[arvados] updated: 2.1.0-2970-g92aa40f64
git repository hosting
git at public.arvados.org
Fri Dec 2 22:54:46 UTC 2022
Summary of changes:
.../local.params.example.multiple_hosts | 22 +++++-----
.../salt-install/terraform/aws/services/outputs.tf | 5 ++-
.../aws/vpc/{terraform.tfvars => data.tf} | 4 +-
tools/salt-install/terraform/aws/vpc/locals.tf | 13 +++---
tools/salt-install/terraform/aws/vpc/main.tf | 49 ++++++++++++++++++----
tools/salt-install/terraform/aws/vpc/outputs.tf | 4 ++
6 files changed, 69 insertions(+), 28 deletions(-)
copy tools/salt-install/terraform/aws/vpc/{terraform.tfvars => data.tf} (55%)
via 92aa40f64996920f2f4321ef7f76ba14e0fa265d (commit)
from 18292fffce3fcfe1c65121bc89deb38168bd840d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 92aa40f64996920f2f4321ef7f76ba14e0fa265d
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Fri Dec 2 19:54:22 2022 -0300
19215: Adds private subnet & NAT gateway for compute nodes.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts
index be94cea4f..251e1c3a1 100644
--- a/tools/salt-install/local.params.example.multiple_hosts
+++ b/tools/salt-install/local.params.example.multiple_hosts
@@ -46,18 +46,18 @@ CLUSTER_INT_CIDR=10.0.0.0/16
# Note the IPs in this example are shared between roles, as suggested in
# https://doc.arvados.org/main/install/salt-multi-host.html
-CONTROLLER_INT_IP=10.1.1.1
-WEBSOCKET_INT_IP=10.1.1.1
-KEEP_INT_IP=10.1.1.2
+CONTROLLER_INT_IP=10.1.1.11
+WEBSOCKET_INT_IP=10.1.1.11
+KEEP_INT_IP=10.1.1.12
# Both for collections and downloads
-KEEPWEB_INT_IP=10.1.1.2
-KEEPSTORE0_INT_IP=10.1.1.3
-KEEPSTORE1_INT_IP=10.1.1.4
-WORKBENCH1_INT_IP=10.1.1.5
-WORKBENCH2_INT_IP=10.1.1.5
-WEBSHELL_INT_IP=10.1.1.5
-DATABASE_INT_IP=10.1.1.1
-SHELL_INT_IP=10.1.1.7
+KEEPWEB_INT_IP=10.1.1.12
+KEEPSTORE0_INT_IP=10.1.1.13
+KEEPSTORE1_INT_IP=10.1.1.14
+WORKBENCH1_INT_IP=10.1.1.15
+WORKBENCH2_INT_IP=10.1.1.15
+WEBSHELL_INT_IP=10.1.1.15
+DATABASE_INT_IP=10.1.1.11
+SHELL_INT_IP=10.1.1.17
INITIAL_USER="admin"
diff --git a/tools/salt-install/terraform/aws/services/outputs.tf b/tools/salt-install/terraform/aws/services/outputs.tf
index 83c5a3742..845687613 100644
--- a/tools/salt-install/terraform/aws/services/outputs.tf
+++ b/tools/salt-install/terraform/aws/services/outputs.tf
@@ -10,9 +10,12 @@ output "vpc_cidr" {
value = data.terraform_remote_state.vpc.outputs.arvados_vpc_cidr
}
-output "subnet_id" {
+output "arvados_subnet_id" {
value = data.terraform_remote_state.vpc.outputs.arvados_subnet_id
}
+output "compute_subnet_id" {
+ value = data.terraform_remote_state.vpc.outputs.compute_subnet_id
+}
output "arvados_sg_id" {
value = data.terraform_remote_state.vpc.outputs.arvados_sg_id
diff --git a/tools/salt-install/terraform/aws/vpc/data.tf b/tools/salt-install/terraform/aws/vpc/data.tf
new file mode 100644
index 000000000..37046b634
--- /dev/null
+++ b/tools/salt-install/terraform/aws/vpc/data.tf
@@ -0,0 +1,5 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: CC-BY-SA-3.0
+
+data "aws_availability_zones" "available" {}
\ No newline at end of file
diff --git a/tools/salt-install/terraform/aws/vpc/locals.tf b/tools/salt-install/terraform/aws/vpc/locals.tf
index e8864c522..8338aec7c 100644
--- a/tools/salt-install/terraform/aws/vpc/locals.tf
+++ b/tools/salt-install/terraform/aws/vpc/locals.tf
@@ -8,16 +8,17 @@ locals {
https: "443",
ssh: "22",
}
+ availability_zone = data.aws_availability_zones.available.names[0]
hostnames = [ "controller", "workbench", "keep0", "keep1", "keepproxy", "shell" ]
arvados_dns_zone = "${var.cluster_name}.${var.domain_name}"
public_ip = { for k, v in aws_eip.arvados_eip: k => v.public_ip }
private_ip = {
