openshift · bd233 · Oct 12, 2021 · Oct 12, 2021
diff --git a/cmd/openshift-install/destroy.go b/cmd/openshift-install/destroy.go
@@ -10,6 +10,7 @@ import (
 
 	assetstore "github.com/openshift/installer/pkg/asset/store"
 	"github.com/openshift/installer/pkg/destroy"
+	_ "github.com/openshift/installer/pkg/destroy/alibabacloud"
 	_ "github.com/openshift/installer/pkg/destroy/aws"
 	_ "github.com/openshift/installer/pkg/destroy/azure"
 	_ "github.com/openshift/installer/pkg/destroy/baremetal"

diff --git a/data/data/alibabacloud/bootstrap/main.tf b/data/data/alibabacloud/bootstrap/main.tf
@@ -0,0 +1,166 @@
+locals {
+  description = "Created By OpenShift Installer"
+  prefix      = var.cluster_id
+  tags = merge(
+    {
+      "OCP"                                     = "ISV Integration",
+      "kubernetes.io/cluster/${var.cluster_id}" = "owned"
+    },
+    var.ali_resource_tags,
+  )
+  system_disk_size     = 120
+  system_disk_category = "cloud_essd"
+}
+
+provider "alicloud" {
+  access_key = var.ali_access_key
+  secret_key = var.ali_secret_key
+  region     = var.ali_region_id
+}
+
+data "alicloud_instances" "bootstrap_data" {
+  ids = [alicloud_instance.bootstrap.id]
+}
+
+# Using this data source can enable OSS service automatically.
+data "alicloud_oss_service" "open" {
+  enable = "On"
+}
+
+resource "alicloud_oss_bucket" "bucket" {
+  bucket = var.ali_ignition_bucket
+  acl    = "private"
+  tags = merge(
+    {
+      "Name" = "${local.prefix}-bucket"
+    },
+    local.tags,
+  )
+}
+
+resource "alicloud_oss_bucket_object" "ignition_file" {
+  bucket = alicloud_oss_bucket.bucket.id
+  key    = "bootstrap.ign"
+  source = var.ignition_bootstrap_file
+  acl    = "private"
+}
+
+resource "alicloud_ram_role" "role" {
+  name     = "${local.prefix}-role-bootstrap"
+  document = <<EOF
+  {
+    "Statement": [
+      {
+        "Action": "sts:AssumeRole",
+        "Effect": "Allow",
+        "Principal": {
+          "Service": [
+            "ecs.aliyuncs.com"
+          ]
+        }
+      }
+    ],
+    "Version": "1"
+  }
+  EOF
+  description = local.description
+}
+
+resource "alicloud_ram_policy" "role_policy" {
+  policy_name = "${local.prefix}-policy-bootstrap"
+  policy_document = <<EOF
+  {
+    "Statement": [
+      {
+        "Action": [
+          "ecs:Describe*",
+          "ecs:AttachDisk",
+          "ecs:DetachDisk"
+        ],
+        "Effect": "Allow",
+        "Resource": [
+          "*"
+        ]
+      }
+    ],
+      "Version": "1"
+  }
+  EOF
+}
+
+resource "alicloud_ram_role_policy_attachment" "attach" {
+  policy_name = alicloud_ram_policy.role_policy.name
+  policy_type = alicloud_ram_policy.role_policy.type
+  role_name   = alicloud_ram_role.role.name
+}
+
+resource "alicloud_security_group" "sg_bootstrap" {
+  resource_group_id = var.ali_resource_group_id
+  name              = "${local.prefix}_sg_bootstrap"
+  description       = local.description
+  vpc_id            = var.vpc_id
+  tags = merge(
+    {
+      "Name" = "${local.prefix}-sg-bootstrap"
+    },
+    local.tags,
+  )
+}
+
+resource "alicloud_security_group_rule" "sg_rule_ssh" {
+  description       = local.description
+  security_group_id = alicloud_security_group.sg_bootstrap.id
+  type              = "ingress"
+  ip_protocol       = "tcp"
+  nic_type          = "intranet"
+  policy            = "accept"
+  port_range        = "22/22"
+  cidr_ip           = "0.0.0.0/0"
+}
+
+resource "alicloud_security_group_rule" "sg_rule_journald_gateway" {
+  description       = local.description
+  security_group_id = alicloud_security_group.sg_bootstrap.id
+  type              = "ingress"
+  ip_protocol       = "tcp"
+  nic_type          = "intranet"
+  policy            = "accept"
+  port_range        = "19531/19531"
+  cidr_ip           = "0.0.0.0/0"
+}
+
+resource "alicloud_instance" "bootstrap" {
+  resource_group_id = var.ali_resource_group_id
+
