examples/bigiq-cm-dcd-pair/main.tf

@@ -71,7 +71,7 @@ module "bigiq_mgmt_sg" {
   ingress_with_source_security_group_id = [
     {
       rule                     = "all-all"
-      source_security_group_id = module.bigiq_mgmt_sg.this_security_group_id
+      source_security_group_id = module.bigiq_mgmt_sg.security_group_id
     }
   ]
 
@@ -96,7 +96,7 @@ module "bigiq_sg" {
   ingress_with_source_security_group_id = [
     {
       rule                     = "all-all"
-      source_security_group_id = module.bigiq_mgmt_sg.this_security_group_id
+      source_security_group_id = module.bigiq_mgmt_sg.security_group_id
     }
   ]
 
@@ -122,11 +122,12 @@ module "bigiq" {
   aws_secretmanager_secret_id = aws_secretsmanager_secret.bigiq.id
 
   mgmt_subnet_security_group_ids = [
-    module.bigiq_mgmt_sg.this_security_group_id
+    module.bigiq_mgmt_sg.security_group_id
   ]
   private_subnet_security_group_ids = [
-    module.bigiq_sg.this_security_group_id
+    module.bigiq_sg.security_group_id
   ]
   vpc_private_subnet_ids = module.vpc.private_subnets
   vpc_mgmt_subnet_ids    = module.vpc.public_subnets
+  vpc_id = module.vpc.vpc_id
 }
\ No newline at end of file

main.tf

@@ -33,13 +33,13 @@ data "aws_vpc" "selected" {
 # BIG-IQ CM Interfaces
 #
 resource "aws_network_interface" "cm_mgmt" {
-  count           = length(var.vpc_mgmt_subnet_ids)
+  count           = var.cm_instance_count
   subnet_id       = var.vpc_mgmt_subnet_ids[count.index]
   security_groups = var.mgmt_subnet_security_group_ids
 }
 
 resource "aws_network_interface" "cm_private" {
-  count           = length(var.vpc_private_subnet_ids)
+  count           = var.cm_instance_count
   subnet_id       = var.vpc_private_subnet_ids[count.index]
   security_groups = var.private_subnet_security_group_ids
 }
@@ -48,13 +48,13 @@ resource "aws_network_interface" "cm_private" {
 # BIG-IQ DCD Interfaces
 #
 resource "aws_network_interface" "dcd_mgmt" {
-  count           = length(var.vpc_mgmt_subnet_ids)
+  count           = var.dcd_instance_count
   subnet_id       = var.vpc_mgmt_subnet_ids[count.index]
   security_groups = var.mgmt_subnet_security_group_ids
 }
 
 resource "aws_network_interface" "dcd_private" {
-  count           = length(var.vpc_private_subnet_ids)
+  count           = var.dcd_instance_count
   subnet_id       = var.vpc_private_subnet_ids[count.index]
   security_groups = var.private_subnet_security_group_ids
 }
@@ -220,10 +220,22 @@ resource "aws_instance" "f5_bigiq_cm" {
   }
 
   # build user_data file from template
-  user_data = templatefile("${path.module}/setup-cm-background.sh.tmpl",
+  user_data = templatefile("${path.module}/onboard.sh.tmpl",
     {
+      admin_name = var.admin_name
       admin_password = var.admin_password
       onboard_log    = var.onboard_log
+      licensekey    = var.cm_license_keys[count.index]
+      masterkey     = var.masterkey
+      personality    = "big_iq"
+      timezone       = var.timezone
+      ## todo need to update template to reflect passing of lists
+      ntp_servers    = var.ntp_servers[0]
+      dns_servers    = var.dns_servers[0]
+      dns_search_domains = var.dns_search_domains[count.index]
+      hostname       = local.hostname
+      management_ip  = aws_network_interface.cm_mgmt[count.index].private_ip
+      discovery_ip   = aws_network_interface.cm_mgmt[count.index].private_ip
     }
   )
   depends_on = [aws_eip.cm_mgmt]
@@ -232,7 +244,7 @@ resource "aws_instance" "f5_bigiq_cm" {
     Name = format("%s-cm-%d", var.prefix, count.index)
   }
 }
-
+/*
 #
 # Hack for remote exec of provisioning
 #
@@ -326,4 +338,5 @@ resource "null_resource" "cm_tst" {
       host = aws_eip.cm_mgmt[count.index].public_ip
     }
   }
-}
+}
\ No newline at end of file
+*/
\ No newline at end of file

