Note: The default ITS GitLab runner is a shared resource and is subject to slowdowns during heavy usage.
You can run your own GitLab runner that is dedicated just to your group if you need to avoid processing delays.

main.tf 4.42 KB
Newer Older
1
2
3
4
5
# calculate subnet information; rounds up based on the number regions provided (divided by 2)
locals{
    subnets = {for x in var.regions : x => cidrsubnet(bluecat_ip4_network.gcp_network.cidr, ceil(length(var.regions)/2), index(var.regions, x))}
}

Kenny Moore's avatar
Kenny Moore committed
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
data "bluecat_entity" "config" {
    name = "UMNET"
    type = "Configuration"
}

data "bluecat_ip4_network-block-range" "gcp_block" {
    container_id = data.bluecat_entity.config.id
    address = "10.238.0.0"
    type = "IP4Block"
}

resource "bluecat_ip4_network" "gcp_network" {
    parent_id = data.bluecat_ip4_network-block-range.gcp_block.id
    name = var.project_id
    size = var.network_size
} 

23
24
25
resource "random_password" "vpn_password" {
  length = 32
  special = true
Kenny Moore's avatar
Kenny Moore committed
26
27
28
29
}

resource "google_compute_network" "vpn_vpc" {    
    project = var.project_id   
30
    name = "${var.vpc_prefix}-vpn"
Kenny Moore's avatar
Kenny Moore committed
31
32
33
34
35
36
37
38
39
40
41
42
43
    routing_mode = "GLOBAL"
    auto_create_subnetworks = false    
}

resource "google_compute_subnetwork" "vpn_subnet" {
    for_each = local.subnets
    project = var.project_id
    name = "vpn-${each.key}"
    region = each.key
    ip_cidr_range = each.value
    network = google_compute_network.vpn_vpc.self_link    
}

Kenny Moore's avatar
Kenny Moore committed
44
# # create vpn gateway
Kenny Moore's avatar
Kenny Moore committed
45
46
47
48
49
50
51
resource "google_compute_vpn_gateway" "vpn_gw" {
    name = "${var.prefix}-bgp-vpn-gateway"
    project = var.project_id
    network = google_compute_network.vpn_vpc.self_link
    region = var.regions[0]  
}

52
53
54
# reserve static IP for vpn gateway
resource "google_compute_address" "vpn_gw_ip" {
    name = google_compute_vpn_gateway.vpn_gw.name
55
56
    project = var.project_id    
    region = var.regions[0]    
57
}
Kenny Moore's avatar
Kenny Moore committed
58

59
# create forwarding rules
60
61
62
resource "google_compute_forwarding_rule" "fr_esp" {
    name        = "fr-esp"
    project = var.project_id
63
    region = var.regions[0]  
64
65
66
67
    ip_protocol = "ESP"
    ip_address  = "${google_compute_address.vpn_gw_ip.address}"
    target      = "${google_compute_vpn_gateway.vpn_gw.self_link}"    
}
Kenny Moore's avatar
Kenny Moore committed
68

69
70
71
resource "google_compute_forwarding_rule" "fr_udp500" {
    name        = "fr-udp500"
    project = var.project_id
72
    region = var.regions[0]  
73
74
75
76
77
    ip_protocol = "UDP"
    port_range  = "500"
    ip_address  = "${google_compute_address.vpn_gw_ip.address}"
    target      = "${google_compute_vpn_gateway.vpn_gw.self_link}"
}
Kenny Moore's avatar
Kenny Moore committed
78

79
80
81
resource "google_compute_forwarding_rule" "fr_udp4500" {
    name        = "fr-udp4500"
    project = var.project_id
82
    region = var.regions[0]  
83
84
85
86
87
    ip_protocol = "UDP"
    port_range  = "4500"
    ip_address  = "${google_compute_address.vpn_gw_ip.address}"
    target      = "${google_compute_vpn_gateway.vpn_gw.self_link}"
}
88

Kenny Moore's avatar
Kenny Moore committed
89
resource "google_compute_router" "vpn_router" {
90
  name    = "${var.prefix}-bgp-vpn-router"
Kenny Moore's avatar
Kenny Moore committed
91
92
93
94
  project = var.project_id
  network = google_compute_network.vpn_vpc.self_link
  region = var.regions[0]
  bgp {
95
    asn     = var.cloud_asn
Kenny Moore's avatar
Kenny Moore committed
96
97
  }
}
98
99

# Create a BGP Interface/Session based on the number of bgp networks specified in
Kenny Moore's avatar
Kenny Moore committed
100
resource "google_compute_router_interface" "bgp_interface" {  
Kenny Moore's avatar
Kenny Moore committed
101
102
103
104
  count      = length(var.bgp_network)
  name       = "bgp-vpn-interface${count.index}" # should use var/count
  project = var.project_id
  router     = "${google_compute_router.vpn_router.name}"
105
106
  region     = var.regions[0] 
  ip_range   = var.bgp_network[count.index] 
Kenny Moore's avatar
Kenny Moore committed
107
108
109
  vpn_tunnel = "${google_compute_vpn_tunnel.vpn_tunnel[count.index].name}" # need to write for this to be multiple tunnels
}

Kenny Moore's avatar
Kenny Moore committed
110
111
112
113
114
115
116
resource "google_compute_router_peer" "bgp_peer" {
    count               = length(var.bgp_network)
    name                = "${var.prefix}-bgp-peer${count.index}"
    project = var.project_id
    router              = google_compute_router.vpn_router.name
    region              = var.regions[0]
    peer_ip_address     = cidrhost(var.bgp_network[count.index],2)
117
    peer_asn            = var.um_vpn_endpoint[count.index].asn
Kenny Moore's avatar
Kenny Moore committed
118
119
120
    interface           = google_compute_router_interface.bgp_interface[count.index].name
}

121
resource "google_compute_vpn_tunnel" "vpn_tunnel" {    
Kenny Moore's avatar
Kenny Moore committed
122
123
124
    count = length(var.bgp_network)
    name  = "bgp-vpn-tunnel${count.index}" # need a count
    project = var.project_id
125
    peer_ip       = var.um_vpn_endpoint[count.index].ip # supply in var
126
    shared_secret = random_password.vpn_password.result
Kenny Moore's avatar
Kenny Moore committed
127
128
129
130
131
132
133
134
    target_vpn_gateway = "${google_compute_vpn_gateway.vpn_gw.self_link}"
    router = "${google_compute_router.vpn_router.self_link}"

    depends_on = [
        "google_compute_forwarding_rule.fr_esp",
        "google_compute_forwarding_rule.fr_udp500",
        "google_compute_forwarding_rule.fr_udp4500",
    ]    
135
}