first draft 2nd nm network

mojaloop · May 26, 2023 · 0b5b048 · 0b5b048
1 parent b3d61fb
commit 0b5b048
Show file tree

Hide file tree

Showing 5 changed files with 67 additions and 14 deletions.
diff --git a/terraform/ansible/control-center-netmaker-deploy/ansible.tf b/terraform/ansible/control-center-netmaker-deploy/ansible.tf
@@ -5,8 +5,10 @@ resource "local_sensitive_file" "ansible_inventory" {
     { all_hosts               = merge(var.bastion_hosts, var.netmaker_hosts),
       bastion_hosts           = var.bastion_hosts,
       netmaker_hosts          = var.netmaker_hosts,
+      docker_hosts            = var.docker_hosts,
       bastion_hosts_var_maps  = merge(var.bastion_hosts_var_maps, local.bastion_hosts_var_maps),
       netmaker_hosts_var_maps = merge(var.netmaker_hosts_var_maps, local.netmaker_hosts_var_maps),
+      docker_hosts_var_maps   = merge(var.docker_hosts_var_maps, local.jumphostmap),
     all_hosts_var_maps = merge(var.all_hosts_var_maps, local.ssh_private_key_file_map) }
   )
   filename        = "${local.ansible_base_output_dir}/inventory"
@@ -37,33 +39,51 @@ resource "local_sensitive_file" "ec2_ssh_key" {
 }
 
 data "local_sensitive_file" "netmaker_keys" {
-  filename = local.enrollment_key_list_file_location
+  filename = local.netmaker_enrollment_key_list_file_location
   depends_on = [
     null_resource.run_ansible
   ]
 }
 
 output "netmaker_token_map" {
-  value =local.token_map
+  value     = local.token_map
   sensitive = true
 }
+output "netmaker_control_network_name" {
+  value = var.netmaker_control_network_name
+}
 
 locals {
 
   ansible_base_output_dir = "${var.ansible_base_output_dir}/control-center-post-config"
   netmaker_hosts_var_maps = {
-    enable_oauth                      = var.enable_netmaker_oidc
-    enrollment_key_list_file_location = local.enrollment_key_list_file_location
-    enrollment_key_list               = jsonencode(concat(["bastion"], keys(var.env_map)))
+    enable_oauth                               = var.enable_netmaker_oidc
+    netmaker_enrollment_key_list_file_location = local.netmaker_enrollment_key_list_file_location
+    enrollment_key_list                        = jsonencode(concat(["bastion"], keys(var.env_map)))
+    netmaker_networks                          = merge(local.base_netmaker_networks, local.env_netmaker_networks)
   }
   bastion_hosts_var_maps = {
-    enrollment_key_list_file_location = local.enrollment_key_list_file_location
-    netclient_enrollment_key = "${local.netmaker_control_network_name}-bastion"
+    netmaker_enrollment_key_list_file_location = local.netmaker_enrollment_key_list_file_location
+    netclient_enrollment_keys                  = ["${var.netmaker_control_network_name}-ops"]
+  }
+  docker_hosts_var_maps = {
+    netmaker_enrollment_key_list_file_location = local.netmaker_enrollment_key_list_file_location
+    ansible_ssh_common_args                    = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ProxyCommand=\"ssh -W %h:%p -i ${local_sensitive_file.ec2_ssh_key.filename} -o StrictHostKeyChecking=no -q ${var.ansible_bastion_os_username}@${var.ansible_bastion_public_ip}\""
+    netclient_enrollment_keys                  = [for key in keys(var.env_map) : "${key}-cc-svcs"]
   }
   ssh_private_key_file_map = {
     ansible_ssh_private_key_file = local_sensitive_file.ec2_ssh_key.filename
   }
-  enrollment_key_list_file_location = "${local.ansible_base_output_dir}/keylist.json"
-  netmaker_control_network_name = var.netmaker_hosts_var_maps.netmaker_control_network_name
-  token_map = { for netkey in jsondecode(data.local_sensitive_file.netmaker_keys.content) : replace(netkey.tags[0], "${local.netmaker_control_network_name}-", "") => {"netmaker_token" = netkey.token }}
+
+  netmaker_enrollment_key_list_file_location = "${local.ansible_base_output_dir}/keylist.json"
+  token_map                                  = { for netkey in jsondecode(data.local_sensitive_file.netmaker_keys.content) : netkey.tags[0] => { 
+    "netmaker_token" = netkey.token 
+    "network" = netkey.networks[0]} 
+  }
+  base_netmaker_networks = {
+    var.netmaker_control_network_name = {
+      node_keys = ["ops"]
+    }
+  }
+  env_netmaker_networks = { for key in keys(var.env_map) : key => { "node_keys" = ["k8s", "cc-svcs"] } }
 }
diff --git a/terraform/ansible/control-center-netmaker-deploy/variables.tf b/terraform/ansible/control-center-netmaker-deploy/variables.tf
@@ -42,6 +42,12 @@ variable "netmaker_hosts" {
   type = map
   description = "map of hosts to run netmaker server"
 }
+
+variable "docker_hosts" {
+  type = map
+  description = "map of hosts to run docker server"
+}
+
 variable "bastion_hosts_var_maps" {
   type = map
   description = "var map for bastion hosts"
@@ -50,11 +56,23 @@ variable "netmaker_hosts_var_maps" {
   type = map
   description = "var map for netmaker hosts"
 }
+
+variable "docker_hosts_var_maps" {
+  type = map
+  description = "var map for docker hosts"
+}
+
 variable "all_hosts_var_maps" {
   type = map
   description = "var map for all hosts"
 }
 variable "env_map" {
   type = map
   description = "env repos to configure"
+}
+
+variable "netmaker_control_network_name" {
+  type = string
+  description = "netmaker_control_network_name"
+  default = "cntrlctr"
 }
diff --git a/terraform/control-center/init/ansible-cc-netmaker-deploy/terragrunt.hcl b/terraform/control-center/init/ansible-cc-netmaker-deploy/terragrunt.hcl
@@ -7,8 +7,10 @@ dependency "control_center_deploy" {
   mock_outputs = {
     bastion_hosts           = {}
     netmaker_hosts          = {}
+    docker_hosts            = {}
     bastion_hosts_var_maps  = {}
     netmaker_hosts_var_maps = {}
+    docker_hosts_var_maps   = {}
     all_hosts_var_maps      = {}
     gitlab_server_hostname  = "temporary-dummy-id"
     bastion_ssh_key         = "key"
@@ -29,8 +31,10 @@ dependency "control_center_gitlab_config" {
 inputs = {
   bastion_hosts               = dependency.control_center_deploy.outputs.bastion_hosts
   netmaker_hosts              = dependency.control_center_deploy.outputs.netmaker_hosts
+  docker_hosts                = dependency.control_center_deploy.outputs.docker_hosts
   bastion_hosts_var_maps      = dependency.control_center_deploy.outputs.bastion_hosts_var_maps
   netmaker_hosts_var_maps     = merge(dependency.control_center_deploy.outputs.netmaker_hosts_var_maps, dependency.control_center_gitlab_config.outputs.netmaker_hosts_var_maps)
+  docker_hosts_var_maps       = dependency.control_center_deploy.outputs.docker_hosts_var_maps
   all_hosts_var_maps          = dependency.control_center_deploy.outputs.all_hosts_var_maps
   enable_netmaker_oidc        = local.env_vars.enable_netmaker_oidc
   ansible_bastion_key         = dependency.control_center_deploy.outputs.bastion_ssh_key

