Feature/tailscale access (#1)

* AWS_R53_ENABLED: Delete unused variable * Add Tailscale Feature - Removed R53 configuration - Updated Ansible playbook to handle empty variables - Updated Ansible playbook to use variables file - Updated README to include updated requirements --------- Co-authored-by: Damien A <sepales.pret0h@icloud.com>
2024-02-25 17:25:34 +01:00
parent a4170247b3
commit 315910772c
9 changed files with 54 additions and 85 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,4 @@ network_images/*.tar.xz
 .DS_Store
 .vscode/settings.json
 .vscode
+ansible/clab_vars.yml
--- a/README.md
+++ b/README.md
@@ -1,11 +1,6 @@
 # AWS ContainerLab Deployment

-This project automates the deployment of ContainerLab on an AWS EC2 instance using Terraform for infrastructure provisioning and Ansible for software setup and configuration. It also configures a Route53 DNS record for easy access to the ContainerLab instance.
-
-## To Do
-
- [ ] Improving documentation
- [ ] Complete DNS configuration conditioning
+This project automates the deployment of ContainerLab on an AWS EC2 instance using Terraform for infrastructure provisioning and Ansible for software setup and configuration. It also configures a [tailscale access](https://tailscale.com) for easy access to the ContainerLab instance.

 ## Prerequisites

@@ -14,9 +9,11 @@ Before you begin, ensure you have the following prerequisites installed and conf
 - AWS CLI
 - Terraform
 - Ansible
+- Ansible module : [ansible.posix](https://galaxy.ansible.com/ui/repo/published/ansible/posix/)
 - Git (if cloning the repository)
 - An AWS account with the necessary permissions
- A configured AWS Key Pair
+- A configured [AWS Key Pair](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html)
+- Tailscale [Authentication Key](https://tailscale.com/kb/1085/auth-keys)

 ## Installation

@@ -25,13 +22,21 @@ Before you begin, ensure you have the following prerequisites installed and conf
    Set your AWS credentials and other sensitive data in **terraform/terraform.tfvars**.  
    Example:

-    ```bash
+    ```tfvars
    AWS_ACCESS_KEY = "your_access_key"
    AWS_SECRET_KEY = "your_secret_key"
    AWS_REGION     = "desired_aws_region"
    AWS_KEY_NAME   = "your_key_pair_name"
    ```

+    Set your Tailscale Key and your git repository or local folder in **ansible/clab_variables.yml**
+
+    ```yml
+    repo_git_url: ""
+    local_dir_path: ""
+    tailscale_auth_key: ""
+    ```
+
    **Important**: Never commit terraform.tfvars to version control as it contains sensitive information.

 2. **Clone the Repository**
@@ -60,23 +65,6 @@ Before you begin, ensure you have the following prerequisites installed and conf
    terraform apply
    ```

-    If you want to clone a specific GitHub repository during installation, pass the repository URL as a variable:
-
-    ```bash
-    terraform apply -var="GITHUB_REPO_URL=https://github.com/MasqAs/projet-vxlan-automation"
-    ```
-
-    Or, if you want to push a local directory:
-
-    ```bash
-    terraform apply -var="LOCAL_DIR_PATH=/path/to/your/local/directory"
-    ```
-
-    >:pen:  **if you use the local folder**  
-    >Note that there is no synchronization between your remote folder and your local folder once the instance has been created.
-
-    Enter `yes` when prompted to proceed.
-
 5. **Ansible Automation**

    The Terraform configuration will automatically trigger the Ansible playbook install_containerlab.yml after the EC2 instance is up. This playbook configures the instance with the necessary packages and settings, installs ContainerLab, and optionally clones the specified GitHub repository.
@@ -85,21 +73,11 @@ Before you begin, ensure you have the following prerequisites installed and conf

 The `network_images` folder is intended for Docker images that will be used by ContainerLab. These images should be pre-downloaded and placed in this folder before running the Ansible playbook. During the setup process, the images will be copied to the remote `/tmp` directory of the ContainerLab host and then imported into Docker.

-## Accessing ContainerLab
-
- You can access the ContainerLab instance via SSH using the public IP or the DNS name provided by Route53.
- The public IP of the instance can be found in the Terraform output.
- The DNS name will be in the format containerlab `<your_route53_zone_name>`.
-
-> :warning: **ROUTE 53**  
-> By default, Route 53 is disabled to avoid errors in case of incomplete configuration.  
-> To enable it, modify the variables: `AWS_R53_ENABLED` and `AWS_R53_ZONE_ID`.  
-> In any case, `AWS_R53_ZONE_ID` need to be configured.
-
 ## Customization

 - You can customize the deployment by modifying the Terraform variables in **terraform/variables.tf**.
 - The Ansible playbook can be customized by editing **ansible/install_containerlab.yml**.
+- You have to configure Ansible by add variables in **ansible/clab_variables.yml**

 ## Clean Up

--- a/ansible/clab_vars.yml.sample
+++ b/ansible/clab_vars.yml.sample
@@ -0,0 +1,3 @@
+repo_git_url: ""
+local_dir_path: ""
+tailscale_auth_key: ""
--- a/ansible/install_containerlab.yml
+++ b/ansible/install_containerlab.yml
@@ -1,11 +1,14 @@
 ---
 - hosts: all
  become: yes
-  vars:
-    repo_git_url: ""
-    local_dir_path: ""
+  vars_files:
+  - ./clab_vars.yml
  tasks:

