Note: The default ITS GitLab runner is a shared resource and is subject to slowdowns during heavy usage.
You can run your own GitLab runner that is dedicated just to your group if you need to avoid processing delays.

Commit c54d5599 authored by Adam Robinson's avatar Adam Robinson
Browse files

Merge branch 'network-vpn-module-1' into 'master'

Network vpn module 1

See merge request !2
parents 88a8068b 0b7ae9b5
......@@ -56,10 +56,7 @@ locals {
}
resource "google_compute_network" "default_vpc" {
# for_each = var.network ? {routable_vpc = "yes"} : {} #
# for_each = toset(local.vpcs)
project = "${google_project.gcp_project.project_id}"
# name = "${var.prefix}-${each.key}-vpc"
name = "${var.prefix}-default-vpc"
routing_mode = "GLOBAL"
auto_create_subnetworks = false
......@@ -71,6 +68,5 @@ resource "google_compute_subnetwork" "default_subnet" {
name = "default-${each.key}"
region = each.key
ip_cidr_range = each.value
# network = google_compute_network.default_vpc["gcp-at-um-default"].self_link
network = google_compute_network.default_vpc.self_link
}
\ No newline at end of file
......@@ -16,9 +16,7 @@ resource "bluecat_ip4_network" "gcp_network" {
}
locals{
# subnets = {for x in var.regions : x => cidrsubnet(var.subnet_cidr, ceil(length(var.regions)/2), index(var.regions, x))}
subnets = {for x in var.regions : x => cidrsubnet(bluecat_ip4_network.gcp_network.cidr, ceil(length(var.regions)/2), index(var.regions, x))}
# vpcs = var.vpn ? ["gcp-at-um-vpn", "gcp-at-um-default"]: ["gcp-at-um-default"]
}
resource "google_compute_network" "vpn_vpc" {
......@@ -29,167 +27,107 @@ resource "google_compute_network" "vpn_vpc" {
}
resource "google_compute_subnetwork" "vpn_subnet" {
# for_each = var.network ? local.subnets : {}
for_each = local.subnets
project = var.project_id
name = "vpn-${each.key}"
region = each.key
ip_cidr_range = each.value
# network = google_compute_network.project_vpc["gcp-at-um-vpn"].self_link
network = google_compute_network.vpn_vpc.self_link
}
# VPN BGP Connection Information - U-M Side
locals {
locals{
um_vpn_endpoint = [{
ip = "141.213.154.20"
asn = "64900"
},
{
ip = "141.213.154.4"
asn = "64901"
}]
ip = "141.213.154.20"
asn = "64900"
},
{
ip = "141.213.154.4"
asn = "64901"
}]
}
# # reserve static IP for vpn gateway
# resource "google_compute_address" "vpn_gw_ip" {
# name = "${var.prefix}-bgp-vpn-gateway"
# project = "${google_project.gcp_project.project_id}"
# # region = "us-central1" # How do we decide which one?
# region = var.regions[0]
# # region = local.subnets[0].each
# }
# create vpn gateway
# # create vpn gateway
resource "google_compute_vpn_gateway" "vpn_gw" {
# for_each = var.network && var.vpn ? {um_vpn = yes} : {}
# count = var.network && var.vpn ? 1:0 # if network and vpn are true, create resource
name = "${var.prefix}-bgp-vpn-gateway"
project = var.project_id
# network = google_compute_network.project_vpc["routable_vpc"].self_link
network = google_compute_network.vpn_vpc.self_link
region = var.regions[0]
