forked from SUSE/ha-sap-terraform-deployments
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
279 lines (265 loc) · 15.6 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
module "local_execution" {
source = "../generic_modules/local_exec"
enabled = var.pre_deployment
}
# This locals entry is used to store the IP addresses of all the machines.
# Autogenerated addresses example based in 10.0.0.0/16
# Iscsi server: 10.0.0.4
# Monitoring: 10.0.0.5
# Hana ips: 10.0.1.10, 10.0.2.11 (hana machines must be in different subnets)
# Hana cluster vip: 192.168.1.10 (virtual ip address must be in a different range than the vpc)
# Hana cluster vip secondary: 192.168.1.11
# Netweaver ips: 10.0.3.30, 10.0.4.31, 10.0.3.32, 10.0.4.33 (netweaver ASCS and ERS must be in different subnets)
# Netweaver virtual ips: 192.168.1.30, 192.168.1.31, 192.168.1.32, 192.168.1.33 (virtual ip addresses must be in a different range than the vpc)
# DRBD ips: 10.0.5.20, 10.0.6.21
# DRBD cluster vip: 192.168.1.20 (virtual ip address must be in a different range than the vpc)
# If the addresses are provided by the user will always have preference
locals {
iscsi_ip = var.iscsi_srv_ip != "" ? var.iscsi_srv_ip : cidrhost(local.infra_subnet_address_range, 4)
monitoring_ip = var.monitoring_srv_ip != "" ? var.monitoring_srv_ip : cidrhost(local.infra_subnet_address_range, 5)
# The next locals are used to map the ip index with the subnet range (something like python enumerate method)
hana_ip_start = 10
hana_ips = length(var.hana_ips) != 0 ? var.hana_ips : [for index in range(var.hana_count) : cidrhost(element(local.hana_subnet_address_range, index % 2), index + local.hana_ip_start)]
hana_cluster_vip = var.hana_cluster_vip != "" ? var.hana_cluster_vip : cidrhost(var.virtual_address_range, local.hana_ip_start)
hana_cluster_vip_secondary = var.hana_cluster_vip_secondary != "" ? var.hana_cluster_vip_secondary : cidrhost(var.virtual_address_range, local.hana_ip_start + 1)
drbd_ip_start = 20
drbd_ips = length(var.drbd_ips) != 0 ? var.drbd_ips : [for index in range(2) : cidrhost(element(local.drbd_subnet_address_range, index % 2), index + local.drbd_ip_start)]
drbd_cluster_vip = var.drbd_cluster_vip != "" ? var.drbd_cluster_vip : cidrhost(var.virtual_address_range, local.drbd_ip_start)
netweaver_xscs_server_count = var.netweaver_enabled ? (var.netweaver_ha_enabled ? 2 : 1) : 0
netweaver_count = var.netweaver_enabled ? local.netweaver_xscs_server_count + var.netweaver_app_server_count : 0
netweaver_virtual_ips_count = var.netweaver_ha_enabled ? max(local.netweaver_count, 3) : max(local.netweaver_count, 2) # We need at least 2 virtual ips, if ASCS and PAS are in the same machine
netweaver_ip_start = 30
netweaver_ips = length(var.netweaver_ips) != 0 ? var.netweaver_ips : [for index in range(local.netweaver_count) : cidrhost(element(local.netweaver_subnet_address_range, index % 2), index + local.netweaver_ip_start)]
netweaver_virtual_ips = length(var.netweaver_virtual_ips) != 0 ? var.netweaver_virtual_ips : [for ip_index in range(local.netweaver_ip_start, local.netweaver_ip_start + local.netweaver_virtual_ips_count) : cidrhost(var.virtual_address_range, ip_index)]
# Check if iscsi server has to be created
use_sbd = var.hana_cluster_fencing_mechanism == "sbd" || var.drbd_cluster_fencing_mechanism == "sbd" || var.netweaver_cluster_fencing_mechanism == "sbd"
