Merge pull request #12 from equinix-labs/update-readme

Update Readme and improve functionality and clarity of the module
equinix-labs · Oct 7, 2024 · f113e0a · f113e0a
2 parents da23705 + 2911166
commit f113e0a
Show file tree

Hide file tree

Showing 13 changed files with 413 additions and 144 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -25,6 +25,26 @@ The project has the following folders and files:
 - /CODE_OF_CONDUCT.md: Code of Conduct file.
 - /CONTRIBUTING.md: This file.
 
+## Development
+
+Install [pre-commit](https://pre-commit.com/#install) with its prerequesites: [python](https://docs.python.org/3/using/index.html) and [pip](https://pip.pypa.io/en/stable/installation/).
+
+Configure pre-commit: `pre-commit install`.
+
+Install required packages: [tflint](https://github.com/terraform-linters/tflint), [tfsec](https://aquasecurity.github.io/tfsec/v1.0.11/getting-started/installation/), [shfmt](https://github.com/mvdan/sh), [shellcheck](https://github.com/koalaman/shellcheck), and [markdownlint](https://github.com/markdownlint/markdownlint).
+
+## Module Documentation
+
+The main README.md, the modules README.md and the examples README.md are populated by a [terraform-docs worflow job](.github/workflows/documentation.yaml). The following sections are appended between the terraform-docs delimeters: Requiremenents, Providers, Modules, Resources, Inputs, and Outputs.
+
+## Module Release and Changelog Generation
+
+The module git release and [changelog](CHANGELOG.md) are generated by the [release workflow job](.github/workflows/release.yaml). The release worflow follows the [conventional commits convention](https://www.conventionalcommits.org/). To submit a commit, please follow the [commit message format guidelines](https://www.conventionalcommits.org/en/v1.0.0/#specification). This job is set to run manually by default.
+
+Example commit message: `fix: disabled log generation for system services`
+
+For more examples, please see [conventional commit message examples](https://www.conventionalcommits.org/en/v1.0.0/#examples).
+
 ## Issues and Change Requests
 
 Please submit change requests and / or features via [Issues](https://github.com/equinix-labs/equinix-labs/issues).
diff --git a/README.md b/README.md
diff --git a/bastion.tf b/bastion.tf
@@ -4,14 +4,37 @@
 
 resource "equinix_metal_device" "bastion" {
   project_id = var.metal_project_id
-  hostname   = "bastion"
+  hostname   = var.bastion_name
 
   user_data = templatefile("${path.module}/templates/bastion-userdata.tmpl", {
-    bastion_vlan_id = var.vcf_vrf_networks["bastion"].vlan_id,
-    address         = cidrhost(var.vcf_vrf_networks["bastion"].subnet, 2),
-    netmask         = cidrnetmask(var.vcf_vrf_networks["bastion"].subnet),
-    gateway_address = cidrhost(var.vcf_vrf_networks["bastion"].subnet, 1),
-    domain          = var.esxi_domain
+    hostname          = var.bastion_name
+    bastion_vlan_id   = var.vcf_vrf_networks["bastion"].vlan_id
+    address           = var.bastion_ip
+    netmask           = cidrnetmask(var.vcf_vrf_networks["bastion"].subnet)
+    gateway_address   = cidrhost(var.vcf_vrf_networks["bastion"].subnet, 1)
+    zone_name         = var.zone_name
+    esx01_name        = var.esxi_devices["esx01"].name
+    esx01_ip          = var.esxi_devices["esx01"].mgmt_ip
+    esx02_name        = var.esxi_devices["esx02"].name
+    esx02_ip          = var.esxi_devices["esx02"].mgmt_ip
+    esx03_name        = var.esxi_devices["esx03"].name
+    esx03_ip          = var.esxi_devices["esx03"].mgmt_ip
+    esx04_name        = var.esxi_devices["esx04"].name
+    esx04_ip          = var.esxi_devices["esx04"].mgmt_ip
+    vcenter_name      = var.vcenter_name
+    vcenter_ip        = var.vcenter_ip
+    nsx_vip_name      = var.nsx_devices["vip"].name
+    nsx_vip_ip        = var.nsx_devices["vip"].ip
+    nsx_node_1_name   = var.nsx_devices["node1"].name
+    nsx_node_1_ip     = var.nsx_devices["node1"].ip
+    nsx_node_2_name   = var.nsx_devices["node2"].name
+    nsx_node_2_ip     = var.nsx_devices["node2"].ip
+    nsx_node_3_name   = var.nsx_devices["node3"].name
+    nsx_node_3_ip     = var.nsx_devices["node3"].ip
+    sddc_manager_name = var.sddc_manager_name
+    sddc_manager_ip   = var.sddc_manager_ip
+    cloudbuilder_name = var.cloudbuilder_name
+    cloudbuilder_ip   = var.cloudbuilder_ip
   })
 
