You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by dm...@apache.org on 2019/09/26 09:59:00 UTC
[incubator-dlab] branch DLAB-edge updated: [DLAB-edge] Created
terraform scripts for project deployment[GCP]
This is an automated email from the ASF dual-hosted git repository.
dmysakovets pushed a commit to branch DLAB-edge
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-edge by this push:
new 18181f4 [DLAB-edge] Created terraform scripts for project deployment[GCP]
18181f4 is described below
commit 18181f49b8a118b6b87bd80ee994838255f8ec0a
Author: Dyoma33 <de...@gmail.com>
AuthorDate: Thu Sep 26 12:51:04 2019 +0300
[DLAB-edge] Created terraform scripts for project deployment[GCP]
---
.../aws/computational_resources/main/main.tf | 18 ---
.../computational_resources/modules/common/iam.tf | 118 ------------------
.../modules/common/network.tf | 80 -------------
.../terraform/aws/project/main/instance.tf | 1 +
.../gcp/{ => computational_resources}/main/main.tf | 17 ---
.../main/variables.tf | 0
.../modules/data_engine/instance.tf | 0
.../modules/data_engine/variables.tf | 0
.../modules/dataproc/instance.tf | 0
.../modules/dataproc/variables.tf | 0
.../modules/notebook/instance.tf | 0
.../modules/notebook/variables.tf | 0
.../terraform/gcp/modules/common/iam.tf | 36 ------
.../terraform/gcp/modules/common/network.tf | 39 ------
.../terraform/gcp/modules/common/variables.tf | 39 ------
.../terraform/gcp/project/main/iam.tf | 84 +++++++++++++
.../terraform/gcp/project/main/instance.tf | 62 ++++++++++
.../variables.tf => gcp/project/main/main.tf} | 33 +----
.../terraform/gcp/project/main/network.tf | 133 +++++++++++++++++++++
.../common => gcp/project/main}/variables.tf | 46 +++++--
20 files changed, 321 insertions(+), 385 deletions(-)
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/main/main.tf b/infrastructure-provisioning/terraform/aws/computational_resources/main/main.tf
index 1fb08e5..a075b04 100644
--- a/infrastructure-provisioning/terraform/aws/computational_resources/main/main.tf
+++ b/infrastructure-provisioning/terraform/aws/computational_resources/main/main.tf
@@ -4,24 +4,6 @@ provider "aws" {
region = var.region
}
-module "common" {
- source = "../modules/common"
- sbn = var.service_base_name
- project_name = var.project_name
- project_tag = var.project_tag
- endpoint_tag = var.endpoint_tag
- user_tag = var.user_tag
- custom_tag = var.custom_tag
- notebook_name = var.notebook_name
- region = var.region
- zone = var.zone
- product = var.product_name
- vpc = var.vpc_id
- cidr_range = var.cidr_range
- traefik_cidr = var.traefik_cidr
- instance_type = var.instance_type
-}
-
module "notebook" {
source = "../modules/notebook"
sbn = var.service_base_name
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/iam.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/iam.tf
deleted file mode 100644
index 6624f30..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/iam.tf
+++ /dev/null
@@ -1,118 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- role_name = "${var.sbn}-nb-de-Role"
- role_profile = "${var.sbn}-nb-Profile"
- policy_name = "${var.sbn}-strict_to_S3-Policy"
-}
-
-resource "aws_iam_role" "nb_de_role" {
- name = local.role_name
- assume_role_policy = <<EOF
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": {
- "Service": "ec2.amazonaws.com"
- },
- "Effect": "Allow",
- "Sid": ""
- }
- ]
-}
-EOF
-
- tags = {
- Name = local.role_name
- Environment_tag = var.sbn
- "${var.sbn}-Tag" = local.role_name
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- "user:tag" = "${var.sbn}:${local.role_name}"
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
-}
-
-resource "aws_iam_instance_profile" "nb_profile" {
- name = local.role_profile
- role = aws_iam_role.nb_de_role.name
-}
-
-resource "aws_iam_policy" "strict_S3_policy" {
- name = local.policy_name
- description = "Strict Bucket only policy"
- policy = <<EOF
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": "s3:ListAllMyBuckets",
