From 9fcba173ced40e2139252cdb8f496ce9ae67a7c7 Mon Sep 17 00:00:00 2001 From: Simon Rho Date: Sun, 10 Sep 2023 23:30:06 +0000 Subject: [PATCH] support local ~.ssh/config update --- README.md | 9 ++++-- config-east/config/jcnr.conf | 1 + config-east/config/red2.conf | 3 +- config-east/config/red3.conf | 1 + config-west/config/blue2.conf | 3 +- tf-aws/eks-node-group.tf | 7 ++--- tf-aws/outputs.tf | 7 ++--- tf-aws/providers.tf | 6 ++-- tf-aws/ssh_config_update.sh | 52 +++++++++++++++++++++++++++++++++++ tf-aws/ssh_config_update.tf | 25 +++++++++++++++++ tf-aws/variables.tf | 3 +- 11 files changed, 97 insertions(+), 20 deletions(-) create mode 100755 tf-aws/ssh_config_update.sh create mode 100644 tf-aws/ssh_config_update.tf diff --git a/README.md b/README.md index 15871da..761271b 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ This repository provides Terraform scripts and configuration files to set up a d - EBS CSI driver for Kubernetes. - DPDK environment setup DaemonSet in the worker node. - Kube config updated to incorporate the newly created EKS cluster. + - Local `~/.ssh/config` updated for direct SSH access to EC2 instances running a CE workload. ## Directory Structure @@ -441,10 +442,12 @@ kubectl get pods -n contrail Ensuring consistency across these configurations guarantees that the DPDK environment setup and JCNR installation target the intended EKS worker nodes. Inconsistencies can lead to deployment errors or undesired behavior. -## Cleanup or Teardown -To safely remove all AWS resources and the JCNR deployment: +## Resource Cleanup +To securely dismantle all AWS components and the JCNR deployment, follow these steps: ```bash cd tf-aws/ terraform destroy -``` \ No newline at end of file +``` + +Should you encounter the Error: context deadline exceeded while removing AWS resources, simply execute `terraform destroy` once more to ensure complete resource removal. \ No newline at end of file diff --git a/config-east/config/jcnr.conf b/config-east/config/jcnr.conf index cb4b84b..605325e 100644 --- a/config-east/config/jcnr.conf +++ b/config-east/config/jcnr.conf @@ -20,3 +20,4 @@ set routing-options dynamic-tunnels dyn-tunnels destination-networks 172.16.255. set policy-options policy-statement udp-export then community add udp set policy-options community udp members encapsulation:0L:13 + diff --git a/config-east/config/red2.conf b/config-east/config/red2.conf index 06a76a1..2a060f2 100644 --- a/config-east/config/red2.conf +++ b/config-east/config/red2.conf @@ -2,4 +2,5 @@ set interfaces eth3 unit 0 family inet address 10.1.0.100/24 set routing-instances red2 instance-type vrf set routing-instances red2 routing-options static route 10.1.0.200/32 qualified-next-hop 10.1.0.200 interface eth3 set routing-instances red2 interface eth3 -set routing-instances red2 vrf-target target:65000:200 \ No newline at end of file +set routing-instances red2 vrf-target target:65000:200 + diff --git a/config-east/config/red3.conf b/config-east/config/red3.conf index 9ff05d4..55449f3 100644 --- a/config-east/config/red3.conf +++ b/config-east/config/red3.conf @@ -3,3 +3,4 @@ set routing-instances red3 instance-type vrf set routing-instances red3 routing-options static route 10.1.1.200/32 qualified-next-hop 10.1.1.200 interface eth3 set routing-instances red3 interface eth4 set routing-instances red3 vrf-target target:65000:300 + diff --git a/config-west/config/blue2.conf b/config-west/config/blue2.conf index 0a210f6..2b30f48 100644 --- a/config-west/config/blue2.conf +++ b/config-west/config/blue2.conf @@ -2,4 +2,5 @@ set interfaces eth3 unit 0 family inet address 172.17.0.100/24 set routing-instances blue2 instance-type vrf set routing-instances blue2 routing-options static route 172.17.0.200/32 qualified-next-hop 172.17.0.200 interface eth3 set routing-instances blue2 interface eth3 -set routing-instances blue2 vrf-target target:65000:200 \ No newline at end of file +set routing-instances blue2 vrf-target target:65000:200 + diff --git a/tf-aws/eks-node-group.tf b/tf-aws/eks-node-group.tf index 028beda..297da27 100644 --- a/tf-aws/eks-node-group.tf +++ b/tf-aws/eks-node-group.tf @@ -1,7 +1,4 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -# +# # EKS Worker Nodes Resources # * IAM role allowing Kubernetes actions to access other AWS services # * EKS Node Group to launch worker nodes @@ -58,7 +55,7 @@ resource "aws_eks_node_group" "demo1" { scaling_config { desired_size = 1 max_size = 1 - min_size = 1 + min_size = 0 } remote_access { diff --git a/tf-aws/outputs.tf b/tf-aws/outputs.tf index e92de7e..eb8c230 100644 --- a/tf-aws/outputs.tf +++ b/tf-aws/outputs.tf @@ -6,8 +6,7 @@ output "cluster_name" { value = var.cluster_name } -output "ce_instance_public_ips" { - value = aws_instance.ce_instance[*].public_ip - description = "The public IPs of the CE instances" +output "ces" { + value = aws_instance.ce_instance[*].public_dns + description = "The public DNS of the CE instances" } - diff --git a/tf-aws/providers.tf b/tf-aws/providers.tf index d4f8bbd..3193018 100644 --- a/tf-aws/providers.tf +++ b/tf-aws/providers.tf @@ -1,8 +1,6 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - terraform { required_version = ">= 0.12" + region = var.aws_region } @@ -11,7 +9,7 @@ provider "aws" { } provider "aws" { - alias = "peer" + alias = "peer" region = var.peer_region } diff --git a/tf-aws/ssh_config_update.sh b/tf-aws/ssh_config_update.sh new file mode 100755 index 0000000..f7b0b17 --- /dev/null +++ b/tf-aws/ssh_config_update.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +LOCK_FILE="/tmp/update_ssh_config.lock" + +while [ -e $LOCK_FILE ]; do + sleep 1 +done + +touch $LOCK_FILE + +SSH_DIR="$HOME/.ssh" +SSH_CONFIG="$SSH_DIR/config" +ALIAS=$1 +HOSTNAME=$2 +SSH_KEY_PATH=$3 + +# Check if the .ssh directory exists +if [ ! -d "$SSH_DIR" ]; then + mkdir -p $SSH_DIR + chmod 700 $SSH_DIR +fi + +# Create the .ssh/config file if it doesn't exist +touch $SSH_CONFIG +chmod 600 $SSH_CONFIG + +# Prepare the updated entry with sub-parameters +ENTRY="Host $ALIAS + HostName $HOSTNAME + HostKeyAlgorithms=+ssh-rsa + StrictHostKeyChecking no + UserKnownHostsFile=/dev/null + Port 22 + User ec2-user + ServerAliveInterval 300 + ServerAliveCountMax 2 + IdentityFile $SSH_KEY_PATH" + +# If the entry exists, delete the full entry and its sub-parameters +if grep -q "Host $ALIAS" $SSH_CONFIG; then + awk -v alias="$ALIAS" ' + $1 == "Host" && $2 == alias { skip = 1; next } + $1 == "Host" && $2 != alias { skip = 0 } + skip { next } + 1' $SSH_CONFIG > ${SSH_CONFIG}.tmp && mv ${SSH_CONFIG}.tmp $SSH_CONFIG +fi + +# Append the new (or updated) entry with an additional newline for separation +echo -e "\n$ENTRY\n" >> $SSH_CONFIG + +rm -f $LOCK_FILE + diff --git a/tf-aws/ssh_config_update.tf b/tf-aws/ssh_config_update.tf new file mode 100644 index 0000000..349a6ec --- /dev/null +++ b/tf-aws/ssh_config_update.tf @@ -0,0 +1,25 @@ +resource "null_resource" "update_ssh_config" { + count = length(var.vpc_secondary_subnets) + + # This ensures that the provisioner will run again if the instance or key path changes + triggers = { + # always_run = "${timestamp()}" + instance_public_dns = aws_instance.ce_instance[count.index].public_dns + ssh_key_path = local_sensitive_file.my_private_key_file.filename + hostname_alias = var.vpc_secondary_subnets[count.index].hostname + } + + provisioner "local-exec" { + command = <<-EOT + ./ssh_config_update.sh \ + ${var.vpc_secondary_subnets[count.index].hostname} \ + ${aws_instance.ce_instance[count.index].public_dns} \ + ${local_sensitive_file.my_private_key_file.filename} + EOT + on_failure = continue + } + + # Ensure this runs after the EC2 instance is fully created. + depends_on = [aws_instance.ce_instance] +} + diff --git a/tf-aws/variables.tf b/tf-aws/variables.tf index e397124..23f2041 100644 --- a/tf-aws/variables.tf +++ b/tf-aws/variables.tf @@ -65,8 +65,7 @@ variable "vpc_secondary_cidr_block" { variable "vpc_secondary_subnets" { default = [ - { name = "subnet1", cidr = "172.17.0.0/24", peer_cidr = "10.1.0.0/24", hostname = "Sunnyvale" }, - { name = "subnet2", cidr = "172.17.1.0/24", peer_cidr = "10.1.1.0/24", hostname = "SFO" } + { name = "subnet1", cidr = "172.17.0.0/24", peer_cidr = "10.1.0.0/24", hostname = "blue2" } ] type = list(object({ name = string