   operating_system    = "ubuntu_24_04"

diff --git a/main.tf b/main.tf
@@ -2,8 +2,6 @@
 # and configure BGP Peering Details on VRF Interconnections
 module "metal_vrf" {
   source                       = "./modules/metal_vrf_w_interconnection_service_tokens"
-  equinix_client_id            = var.equinix_client_id
-  equinix_client_secret        = var.equinix_client_secret
   metal_auth_token             = var.metal_auth_token
   metal_project_id             = var.metal_project_id
   metal_metro                  = var.metro
@@ -44,14 +42,14 @@ module "vcf_metal_devices" {
   esxi_assigned_vlans     = [for r in module.metal_vrf_gateways_w_dynamic_neighbor : r.vlan_uuid]
   for_each                = var.esxi_devices
   metal_metro             = var.metro
-  esxi_dns_server         = var.esxi_dns_server
-  esxi_domain             = var.esxi_domain
+  esxi_dns_server         = var.bastion_ip
+  esxi_domain             = var.zone_name
   esxi_management_gateway = var.esxi_management_gateway
   esxi_management_ip      = each.value.mgmt_ip
-  esxi_mgmt_vlan          = var.esxi_mgmt_vlan
+  esxi_mgmt_vlan          = var.vcf_vrf_networks["mgmt"].vlan_id
   vm_mgmt_vlan            = var.vcf_vrf_networks["vm-mgmt"].vlan_id
-  esxi_hostname           = each.key
-  esxi_ntp_server         = var.esxi_ntp_server
+  esxi_hostname           = each.value.name
+  esxi_ntp_server         = var.bastion_ip
   esxi_password           = var.esxi_password
   esxi_management_subnet  = var.esxi_management_subnet
   esxi_version_slug       = var.esxi_version_slug

diff --git a/management.tf b/management.tf
@@ -7,22 +7,22 @@ resource "random_password" "management" {
 
 resource "equinix_metal_device" "management" {
   project_id = var.metal_project_id
-  hostname   = "management"
+  hostname   = var.windows_management_name
 
   operating_system    = "windows_2022"
-  plan                = var.management_plan
+  plan                = var.windows_management_plan
   metro               = var.metro
   project_ssh_key_ids = [module.ssh.equinix_metal_ssh_key_id]
 
   user_data = templatefile("${path.module}/templates/management-userdata.tmpl", {
-    bastion_vlan_id   = var.vcf_vrf_networks["bastion"].vlan_id,
-    bastion_address   = cidrhost(var.vcf_vrf_networks["bastion"].subnet, 2),
-    address           = cidrhost(var.vcf_vrf_networks["bastion"].subnet, 3),
-    prefix            = split("/", var.vcf_vrf_networks["bastion"].subnet)[1],
-    gateway_address   = cidrhost(var.vcf_vrf_networks["bastion"].subnet, 1),
+    bastion_vlan_id   = var.vcf_vrf_networks["bastion"].vlan_id
+    bastion_address   = var.bastion_ip
+    address           = var.windows_management_ip
+    prefix            = split("/", var.vcf_vrf_networks["bastion"].subnet)[1]
+    gateway_address   = cidrhost(var.vcf_vrf_networks["bastion"].subnet, 1)
     admin_password    = random_password.management.result
     route_destination = var.esxi_network_space
-    domain            = var.esxi_domain
+    domain            = var.zone_name
   })
 }
 resource "equinix_metal_port" "management_bond0" {