- "Resource": "arn:aws:s3:::*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:ListBucket",
- "s3:GetBucketLocation",
- "s3:PutBucketPolicy",
- "s3:PutEncryptionConfiguration"
- ],
- "Resource": [
- "arn:aws:s3:::${var.sbn}*"
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:GetObject",
- "s3:HeadObject"
- ],
- "Resource": "arn:aws:s3:::${var.sbn}-ssn-bucket/*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:HeadObject",
- "s3:PutObject",
- "s3:GetObject",
- "s3:DeleteObject"
- ],
- "Resource": [
- "arn:aws:s3:::${var.sbn}-bucket/*",
- "arn:aws:s3:::${var.sbn}-shared-bucket/*"
- ]
- }
- ]
-}
-EOF
-}
-
-resource "aws_iam_role_policy_attachment" "strict_S3_policy-attach" {
- role = aws_iam_role.nb_de_role.name
- policy_arn = aws_iam_policy.strict_S3_policy.arn
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/network.tf b/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/network.tf
deleted file mode 100644
index 297cf28..0000000
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/network.tf
+++ /dev/null
@@ -1,80 +0,0 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- subnet_name = "${var.sbn}-subnet"
- sg_name = "${var.sbn}-nb-sg" #sg - security group
-}
-
-resource "aws_subnet" "subnet" {
- vpc_id = var.vpc
- cidr_block = var.cidr_range
-
- tags = {
- Name = local.subnet_name
- "${var.sbn}-Tag" = local.subnet_name
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- "user:tag" = "${var.sbn}:${local.subnet_name}"
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
-}
-
-resource "aws_security_group" "nb-sg" {
- name = local.sg_name
- vpc_id = var.vpc
-
- ingress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["${var.cidr_range}", "${var.traefik_cidr}"]
- }
-
- egress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- egress {
- from_port = 443
- to_port = 443
- protocol = "TCP"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- tags = {
- Name = local.sg_name
- "${var.sbn}-Tag" = local.sg_name
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- "user:tag" = "${var.sbn}:${local.sg_name}"
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/project/main/instance.tf b/infrastructure-provisioning/terraform/aws/project/main/instance.tf
index 7b4cddc..5c064e0 100644
--- a/infrastructure-provisioning/terraform/aws/project/main/instance.tf
+++ b/infrastructure-provisioning/terraform/aws/project/main/instance.tf
@@ -37,6 +37,7 @@ resource "aws_instance" "edge" {
}
tags = {
Name = local.edge_instance_name
+ Project_tag = var.project_tag
"${local.additional_tag[0]}" = local.additional_tag[1]
"${var.tag_resource_id}" = "${var.service_base_name}:${local.edge_instance_name}"
"${var.service_base_name}-Tag" = local.edge_instance_name
diff --git a/infrastructure-provisioning/terraform/gcp/main/main.tf b/infrastructure-provisioning/terraform/gcp/computational_resources/main/main.tf
similarity index 80%
rename from infrastructure-provisioning/terraform/gcp/main/main.tf
rename to infrastructure-provisioning/terraform/gcp/computational_resources/main/main.tf
index 3cbca78..7f47528 100644
--- a/infrastructure-provisioning/terraform/gcp/main/main.tf
+++ b/infrastructure-provisioning/terraform/gcp/computational_resources/main/main.tf
@@ -5,23 +5,6 @@ provider "google" {
zone = "${var.zone_var}"
}
-module "common" {
- source = "../modules/common"
- project_tag = "${var.project_tag}"
- endpoint_tag = "${var.endpoint_tag}"
- user_tag = "${var.user_tag}"
- custom_tag = "${var.custom_tag}"
- product = "${var.product_name}"
- region = "${var.region_var}"
- vpc_name = "${var.vpc_name}"
- fw_ingress = "${var.fw_ingress}"
- fw_egress_public = "${var.fw_egress_public}"
- fw_egress_private = "${var.fw_egress_private}"
- network_tag = "${var.network_tag}"
- cidr_range = "${var.cidr_range}"
- traefik_cidr = "${var.traefik_cidr}"
-}
-
module "notebook" {
source = "../modules/notebook"
project_tag = "${var.project_tag}"
diff --git a/infrastructure-provisioning/terraform/gcp/main/variables.tf b/infrastructure-provisioning/terraform/gcp/computational_resources/main/variables.tf
