Skip to content

Commit be83fc1

Browse files
author
Frank Mancina
committed
TF code for aws wavelengths
1 parent e5856e5 commit be83fc1

File tree

2 files changed

+261
-0
lines changed

2 files changed

+261
-0
lines changed

variables.tf

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
variable "profile" {
2+
type = string
3+
description = "AWS Credentials Profile to use"
4+
default = "default"
5+
}
6+
7+
variable "region" {
8+
type = string
9+
description = "This is the AWS region."
10+
validation {
11+
condition = contains(["us-east-1", "us-west-2", "ap-northeast-1", "ap-northeast-2", "eu-west-2", "eu-central-1", "eu-west-3"], var.region)
12+
error_message = "Valid values for regions supporting local Zones are: us-east-1, us-west-2, ap-northeast-1, ap-northeast-2, eu-west-2, eu-west-3 and eu-central-1"
13+
}
14+
}
15+
16+
variable "worker_key_name" {
17+
type = string
18+
description = "This is your EC2 key name."
19+
}
20+
21+
variable "cluster_name" {
22+
type = string
23+
description = "This is the name of your EKS cluster deployed to the parent region."
24+
}
25+
26+
variable "managed_node_instance_type" {
27+
type = string
28+
default = "t3.large"
29+
description = "This is the instance type for your EKS managed nodes."
30+
}
31+
variable "haproxy_instance_type" {
32+
type = string
33+
default = "r5.2xlarge"
34+
description = "This is the instance type for your HAPROXY managed nodes."
35+
}
36+
37+
variable "self_managed_node_instance_type" {
38+
type = string
39+
default = "r5.2xlarge"
40+
description = "This is the instance type for your EKS self-managed nodes."
41+
}
42+
43+
variable "wavelength_zones" {
44+
description = "This is the metadata for your Wavelength Zone subnets."
45+
type = map(object({
46+
availability_zone = string
47+
nbg = string
48+
availability_zone_id = string
49+
worker_nodes = number
50+
cidr_block = string
51+
}))
52+
}
53+
54+
# Create variable for HA mode
55+
variable "ha" {
56+
description = "Enable High Availability mode (yes/no)"
57+
type = string
58+
default = "yes"
59+
}

