Introduce the AWS Terraform infrastructure

data/publiccloud/terraform/ec2.tf

@@ -60,6 +60,18 @@ variable "enable_confidential_vm" {
     default = "disabled"
 }
 
+variable "vpc_security_group_ids" {
+    default = ""
+}
+
+variable "subnet_id" {
+    default = ""
+}
+
+variable "ipv6_address_count" {
+    default = 0
+}
+
 resource "random_id" "service" {
     count = var.instance_count
     keepers = {
@@ -73,37 +85,14 @@ resource "aws_key_pair" "openqa-keypair" {
     public_key = file("/root/.ssh/id_rsa.pub")
 }
 
-resource "aws_security_group" "basic_sg" {
-    name        = "openqa-${element(random_id.service.*.hex, 0)}"
-    description = "Allow all inbound traffic from SUSE IP ranges"
-
-    ingress {
-        from_port   = 0
-        to_port     = 0
-        protocol    = "-1"
-        cidr_blocks = ["213.151.95.130/32", "195.135.220.0/22", "195.250.132.144/29", "193.86.92.180/32"]
-    }
-
-    egress {
-        from_port       = 0
-        to_port         = 0
-        protocol        = "-1"
-        cidr_blocks     = ["0.0.0.0/0"]
-    }
-
-    tags = merge({
-            openqa_created_by = var.name
-            openqa_created_date = timestamp()
-            openqa_created_id = element(random_id.service.*.hex, 0)
-        }, var.tags)
-}
-
 resource "aws_instance" "openqa" {
     count           = var.instance_count
     ami             = var.image_id
     instance_type   = var.type
     key_name        = aws_key_pair.openqa-keypair.key_name
-    security_groups = [aws_security_group.basic_sg.name]
+    vpc_security_group_ids = [var.vpc_security_group_ids]
+    subnet_id = var.subnet_id
+    ipv6_address_count = var.ipv6_address_count
 
     tags = merge({
             openqa_created_by = var.name

lib/publiccloud/provider.pm

@@ -470,7 +470,14 @@ sub terraform_apply {
             $cmd .= "-var 'image_id=" . $image_id . "' ";
             record_info('INFO', "Creating instance $instance_type from $image_id ...");
         }
-        if (is_azure) {
+        if (is_ec2) {
+            my $vpc_security_group_ids = script_output("aws ec2 describe-security-groups --region '".$self->provider_client->region."' --filters 'Name=group-name,Values=pdostal-tf-sg' --query 'SecurityGroups[0].GroupId' --output text");
+            my $subnet_id = script_output("aws ec2 describe-subnets --region '".$self->provider_client->region."' --filters 'Name=tag:Name,Values=pdostal-tf-subnet' --query 'Subnets[0].SubnetId' --output text");
+            my $ipv6_address_count = get_var('PUBLIC_CLOUD_EC2_IPV6_ADDRESS_COUNT', 1);
+            $cmd .= "-var 'vpc_security_group_ids=$vpc_security_group_ids' " if ($vpc_security_group_ids);
+            $cmd .= "-var 'subnet_id=$subnet_id' " if ($subnet_id);
+            $cmd .= "-var 'ipv6_address_count=$ipv6_address_count' " if ($ipv6_address_count);
+        } elsif (is_azure) {
             # Note: Only the default Azure terraform profiles contains the 'storage-account' variable
             my $storage_account = get_var('PUBLIC_CLOUD_STORAGE_ACCOUNT');
             $cmd .= "-var 'storage-account=$storage_account' " if ($storage_account);

tests/publiccloud/instance_overview.pm

@@ -33,10 +33,9 @@ sub run {
 
     assert_script_run("ps aux | nl");
 
-    assert_script_run("ip a s");
-    assert_script_run("ip -6 a s");
-    assert_script_run("ip r s");
-    assert_script_run("ip -6 r s");
+    assert_script_run("ip -c=never a s");
+    assert_script_run("ip -c=never r s");
+    assert_script_run("ip -c=never -6 r s");
 
     assert_script_run("cat /etc/hosts");
     assert_script_run("cat /etc/resolv.conf");

variables.md

@@ -300,6 +300,7 @@ PUBLIC_CLOUD_EC2_UPLOAD_AMI | string | "" | Needed to decide which image will be
 PUBLIC_CLOUD_EC2_UPLOAD_SECGROUP | string | "" | Allow to instruct ec2uploadimg script to use some existing security group instead of creating new one. If given, the parameter `--security-group-ids` is passed to `ec2uploadimg`.
 PUBLIC_CLOUD_EC2_UPLOAD_VPCSUBNET | string | "" | Allow to instruct ec2uploadimg script to use some existing VPC instead of creating new one.
 PUBLIC_CLOUD_EC2_BOOT_MODE | string | "uefi-preferred" | The `--boot-mode` parameter for `ec2uploadimg` script. Available values: `legacy-bios`, `uefi`, `uefi-preferred` Currently unused variable. Use `git blame` to get context.
+PUBLIC_CLOUD_EC2_IPV6_ADDRESS_COUNT | string | 0 | How many IPv6 addresses should the instance have
 PUBLIC_CLOUD_FIO | boolean | false | If set, storage_perf test module is added to the job.
 PUBLIC_CLOUD_FIO_RUNTIME | integer | 300 | Set the execution time for each FIO tests.
 PUBLIC_CLOUD_FIO_SSD_SIZE | string | "100G" | Set the additional disk size for the FIO tests.