diff --git a/modules/metal_vrf_w_interconnection_service_tokens/README.md b/modules/metal_vrf_w_interconnection_service_tokens/README.md
@@ -36,12 +36,10 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_equinix_client_id"></a> [equinix\_client\_id](#input\_equinix\_client\_id) | Client ID for Equinix Fabric API interaction https://developer.equinix.com/docs?page=/dev-docs/fabric/overview | `string` | n/a | yes |
-| <a name="input_equinix_client_secret"></a> [equinix\_client\_secret](#input\_equinix\_client\_secret) | Client Secret for Equinix Fabric API interaction https://developer.equinix.com/docs?page=/dev-docs/fabric/overview | `string` | n/a | yes |
-| <a name="input_metal_auth_token"></a> [metal\_auth\_token](#input\_metal\_auth\_token) | API Token for Equinix Metal API interaction https://deploy.equinix.com/developers/docs/metal/identity-access-management/api-keys/ | `string` | n/a | yes |
-| <a name="input_metal_metro"></a> [metal\_metro](#input\_metal\_metro) | Equinix Metal Metro where Metal resources are going to be deployed https://deploy.equinix.com/developers/docs/metal/locations/metros/#metros-quick-reference | `string` | n/a | yes |
-| <a name="input_metal_project_id"></a> [metal\_project\_id](#input\_metal\_project\_id) | Equinix Metal Project UUID, can be found in the General Tab of the Organization Settings https://deploy.equinix.com/developers/docs/metal/identity-access-management/organizations/#organization-settings-and-roles | `string` | n/a | yes |
-| <a name="input_metal_vrf_asn"></a> [metal\_vrf\_asn](#input\_metal\_vrf\_asn) | ASN to be used for Metal VRF https://deploy.equinix.com/developers/docs/metal/networking/vrf/ | `string` | n/a | yes |
+| <a name="input_metal_auth_token"></a> [metal\_auth\_token](#input\_metal\_auth\_token) | API Token for Equinix Metal API interaction <https://deploy.equinix.com/developers/docs/metal/identity-access-management/api-keys/> | `string` | n/a | yes |
+| <a name="input_metal_metro"></a> [metal\_metro](#input\_metal\_metro) | Equinix Metal Metro where Metal resources are going to be deployed <https://deploy.equinix.com/developers/docs/metal/locations/metros/#metros-quick-reference> | `string` | n/a | yes |
+| <a name="input_metal_project_id"></a> [metal\_project\_id](#input\_metal\_project\_id) | Equinix Metal Project UUID, can be found in the General Tab of the Organization Settings <https://deploy.equinix.com/developers/docs/metal/identity-access-management/organizations/#organization-settings-and-roles> | `string` | n/a | yes |
+| <a name="input_metal_vrf_asn"></a> [metal\_vrf\_asn](#input\_metal\_vrf\_asn) | ASN to be used for Metal VRF <https://deploy.equinix.com/developers/docs/metal/networking/vrf/> | `string` | n/a | yes |
 | <a name="input_metal_vrf_cust_bgp_peer_pri"></a> [metal\_vrf\_cust\_bgp\_peer\_pri](#input\_metal\_vrf\_cust\_bgp\_peer\_pri) | IP of BGP Neighbor on Primary Interconnection that Metal VRF should expect to peer with | `string` | n/a | yes |
 | <a name="input_metal_vrf_cust_bgp_peer_sec"></a> [metal\_vrf\_cust\_bgp\_peer\_sec](#input\_metal\_vrf\_cust\_bgp\_peer\_sec) | IP of BGP Neighbor on Secondary Interconnection that Metal VRF should expect to peer with | `string` | n/a | yes |
 | <a name="input_metal_vrf_ip_ranges"></a> [metal\_vrf\_ip\_ranges](#input\_metal\_vrf\_ip\_ranges) | All IP Address Ranges to be used by Metal VRF, including Metal VRF Gateway subnets and Interconnection point to point networks (eg /29 to cover two /30 interconnections) | `set(string)` | n/a | yes |

diff --git a/modules/metal_vrf_w_interconnection_service_tokens/main.tf b/modules/metal_vrf_w_interconnection_service_tokens/main.tf
@@ -1,7 +1,5 @@
 provider "equinix" {
-  client_id     = var.equinix_client_id
-  client_secret = var.equinix_client_secret
-  auth_token    = var.metal_auth_token
+  auth_token = var.metal_auth_token
 }
 
 # Provision Metal VRF for VCF Management Domain and VCF Management/Underlay Routing

diff --git a/modules/metal_vrf_w_interconnection_service_tokens/variables.tf b/modules/metal_vrf_w_interconnection_service_tokens/variables.tf
@@ -10,14 +10,6 @@ variable "metal_metro" {
   type        = string
   description = "Equinix Metal Metro where Metal resources are going to be deployed https://deploy.equinix.com/developers/docs/metal/locations/metros/#metros-quick-reference"
 }
-variable "equinix_client_id" {
-  type        = string
-  description = "Client ID for Equinix Fabric API interaction https://developer.equinix.com/docs?page=/dev-docs/fabric/overview"
-}
-variable "equinix_client_secret" {
-  type        = string
-  description = "Client Secret for Equinix Fabric API interaction https://developer.equinix.com/docs?page=/dev-docs/fabric/overview"
-}
 variable "metal_vrf_asn" {
   type        = string
   description = "ASN to be used for Metal VRF https://deploy.equinix.com/developers/docs/metal/networking/vrf/"

