diff --git a/data/publiccloud/terraform/ec2.tf b/data/publiccloud/terraform/ec2.tf index 480e5393af9a..bda6e639bdc1 100644 --- a/data/publiccloud/terraform/ec2.tf +++ b/data/publiccloud/terraform/ec2.tf @@ -60,6 +60,18 @@ variable "enable_confidential_vm" { default = "disabled" } +variable "vpc_security_group_ids" { + default = "" +} + +variable "subnet_id" { + default = "" +} + +variable "ipv6_address_count" { + default = 0 +} + resource "random_id" "service" { count = var.instance_count keepers = { @@ -73,37 +85,14 @@ resource "aws_key_pair" "openqa-keypair" { public_key = file("/root/.ssh/id_rsa.pub") } -resource "aws_security_group" "basic_sg" { - name = "openqa-${element(random_id.service.*.hex, 0)}" - description = "Allow all inbound traffic from SUSE IP ranges" - - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["213.151.95.130/32", "195.135.220.0/22", "195.250.132.144/29", "193.86.92.180/32"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = merge({ - openqa_created_by = var.name - openqa_created_date = timestamp() - openqa_created_id = element(random_id.service.*.hex, 0) - }, var.tags) -} - resource "aws_instance" "openqa" { count = var.instance_count ami = var.image_id instance_type = var.type key_name = aws_key_pair.openqa-keypair.key_name - security_groups = [aws_security_group.basic_sg.name] + vpc_security_group_ids = [var.vpc_security_group_ids] + subnet_id = var.subnet_id + ipv6_address_count = var.ipv6_address_count tags = merge({ openqa_created_by = var.name diff --git a/lib/publiccloud/provider.pm b/lib/publiccloud/provider.pm index a8685365a53c..53f0c9abbbab 100644 --- a/lib/publiccloud/provider.pm +++ b/lib/publiccloud/provider.pm @@ -470,7 +470,14 @@ sub terraform_apply { $cmd .= "-var 'image_id=" . $image_id . "' "; record_info('INFO', "Creating instance $instance_type from $image_id ..."); } - if (is_azure) { + if (is_ec2) { + my $vpc_security_group_ids = script_output("aws ec2 describe-security-groups --region '" . $self->provider_client->region . "' --filters 'Name=group-name,Values=tf-sg' --query 'SecurityGroups[0].GroupId' --output text"); + my $subnet_id = script_output("aws ec2 describe-subnets --region '" . $self->provider_client->region . "' --filters 'Name=tag:Name,Values=tf-subnet' --query 'Subnets[0].SubnetId' --output text"); + my $ipv6_address_count = get_var('PUBLIC_CLOUD_EC2_IPV6_ADDRESS_COUNT', 1); + $cmd .= "-var 'vpc_security_group_ids=$vpc_security_group_ids' " if ($vpc_security_group_ids); + $cmd .= "-var 'subnet_id=$subnet_id' " if ($subnet_id); + $cmd .= "-var 'ipv6_address_count=$ipv6_address_count' " if ($ipv6_address_count); + } elsif (is_azure) { # Note: Only the default Azure terraform profiles contains the 'storage-account' variable my $storage_account = get_var('PUBLIC_CLOUD_STORAGE_ACCOUNT'); $cmd .= "-var 'storage-account=$storage_account' " if ($storage_account); diff --git a/tests/publiccloud/instance_overview.pm b/tests/publiccloud/instance_overview.pm index e9e509b832de..7810a8ec1e3b 100644 --- a/tests/publiccloud/instance_overview.pm +++ b/tests/publiccloud/instance_overview.pm @@ -33,10 +33,9 @@ sub run { assert_script_run("ps aux | nl"); - assert_script_run("ip a s"); - assert_script_run("ip -6 a s"); - assert_script_run("ip r s"); - assert_script_run("ip -6 r s"); + assert_script_run("ip -c=never a s"); + assert_script_run("ip -c=never r s"); + assert_script_run("ip -c=never -6 r s"); assert_script_run("cat /etc/hosts"); assert_script_run("cat /etc/resolv.conf"); diff --git a/variables.md b/variables.md index c9fbea30adaa..990f5d63f1df 100644 --- a/variables.md +++ b/variables.md @@ -300,6 +300,7 @@ PUBLIC_CLOUD_EC2_UPLOAD_AMI | string | "" | Needed to decide which image will be PUBLIC_CLOUD_EC2_UPLOAD_SECGROUP | string | "" | Allow to instruct ec2uploadimg script to use some existing security group instead of creating new one. If given, the parameter `--security-group-ids` is passed to `ec2uploadimg`. PUBLIC_CLOUD_EC2_UPLOAD_VPCSUBNET | string | "" | Allow to instruct ec2uploadimg script to use some existing VPC instead of creating new one. PUBLIC_CLOUD_EC2_BOOT_MODE | string | "uefi-preferred" | The `--boot-mode` parameter for `ec2uploadimg` script. Available values: `legacy-bios`, `uefi`, `uefi-preferred` Currently unused variable. Use `git blame` to get context. +PUBLIC_CLOUD_EC2_IPV6_ADDRESS_COUNT | string | 0 | How many IPv6 addresses should the instance have PUBLIC_CLOUD_FIO | boolean | false | If set, storage_perf test module is added to the job. PUBLIC_CLOUD_FIO_RUNTIME | integer | 300 | Set the execution time for each FIO tests. PUBLIC_CLOUD_FIO_SSD_SIZE | string | "100G" | Set the additional disk size for the FIO tests.