similarity index 100%
rename from infrastructure-provisioning/terraform/gcp/main/variables.tf
rename to infrastructure-provisioning/terraform/gcp/computational_resources/main/variables.tf
diff --git a/infrastructure-provisioning/terraform/gcp/modules/data_engine/instance.tf b/infrastructure-provisioning/terraform/gcp/computational_resources/modules/data_engine/instance.tf
similarity index 100%
rename from infrastructure-provisioning/terraform/gcp/modules/data_engine/instance.tf
rename to infrastructure-provisioning/terraform/gcp/computational_resources/modules/data_engine/instance.tf
diff --git a/infrastructure-provisioning/terraform/gcp/modules/data_engine/variables.tf b/infrastructure-provisioning/terraform/gcp/computational_resources/modules/data_engine/variables.tf
similarity index 100%
rename from infrastructure-provisioning/terraform/gcp/modules/data_engine/variables.tf
rename to infrastructure-provisioning/terraform/gcp/computational_resources/modules/data_engine/variables.tf
diff --git a/infrastructure-provisioning/terraform/gcp/modules/dataproc/instance.tf b/infrastructure-provisioning/terraform/gcp/computational_resources/modules/dataproc/instance.tf
similarity index 100%
rename from infrastructure-provisioning/terraform/gcp/modules/dataproc/instance.tf
rename to infrastructure-provisioning/terraform/gcp/computational_resources/modules/dataproc/instance.tf
diff --git a/infrastructure-provisioning/terraform/gcp/modules/dataproc/variables.tf b/infrastructure-provisioning/terraform/gcp/computational_resources/modules/dataproc/variables.tf
similarity index 100%
rename from infrastructure-provisioning/terraform/gcp/modules/dataproc/variables.tf
rename to infrastructure-provisioning/terraform/gcp/computational_resources/modules/dataproc/variables.tf
diff --git a/infrastructure-provisioning/terraform/gcp/modules/notebook/instance.tf b/infrastructure-provisioning/terraform/gcp/computational_resources/modules/notebook/instance.tf
similarity index 100%
rename from infrastructure-provisioning/terraform/gcp/modules/notebook/instance.tf
rename to infrastructure-provisioning/terraform/gcp/computational_resources/modules/notebook/instance.tf
diff --git a/infrastructure-provisioning/terraform/gcp/modules/notebook/variables.tf b/infrastructure-provisioning/terraform/gcp/computational_resources/modules/notebook/variables.tf
similarity index 100%
rename from infrastructure-provisioning/terraform/gcp/modules/notebook/variables.tf
rename to infrastructure-provisioning/terraform/gcp/computational_resources/modules/notebook/variables.tf
diff --git a/infrastructure-provisioning/terraform/gcp/modules/common/iam.tf b/infrastructure-provisioning/terraform/gcp/modules/common/iam.tf
deleted file mode 100644
index 6931f60..0000000
--- a/infrastructure-provisioning/terraform/gcp/modules/common/iam.tf
+++ /dev/null
@@ -1,36 +0,0 @@
-locals {
- service_name = "${var.project_tag}-ps-sa"
- role_name = "${var.project_tag}-ps-role"
-}
-
-resource "google_service_account" "ps_sa" {
- #Create service account for notebooks and computational resources
- account_id = "${var.project_tag}-ps-sa"
- display_name = "${var.project_tag}-ps-sa"
-}
-
-resource "google_service_account_key" "ps_sa_key" {
- #Create service account key
- depends_on = ["google_project_iam_member.iam"]
- service_account_id = google_service_account.ps_sa.name
-}
-
-resource "google_project_iam_custom_role" "ps-custom-role" {
- #Create custom role for ps_sa
- role_id = "${replace("${var.project_tag}-ps-role", "-", "_")}"
- title = "${var.project_tag}-ps-role"
- permissions = "${var.ps_policy}"
-}
-
-resource "google_project_iam_member" "role_for_member" {
- #Grant the custom role for the ps_sa
- member = "serviceAccount:${google_service_account.ps_sa.email}"
- role = "${google_project_iam_custom_role.ps-custom-role.id}"
-}
-
-resource "google_project_iam_member" "iam" {
- #Grant other roles for the ps_sa
- count = "${length(var.ps_roles)}"
- member = "serviceAccount:${google_service_account.ps_sa.email}"