}
# #create forwarding rules
# resource "google_compute_forwarding_rule" "fr_esp" {
# count = var.network && var.vpn ? 1:0 # if network and vpn are true, create resource
# name = "fr-esp"
# project = "${google_project.gcp_project.project_id}"
# region = var.regions[0] # should be a variable
# ip_protocol = "ESP"
# ip_address = "${google_compute_address.vpn_gw_ip.address}"
# target = "${google_compute_vpn_gateway.vpn_gw["um_vpn"].self_link}"
# }
# resource "google_compute_forwarding_rule" "fr_udp500" {
# count = var.network && var.vpn ? 1:0 # if network and vpn are true, create resource
# name = "fr-udp500"
# project = "${google_project.gcp_project.project_id}"
# region = var.regions[0] # should be a variable
# ip_protocol = "UDP"
# port_range = "500"
# ip_address = "${google_compute_address.vpn_gw_ip.address}"
# target = "${google_compute_vpn_gateway.vpn_gw["um_vpn"].self_link}"
# }
# resource "google_compute_forwarding_rule" "fr_udp4500" {
# count = var.network && var.vpn ? 1:0 # if network and vpn are true, create resource
# name = "fr-udp4500"
# project = "${google_project.gcp_project.project_id}"
# region = var.regions[0] # should be a variable
# ip_protocol = "UDP"
# port_range = "4500"
# ip_address = "${google_compute_address.vpn_gw_ip.address}"
# target = "${google_compute_vpn_gateway.vpn_gw["um_vpn"].self_link}"
# }
# resource "google_compute_router" "vpn_router" {
# count = var.network && var.vpn ? 1:0 # if network and vpn are true, create resource
# name = "${var.prefix}-bgp-vpn-router1" # should do this with a count?
# project = "${google_project.gcp_project.project_id}"
# network = google_compute_network.project_vpc["gcp-at-um-vpn"].self_link
# region = var.regions[0] # Need to be a var
# dynamic "bgp" {
# for_each = range(var.vpn_tunnel_count)
# # asn = local.um_vpn_endpoint[0].asn # going to need a count for this if we have multiple tunnels
# content {
# asn = var.vpn_connection_info.each.key # from NetBox/variable - This is the GCP ASN
# }
# # leave basically empty to take default (non-custom)
# # advertise_mode = DEFAULT
# # advertised_groups = ["ALL_SUBNETS"]
# # advertised_ip_ranges {
# # range = # from cidr subnetting
# # }
# }
# }
# resource "google_compute_router_interface" "bgp-interface" {
# # count = var.network && var.vpn ? 1:0 # if network and vpn are true, create resource
# count = var.vpn_tunnel_count
# name = "bgp-vpn-interface${count.index}" # should use var/count
# project = "${google_project.gcp_project.project_id}"
# router = "${google_compute_router.vpn_router.name}"
# region = var.regions[0] # need a var
# ip_range = var.vpn_connection_info["${count.index}"].value # need a var
# vpn_tunnel = "${google_compute_vpn_tunnel.vpn_tunnel.name}" # need to write for this to be multiple tunnels
# }
# resource "google_compute_vpn_tunnel" "vpn_tunnel" {
# count = var.network && var.vpn ? 1:0 # if network and vpn are true, create resource
# name = "bgp-vpn-tunnel1" # need a count
# project = "${google_project.gcp_project.project_id}"
# peer_ip = "${local.um_vpn_endpoint[0].ip}" # supply in var
# shared_secret = "$uper$ecretPa$$w0rd!" # from ENV?
# target_vpn_gateway = "${google_compute_vpn_gateway.vpn_gw["um_vpn"].self_link}"
# router = "${google_compute_router.vpn_router[0].self_link}"
# depends_on = [
# "google_compute_forwarding_rule.fr_esp",
# "google_compute_forwarding_rule.fr_udp500",
# "google_compute_forwarding_rule.fr_udp4500",
# ]
# }
# {
# "kind": "compute#vpnTunnelAggregatedList",
# "id": "projects/kenmoore-test03/aggregated/vpnTunnels",
# "items": {
# "regions/us-central1": {
# "vpnTunnels": [
# {
# reserve static IP for vpn gateway
resource "google_compute_address" "vpn_gw_ip" {
# name = "${var.prefix}-bgp-vpn-gateway"
name = google_compute_vpn_gateway.vpn_gw.name
project = var.project_id
# region = "us-central1" # How do we decide which one?
region = var.regions[0]
