From patchwork Fri Nov  8 20:12:44 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chuck Lever <cel@kernel.org>
X-Patchwork-Id: 13868940
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 694C61A9B42
	for <kdevops@lists.linux.dev>; Fri,  8 Nov 2024 20:12:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1731096769; cv=none;
 b=gTE4ek9STJISuFnS2AxD+hjhM58aTlsgXut0fc4hOQC/3LAkqNEDPAAHuN9hUaEkhqJTmeMS1l5bswjnabQKNHpHYDgnKS/fVbYRjBNU6sVrsK1yCKVtfQBCSbPUomS4gNlL1w01452DbCTVb9tAsFPeE/DDtu4h6tTmTX6nZ4I=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1731096769; c=relaxed/simple;
	bh=wd/8VkoZCvc/2ktz8G+qUy3GK6zc32XMELorH3pr0Vc=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=tSFge82VS1bbIao40wCFEBzBeQl2OFG0D1OlNgm8iaZQh95IoGyVfsTI9PPN5hKRhL8QSXqADkULsXJtFlH/d8qdCMjspyRAg5SaYIQYjMWz4tfnTNhGVU41TPCTJvsnGmBMl0Z/MOTpv8aExCncNdTajx1u8/WHQmJ4iHECOk0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=SNeIf2wa; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="SNeIf2wa"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8EC48C4CED2;
	Fri,  8 Nov 2024 20:12:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1731096768;
	bh=wd/8VkoZCvc/2ktz8G+qUy3GK6zc32XMELorH3pr0Vc=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=SNeIf2waVZOIs/AJUH95iRYELUkgN9elCAESy/KMHtlAtVqgYJvU1rbjOzzOln389
	 X5+5j2c9WQlMvCuQTiIAjf+TXykTcelxz8ak7JN3KBygM5LujnV+A6znHgahcJBBPy
	 zLJvcSyBgGNnSMn25cz/TVx2pRU8Xi66MmhkTHQNCnO2QftITEIDQHG9jXc+UaZ0/H
	 A6vWowaMe0M/7NscjrPWjsXMrc+NZmWCvkUZF6sOLUqAA5BUD0Ie9X8Va7Chex+Rqc
	 fdOzNiB5BQS4SptVDYRipMMtrYHqQbmKFkS+dPgikyclGFpB8rTzCRfEuC5HK+m6P4
	 vnaU6AEpa+i9Q==
From: cel@kernel.org
To: <kdevops@lists.linux.dev>
Cc: Chuck Lever <chuck.lever@oracle.com>
Subject: [RFC PATCH 1/2] aws: Permit inter-node network traffic
Date: Fri,  8 Nov 2024 15:12:44 -0500
Message-ID: <20241108201245.561269-2-cel@kernel.org>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <20241108201245.561269-1-cel@kernel.org>
References: <20241108201245.561269-1-cel@kernel.org>
Precedence: bulk
X-Mailing-List: kdevops@lists.linux.dev
List-Id: <kdevops.lists.linux.dev>
List-Subscribe: <mailto:kdevops+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:kdevops+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Chuck Lever <chuck.lever@oracle.com>

Permit target nodes to mount the kdevops NFS server by adding
a security group that allows traffic between test nodes.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 terraform/aws/main.tf | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf
index 290d5c0f04b1..62730d77422c 100644
--- a/terraform/aws/main.tf
+++ b/terraform/aws/main.tf
@@ -51,6 +51,22 @@ resource "aws_security_group" "kdevops_sec_group" {
   }
 }
 
+resource "aws_security_group" "kdevops_internal_group" {
+  name   = "kdevops_isg"
+  vpc_id = aws_vpc.kdevops_vpc.id
+
+  # Allow all traffic between hosts in the security group
+  ingress {
+    cidr_blocks = [
+      "10.0.0.0/16",
+    ]
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+  }
+}
+
+
 resource "aws_key_pair" "kdevops_keypair" {
   key_name   = var.ssh_keyname
   public_key = var.ssh_pubkey_data != "" ? var.ssh_pubkey_data : var.ssh_config_pubkey_file != "" ? file(var.ssh_config_pubkey_file) : ""
@@ -110,7 +126,10 @@ resource "aws_instance" "kdevops_instance" {
   count           = local.kdevops_num_boxes
   ami             = data.aws_ami.distro.id
   instance_type   = var.aws_instance_type
-  security_groups = [aws_security_group.kdevops_sec_group.id]
+  security_groups = [
+	aws_security_group.kdevops_sec_group.id,
+	aws_security_group.kdevops_internal_group.id
+  ]
   key_name        = var.ssh_keyname
   subnet_id       = aws_subnet.kdevops_subnet.id
   user_data_base64 = element(