- role = "${element(var.ps_roles, count.index)}"
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/modules/common/network.tf b/infrastructure-provisioning/terraform/gcp/modules/common/network.tf
deleted file mode 100644
index 8d34249..0000000
--- a/infrastructure-provisioning/terraform/gcp/modules/common/network.tf
+++ /dev/null
@@ -1,39 +0,0 @@
-resource "google_compute_subnetwork" "subnet" {
- name = "${var.project_tag}-subnet"
- ip_cidr_range = "${var.cidr_range}"
- region = "${var.region}"
- network = "${var.vpc_name}"
-}
-
-resource "google_compute_firewall" "fw_ingress" {
- name = "${var.fw_ingress}"
- network = "${var.vpc_name}"
- allow {
- protocol = "all"
- }
- target_tags = ["${var.network_tag}"]
- source_ranges = ["${var.cidr_range}", "${var.traefik_cidr}"]
-}
-
-resource "google_compute_firewall" "fw_egress_public" {
- name = "${var.fw_egress_public}"
- network = "${var.vpc_name}"
- direction = "EGRESS"
- allow {
- protocol = "tcp"
- ports = ["443"]
- }
- target_tags = ["${var.network_tag}"]
- destination_ranges = ["0.0.0.0/0"]
-}
-
-resource "google_compute_firewall" "fw_egress_private" {
- name = "${var.fw_egress_private}"
- network = "${var.vpc_name}"
- direction = "EGRESS"
- allow {
- protocol = "all"
- }
- target_tags = ["${var.network_tag}"]
- destination_ranges = ["${var.cidr_range}", "${var.traefik_cidr}"]
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/modules/common/variables.tf b/infrastructure-provisioning/terraform/gcp/modules/common/variables.tf
deleted file mode 100644
index b4180ad..0000000
--- a/infrastructure-provisioning/terraform/gcp/modules/common/variables.tf
+++ /dev/null
@@ -1,39 +0,0 @@
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "region" {}
-
-variable "product" {}
-
-variable "vpc_name" {}
-
-variable "fw_ingress" {}
-
-variable "fw_egress_public" {}
-
-variable "fw_egress_private" {}
-
-variable "network_tag" {}
-
-variable "cidr_range" {}
-
-variable "traefik_cidr" {}
-
-variable "ps_roles" {
- type = "list"
- default = [
- "roles/dataproc.worker"
- ]
-}
-
-variable "ps_policy" {
- type = "list"
- default = [
-
- ]
-}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/project/main/iam.tf b/infrastructure-provisioning/terraform/gcp/project/main/iam.tf
new file mode 100644
index 0000000..b562d6b
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/project/main/iam.tf
@@ -0,0 +1,84 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+locals {
+ edge_policy_name = "${var.service_base_name}-${var.project_tag}-edge-policy"
+ edge_role_name = "${var.service_base_name}-${var.project_tag}-edge_role"
+ edge_sa_name = "${var.service_base_name}-${var.project_tag}-edge-sa"
+ nb_policy_name = "${var.service_base_name}-${var.project_tag}-nb-policy"
+ nb_role_name = "${var.service_base_name}-${var.project_tag}-nb_role"
+ nb_sa_name = "${var.service_base_name}-${var.project_tag}-nb-sa"
+}
+
+#################
+### Edge node ###
+#################
+
+resource "google_service_account" "edge_sa" {
+ account_id = local.edge_sa_name
+ display_name = local.edge_sa_name
+}
+/*
+resource "google_project_iam_custom_role" "edge_role" {
+ permissions = var.edge_policies
+ role_id = "${replace("${local.edge_role_name}", "-", "_")}"
+ title = local.edge_role_name
+}
+
+resource "google_project_iam_member" "edge_iam" {
+ # try to set perms as file
+ count = length(var.edge_roles)
+ member = "serviceAccount:${google_service_account.edge_sa.email}"
+ role = element(var.edge_roles, count.index)
+}
+
+resource "google_project_iam_member" "role_for_edge" {
+ member = "serviceAccount:${google_service_account.edge_sa.email}"
+ role = google_project_iam_custom_role.edge_role.id
+}
+*/
+############################################################
+### Explotratory environment and computational resources ###
+############################################################
+
+resource "google_service_account" "nb_sa" {
+ account_id = local.nb_sa_name
+ display_name = local.nb_sa_name
+}
+/*
+resource "google_project_iam_custom_role" "nb_role" {
+ permissions = var.nb_policies
+ role_id = "${replace("${local.nb_role_name}", "-", "_")}"
+ title = local.nb_role_name
+}
+
+resource "google_project_iam_member" "nb_iam" {
+ # try to set perms as file
+ count = length(var.nb_roles)
+ member = "serviceAccount:${google_service_account.nb_sa.email}"
+ role = element(var.nb_roles, count.index)
+}
+
+resource "google_project_iam_member" "role_for_nb" {
+ member = "serviceAccount:${google_service_account.nb_sa.email}"
+ role = google_project_iam_custom_role.nb_role.id
+}
+*/
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/project/main/instance.tf b/infrastructure-provisioning/terraform/gcp/project/main/instance.tf
new file mode 100644
index 0000000..02295e7
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/project/main/instance.tf
@@ -0,0 +1,62 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+locals {
+ edge_instance_name = "${var.service_base_name}-${var.project_tag}-edge"
+}
+
+resource "google_compute_instance" "endpoint" {
+ name = local.edge_instance_name
+ machine_type = var.edge_shape
+ tags = ["${replace("${local.edge_instance_name}", "_", "-")}"]
+ labels = {
+ name = "${local.edge_instance_name}"
+ sbn = "${var.service_base_name}"
+ product = "${var.product}"
+ endpoint_id = "${var.endpoint_tag}"
+ project_tag = var.project_tag
+ }
+ zone = var.zone
+
+ boot_disk {
+ initialize_params {
+ image = var.ami
+ size = var.edge_volume_size
+ }
+ }
+
+ metadata = {
+ ssh-keys = "ubuntu:${file(var.path_to_pub_key)}" # Format the file before deploy
+ }
+
+ service_account {
+ email = google_service_account.edge_sa.email #"${var.project_name_var}-ssn-sa@${var.project_var}.iam.gserviceaccount.com"
+ scopes = ["https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/compute"]
+ }
+
+ network_interface {
+ network = var.vpc_name
+ subnetwork = var.ssn_subnet_name
+ access_config {
+ nat_ip = google_compute_address.edge_ip.address
+ }
+ }
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/variables.tf b/infrastructure-provisioning/terraform/gcp/project/main/main.tf
similarity index 73%
copy from infrastructure-provisioning/terraform/aws/computational_resources/modules/common/variables.tf
copy to infrastructure-provisioning/terraform/gcp/project/main/main.tf
index 169b77e..5ac05ab 100644
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/variables.tf
+++ b/infrastructure-provisioning/terraform/gcp/project/main/main.tf
@@ -19,30 +19,9 @@
#
# ******************************************************************************
-variable "project_name" {}
-
-variable "sbn" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "notebook_name" {}
-
-variable "region" {}
-
-variable "zone" {}
-
-variable "product" {}
-
-variable "vpc" {}
-
-variable "cidr_range" {}
-
-variable "traefik_cidr" {}
-
-variable "instance_type" {}
\ No newline at end of file
+provider "google" {
+ credentials = file(var.credentials)
+ project = var.project_name
+ region = var.region
+ zone = var.zone
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/project/main/network.tf b/infrastructure-provisioning/terraform/gcp/project/main/network.tf
new file mode 100644
index 0000000..a7df464
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/project/main/network.tf
@@ -0,0 +1,133 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+locals {
+ edge_instance_ip = "${var.service_base_name}-${var.project_tag}-edge-ip"
+ ps_name = "${var.service_base_name}-${var.project_tag}-private-subnet"
+ ps_tag = "${var.service_base_name}-${var.project_tag}-ps"
+ edge_ingress = "${var.service_base_name}-${var.project_tag}-edge-ingress"
+ edge_egress = "${var.service_base_name}-${var.project_tag}-edge-egress"
+ ps_ingress = "${var.service_base_name}-${var.project_tag}-ps-ingress"
+ ps_egress = "${var.service_base_name}-${var.project_tag}-ps-egress"
+}
+
+#################
+### Edge node ###
+#################
+
+resource "google_compute_address" "edge_ip" {
+ name = local.edge_instance_ip
+}
+
+resource "google_compute_firewall" "edge_ingress-public" {
+ name = "${local.edge_ingress}-public"
+ network = var.vpc_name
+ allow {
+ protocol = "tcp"
+ ports = ["22", "8084", "8085"]
+ }
+ target_tags = ["${local.edge_instance_name}"]
+ source_ranges = ["0.0.0.0/0"]
+}
+
+resource "google_compute_firewall" "edge_ingress_internal" {
+ name = "${local.edge_ingress}-internal"
+ network = var.vpc_name
+ allow {
+ protocol = "all"
+ }
+ target_tags = ["${local.edge_instance_name}"]
+ source_ranges = [var.ps_cidr]
+}
+
+resource "google_compute_firewall" "edge_egress_public" {
+ name = "${local.edge_egress}-public"
+ network = var.vpc_name
+ direction = "EGRESS"
+ allow {
+ protocol = "udp"
+ ports = ["53", "123"]
+ }
+ allow {
+ protocol = "tcp"
+ ports = ["22", "80", "443"]
+ }
+ target_tags = [local.edge_instance_name]
+ destination_ranges = ["0.0.0.0/0"]
+}
+
+resource "google_compute_firewall" "edge_egress_internal" {
+ name = "${local.edge_egress}-internal"
+ network = var.vpc_name
+ direction = "EGRESS"
+ allow {
+ protocol = "tcp"
+ ports = ["22", "389", "8888", "8080", "8787", "6006", "20888", "8042", "8088", "18080", "50070",
+ "8085", "8081", "4040-4045"]
+ }
+ target_tags = [local.edge_instance_name]
+ destination_ranges = [var.ps_cidr]
+}
+
+############################################################
+### Explotratory environment and computational resources ###
+############################################################
+
+resource "google_compute_subnetwork" "private_subnet" {
+ name = local.ps_name
+ ip_cidr_range = var.ps_cidr
+ region = var.region
+ network = var.vpc_name
+}
+
+resource "google_compute_firewall" "ps-ingress" {
+ name = local.ps_ingress
+ network = var.vpc_name
+ allow {
+ protocol = "all"
+ }
+ target_tags = [local.ps_tag]
+ source_ranges = [var.ps_cidr, var.ssn_subnet_cidr]
+
+}
+
+resource "google_compute_firewall" "ps-egress-private" {
+ name = "${local.ps_egress}-private"
+ network = var.vpc_name
+ direction = "EGRESS"
+ allow {
+ protocol = "all"
+ }
+ target_tags = [local.ps_tag]
+ destination_ranges = [var.ps_cidr, var.ssn_subnet_cidr]
+}
+
+resource "google_compute_firewall" "ps-egress-public" {
+ name = "${local.ps_egress}-public"
+ network = var.vpc_name
+ direction = "EGRESS"
+ allow {
+ protocol = "tcp"
+ ports = ["443"]
+ }
+ target_tags = [local.ps_tag]
+ destination_ranges = ["0.0.0.0/0"]
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/variables.tf b/infrastructure-provisioning/terraform/gcp/project/main/variables.tf
similarity index 67%
rename from infrastructure-provisioning/terraform/aws/computational_resources/modules/common/variables.tf
rename to infrastructure-provisioning/terraform/gcp/project/main/variables.tf
index 169b77e..2806f13 100644
--- a/infrastructure-provisioning/terraform/aws/computational_resources/modules/common/variables.tf
+++ b/infrastructure-provisioning/terraform/gcp/project/main/variables.tf
@@ -21,28 +21,52 @@
variable "project_name" {}
-variable "sbn" {}
+variable "credentials" {}
+
+variable "edge_shape" {}
+
+variable "region" {}
+
+variable "zone" {}
+
+variable "service_base_name" {}
variable "project_tag" {}
variable "endpoint_tag" {}
-variable "user_tag" {}
+variable "vpc_name" {}
-variable "custom_tag" {}
+variable "ssn_subnet_name" {}
-variable "notebook_name" {}
+variable "ami" {}
-variable "region" {}
+variable "edge_volume_size" {}
-variable "zone" {}
+variable "ps_cidr" {}
-variable "product" {}
+variable "ssn_subnet_cidr" {}
-variable "vpc" {}
+variable "edge_policies" {
+ type = "list"
+ default = []
+}
-variable "cidr_range" {}
+variable "edge_roles" {
+ type = "list"
+ default = []
+}
-variable "traefik_cidr" {}
+variable "nb_policies" {
+ type = "list"
+ default = []
+}
-variable "instance_type" {}
\ No newline at end of file
+variable "nb_roles" {
+ type = "list"
+ default = []
+}
+
+variable "path_to_pub_key" {} # Format the file before deploy
+
+variable "product" {}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org