From 579e514330ae4772c9905cbbac01f5df14de39b8 Mon Sep 17 00:00:00 2001 From: Renata Date: Sat, 11 Nov 2023 16:49:57 -0300 Subject: [PATCH] multi-arch-builders/tofu: Add PowerVs configuration * Add Tofu configuration for provisioning our ppc64le instance on PowerVs * Include supplementary documentation for our Tofu and PowerVs procedures --- multi-arch-builders/coreos-ppc64le-builder.bu | 20 +++- .../provisioning/ppc64le/README.md | 58 ++++++++++ .../provisioning/ppc64le/main.tf | 101 ++++++++++++++++++ .../provisioning/ppc64le/outputs.tf | 20 ++++ .../provisioning/ppc64le/provider.tf | 18 ++++ .../provisioning/ppc64le/variables.tf | 87 +++++++++++++++ 6 files changed, 300 insertions(+), 4 deletions(-) create mode 100644 multi-arch-builders/provisioning/ppc64le/README.md create mode 100644 multi-arch-builders/provisioning/ppc64le/main.tf create mode 100644 multi-arch-builders/provisioning/ppc64le/outputs.tf create mode 100644 multi-arch-builders/provisioning/ppc64le/provider.tf create mode 100644 multi-arch-builders/provisioning/ppc64le/variables.tf diff --git a/multi-arch-builders/coreos-ppc64le-builder.bu b/multi-arch-builders/coreos-ppc64le-builder.bu index 7668a3220..c4181da08 100644 --- a/multi-arch-builders/coreos-ppc64le-builder.bu +++ b/multi-arch-builders/coreos-ppc64le-builder.bu @@ -6,10 +6,6 @@ # variant: fcos version: 1.4.0 -ignition: - config: - merge: - - local: builder-common.ign passwd: users: - name: builder @@ -23,3 +19,19 @@ storage: overwrite: true contents: inline: coreos-ppc64le-builder + # It is a workaround due the IP/Route issue in PowerVs + # See more in the ppc64le README + - path: /etc/NetworkManager/system-connections/env2.nmconnection + mode: 0600 + contents: + inline: | + [connection] + id=en + type=ethernet + interface-name=env2 + [ipv4] + address1=10.130.1.149/25,10.130.1.129 + dns=127.0.0.53; + dns-search= + may-fail=false + method=manual diff --git a/multi-arch-builders/provisioning/ppc64le/README.md b/multi-arch-builders/provisioning/ppc64le/README.md new file mode 100644 index 000000000..40ffd9931 --- /dev/null +++ b/multi-arch-builders/provisioning/ppc64le/README.md @@ -0,0 +1,58 @@ +# OpenTofu + + OpenTofu, a Terraform fork, is an open-source infrastructure as code (IaC) tool + lets you define both cloud and on-prem resources in human-readable configuration files + that you can version, reuse, and share. + + To proceed with the next steps, ensure that 'tofu' is installed on your system. + See: https://github.com/opentofu/opentofu/releases + +## Before starting + +### PowerVS credentials + + - Ensure that you have access to our account. + - Verify that the Fedora CoreOS image has been uploaded to the designated bucket. + - TODO: Add bucket creation and image upload to tofu + - See documetation in how to upload the image manually: + https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-deploy-custom-image +### PowerVs Issues + + - PowerVS seems to encounter a problem in creating the default local IP with the default route, +resulting in issues to ssh to the server post-boot. +To mitigate this, we've incorporated networking configurations into the Ignition file. However, +we still with one issue during the Splunk Butane configuration, where the CA certification couldn't be +downloaded during provisioning. If you encounter this issue, comment out the Red Hat CA download step +and perform it manually on the machine after provisioning. + + - Additionally, it's important to note that PowerVS lacks the user data field in the web interface for providing +the Ignition config. + +### TF vars via environment variables + +If you'd like to override