mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 03:57:01 +02:00
Code Issues Projects Releases Wiki Activity
a2de4c75cd
vault/enos/enos-variables.hcl
Ryan Cragun 8d22142a3e
[QT-572][VAULT-17391] enos: use ec2 fleets for consul storage scenarios (#21400) 
Begin the process of migrating away from the "strongly encouraged not to
use"[0] Ec2 spot fleet API to the more modern `ec2:CreateFleet`.
Unfortuantely the `instant` type fleet does not guarantee fulfillment
with either on-demand or spot types. We'll need to add a feature similar
to `wait_for_fulfillment` on the `spot_fleet_request` resource[1] to
`ec2_fleet` before we can rely on it.

We also update the existing target fleets to support provisioning generic
targets. This has allowed us to remove our usage of `terraform-enos-aws-consul`
and replace it with a smaller `backend_consul` module in-repo.

We also remove `terraform-enos-aws-infra` and replace it with two smaller
in-repo modules `ec2_info` and `create_vpc`. This has allowed us to simplify
the vpc resources we use for each scneario, which in turn allows us to
not rely on flaky resources.

As part of this refactor we've also made it possible to provision
targets using different distro versions.

[0] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use
[1] https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/spot_fleet_request#wait_for_fulfillment

* enos/consul: add `backend_consul` module that accepts target hosts.
* enos/target_ec2_spot_fleet: add support for consul networking.
* enos/target_ec2_spot_fleet: add support for customizing cluster tag
  key.
* enos/scenarios: create `target_ec2_fleet` which uses a more modern
  `ec2_fleet` API.
* enos/create_vpc: replace `terraform-enos-aws-infra` with smaller and
  simplified version. Flatten the networking to a single route on the
  default route table and a single subnet.
* enos/ec2_info: add a new module to give us useful ec2 information
  including AMI id's for various arch/distro/version combinations.
* enos/ci: update service user role to allow for managing ec2 fleets.

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-06-22 12:42:21 -06:00

227 lines
5.8 KiB
HCL
Raw Blame History

# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
variable "artifact_path" {
type = string
description = "The local path for dev artifact to test"
default = null
}
variable "artifactory_username" {
type = string
description = "The username to use when connecting to artifactory"
default = null
sensitive = true
}
variable "artifactory_token" {
type = string
description = "The token to use when connecting to artifactory"
default = null
sensitive = true
}
variable "artifactory_host" {
type = string
description = "The artifactory host to search for vault artifacts"
default = "https://artifactory.hashicorp.engineering/artifactory"
}
variable "artifactory_repo" {
type = string
description = "The artifactory repo to search for vault artifacts"
default = "hashicorp-crt-stable-local*"
}
variable "aws_region" {
description = "The AWS region where we'll create infrastructure"
type = string
default = "us-west-1"
}
variable "aws_ssh_keypair_name" {
description = "The AWS keypair to use for SSH"
type = string
default = "enos-ci-ssh-key"
}
variable "aws_ssh_private_key_path" {
description = "The path to the AWS keypair private key"
type = string
default = "./support/private_key.pem"
}
variable "backend_edition" {
description = "The backend release edition if applicable"
type = string
default = "oss"
}
variable "backend_instance_type" {
description = "The instance type to use for the Vault backend. Must be arm64/nitro compatible"
type = string
default = "t4g.small"
}
variable "backend_license_path" {
description = "The license for the backend if applicable (Consul Enterprise)"
type = string
default = null
}
variable "backend_log_level" {
description = "The server log level for the backend. Supported values include 'trace', 'debug', 'info', 'warn', 'error'"
type = string
default = "trace"
}
variable "operator_instance" {
type = string
description = "The ip address of the operator (Voter) node"
}
variable "project_name" {
description = "The description of the project"
type = string
default = "vault-enos-integration"
}
variable "remove_vault_instances" {
type = map(object({
private_ip = string
public_ip = string
}))
description = "The old vault nodes to be removed"
}
variable "ui_test_filter" {
type = string
description = "A test filter to limit the ui tests to execute. Will be appended to the ember test command as '-f=\"<filter>\"'"
default = null
}
variable "ui_run_tests" {
type = bool
description = "Whether to run the UI tests or not. If set to false a cluster will be created but no tests will be run"
default = true
}
variable "vault_enable_file_audit_device" {
description = "If true the file audit device will be enabled at the path /var/log/vault_audit.log"
type = bool
default = true
}
variable "rhel_distro_version" {
description = "The version of RHEL to use"
type = string
default = "9.1" // or "8.8"
}
variable "tags" {
description = "Tags that will be applied to infrastructure resources that support tagging"
type = map(string)
default = null
}
variable "terraform_plugin_cache_dir" {
description = "The directory to cache Terraform modules and providers"
type = string
default = null
}
variable "tfc_api_token" {
description = "The Terraform Cloud QTI Organization API token."
type = string
sensitive = true
}
variable "ubuntu_distro_version" {
description = "The version of ubuntu to use"
type = string
default = "22.04" // or "20.04", "18.04"
}
variable "vault_artifact_type" {
description = "The Vault artifact type package or bundle"
default = "bundle"
}
variable "vault_autopilot_initial_release" {
description = "The Vault release to deploy before upgrading with autopilot"
default = {
edition = "ent"
version = "1.11.0"
}
}
variable "vault_bundle_path" {
description = "Path to CRT generated or local vault.zip bundle"
type = string
default = "/tmp/vault.zip"
}
variable "vault_install_dir" {
type = string
description = "The directory where the Vault binary will be installed"
default = "/opt/vault/bin"
}
variable "vault_instance_type" {
description = "The instance type to use for the Vault backend"
type = string
default = null
}
variable "vault_instance_count" {
description = "How many instances to create for the Vault cluster"
type = number
default = 3
}
variable "vault_license_path" {
description = "The path to a valid Vault enterprise edition license. This is only required for non-oss editions"
type = string
default = null
}
variable "vault_local_build_tags" {
description = "The build tags to pass to the Go compiler for builder:local variants"
type = list(string)
default = null
}
variable "vault_log_level" {
description = "The server log level for Vault logs. Supported values (in order of detail) are trace, debug, info, warn, and err."
type = string
default = "trace"
}
variable "vault_build_date" {
description = "The build date for Vault artifact"
type = string
default = ""
}
variable "vault_product_version" {
description = "The version of Vault we are testing"
type = string
default = null
}
variable "vault_revision" {
description = "The git sha of Vault artifact we are testing"
type = string
default = null
}
variable "vault_upgrade_initial_release" {
description = "The Vault release to deploy before upgrading"
default = {
edition = "oss"
// Vault 1.10.5 has a known issue with retry_join.
version = "1.10.4"
}
}
Reference in New Issue View Git Blame Copy Permalink