iscsi_enabled = var.sbd_storage_type == "iscsi" && ((var.hana_count > 1 && var.hana_ha_enabled) || var.drbd_enabled || (local.netweaver_count > 1 && var.netweaver_ha_enabled)) && local.use_sbd ? true : false
# Obtain machines os_image and os_owner values
hana_os_image = var.hana_os_image != "" ? var.hana_os_image : var.os_image
hana_os_owner = var.hana_os_owner != "" ? var.hana_os_owner : var.os_owner
iscsi_os_image = var.iscsi_os_image != "" ? var.iscsi_os_image : var.os_image
iscsi_os_owner = var.iscsi_os_owner != "" ? var.iscsi_os_owner : var.os_owner
monitoring_os_image = var.monitoring_os_image != "" ? var.monitoring_os_image : var.os_image
monitoring_os_owner = var.monitoring_os_owner != "" ? var.monitoring_os_owner : var.os_owner
drbd_os_image = var.drbd_os_image != "" ? var.drbd_os_image : var.os_image
drbd_os_owner = var.drbd_os_owner != "" ? var.drbd_os_owner : var.os_owner
netweaver_os_image = var.netweaver_os_image != "" ? var.netweaver_os_image : var.os_image
netweaver_os_owner = var.netweaver_os_owner != "" ? var.netweaver_os_owner : var.os_owner
# Netweaver password checking
# If Netweaver is not enabled, a dummy password is passed to pass the variable validation and not require
# a password in this case
# Otherwise, the validation will fail unless a correct password is provided
netweaver_master_password = var.netweaver_enabled ? var.netweaver_master_password : "DummyPassword1234"
}
module "common_variables" {
source = "../generic_modules/common_variables"
provider_type = "aws"
deployment_name = local.deployment_name
reg_code = var.reg_code
reg_email = var.reg_email
reg_additional_modules = var.reg_additional_modules
ha_sap_deployment_repo = var.ha_sap_deployment_repo
additional_packages = var.additional_packages
public_key = var.public_key
private_key = var.private_key
authorized_keys = var.authorized_keys
authorized_user = "ec2-user"
provisioner = var.provisioner
provisioning_log_level = var.provisioning_log_level
provisioning_output_colored = var.provisioning_output_colored
background = var.background
monitoring_enabled = var.monitoring_enabled
monitoring_srv_ip = var.monitoring_enabled ? local.monitoring_ip : ""
qa_mode = var.qa_mode
hana_hwcct = var.hwcct
hana_sid = var.hana_sid
hana_instance_number = var.hana_instance_number
hana_cost_optimized_sid = var.hana_cost_optimized_sid
hana_cost_optimized_instance_number = var.hana_cost_optimized_instance_number
hana_master_password = var.hana_master_password
hana_cost_optimized_master_password = var.hana_cost_optimized_master_password == "" ? var.hana_master_password : var.hana_cost_optimized_master_password
hana_primary_site = var.hana_primary_site
hana_secondary_site = var.hana_secondary_site
hana_inst_folder = var.hana_inst_folder
hana_fstype = var.hana_fstype
hana_inst_master = var.hana_inst_master
hana_platform_folder = var.hana_platform_folder
hana_sapcar_exe = var.hana_sapcar_exe
hana_archive_file = var.hana_archive_file
hana_extract_dir = var.hana_extract_dir
hana_client_folder = var.hana_client_folder
hana_client_archive_file = var.hana_client_archive_file
hana_client_extract_dir = var.hana_client_extract_dir
hana_scenario_type = var.scenario_type
hana_cluster_vip_mechanism = ""
hana_cluster_vip = local.hana_cluster_vip
hana_cluster_vip_secondary = var.hana_active_active ? local.hana_cluster_vip_secondary : ""
hana_ha_enabled = var.hana_ha_enabled
hana_ignore_min_mem_check = var.hana_ignore_min_mem_check
hana_cluster_fencing_mechanism = var.hana_cluster_fencing_mechanism