diff --git a/outputs.tf b/outputs.tf
@@ -1,24 +1,60 @@
 
-output "ssh_private_key" {
-  description = "SSH Private key to use to connect to bastion and management hosts over SSH."
-  value       = module.ssh.ssh_private_key
-  sensitive   = false
-}
+
 output "bastion_public_ip" {
-  description = "The public IP address of the bastion host."
+  description = "The public IP address of the bastion host. Used for troubleshooting."
   value       = equinix_metal_device.bastion.access_public_ipv4
 }
-output "management_public_ip" {
+output "esx01_web_address" {
+  description = "The web address of the first ESXi host to use in a browser on the management host."
+  value       = "https://${var.esxi_devices["esx01"].name}.${var.zone_name}"
+}
+output "windows_management_rdp_address" {
   description = "The public IP address of the windows management host."
   value       = equinix_metal_device.management.access_public_ipv4
 }
-output "management_password" {
+output "windows_management_password" {
   description = "Randomly generated password used for the Admin accounts on the management host."
   sensitive   = true
   value       = random_password.management.result
 }
-
-output "next_steps" {
-  description = "Instructions for accessing the management host."
-  value       = "Run `terraform output -raw management_password` to see the management host's admin password and then RDP to the Management host as SYSTEM\\Admin with that password."
+output "ssh_private_key" {
+  description = "Path to the SSH Private key to use to connect to bastion and management hosts over SSH."
+  value       = module.ssh.ssh_private_key
+  sensitive   = false
+}
+output "cloudbuilder_hostname" {
+  description = "Cloudbuilder Hostname to use during OVA deployment."
+  value       = var.cloudbuilder_name
+}
+output "cloudbuilder_ip" {
+  description = "Cloudbuilder IP to use during OVA deployment."
+  value       = var.cloudbuilder_ip
+}
+output "cloudbuilder_subnet_mask" {
+  description = "Cloudbuilder Subnet Mask to use during OVA deployment."
+  value       = cidrnetmask(var.vcf_vrf_networks["bastion"].subnet)
+}
+output "cloudbuilder_default_gateway" {
+  description = "Cloudbuilder Default Gateway to use during OVA deployment."
+  value       = cidrhost(var.vcf_vrf_networks["vm-mgmt"].subnet, 1)
+}
+output "dns_server" {
+  description = "DNS Server to use during OVA deployment."
+  value       = var.bastion_ip
+}
+output "dns_domain_name" {
+  description = "DNS Domain Name to use during OVA deployment."
+  value       = var.zone_name
+}
+output "dns_domain_search_paths" {
+  description = "DNS Domain Search Paths to use during OVA deployment."
+  value       = var.zone_name
+}
+output "ntp_server" {
+  description = "NTP Server to use during OVA deployment."
+  value       = var.bastion_ip
+}
+output "cloudbuilder_web_address" {
+  description = "Cloudbuilder Web Address"
+  value       = "https://${var.cloudbuilder_name}.${var.zone_name}"
 }
diff --git a/templates/bastion-userdata.tmpl b/templates/bastion-userdata.tmpl
@@ -1,6 +1,6 @@
 ## template: jinja
 #cloud-config
-hostname: bastion
+hostname: ${hostname}
 package_update: true
 package_upgrade: true
 package_reboot_if_required: true
@@ -48,16 +48,17 @@ write_files:
   content: |
     bind-interfaces
     interface=bond0.${bastion_vlan_id}
-    host-record=sfo01-m01-esx01.${domain},172.16.11.101
-    host-record=sfo01-m01-esx02.${domain},172.16.11.102
-    host-record=sfo01-m01-esx03.${domain},172.16.11.103
-    host-record=sfo01-m01-esx04.${domain},172.16.11.104
-    host-record=sfo-m01-vc01.${domain},172.16.10.62
-    host-record=sfo-m01-nsx01.${domain},172.16.10.65
-    host-record=sfo-m01-nsx01a.${domain},172.16.10.66
-    host-record=sfo-m01-nsx01b.${domain},172.16.10.67
-    host-record=sfo-m01-nsx01c.${domain},172.16.10.68
-    host-record=sfo-vcf01.${domain},172.16.10.59
+    host-record=${esx01_name}.${zone_name},${esx01_ip}
+    host-record=${esx02_name}.${zone_name},${esx02_ip}
+    host-record=${esx03_name}.${zone_name},${esx03_ip}
+    host-record=${esx04_name}.${zone_name},${esx04_ip}
+    host-record=${vcenter_name}.${zone_name},${vcenter_ip}
+    host-record=${nsx_vip_name}.${zone_name},${nsx_vip_ip}
+    host-record=${nsx_node_1_name}.${zone_name},${nsx_node_1_ip}
+    host-record=${nsx_node_2_name}.${zone_name},${nsx_node_2_ip}
+    host-record=${nsx_node_3_name}.${zone_name},${nsx_node_3_ip}
+    host-record=${sddc_manager_name}.${zone_name},${sddc_manager_ip}
+    host-record=${cloudbuilder_name}.${zone_name},${cloudbuilder_ip}
 - path: /etc/chrony/conf.d/vcf.conf
   append: true
   content: |
@@ -115,7 +116,7 @@ runcmd:
   nameserver 147.75.207.208
   nameserver 1.1.1.1
   nameserver 8.8.8.8
-  search ${domain}
+  search ${zone_name}
   EOF
 - systemctl restart networking
 - systemctl restart dnsmasq