onboard.sh.tmpl

 #!/bin/bash
-LOG_FILE=${onboardLog}
+LOG_FILE=${onboard_log}
 if [ ! -e $LOG_FILE ]
 then
      touch $LOG_FILE
@@ -42,8 +42,8 @@ while [[ "$checks" -lt 120 ]]; do
 done
 }
 waitMcpd
-admin_username='${adminName}'
-admin_password='${adminPassword}'
+admin_username='${admin_name}'
+admin_password='${admin_password}'
 tmsh create auth user $admin_username password $admin_password shell bash partition-access add { all-partitions { role admin } };
 tmsh modify auth user $admin_username shell bash partition-access add { all-partitions { role admin } };
 tmsh list auth user $admin_username
@@ -53,21 +53,14 @@ tmsh save sys config
 CREDS="$admin_username:$admin_password"
 mkdir -p /home/$admin_username/.ssh/
 cp /home/admin/.ssh/authorized_keys /home/$admin_username/.ssh/authorized_keys
-onboard_log="${onboardLog}"
-bigIqLicenseKey="${bigIqLicenseKey}"
-ntpServers="${ntpServers}"
-ntpTimeZone="${timeZone}"
-licensePoolKeys="${licensePoolKeys}"
-regPoolKeys="${regPoolKeys}"
-adminPassword='${adminPassword}'
-masterKey='${masterKey}'
-f5CloudLibsTag="${f5CloudLibsTag}"
-f5CloudLibsAzureTag="${f5CloudLibsAzureTag}"
-allowUsageAnalytics="${allowUsageAnalytics}"
-location="${location}"
-deploymentId="${deploymentId}"
-dnsSearchDomains="${dnsSearchDomains}"
-dnsServers="${dnsServers}"
+onboard_log="${onboard_log}"
+bigIqLicenseKey="${licensekey}"
+hostName="${hostname}"
+ntpServers="${ntp_servers}"
+ntpTimeZone="${timezone}"
+masterKey='${masterkey}'
+dnsSearchDomains="${dns_search_domains}"
+dnsServers="${dns_servers}"
 CURL="/usr/bin/curl"
 cloud="aws"
 mgmt_port=`tmsh list sys httpd ssl-port | grep ssl-port | sed 's/ssl-port //;s/ //g'`
@@ -80,11 +73,8 @@ licenseRegistrationUrl="/mgmt/setup/license"
 personalityUrl="/mgmt/setup/personality"
 base_url="https://raw.githubusercontent.com/F5Networks"
 base_dir="/config/cloud"
-base_log_dir="/var/log/cloud/$${cloud}"
-base_dependency_dir="$${base_dir}/$${cloud}/node_modules/@f5devcentral"
 localHost="https://localhost:"
 hostNameUrl="/mgmt/setup/address"
-hostName="${hostName}"
 masterKeyUrl="/mgmt/setup/masterkey"
 vlanUrl="/mgmt/setup/address/vlan"
 selfipUrl="/mgmt/setup/address/self-ip"
@@ -175,8 +165,8 @@ checkLicense () {
 getEulaPayload () {
 eulaPayload=$(cat -<<EOF
   {
-  "baseRegKey": "${ bigIqLicenseKey }",
-  "dossier: "$(getDossier ${ bigIqLicenseKey })",
+  "baseRegKey": "${ licensekey }",
+  "dossier: "$(getDossier ${ licensekey })",
   "eulaText": $(curl -sk --header "$(setToken)" --url $localHost$mgmt_port$licenseUrl | jq .eulaText)
   }
 EOF
@@ -289,14 +279,14 @@ EOF
 )
 discoveryPayload=$(cat -<<EOF
 {
-    "discoveryAddress": "${discoveryAddress}"
+    "discoveryAddress": "${discovery_ip}"
 }
 EOF
 )
 selfIpPayload=$(cat -<<EOF
 {
     "name": "self_discovery",
-    "address": "${discoveryAddressSelfip}",
+    "address": "${discovery_ip}",
     "vlan": "/Common/discovery"
 }
 EOF
@@ -320,7 +310,7 @@ credsPayload=$(cat -<<EOF
 }
 EOF
 )
-if [ "$bigIqLicenseKey" == "" ]; then
+if [ "$licensekey" == "" ]; then
 licensePayload=$(cat -<<EOF
   {
       "licenseText": "skipLicense:true"
@@ -330,7 +320,7 @@ EOF
 else
 licensePayload=$(cat -<<EOF
   {
-      "baseRegKey": "${ bigIqLicenseKey }",
+      "baseRegKey": "${ licensekey }",
       "addOnKeys": [],
       "activationMethod": "AUTOMATIC"
   }
@@ -339,29 +329,19 @@ EOF
 fi
 personality=$(cat -<<EOF
 {
-  "systemPersonality": "logging_node"
+  "systemPersonality": "${personality}"
 }
 EOF
 )
 waitMcpd
 check_internet_connection
-dependencies=("$${base_url}/f5-cloud-libs/$${f5CloudLibsTag}/dist/f5-cloud-libs.tar.gz")
-dependencies+=("$${base_url}/f5-cloud-libs-$${cloud}/$${f5CloudLibsAzureTag}/dist/f5-cloud-libs-$${cloud}.tar.gz")
-dependencies+=("$${base_url}/f5-cloud-libs/$${f5CloudLibsTag}/dist/verifyHash")
-
-for i in $${dependencies[@]} ; do
-    log "Downloading dependency: $i"
-    f=$(basename $i)
-    safe_download $${base_dir}/$f $i
-    # $CURL -ksf --retry 10 --retry-delay 5 --retry-max-time 240 -o $${base_dir}/$f $i
-done
 if [[ "$(waitIq)" == "ready" ]]; then
     echo "ready"
 else
     echo "failed IQ status not ready"
     exit
 fi
-if [ "$bigIqLicenseKey" == "" ]; then
+if [ "$licensekey" == "" ]; then
     echo "bigiq-license manager"
     licenseRegistration "$licensePayload"
 else
@@ -376,7 +356,7 @@ else
             echo "send eula"
         fi
         if [[ "$(checkLicense)" == "failed" ]]; then
-            if [ "$bigIqLicenseKey" == "" ]; then
+            if [ "$licensekey" == "" ]; then
                 licenseRegistration "$licensePayload"
             else
                 echo "check license key"