- "controller": "10.1.1.1",
- "workbench": "10.1.1.5",
- "keepproxy": "10.1.1.2",
- "shell": "10.1.1.7",
- "keep0": "10.1.1.3",
- "keep1": "10.1.1.4"
+ "controller": "10.1.1.11",
+ "workbench": "10.1.1.15",
+ "keepproxy": "10.1.1.12",
+ "shell": "10.1.1.17",
+ "keep0": "10.1.1.13",
+ "keep1": "10.1.1.14"
}
aliases = {
controller: ["ws"]
diff --git a/tools/salt-install/terraform/aws/vpc/main.tf b/tools/salt-install/terraform/aws/vpc/main.tf
index 4581d5b6f..6e2113924 100644
--- a/tools/salt-install/terraform/aws/vpc/main.tf
+++ b/tools/salt-install/terraform/aws/vpc/main.tf
@@ -26,8 +26,13 @@ resource "aws_vpc" "arvados_vpc" {
}
resource "aws_subnet" "arvados_subnet" {
vpc_id = aws_vpc.arvados_vpc.id
- availability_zone = "${var.region_name}a"
- cidr_block = aws_vpc.arvados_vpc.cidr_block
+ availability_zone = local.availability_zone
+ cidr_block = "10.1.1.0/24"
+}
+resource "aws_subnet" "compute_subnet" {
+ vpc_id = aws_vpc.arvados_vpc.id
+ availability_zone = local.availability_zone
+ cidr_block = "10.1.2.0/24"
}
#
@@ -37,13 +42,17 @@ resource "aws_vpc_endpoint" "s3" {
vpc_id = aws_vpc.arvados_vpc.id
service_name = "com.amazonaws.${var.region_name}.s3"
}
-resource "aws_vpc_endpoint_route_table_association" "s3_route" {
+resource "aws_vpc_endpoint_route_table_association" "arvados_s3_route" {
vpc_endpoint_id = aws_vpc_endpoint.s3.id
- route_table_id = aws_route_table.arvados_rt.id
+ route_table_id = aws_route_table.arvados_subnet_rt.id
+}
+resource "aws_vpc_endpoint_route_table_association" "compute_s3_route" {
+ vpc_endpoint_id = aws_vpc_endpoint.s3.id
+ route_table_id = aws_route_table.compute_subnet_rt.id
}
#
-# VPC Internet access
+# Internet access for Public IP instances
#
resource "aws_internet_gateway" "arvados_gw" {
vpc_id = aws_vpc.arvados_vpc.id
@@ -54,7 +63,7 @@ resource "aws_eip" "arvados_eip" {
aws_internet_gateway.arvados_gw
]
}
-resource "aws_route_table" "arvados_rt" {
+resource "aws_route_table" "arvados_subnet_rt" {
vpc_id = aws_vpc.arvados_vpc.id
route {
cidr_block = "0.0.0.0/0"
@@ -63,8 +72,34 @@ resource "aws_route_table" "arvados_rt" {
}
resource "aws_route_table_association" "arvados_subnet_assoc" {
subnet_id = aws_subnet.arvados_subnet.id
- route_table_id = aws_route_table.arvados_rt.id
+ route_table_id = aws_route_table.arvados_subnet_rt.id
+}
+
+#
+# Internet access for Private IP instances
+#
+resource "aws_eip" "compute_nat_gw_eip" {
+ depends_on = [
+ aws_internet_gateway.arvados_gw
+ ]
+}
+resource "aws_nat_gateway" "compute_nat_gw" {
+ # A NAT gateway should be placed on a subnet with an internet gateway
+ subnet_id = aws_subnet.arvados_subnet.id
+ allocation_id = aws_eip.compute_nat_gw_eip.id
+}
+resource "aws_route_table" "compute_subnet_rt" {
+ vpc_id = aws_vpc.arvados_vpc.id
+ route {
+ cidr_block = "0.0.0.0/0"
+ nat_gateway_id = aws_nat_gateway.compute_nat_gw.id
+ }
}
+resource "aws_route_table_association" "compute_subnet_assoc" {
+ subnet_id = aws_subnet.compute_subnet.id
+ route_table_id = aws_route_table.compute_subnet_rt.id
+}
+
resource "aws_security_group" "arvados_sg" {
name = "arvados_sg"
vpc_id = aws_vpc.arvados_vpc.id
diff --git a/tools/salt-install/terraform/aws/vpc/outputs.tf b/tools/salt-install/terraform/aws/vpc/outputs.tf
index 4ae90a5ef..dd58ca700 100644
--- a/tools/salt-install/terraform/aws/vpc/outputs.tf
+++ b/tools/salt-install/terraform/aws/vpc/outputs.tf
@@ -13,6 +13,10 @@ output "arvados_subnet_id" {
value = aws_subnet.arvados_subnet.id
}
+output "compute_subnet_id" {
+ value = aws_subnet.compute_subnet.id
+}
+
output "arvados_sg_id" {
value = aws_security_group.arvados_sg.id
}
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list