From patchwork Fri Nov  8 20:12:45 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chuck Lever <cel@kernel.org>
X-Patchwork-Id: 13868941
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B84D21A9B42
	for <kdevops@lists.linux.dev>; Fri,  8 Nov 2024 20:12:49 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1731096769; cv=none;
 b=fGsMAprPguqj5N4PwvwqsGlwFCoPgwJ2DFBtIJWQz3SzKprxpUC32Chuh/SFRYvm62JWi1+pAELT/HneB80WdYcT9mOCtU0DewKPFi8n7tLQaYGWxoC9ENwichKGtpibvr920JEWMz7QKG3YrkfVjmAJEwWLBc1dpk8cwgt86VY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1731096769; c=relaxed/simple;
	bh=mNV4GBMvSecXrzF8pYpfmlWcVCVGhoJ1xEUhjQXhk0w=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=Rt/J/tL2Eaxfzow5XvUT/idD4SRgve9azzMTyAlyWOMO8OqbLfww68g25ZbSS8+wVA1V7IeoHCU6Qhsvc1UZ/NDafuwemLxqeWjEW3lrR0GWmkjMg9ISOJhXaJSkugIKEt/YAInoBQ9wIxMQD3iv3jf1zZSAPH7juqoisR1CXoQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=rqChtnPi; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="rqChtnPi"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 17914C4CED0;
	Fri,  8 Nov 2024 20:12:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1731096769;
	bh=mNV4GBMvSecXrzF8pYpfmlWcVCVGhoJ1xEUhjQXhk0w=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=rqChtnPiwO0jUj0+tdRKbGqJTQlal7Q2/XFBiiWjvu9MZx6Sz1nwvnROeqUHKcNvo
	 kYNmLiLmT2yh4l2aGy1/s7Fjnals7dS59gGAadWv1a2Sai54Xj2DPt3ZQSb0eMLDQc
	 U99xIXTyvwBdVNIqaRGSWWIPcu/ZcHGiZIWv0VgawYt5by4Qbk3PMz+/X/cSSzee4j
	 c3DcAT04y8U4PpzeMbIhUwJ6qpSx3zYBu9YdTjtgGZtIo/SalbxKJ20cM7JD9PLcuv
	 pZwzcqiHZygb0YRj3o4qsjMBx+X4oEurbU7WI42y4X5FjHTtMmPMVDjm1b2iZG7nhx
	 9VPCxPyA+bXFg==
From: cel@kernel.org
To: <kdevops@lists.linux.dev>
Cc: Chuck Lever <chuck.lever@oracle.com>
Subject: [RFC PATCH 2/2] aws: Add each test instance to the local DNS service
Date: Fri,  8 Nov 2024 15:12:45 -0500
Message-ID: <20241108201245.561269-3-cel@kernel.org>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <20241108201245.561269-1-cel@kernel.org>
References: <20241108201245.561269-1-cel@kernel.org>
Precedence: bulk
X-Mailing-List: kdevops@lists.linux.dev
List-Id: <kdevops.lists.linux.dev>
List-Subscribe: <mailto:kdevops+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:kdevops+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Chuck Lever <chuck.lever@oracle.com>

The kdevops NFS workflows typically set up separate nodes for an NFS
server and NFS clients. kdevops then provisions exports on the NFS
server and mount points on the clients.

For libvirt, kdevops adds the IP address of each test node to all of
the /etc/hosts files. This enables the clients to mount the test NFS
server conveniently by hostname.

For AWS, kdevops can provision a private DNS service and add "A"
records for each test host there. This patch implements that
approach.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 terraform/aws/main.tf | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf
index 62730d77422c..77aabd79e658 100644
--- a/terraform/aws/main.tf
+++ b/terraform/aws/main.tf
@@ -184,3 +184,33 @@ resource "aws_route_table_association" "kdevops_rt_assoc" {
   route_table_id = aws_route_table.kdevops_rt.id
 }
 
+resource "aws_vpc_dhcp_options" "kdevops_dhcp_opts" {
+  domain_name         = "kdevops.local"
+  domain_name_servers = ["AmazonProvidedDNS"]
+
+  tags = {
+    Name = "kdevops_dhcp_opts"
+  }
+}
+
+resource "aws_vpc_dhcp_options_association" "kdevops_dhcp_association" {
+  vpc_id          = aws_vpc.kdevops_vpc.id
+  dhcp_options_id = aws_vpc_dhcp_options.kdevops_dhcp_opts.id
+}
+
+resource "aws_route53_zone" "kdevops_private_zone" {
+  name = "kdevops.local"
+  vpc {
+    vpc_id = aws_vpc.kdevops_vpc.id
+  }
+}
+
+resource "aws_route53_record" "kdevops_dns_record" {
+  count   = local.kdevops_num_boxes
+  zone_id = aws_route53_zone.kdevops_private_zone.zone_id
+  name    = "${element(var.kdevops_nodes, count.index)}.kdevops.local"
+  type    = "A"
+  ttl     = "300"
+  records = ["${element(aws_instance.kdevops_instance.*.private_ip, count.index)}"]
+}
+