variables.tf

 variable "prefix" {
   description = "Prefix for resources created by this module"
   type        = string
-  default     = "terraform-aws-bigiq-demo"
+  default     = "tf-aws-bigiq"
 }
 
 variable "f5_ami_search_name" {
@@ -13,13 +13,13 @@ variable "f5_ami_search_name" {
 variable "dcd_instance_count" {
   description = "Number of BIG-IPs to deploy"
   type        = number
-  default     = 1
+  default = 1
 }
 
 variable "cm_instance_count" {
   description = "Number of BIG-IPs to deploy"
   type        = number
-  default     = 1
+  default = 1
 }
 
 variable "ec2_instance_type" {
@@ -80,7 +80,7 @@ variable "onboard_log" {
 variable "admin_name" {
   description = "Admin user on the BIG-IQ"
   type        = string
-  default     = "admin"
+  default = "admin"
 }
 
 variable "admin_password" {
@@ -115,7 +115,7 @@ variable "dns_servers" {
 variable "dns_search_domains" {
   description = "BIG-IQ DNS Search Domains"
   type        = list(string)
-  default     = ["test.local"]
+  default     = ["example.local"]
 }
 
 variable "personality" {
@@ -128,13 +128,10 @@ variable "personality" {
 variable "hostname" {
   description = "BIG-IQ Hostname"
   type        = string
-  default     = "buggered-thing-already"
+  default     = "bigiq"
 }
+
 # admin
-variable "adminName" {
-  description = "admin account name"
-  default     = "admin"
-}
 variable "masterkey" {
   description = "bigiq master key"
   default     = "ThisIsIt%1234"