hana_sbd_storage_type = var.sbd_storage_type
netweaver_sid = var.netweaver_sid
netweaver_ascs_instance_number = var.netweaver_ascs_instance_number
netweaver_ers_instance_number = var.netweaver_ers_instance_number
netweaver_pas_instance_number = var.netweaver_pas_instance_number
netweaver_master_password = local.netweaver_master_password
netweaver_product_id = var.netweaver_product_id
netweaver_inst_folder = var.netweaver_inst_folder
netweaver_extract_dir = var.netweaver_extract_dir
netweaver_swpm_folder = var.netweaver_swpm_folder
netweaver_sapcar_exe = var.netweaver_sapcar_exe
netweaver_swpm_sar = var.netweaver_swpm_sar
netweaver_sapexe_folder = var.netweaver_sapexe_folder
netweaver_additional_dvds = var.netweaver_additional_dvds
netweaver_nfs_share = var.drbd_enabled ? "${local.drbd_cluster_vip}:/${var.netweaver_sid}" : "${join("", aws_efs_file_system.netweaver-efs.*.dns_name)}:"
netweaver_sapmnt_path = var.netweaver_sapmnt_path
netweaver_hana_ip = var.hana_ha_enabled ? local.hana_cluster_vip : element(local.hana_ips, 0)
netweaver_hana_sid = var.hana_sid
netweaver_hana_instance_number = var.hana_instance_number
netweaver_hana_master_password = var.hana_master_password
netweaver_ha_enabled = var.netweaver_ha_enabled
netweaver_cluster_fencing_mechanism = var.netweaver_cluster_fencing_mechanism
netweaver_sbd_storage_type = var.sbd_storage_type
}
module "drbd_node" {
source = "./modules/drbd_node"
common_variables = module.common_variables.configuration
drbd_count = var.drbd_enabled == true ? 2 : 0
instance_type = var.drbd_instancetype
aws_region = var.aws_region
availability_zones = data.aws_availability_zones.available.names
os_image = local.drbd_os_image
os_owner = local.drbd_os_owner
vpc_id = local.vpc_id
subnet_address_range = local.drbd_subnet_address_range
key_name = aws_key_pair.key-pair.key_name
security_group_id = local.security_group_id
route_table_id = aws_route_table.route-table.id
aws_credentials = var.aws_credentials
aws_access_key_id = var.aws_access_key_id
aws_secret_access_key = var.aws_secret_access_key
host_ips = local.drbd_ips
fencing_mechanism = var.drbd_cluster_fencing_mechanism
drbd_cluster_vip = local.drbd_cluster_vip
drbd_data_disk_size = var.drbd_data_disk_size
drbd_data_disk_type = var.drbd_data_disk_type
cluster_ssh_pub = var.cluster_ssh_pub
cluster_ssh_key = var.cluster_ssh_key
iscsi_srv_ip = join("", module.iscsi_server.iscsisrv_ip)
nfs_mounting_point = var.drbd_nfs_mounting_point
nfs_export_name = var.netweaver_sid
on_destroy_dependencies = [
aws_route.public,
aws_security_group_rule.ssh,
aws_security_group_rule.outall
]
}
module "iscsi_server" {
source = "./modules/iscsi_server"
common_variables = module.common_variables.configuration
iscsi_count = local.iscsi_enabled == true ? 1 : 0
aws_region = var.aws_region
availability_zones = data.aws_availability_zones.available.names
subnet_ids = aws_subnet.infra-subnet.*.id
os_image = local.iscsi_os_image
os_owner = local.iscsi_os_owner
instance_type = var.iscsi_instancetype
key_name = aws_key_pair.key-pair.key_name
security_group_id = local.security_group_id
host_ips = [local.iscsi_ip]
lun_count = var.iscsi_lun_count
iscsi_disk_size = var.iscsi_disk_size
on_destroy_dependencies = [
aws_route_table_association.infra-subnet-route-association,
aws_route.public,
aws_security_group_rule.ssh,
aws_security_group_rule.outall
]
}
module "netweaver_node" {