diff --git a/terraform/control-center/init/control-center-env-gitlab-config/terragrunt.hcl b/terraform/control-center/init/control-center-env-gitlab-config/terragrunt.hcl
@@ -5,6 +5,7 @@ dependency "ansible_cc_netmaker_deploy" {
   config_path = "../ansible-cc-netmaker-deploy"
   mock_outputs = {
     netmaker_token_map = {}
+    netmaker_control_network_name = ""
   }
   mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "show"]
 }
@@ -26,7 +27,7 @@ dependency "control_center_gitlab_config" {
 }
 
 inputs = {
-  env_map      = { for key in keys(local.env_map) : key => merge(local.env_map[key], dependency.ansible_cc_netmaker_deploy.outputs.netmaker_token_map[key]) if length(dependency.ansible_cc_netmaker_deploy.outputs.netmaker_token_map) > 0 }
+  env_map      = local.env_map
   iac_group_id = dependency.control_center_gitlab_config.outputs.iac_group_id
 }
 
@@ -48,6 +49,8 @@ locals {
       enable_vault_oauth_to_gitlab = val["enable_vault_oauth_to_gitlab"]
       enable_grafana_oauth_to_gitlab = val["enable_grafana_oauth_to_gitlab"]
       letsencrypt_email = val["letsencrypt_email"]
+      netmaker_ops_token = length(dependency.ansible_cc_netmaker_deploy.outputs.netmaker_token_map) > 0 ? dependency.ansible_cc_netmaker_deploy.outputs.netmaker_token_map["${dependency.ansible_cc_netmaker_deploy.outputs.netmaker_control_network_name}-ops"].netmaker_token : ""
+      netmaker_k8s_token = length(dependency.ansible_cc_netmaker_deploy.outputs.netmaker_token_map) > 0 ? dependency.ansible_cc_netmaker_deploy.outputs.netmaker_token_map["${key}-k8s"].netmaker_token : ""
     }
   }
 }

diff --git a/terraform/gitlab/environment-gitlab-config/gitlab.tf b/terraform/gitlab/environment-gitlab-config/gitlab.tf
@@ -61,15 +61,23 @@ resource "gitlab_project_variable" "iac_terraform_modules_tag" {
   masked    = false
 }
 
-resource "gitlab_project_variable" "netmaker_token" {
+resource "gitlab_project_variable" "netmaker_ops_token" {
   for_each  = var.env_map
   project   = gitlab_project.envs[each.key].id
-  key       = "NETMAKER_TOKEN"
-  value     = each.value["netmaker_token"]
+  key       = "NETMAKER_OPS_TOKEN"
+  value     = each.value["netmaker_ops_token"]
   protected = false
   masked    = true
 }
 
+resource "gitlab_project_variable" "netmaker_k8s_token" {
+  for_each  = var.env_map
+  project   = gitlab_project.envs[each.key].id
+  key       = "NETMAKER_K8S_TOKEN"
+  value     = each.value["netmaker_k8s_token"]
+  protected = false
+  masked    = true
+}
 
 resource "gitlab_project_variable" "vault_oauth_client_id" {
   for_each = {