the target distro (defaults to `fcos`) you +can: + +``` +export TF_VAR_distro=rhcos +``` + +If you are deploying RHCOS you'll need to define variables for splunk configuration: + +``` +export TF_VAR_splunk_hostname=... +export TF_VAR_splunk_sidecar_repo=... +export TF_VAR_itpaas_splunk_repo=... +``` + +## Running tofu +```bash + # To begin using it, run 'init' within this directory. + tofu init + # If you don't intend to make any changes to the code, simply run it: + tofu apply + # If you plan to make changes to the code as modules/plugins, go ahead and run it: + tofu init -upgrade + # To destroy it run: + tofu destroy -target aws_instance.coreos-aarch64-builder +``` diff --git a/multi-arch-builders/provisioning/ppc64le/main.tf b/multi-arch-builders/provisioning/ppc64le/main.tf new file mode 100644 index 000000000..bbef02344 --- /dev/null +++ b/multi-arch-builders/provisioning/ppc64le/main.tf @@ -0,0 +1,101 @@ +data "ibm_pi_network" "network" { + pi_network_name = var.network + pi_cloud_instance_id = var.power_instance_id +} + +data "ibm_pi_image" "power_images" { + pi_image_name = var.image_name + pi_cloud_instance_id = var.power_instance_id +} + +provider "ct" {} + +variable "project" { + type = string + default = "coreos-ppc64le-builder" +} + +# Which distro are we deploying a builder for? Override the +# default by setting the env var: TF_VAR_distro=rhcos +variable "distro" { + type = string + default = "fcos" +} + +check "health_check_distro" { + assert { + condition = anytrue([ + var.distro == "fcos", + var.distro == "rhcos" + ]) + error_message = "Distro must be 'fcos' or 'rhcos'" + } +} + +# Variables used for splunk deployment, which is only +# for RHCOS builders. Define them in the environment with: +# export TF_VAR_splunk_hostname=... +# export TF_VAR_splunk_sidecar_repo=... +# export TF_VAR_itpaas_splunk_repo=... +variable "splunk_hostname" { + type = string + default = "" +} +variable "splunk_sidecar_repo" { + type = string + default = "" +} +variable "itpaas_splunk_repo" { + type = string + default = "" +} + +# Check that if we are deploying a RHCOS builder the splunk +# variables have been defined. +check "health_check_rhcos_splunk_vars" { + assert { + condition = !(var.distro == "rhcos" && anytrue([ + var.splunk_hostname == "", + var.splunk_sidecar_repo == "", + var.itpaas_splunk_repo == "" + ])) + error_message = "Must define splunk env vars for RCHOS builders" + } +} + +locals { + fcos_snippets = [ + file("../../coreos-ppc64le-builder.bu"), + ] + rhcos_snippets = [ + file("../../coreos-ppc64le-builder.bu"), + templatefile("../../builder-splunk.bu", { + SPLUNK_HOSTNAME = var.splunk_hostname + SPLUNK_SIDECAR_REPO = var.splunk_sidecar_repo + ITPAAS_SPLUNK_REPO = var.itpaas_splunk_repo + }) + ] +} +data "ct_config" "butane" { + strict = true + content = file("../../builder-common.bu") + snippets = var.distro == "rhcos" ? local.rhcos_snippets : local.fcos_snippets +} + + + +resource "ibm_pi_instance" "pvminstance" { + pi_memory = var.memory + pi_processors = var.processors + pi_instance_name = "${var.project}-${formatdate("YYYYMMDD", timestamp())}" + pi_proc_type = var.proc_type + pi_image_id = data.ibm_pi_image.power_images.id + pi_network { + network_id = data.ibm_pi_network.network.id + } + pi_key_pair_name = var.ssh_key_name + pi_sys_type = var.system_type + pi_cloud_instance_id = var.power_instance_id + pi_user_data = base64encode(data.ct_config.butane.rendered) + +} diff --git a/multi-arch-builders/provisioning/ppc64le/outputs.tf b/multi-arch-builders/provisioning/ppc64le/outputs.tf new file mode 100644 index 000000000..6ebebd5b2 --- /dev/null +++ b/multi-arch-builders/provisioning/ppc64le/outputs.tf @@ -0,0 +1,20 @@ + +output "status" { + value = ibm_pi_instance.pvminstance.status +} + +output "min_proc" { + value = ibm_pi_instance.pvminstance.min_processors +} + +output "health_status" { + value = ibm_pi_instance.pvminstance.health_status +} + +output "addresses" { + value = ibm_pi_instance.pvminstance.pi_network +} + +output "progress" { + value = ibm_pi_instance.pvminstance.pi_progress +} diff --git a/multi-arch-builders/provisioning/ppc64le/provider.tf b/multi-arch-builders/provisioning/ppc64le/provider.tf new file mode 100644 index 000000000..b3477426a --- /dev/null +++ b/multi-arch-builders/provisioning/ppc64le/provider.tf @@ -0,0 +1,18 @@ +terraform { + required_providers { + ct = { + source = "poseidon/ct" + version = "0.13.0" + } + ibm = { + source = "IBM-Cloud/ibm" + version = ">= 1.12.0" + } + } +} + +provider "ibm" { + ibmcloud_api_key = var.ibmcloud_api_key + region = "us-south" + zone = var.ibmcloud_zone +} diff --git a/multi-arch-builders/provisioning/ppc64le/variables.tf b/multi-arch-builders/provisioning/ppc64le/variables.tf new file mode 100644 index 000000000..4fb502af6 --- /dev/null +++ b/multi-arch-builders/provisioning/ppc64le/variables.tf @@ -0,0 +1,87 @@ + +variable "ibmcloud_api_key" { + description = "Denotes the IBM Cloud API key to use" + default = "" +} + +variable "ibmcloud_region" { + description = "Denotes which IBM Cloud region to connect to" + default = "us-south" +} + +#INSERTED FOR MULTI-ZONE REGION SUCH AS FRANKFURT + +variable "ibmcloud_zone" { + description = "Denotes which IBM Cloud zone to connect to - .i.e: eu-de-1 eu-de-2 us-south etc." + default = "us-south" +} + +# Got the ID from `ibmcloud resource service-instances --long field` command, refer GUID for the instance +variable "power_instance_id" { + description = "Power Virtual Server instance ID associated with your IBM Cloud account (note that this is NOT the API key)" + default = "556eb201-32bf-4ae2-8ab5-dfd7bbe97789" +} + + +# The PowerVs cost are high, check the price before adding +# more processors and memory. This number may change +# due the PowerVs availability. + +variable "memory" { + description = "Amount of memory (GB) to be allocated to the VM" + default = "50" +} + +variable "processors" { + description = "Number of virtual processors to allocate to the VM" + default = "15" +} + +# The s922 model is the cheapest model +variable "system_type" { + description = "Type of system on which the VM should be created - s922/e880/e980" + default = "s922" +} + +variable "proc_type" { + description = "Processor type for the LPAR - shared/dedicated" + default = "capped" +} + +variable "ssh_key_name" { + description = "SSH key name in IBM Cloud to be used for SSH logins" + default = "" +} + +variable "shareable" { + description = "Should the data volume be shared or not - true/false" + default = "true" +} + +# TODO: We need to add the network creation via tofu for fcos +# This config is for rhcos only +variable "network" { + description = "List of networks that should be attached to the VM - Create this network before running terraform" + default = "redhat-internal-rhcos" +} + + +variable "image_name" { + description = "Name of the image from which the VM should be deployed - IBM image name" + default = "fedora-coreos-39-2023110110" +} + +variable "replication_policy" { + description = "Replication policy of the VM" + default = "none" +} + +variable "replication_scheme" { + description = "Replication scheme for the VM" + default = "suffix" +} + +variable "replicants" { + description = "Number of VM instances to deploy" + default = "1" +}