source = "./modules/netweaver_node"
common_variables = module.common_variables.configuration
xscs_server_count = local.netweaver_xscs_server_count
app_server_count = var.netweaver_enabled ? var.netweaver_app_server_count : 0
instance_type = var.netweaver_instancetype
name = "netweaver"
aws_region = var.aws_region
availability_zones = data.aws_availability_zones.available.names
os_image = local.netweaver_os_image
os_owner = local.netweaver_os_owner
vpc_id = local.vpc_id
subnet_address_range = local.netweaver_subnet_address_range
key_name = aws_key_pair.key-pair.key_name
security_group_id = local.security_group_id
route_table_id = aws_route_table.route-table.id
efs_enable_mount = var.netweaver_enabled == true && var.drbd_enabled == false ? true : false
efs_file_system_id = join("", aws_efs_file_system.netweaver-efs.*.id)
aws_credentials = var.aws_credentials
aws_access_key_id = var.aws_access_key_id
aws_secret_access_key = var.aws_secret_access_key
s3_bucket = var.netweaver_s3_bucket
host_ips = local.netweaver_ips
virtual_host_ips = local.netweaver_virtual_ips
iscsi_srv_ip = join("", module.iscsi_server.iscsisrv_ip)
cluster_ssh_pub = var.cluster_ssh_pub
cluster_ssh_key = var.cluster_ssh_key
on_destroy_dependencies = [
aws_route.public,
aws_security_group_rule.ssh,
aws_security_group_rule.outall
]
}
module "hana_node" {
source = "./modules/hana_node"
common_variables = module.common_variables.configuration
hana_count = var.hana_count
instance_type = var.hana_instancetype
name = var.name
aws_region = var.aws_region
availability_zones = data.aws_availability_zones.available.names
os_image = local.hana_os_image
os_owner = local.hana_os_owner
vpc_id = local.vpc_id
subnet_address_range = local.hana_subnet_address_range
key_name = aws_key_pair.key-pair.key_name
security_group_id = local.security_group_id
route_table_id = aws_route_table.route-table.id
aws_credentials = var.aws_credentials
aws_access_key_id = var.aws_access_key_id
aws_secret_access_key = var.aws_secret_access_key
host_ips = local.hana_ips
hana_data_disk_type = var.hana_data_disk_type
hana_data_disk_size = var.hana_data_disk_size
iscsi_srv_ip = join("", module.iscsi_server.iscsisrv_ip)
cluster_ssh_pub = var.cluster_ssh_pub
cluster_ssh_key = var.cluster_ssh_key
on_destroy_dependencies = [
aws_route.public,
aws_security_group_rule.ssh,
aws_security_group_rule.outall
]
}
module "monitoring" {
source = "./modules/monitoring"
common_variables = module.common_variables.configuration
monitoring_enabled = var.monitoring_enabled
instance_type = var.monitor_instancetype
key_name = aws_key_pair.key-pair.key_name
security_group_id = local.security_group_id
monitoring_srv_ip = local.monitoring_ip
aws_region = var.aws_region
availability_zones = data.aws_availability_zones.available.names
os_image = local.monitoring_os_image
os_owner = local.monitoring_os_owner
subnet_ids = aws_subnet.infra-subnet.*.id
timezone = var.timezone
hana_targets = concat(local.hana_ips, var.hana_ha_enabled ? [local.hana_cluster_vip] : [local.hana_ips[0]]) # we use the vip for HA scenario and 1st hana machine for non HA to target the active hana instance
drbd_targets = var.drbd_enabled ? local.drbd_ips : []
netweaver_targets = var.netweaver_enabled ? local.netweaver_virtual_ips : []
on_destroy_dependencies = [
aws_route_table_association.infra-subnet-route-association,
aws_route.public,
aws_security_group_rule.ssh,
aws_security_group_rule.outall
]
}