+  host_name                  = "${local.prefix}-bootstrap"
+  instance_name              = "${local.prefix}-bootstrap"
+  instance_type              = var.ali_bootstrap_instance_type
+  image_id                   = var.ali_image_id
+  vswitch_id                 = var.vswitch_ids[0]
+  security_groups            = [alicloud_security_group.sg_bootstrap.id, var.sg_master_id]
+  internet_max_bandwidth_out = 5
+  role_name                  = alicloud_ram_role.role.name
+
+  system_disk_name        = "${local.prefix}_sys_disk-bootstrap"
+  system_disk_description = local.description
+  system_disk_category    = local.system_disk_category
+  system_disk_size        = local.system_disk_size
+
+  user_data = var.ali_bootstrap_stub_ignition
+  tags = merge(
+    {
+      "Name" = "${local.prefix}-bootstrap"
+    },
+    local.tags,
+  )
+}
+
+resource "alicloud_slb_backend_server" "slb_attachment_bootstraps" {
+  count = length(var.slb_ids)
+
+  load_balancer_id = var.slb_ids[count.index]
+  backend_servers {
+    server_id = alicloud_instance.bootstrap.id
+    weight    = 90
+  }
+}
diff --git a/data/data/alibabacloud/bootstrap/outputs.tf b/data/data/alibabacloud/bootstrap/outputs.tf
@@ -0,0 +1,3 @@
+output "bootstrap_public_ip" {
+  value = data.alicloud_instances.bootstrap_data.instances.0.public_ip
+}
diff --git a/data/data/alibabacloud/bootstrap/variables.tf b/data/data/alibabacloud/bootstrap/variables.tf
@@ -0,0 +1,19 @@
+variable "vpc_id" {
+  type        = string
+  description = "The VPC id of the bootstrap ECS."
+}
+
+variable "vswitch_ids" {
+  type        = list(string)
+  description = "The VSwitch id of the bootstrap ECS."
+}
+
+variable "slb_ids" {
+  type        = list(string)
+  description = "The load balancer IDs of the bootstrap ECS."
+}
+
+variable "sg_master_id" {
+  type        = string
+  description = "The security group ID of the master ECS."
+}
diff --git a/data/data/alibabacloud/cluster/main.tf b/data/data/alibabacloud/cluster/main.tf
@@ -0,0 +1,64 @@
+locals {
+  description = "Created By OpenShift Installer"
+  tags = merge(
+    {
+      "OCP"                                     = "ISV Integration",
+      "kubernetes.io/cluster/${var.cluster_id}" = "owned"
+    },
+    var.ali_resource_tags,
+  )
+}
+
+provider "alicloud" {
+  access_key = var.ali_access_key
+  secret_key = var.ali_secret_key
+  region     = var.ali_region_id
+}
+
+module "vpc" {
+  source              = "./vpc"
+  cluster_id          = var.cluster_id
+  region_id           = var.ali_region_id
+  zone_ids            = var.ali_zone_ids
+  nat_gateway_zone_id = var.ali_nat_gateway_zone_id
+  resource_group_id   = var.ali_resource_group_id
+  vpc_cidr_block      = var.machine_v4_cidrs[0]
+  tags                = local.tags
+}
+
+module "pvtz" {
+  source            = "./privatezone"
+  cluster_id        = var.cluster_id
+  resource_group_id = var.ali_resource_group_id
+  vpc_id            = module.vpc.vpc_id
+  cluster_domain    = var.cluster_domain
+  base_domain       = var.base_domain
+  slb_external_ip   = module.vpc.slb_external_ip
+  slb_internal_ip   = module.vpc.slb_internal_ip
+  master_count      = length(var.ali_zone_ids)
+  master_ips        = module.master.master_ecs_private_ips
+  tags              = local.tags
+}
+
+module "ram" {
+  source     = "./ram"
+  cluster_id = var.cluster_id
+  tags       = local.tags
+}
+
+module "master" {
+  source               = "./master"
+  cluster_id           = var.cluster_id
+  resource_group_id    = var.ali_resource_group_id
+  vpc_id               = module.vpc.vpc_id
+  vswitch_ids          = module.vpc.vswitch_ids
+  sg_id                = module.vpc.sg_master_id
+  slb_ids              = module.vpc.slb_ids
+  instance_type        = var.ali_master_instance_type
+  image_id             = var.ali_image_id
+  system_disk_size     = var.ali_system_disk_size
+  system_disk_category = var.ali_system_disk_category
+  user_data_ign        = var.ignition_master
