github.com/verrazzano/verrazzano@v1.7.1/tests/e2e/config/scripts/terraform/cluster/create-multi-cluster.sh (about) 1 #!/bin/bash 2 # 3 # Copyright (c) 2020, 2022, Oracle and/or its affiliates. 4 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 5 # 6 7 CLUSTER_INDEX=${1:-1} 8 CLUSTER_NAME_PREFIX=${2:-""} 9 . ./init.sh 10 11 $SCRIPT_DIR/terraform init -no-color 12 13 workspace=cluster-${CLUSTER_INDEX} 14 echo "Creating Terraform workspace: $workspace" 15 $SCRIPT_DIR/terraform workspace new $workspace -no-color 16 17 $SCRIPT_DIR/terraform plan -var-file=$TF_VAR_nodepool_config.tfvars -var-file=$TF_VAR_region.tfvars -no-color 18 19 set -o pipefail 20 21 # retry 3 times, 30 seconds apart 22 tries=0 23 MAX_TRIES=3 24 while true; do 25 tries=$((tries+1)) 26 echo "terraform apply iteration ${tries}" 27 $SCRIPT_DIR/terraform apply -var-file=$TF_VAR_nodepool_config.tfvars -var-file=$TF_VAR_region.tfvars -auto-approve -no-color && break 28 if [ "$tries" -ge "$MAX_TRIES" ]; 29 then 30 echo "Terraform apply tries exceeded. Cluster creation has failed!" 31 break 32 fi 33 sleep 30 34 done 35 36 if [ "$tries" -ge "$MAX_TRIES" ]; 37 then 38 exit 1 39 fi 40 41 echo "Updating OKE private_workers_seclist to allow pub_lb_subnet access to workers" 42 43 # the script would return 0 even if it fails to update OKE private_workers_seclist 44 # because the OKE still could work if it didn't hit the rate limiting 45 46 # find vcn id 47 VCN_ID=$(oci network vcn list \ 48 --compartment-id "${TF_VAR_compartment_id}" \ 49 --display-name "${TF_VAR_label_prefix}-${CLUSTER_NAME_PREFIX}-${CLUSTER_INDEX}-vcn" \ 50 | jq -r '.data[0].id') 51 if [ -z "$VCN_ID" ]; then 52 echo "Failed to get the id for OKE cluster vcn ${TF_VAR_label_prefix}-${CLUSTER_NAME_PREFIX}-${CLUSTER_INDEX}-vcn" 53 exit 0 54 fi 55 56 # find private_workers_seclist id 57 SEC_LIST_ID=$(oci network security-list list \ 58 --compartment-id "${TF_VAR_compartment_id}" \ 59 --display-name "${TF_VAR_label_prefix}-private-workers" \ 60 --vcn-id "${VCN_ID}" \ 61 | jq -r '.data[0].id') 62 63 if [ -z "$SEC_LIST_ID" ]; then 64 echo "Failed to get the id for security-list ${TF_VAR_label_prefix}-private-workers" 65 exit 0 66 fi 67 68 # find pub_lb_subnet CIDR 69 LB_SUBNET_CIDR=$(oci network subnet list \ 70 --compartment-id "${TF_VAR_compartment_id}" \ 71 --display-name "${TF_VAR_label_prefix}-pub_lb" \ 72 --vcn-id "${VCN_ID}" \ 73 | jq -r '.data[0]."cidr-block"') 74 75 if [ -z "$LB_SUBNET_CIDR" ]; then 76 echo "Failed to get the cidr-block for subnet ${TF_VAR_label_prefix}-pub_lb" 77 exit 0 78 fi 79 80 # get current ingress-security-rules 81 oci network security-list get --security-list-id "${SEC_LIST_ID}" | jq '.data."ingress-security-rules"' > ingress-security-rules-${CLUSTER_INDEX}.json 82 if [ $? -eq 0 ]; then 83 echo "ingress-security-rules for security-list ${TF_VAR_label_prefix}-private-workers:" 84 cat ingress-security-rules-${CLUSTER_INDEX}.json 85 else 86 echo "Failed to retrieve the ingress-security-rules for security-list ${TF_VAR_label_prefix}-private-workers" 87 exit 0 88 fi 89 90 # add pub_lb_subnet ingress-security-rule 91 cat ingress-security-rules-${CLUSTER_INDEX}.json | jq --arg LB_SUBNET_CIDR "${LB_SUBNET_CIDR}" '. += [{"description": "allow pub_lb_subnet access to workers","is-stateless": false,"protocol": "6","source": $LB_SUBNET_CIDR,"tcp-options": {"destination-port-range": {"max": 32767,"min": 30000}}},{"description": "allow pub_lb_subnet health check access to workers","is-stateless": false,"protocol": "6","source": $LB_SUBNET_CIDR,"tcp-options": {"destination-port-range": {"max": 10256,"min": 10256}}}]' > new.ingress-security-rules-${CLUSTER_INDEX}.json 92 93 # update private_workers_seclist 94 oci network security-list update --force --security-list-id "${SEC_LIST_ID}" --ingress-security-rules "file://${PWD}/new.ingress-security-rules-${CLUSTER_INDEX}.json" 95 if [ $? -eq 0 ]; then 96 echo "Updated the OKE private_workers_seclist" 97 else 98 echo "Failed to update the OKE private_workers_seclist" 99 fi