# region = local.subnets[0].each
}
# "kind": "compute#vpnTunnel",
# "id": "7187908920601003435",
# "creationTimestamp": "2019-05-22T09:39:32.812-07:00",
# "name": "kenmoore-test03-bgp-vpntunnel-3",
# "description": "",
# "region": "https://www.googleapis.com/compute/v1/projects/kenmoore-test03/regions/us-central1",
# "targetVpnGateway": "https://www.googleapis.com/compute/v1/projects/kenmoore-test03/regions/us-central1/targetVpnGateways/kenmoore-test03-bgp-vpngateway-3",
# "router": "https://www.googleapis.com/compute/v1/projects/kenmoore-test03/regions/us-central1/routers/kenmoore-test03-bgp-router-3",
# "peerIp": "141.213.154.20",
# "sharedSecret": "*************",
# "sharedSecretHash": "AHR3GyDCpgKCDipHMtANeRiPIK8U",
# "status": "ESTABLISHED",
# "selfLink": "https://www.googleapis.com/compute/v1/projects/kenmoore-test03/regions/us-central1/vpnTunnels/kenmoore-test03-bgp-vpntunnel-3",
# "ikeVersion": 2,
# "detailedStatus": "Tunnel is up and running.",
# "localTrafficSelector": [
# "0.0.0.0/0"
# ],
# "remoteTrafficSelector": [
# "0.0.0.0/0"
# ]
# }
# ]
# }
#create forwarding rules
resource "google_compute_forwarding_rule" "fr_esp" {
name = "fr-esp"
project = var.project_id
region = var.regions[0] # should be a variable
ip_protocol = "ESP"
ip_address = "${google_compute_address.vpn_gw_ip.address}"
target = "${google_compute_vpn_gateway.vpn_gw.self_link}"
}
resource "google_compute_forwarding_rule" "fr_udp500" {
name = "fr-udp500"
project = var.project_id
region = var.regions[0] # should be a variable
ip_protocol = "UDP"
port_range = "500"
ip_address = "${google_compute_address.vpn_gw_ip.address}"
target = "${google_compute_vpn_gateway.vpn_gw.self_link}"
}
resource "google_compute_forwarding_rule" "fr_udp4500" {
name = "fr-udp4500"
project = var.project_id
region = var.regions[0] # should be a variable
ip_protocol = "UDP"
port_range = "4500"
ip_address = "${google_compute_address.vpn_gw_ip.address}"
target = "${google_compute_vpn_gateway.vpn_gw.self_link}"
}
resource "google_compute_router" "vpn_router" {
name = "${var.prefix}-bgp-vpn-router"
project = var.project_id
network = google_compute_network.vpn_vpc.self_link
region = var.regions[0]
bgp {
asn = var.cloud_asn
}
}
resource "google_compute_router_interface" "bgp-interface" {
count = length(var.bgp_network)
name = "bgp-vpn-interface${count.index}" # should use var/count
project = var.project_id
router = "${google_compute_router.vpn_router.name}"
region = var.regions[0] # need a var
# ip_range = var.vpn_connection_info["${count.index}"].value # need a var
ip_range = var.bgp_network[count.index] # need a var
vpn_tunnel = "${google_compute_vpn_tunnel.vpn_tunnel[count.index].name}" # need to write for this to be multiple tunnels
}
## Need this to calculate values
# ip_cidr_range = cidrsubnet("${var.subnetCidr[1]}",var.subnetBits,"${count.index}")
resource "google_compute_vpn_tunnel" "vpn_tunnel" {
count = length(var.bgp_network)
name = "bgp-vpn-tunnel${count.index}" # need a count
project = var.project_id
peer_ip = local.um_vpn_endpoint[count.index].ip # supply in var
shared_secret = var.VPN_PASSWORD
target_vpn_gateway = "${google_compute_vpn_gateway.vpn_gw.self_link}"
router = "${google_compute_router.vpn_router.self_link}"
depends_on = [
"google_compute_forwarding_rule.fr_esp",
"google_compute_forwarding_rule.fr_udp500",
"google_compute_forwarding_rule.fr_udp4500",
]
}
\ No newline at end of file
......@@ -12,8 +12,12 @@ variable "network_size" {
default = 256
}
variable "vpn_connection_info" {
default = {}
variable "bgp_network" {
default = []
}
variable "cloud_asn" {
default = ""
}
variable "project_id" {
......@@ -22,3 +26,10 @@ variable "project_id" {
variable "prefix" {
}
variable "VPN_PASSWORD" {
}
# variable "vpn_connection_info" {
# default = [{}]
# }
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment