins job
- .add_str('--endpoint_id', 'Endpoint Id',
- default='user:tag', group=())
- )
- return params.build()
-
- def check_k8s_cluster_status(self):
- """ Check for kubernetes status
-
- Returns:
- None
- Raises:
- TerraformProviderError: if master or kubeDNS is not running
-
- """
- start_time = time.time()
- while True:
- with Console.ssh(self.ip, self.user_name, self.pkey_path) as c:
- k8c_info_status = c.run(
- 'kubectl cluster-info | '
- 'sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g"') \
- .stdout
-
- kubernetes_success_status = 'Kubernetes master is running'
- kubernetes_dns_success_status = 'KubeDNS is running'
-
- kubernetes_succeed = kubernetes_success_status in k8c_info_status
- kube_dns_succeed = kubernetes_dns_success_status in k8c_info_status
-
- if kubernetes_succeed and kube_dns_succeed:
- break
- if (time.time() - start_time) >= 600:
- raise TimeoutError
- time.sleep(60)
-
- def check_tiller_status(self):
- """ Check tiller status
-
- Returns:
- None
- Raises:
- TerraformProviderError: if tiller is not running
-
- """
- start_time = time.time()
-
- with Console.ssh(self.ip, self.user_name, self.pkey_path) as c:
- while True:
- tiller_status = c.run(
- "kubectl get pods --all-namespaces "
- "| grep tiller | awk '{print $4}'").stdout
- tiller_success_status = 'Running'
- if tiller_success_status in tiller_status:
- break
- if (time.time() - start_time) >= 1200:
- raise TimeoutError
- time.sleep(60)
-
- def select_master_ip(self):
- terraform = TerraformProvider(self.no_color)
- output = terraform.output(self.tf_params,
- '-json ssn_k8s_masters_ip_addresses')
- ips = json.loads(output)
- if not ips:
- raise TerraformProviderError('no ips')
- self.ip = ips[0]
-
- def copy_terraform_to_remote(self):
- logging.info('transfer terraform dir to remote')
- tf_dir = os.path.abspath(
- os.path.join(os.getcwd(), os.path.pardir, os.path.pardir))
- source = os.path.join(tf_dir, 'ssn-helm-charts')
- remote_dir = '/home/{}/terraform/'.format(self.user_name)
- with Console.ssh(self.ip, self.user_name, self.pkey_path) as conn:
- conn.run('mkdir -p {}'.format(remote_dir))
- rsync(conn, source, remote_dir, strict_host_keys=False)
-
- def run_remote_terraform(self):
- logging.info('apply helm charts')
- args = self.parse_args()
- dns_name = json.loads(TerraformProvider(self.no_color)
- .output(self.tf_params,
- '-json ssn_k8s_alb_dns_name'))
- logging.info('apply ssn-helm-charts')
- terraform_args = args.get('helm_charts')
- args_str = get_var_args_string(terraform_args)
- with Console.ssh(self.ip, self.user_name, self.pkey_path) as conn:
- with conn.cd('terraform/ssn-helm-charts/main'):
- init = conn.run('terraform init').stdout.lower()
- validate = conn.run('terraform validate').stdout.lower()
- if 'success' not in init or 'success' not in validate:
- raise TerraformProviderError
- command = ('terraform apply -auto-approve {} '
- '-var \'ssn_k8s_alb_dns_name={}\''
- .format(args_str, dns_name))
- logging.info(command)
- conn.run(command)
- output = ' '.join(conn.run('terraform output -json')
- .stdout.split())
- self.fill_args_from_dict(json.loads(output))
-
- def output_terraform_result(self):
- dns_name = json.loads(
- TerraformProvider(self.no_color).output(self.tf_params,
- '-json ssn_k8s_alb_dns_name'))
- ssn_bucket_name = json.loads(
- TerraformProvider(self.no_color).output(self.tf_params,
- '-json ssn_bucket_name'))
- ssn_k8s_sg_id = json.loads(
- TerraformProvider(self.no_color).output(self.tf_params,
- '-json ssn_k8s_sg_id'))
- ssn_subnet = json.loads(
- TerraformProvider(self.no_color).output(self.tf_params,
- '-json ssn_subnet'))
- ssn_vpc_id = json.loads(
- TerraformProvider(self.no_color).output(self.tf_params,
- '-json ssn_vpc_id'))
-
- logging.info("""
- DLab SSN K8S cluster has been deployed successfully!
- Summary:
- DNS name: {}
- Bucket name: {}
- VPC ID: {}
- Subnet ID: {}
- SG IDs: {}
- DLab UI URL: http://{}
- """.format(dns_name, ssn_bucket_name, ssn_vpc_id,
- ssn_subnet, ssn_k8s_sg_id, dns_name))
-
- def fill_args_from_dict(self, output):
- for key, value in output.items():
- value = value.get('value')
- sys.argv.extend(['--' + key, value])
-
- def fill_remote_terraform_output(self):
- with Console.ssh(self.ip, self.user_name, self.pkey_path) as conn:
- with conn.cd('terraform/ssn-helm-charts/main'):
- output = ' '.join(conn.run('terraform output -json')
- .stdout.split())
- self.fill_args_from_dict(json.loads(output))
- output_processor = LocalStorageOutputProcessor(self.tf_output)
- output = {key: value.get('value')
- for key, value in json.loads(output).items()}
- output_processor.write(output)
-
- @staticmethod
- def add_ip_to_known_hosts(ip):
- attempt = 0
- while attempt < 10:
- if len(Console.execute('ssh-keygen -H -F {}'.format(ip))) == 0:
- Console.execute(
- 'ssh-keyscan {} >> ~/.ssh/known_hosts'.format(ip))
- attempt += 1
- else:
- break
-
- def deploy(self):
- logging.info('deploy')
- output = ' '.join(
- TerraformProvider(self.no_color).output(self.tf_params,
- '-json').split())
- self.fill_args_from_dict(json.loads(output))
- self.select_master_ip()
- self.add_ip_to_known_hosts(self.ip)
- self.check_k8s_cluster_status()
- self.check_tiller_status()
- self.copy_terraform_to_remote()
- self.run_remote_terraform()
- self.fill_remote_terraform_output()
- self.output_terraform_result()
-
- def destroy(self):
- super(AWSK8sSourceBuilder, self).destroy()
- if self.output_dir is not None:
- shutil.rmtree(self.output_dir)
- elif os.path.isfile(os.path.join(INITIAL_LOCATION, 'output.json')):
- os.remove(os.path.join(INITIAL_LOCATION, 'output.json'))
-
-
-class AWSEndpointBuilder(AbstractDeployBuilder):
-
- def update_extracted_file_data(self, obj):
- if 'ssn_vpc_id' in obj:
- obj['vpc_id'] = obj['ssn_vpc_id']
-
- @property
- def name(self):
- return 'endpoint'
-
- @property
- def use_tf_output_file(self):
- return True
-
- @property
- def terraform_location(self):
- tf_dir = os.path.abspath(os.path.join(os.getcwd(), os.path.pardir))
- return os.path.join(tf_dir, 'aws/endpoint/main')
-
- @property
- def terraform_args_group_name(self):
- return 'endpoint'
-
- def validate_params(self):
- super(AWSEndpointBuilder, self).validate_params()
- params = self.parse_args()[self.terraform_args_group_name]
- if len(params.get('endpoint_id')) > 12:
- sys.stderr.write('endpoint_id length should be less then 12')
- sys.exit(1)
-
- @property
- def cli_args(self):
- params = ParamsBuilder()
- (params
- .add_bool('--no_color', 'no color console_output', group='service',
- default=False)
- .add_str('--state', 'State file path', group='service')
- .add_str('--secret_access_key', 'AWS Secret Access Key',
- required=True,
- group='endpoint')
- .add_str('--access_key_id', 'AWS Access Key ID', required=True,
- group='endpoint')
- .add_str('--pkey', 'path to key', required=True, group='service')
- .add_str('--service_base_name',
- 'Any infrastructure value (should be unique if multiple '
- 'SSN\'s have been deployed before). Should be same as on ssn',
- group='endpoint')
- .add_str('--vpc_id', 'ID of AWS VPC if you already have VPC created.',
- group='endpoint')
- .add_str('--vpc_cidr',
- 'CIDR for VPC creation. Conflicts with vpc_id.',
- default='172.31.0.0/16', group='endpoint')
- .add_str('--ssn_subnet',
- 'ID of AWS Subnet if you already have subnet created.',
- group='endpoint')
- .add_str('--ssn_k8s_sg_id', 'ID of SSN SG.', group='endpoint')
- .add_str('--subnet_cidr',
- 'CIDR for Subnet creation. Conflicts with subnet_id.',
- default='172.31.0.0/24', group='endpoint')
- .add_str('--ami', 'ID of EC2 AMI.', required=True, group='endpoint')
- .add_str('--key_name', 'Name of EC2 Key pair.', required=True,
- group='endpoint')
- .add_str('--endpoint_id', 'Endpoint id.', required=True,
- group='endpoint')
- .add_str('--region', 'Name of AWS region.', default='us-west-2',
- group='endpoint')
- .add_str('--zone', 'Name of AWS zone.', default='a', group='endpoint')
- .add_str('--network_type',
- 'Type of created network (if network is not existed and '
- 'require creation) for endpoint',
- default='public', group='endpoint')
- .add_str('--endpoint_instance_shape', 'Instance shape of Endpoint.',
- default='t2.medium', group='endpoint')
- .add_int('--endpoint_volume_size', 'Size of root volume in GB.',
- default=30, group='endpoint')
- .add_str('--endpoint_eip_allocation_id',
- 'Elastic Ip created for Endpoint',
- group='endpoint')
- .add_str('--product', 'Product name.', default='dlab',
- group='endpoint')
- .add_str('--additional_tag', 'Additional tag.',
- default='product:dlab', group='endpoint')
- .add_str('--ldap_host', 'ldap host', required=True,
- group='endpoint')
- .add_str('--ldap_dn', 'ldap dn', required=True,
- group='endpoint')
- .add_str('--ldap_user', 'ldap user', required=True,
- group='endpoint')
- .add_str('--ldap_bind_creds', 'ldap bind creds', required=True,
- group='endpoint')
- .add_str('--ldap_users_group', 'ldap users group', required=True,
- group='endpoint')
- )
- return params.build()
-
- def deploy(self):
- new_dir = os.path.abspath(
- os.path.join(os.getcwd(), '../../../bin/deploy'))
- os.chdir(new_dir)
- start_deploy()
-
-
-class DeployDirector:
-
- def build(self, action, builder):
- """ Do build action
- Args:
- builder: AbstractDeployBuilder
- Returns:
- None
- """
- try:
- builder.provision()
- if action == 'deploy':
- builder.apply()
- builder.store_output_to_file()
- builder.deploy()
- if action == 'destroy':
- builder.destroy()
-
- except Exception as ex:
- print(ex)
-
-def deploy():
- actions = {'deploy', 'destroy'}
-
- sources_targets = {'aws': ['k8s', 'endpoint']}
-
- no_args_error = ('usage: ./dlab {} {} {}\n'.format(
- actions,
- set(sources_targets.keys()),
- set(itertools.chain(*sources_targets.values()))))
- no_source_error = (
- lambda x: ('usage: ./dlab {} {} {}\n'.format(
- x,
- set(sources_targets.keys()),
- set(itertools.chain(*sources_targets.values())))))
- no_target_error = (
- lambda x, y: ('usage: ./dlab {} {} {}\n'.format(
- x, y, set(itertools.chain(*sources_targets.values())))))
-
- if len(sys.argv) == 1 or sys.argv[1] not in actions:
- sys.stderr.write(no_args_error)
- exit(1)
- if len(sys.argv) == 2 or sys.argv[2] not in sources_targets:
- sys.stderr.write(no_source_error(sys.argv[1]))
- exit(1)
- if len(sys.argv) == 3 or sys.argv[3] not in sources_targets[sys.argv[2]]:
- sys.stderr.write(no_target_error(sys.argv[1], sys.argv[2]))
-
- module, action, source, target = sys.argv[:4]
- builders_dict = {
- 'aws': {
- 'k8s': AWSK8sSourceBuilder,
- 'endpoint': AWSEndpointBuilder
- }
- }
- builder = builders_dict[source][target]()
- deploy_director = DeployDirector()
- deploy_director.build(action, builder)
-
-
-if __name__ == '__main__':
- deploy()
diff --git a/infrastructure-provisioning/terraform/bin/requirements.txt b/infrastructure-provisioning/terraform/bin/requirements.txt
deleted file mode 100644
index 5035545..0000000
--- a/infrastructure-provisioning/terraform/bin/requirements.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-fabric==2.4.0
-patchwork==1.0.1
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/bin/terraform-cli.py b/infrastructure-provisioning/terraform/bin/terraform-cli.py
deleted file mode 100755
index 8e1bd60..0000000
--- a/infrastructure-provisioning/terraform/bin/terraform-cli.py
+++ /dev/null
@@ -1,659 +0,0 @@
-#!/usr/bin/env python
-import itertools
-import json
-import os
-import abc
-import argparse
-
-import time
-from fabric import Connection
-from patchwork.transfers import rsync
-import logging
-import os.path
-import sys
... 6093 lines suppressed ...
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org