wavelength_vrrp.sh

Lines changed: 202 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,202 @@
1+
#!/bin/bash
2+
# -----------------------------------------------------------------------------
3+
# Author: HAPROXY Enterprise
4+
# Script Name: wavelength_vrrp.sh
5+
# Version: 1.0
6+
# Created: 2025-02-20
7+
#
8+
# Copyright (c) 2025, HAPROXY Enterprise. All rights reserved.
9+
#
10+
# Subject to the terms and conditions defined in file HAPEE-AGREEMENT-LICENSE.txt, which is part of this package.
11+
#
12+
#
13+
# -----------------------------------------------------------------------------
14+
15+
# Help function
16+
print_help() {
17+
echo "VRRP Setup Script for AWS Wavelength External Ingress Controller"
18+
echo ""
19+
echo "Required parameters:"
20+
echo " -e, --eni AWS ENI Interface ID"
21+
echo " -f, --float-ip Float IP address"
22+
echo " -l, --local-ip Local IP Device address"
23+
echo " -p, --peer-ip Peer IP address"
24+
echo " -i, --interface Network interface name"
25+
echo " -r, --priority VRRP priority"
26+
echo " -g, --region AWS region"
27+
echo ""
28+
echo "Note: This script requires:"
29+
echo " - HAProxy Enterprise apt source configured"
30+
echo " - AWS CLI installed"
31+
echo " - IAM Role with permissions to manage ENI IP addresses"
32+
exit 1
33+
}
34+
35+
# Parse command line arguments
36+
while [[ $# -gt 0 ]]; do
37+
case $1 in
38+
-e|--eni)
39+
ENI="$2"
40+
shift 2
41+
;;
42+
-f|--float-ip)
43+
IP="$2"
44+
shift 2
45+
;;
46+
-l|--local-ip)
47+
LOCALIP="$2"
48+
shift 2
49+
;;
50+
-p|--peer-ip)
51+
PEERIP="$2"
52+
shift 2
53+
;;
54+
-i|--interface)
55+
INTERFACE="$2"
56+
shift 2
57+
;;
58+
-r|--priority)
59+
PRI="$2"
60+
shift 2
61+
;;
62+
-g|--region)
63+
REGION="$2"
64+
shift 2
65+
;;
66+
-h|--help)
67+
print_help
68+
;;
69+
*)
70+
echo "Unknown parameter: $1"
71+
print_help
72+
;;
73+
esac
74+
done
75+
76+
# Check if script is run with sudo
77+
if [ "$EUID" -ne 0 ]; then
78+
echo "Please run this script with sudo"
79+
exit 1
80+
fi
81+
82+
# Validate required parameters
83+
missing_params=()
84+
[[ -z "$ENI" ]] && missing_params+=("ENI")
85+
[[ -z "$IP" ]] && missing_params+=("Float IP")
86+
[[ -z "$LOCALIP" ]] && missing_params+=("Local IP")
87+
[[ -z "$PEERIP" ]] && missing_params+=("Peer IP")
88+
[[ -z "$INTERFACE" ]] && missing_params+=("Interface")
89+
[[ -z "$PRI" ]] && missing_params+=("VRRP Priority")
90+
[[ -z "$REGION" ]] && missing_params+=("AWS Region")
91+
92+
if [ ${#missing_params[@]} -ne 0 ]; then
93+
echo "Error: Missing required parameters:"
94+
printf '%s\n' "${missing_params[@]}"
95+
print_help
96+
fi
97+
98+
# Check AWS CLI installation
99+
if ! command -v aws &> /dev/null; then
100+
echo "Error: AWS CLI is not installed"
101+
exit 1
102+
fi
103+
104+
# Check if hapee-extras-vrrp package is available
105+
if ! apt-cache show hapee-extras-vrrp &> /dev/null; then
106+
echo "Error: apt source is not installed. Please include HAProxy Enterprise apt source first"
107+
exit 1
108+
fi
109+
110+
# Install required package
111+
apt-get install -y hapee-extras-vrrp
112+
113+
# Configure sysctl
114+
echo "net.ipv4.ip_nonlocal_bind=1" | tee -a /etc/sysctl.conf
115+
sysctl -w net.ipv4.ip_nonlocal_bind=1
116+
117+
# Create IP configuration file
118+
cat > /etc/default/ip_sec << EOF
119+
IP=$IP
120+
ENI=$ENI
121+
EOF
122+
123+
# Configure VRRP
124+
cat > /etc/hapee-extras/hapee-vrrp.cfg << EOF
125+
global_defs {
126+
script_user keepalived_script
127+
enable_script_security
128+
}
129+
130+
vrrp_script chk_sshd {
131+
script "pkill -0 sshd"
132+
interval 5
133+
weight -4
134+
rise 1
135+
fall 2
136+
}
137+
138+
vrrp_script chk_lb {
139+
script "pkill -0 hapee-lb"
140+
interval 1
141+
weight 6
142+
rise 1
143+
fall 2
144+
}
145+
146+
vrrp_instance aws_vrrp {
147+
notify_master "/usr/local/sbin/general/ip_sec.sh"
148+
state BACKUP
149+
interface $INTERFACE
150+
track_interface {
151+
$INTERFACE weight -4
152+
}
153+
track_script {
154+
chk_lb
155+
chk_sshd
156+
}
157+
unicast_src_ip $LOCALIP
158+
unicast_peer {
159+
$PEERIP
160+
}
161+
virtual_router_id 1
162+
priority $PRI
163+
authentication {
164+
auth_type PASS
165+
auth_pass haproxy
166+
}
167+
virtual_ipaddress_excluded {
168+
$IP dev $INTERFACE
169+
}
170+
}
171+
EOF
172+
173+
# Create keepalived_script user
174+
useradd -m keepalived_script
175+
passwd -d keepalived_script
176+
usermod -aG sudo keepalived_script
177+
178+
# Add keepalived_script to sudoers
179+
echo "keepalived_script ALL=(ALL) NOPASSWD:ALL" | EDITOR='tee -a' visudo
180+
181+
# Configure AWS region for keepalived user
182+
sudo -u keepalived_script aws configure set region "$REGION"
183+
184+
# Create and configure ip_sec.sh script
185+
mkdir -p /usr/local/sbin/general/
186+
chmod -R +x /usr/local/sbin/general/
187+
188+
cat > /usr/local/sbin/general/ip_sec.sh << EOF
189+
#!/bin/sh
190+
. /etc/default/ip_sec
191+
aws ec2 assign-private-ip-addresses --network-interface-id "\$ENI" --private-ip-addresses "\$IP" --allow-reassignment
192+
sudo ip addr add "\$IP"/24 dev $INTERFACE
193+
EOF
194+
195+
chmod +x /usr/local/sbin/general/ip_sec.sh
196+
197+
# Enable and start VRRP service
198+
systemctl enable hapee-extras-vrrp
199+
systemctl unmask hapee-extras-vrrp
200+
systemctl start hapee-extras-vrrp
201+
202+
echo "VRRP setup completed successfully"

0 commit comments

Comments
 (0)