+  role_name            = module.ram.role_master_name
+  tags                 = local.tags
+}
diff --git a/data/data/alibabacloud/cluster/master/main.tf b/data/data/alibabacloud/cluster/master/main.tf
@@ -0,0 +1,45 @@
+locals {
+  description = "Created By OpenShift Installer"
+  prefix      = var.cluster_id
+}
+
+data "alicloud_instances" "master_data" {
+  ids = alicloud_instance.master.*.id
+}
+
+resource "alicloud_instance" "master" {
+  count             = length(var.vswitch_ids)
+  resource_group_id = var.resource_group_id
+
+  host_name                  = "${local.prefix}-master-${count.index}"
+  instance_name              = "${local.prefix}-master-${count.index}"
+  instance_type              = var.instance_type
+  image_id                   = var.image_id
+  internet_max_bandwidth_out = 0
+
+  vswitch_id      = var.vswitch_ids[count.index]
+  security_groups = [var.sg_id]
+  role_name       = var.role_name
+
+  system_disk_name        = "${local.prefix}_sys_disk-master-${count.index}"
+  system_disk_description = local.description
+  system_disk_category    = var.system_disk_category
+  system_disk_size        = var.system_disk_size
+
+  user_data = base64encode(var.user_data_ign)
+  tags = merge(
+    {
+      "Name" = "${local.prefix}-master-${count.index}"
+    },
+    var.tags,
+  )
+}
+
+resource "alicloud_slb_backend_server" "slb_attachment_masters" {
+  count            = "${length(var.slb_ids) * length(alicloud_instance.master.*.id)}"
+  load_balancer_id = "${element(var.slb_ids, ceil(count.index / length(alicloud_instance.master.*.id)))}"
+  backend_servers {
+    server_id = "${element(alicloud_instance.master.*.id, count.index)}"
+    weight    = 90
+  }
+}
diff --git a/data/data/alibabacloud/cluster/master/outputs.tf b/data/data/alibabacloud/cluster/master/outputs.tf
@@ -0,0 +1,7 @@
+output "master_ecs_ids" {
+  value = alicloud_instance.master.*.id
+}
+
+output "master_ecs_private_ips" {
+  value = { for ecs in data.alicloud_instances.master_data.instances : ecs.name => ecs.private_ip }
+}
diff --git a/data/data/alibabacloud/cluster/master/variables.tf b/data/data/alibabacloud/cluster/master/variables.tf
@@ -0,0 +1,62 @@
+variable "cluster_id" {
+  type = string
+}
+
+variable "resource_group_id" {
+  type = string
+}
+
+variable "vpc_id" {
+  type        = string
+  description = "The VPC ID of the master ECS."
+}
+
+variable "vswitch_ids" {
+  type        = list(string)
+  description = "The VSwitch IDs of the master ECS. Example: [vsw-xxx1, vsw-xxx2, vsw-xxx3]"
+}
+
+variable "sg_id" {
+  type        = string
+  description = "The security group ID of the master ECS."
+}
+
+variable "slb_ids" {
+  type = list(string)
+}
+
+variable "instance_type" {
+  type        = string
+  description = "The instance type of the master ECS."
+}
+
+variable "image_id" {
+  type        = string
+  description = "The image ID of the master ECS."
+}
+
+variable "system_disk_size" {
+  type        = number
+  description = "The system disk size of the master ECS."
+}
+
+variable "system_disk_category" {
+  type        = string
+  description = "The system disk category of the master ECS.Valid values are cloud_efficiency, cloud_ssd, cloud_essd. Default value is cloud_essd."
+  default     = "cloud_essd"
+}
+
+variable "role_name" {
+  type        = string
+  description = "Instance RAM role name. The name is provided and maintained by RAM."
+}
+
+variable "user_data_ign" {
+  type = string
+}
+
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "Tags to be applied to created resources."
+}
diff --git a/data/data/alibabacloud/cluster/outputs.tf b/data/data/alibabacloud/cluster/outputs.tf
@@ -0,0 +1,15 @@
+output "vpc_id" {
+  value = module.vpc.vpc_id
+}
+
+output "vswitch_ids" {
+  value = module.vpc.vswitch_ids
+}
+
+output "slb_ids" {
+  value = module.vpc.slb_ids
+}
+
+output "sg_master_id" {
+  value = module.vpc.sg_master_id
+}