+  - name: Set hostname to ContainerLab
+    hostname:
+      name: ContainerLab
+
  - name: Install required system packages
    apt:
      pkg:
@@ -43,6 +46,27 @@
    user:
      name: "{{ ansible_user_id }}"
      group: docker
+
+  - name: Add Tailscale GPG apt Key
+    apt_key:
+      url: https://pkgs.tailscale.com/stable/ubuntu/focal.noarmor.gpg
+      state: present
+
+  - name: Add Tailscale Repository
+    apt_repository:
+      repo: deb https://pkgs.tailscale.com/stable/ubuntu/ focal main
+      state: present
+      filename: tailscale
+      update_cache: yes
+
+  - name: Update apt and install Tailscale
+    apt:
+      name: tailscale
+      state: latest
+      update_cache: yes
+
+  - name: Run Tailscale CLI command
+    command: "sudo tailscale up --authkey {{ tailscale_auth_key }}"
  
  - name: Install ContainerLab
    shell: |
@@ -76,15 +100,15 @@
      update: yes
      version: "main"
    become: yes
-    when: repo_git_url | length > 0
+    when: (repo_git_url is defined) and (repo_git_url | length > 0)

  - name: Synchronize local directory to VM
-    synchronize:
+    ansible.posix.synchronize:
      src: "{{ local_dir_path }}"
      dest: "/opt/containerlab/projet/"
      recursive: yes
    become: yes
-    when: local_dir_path | length > 0
+    when: (local_dir_path is defined) and (local_dir_path | length > 0)

  - name: Copy network images to remote /tmp directory
    copy:
--- a/terraform/ec2.tf
+++ b/terraform/ec2.tf
@@ -20,12 +20,6 @@ resource "aws_security_group" "netlab_sg" {
    protocol    = "tcp"
    cidr_blocks = [var.AWS_LOCAL_IP]
  }
-  ingress {
-    from_port   = 50080
-    to_port     = 50080
-    protocol    = "tcp"
-    cidr_blocks = [var.AWS_LOCAL_IP]
-  }
 }

 resource "aws_instance" "containerlab_host" {
@@ -51,9 +45,11 @@ resource "aws_instance" "containerlab_host" {
  provisioner "local-exec" {
    command = <<EOT
      sleep 20
-      ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u admin -i ../ansible/inventory --private-key ${var.AWS_KEY_LOCATION} ../ansible/install_containerlab.yml \
-      ${var.GITHUB_REPO_URL != "" ? "--extra-vars repo_git_url=${var.GITHUB_REPO_URL}" : ""} \
-      ${var.LOCAL_DIR_PATH != "" ? "--extra-vars local_dir_path=${var.LOCAL_DIR_PATH}" : ""}
+      ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook \
+      -u admin \
+      -i ../ansible/inventory \
+      --private-key ${var.AWS_KEY_LOCATION} \
+      ../ansible/install_containerlab.yml 
    EOT
  }
 }
--- a/terraform/outputs.tf
+++ b/terraform/outputs.tf
@@ -1,7 +1,3 @@
 output "public_ip" {
  value = aws_instance.containerlab_host.public_ip
 }
-
-output "containerlab_fqdn" {
-  value = var.AWS_R53_ENABLED && length(aws_route53_record.containerlab_fqdn) > 0 ? "${aws_route53_record.containerlab_fqdn[0].name}.${data.aws_route53_zone.selected.name}" : ""
-}
--- a/terraform/route53-record.tf
+++ b/terraform/route53-record.tf
@@ -1,12 +0,0 @@
-data "aws_route53_zone" "selected" {
-  zone_id = var.AWS_R53_ZONE_ID
-}
-
-resource "aws_route53_record" "containerlab_fqdn" {
-  count = var.AWS_R53_ENABLED ? 1 : 0
-  zone_id = var.AWS_R53_ZONE_ID
-  name    = "containerlab"
-  type    = "A"
-  ttl     = "300"
-  records = [aws_instance.containerlab_host.public_ip]
-}
--- a/terraform/terraform.tfvars.sample
+++ b/terraform/terraform.tfvars.sample
@@ -1,6 +1,4 @@
 AWS_ACCESS_KEY   = "YOURACCESSKEY"
 AWS_SECRET_KEY   = "YOURACCESSTOKEN"
 AWS_KEY_NAME     = "AWS_key_name"
-AWS_KEY_LOCATION = "~/.ssh/aws_key.pem"
-AWS_R53_ENABLED  = "false"
-AWS_R53_ZONE_ID  = "R53_ZONE_ID"
+AWS_KEY_LOCATION = "~/.ssh/aws_key.pem"
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -2,27 +2,12 @@ variable "AWS_ACCESS_KEY" {}
 variable "AWS_SECRET_KEY" {}
 variable "AWS_KEY_NAME" {}
 variable "AWS_KEY_LOCATION" {}
-variable "AWS_R53_ZONE_ID" {}
-variable "AWS_R53_ENABLED" {
-  type    = bool
-  default = false
-}

 variable "AWS_LOCAL_IP" {
  type = string
  default = "0.0.0.0/0"
 }

-variable "GITHUB_REPO_URL" {
-  type    = string
-  default = ""
-}
-
-variable "LOCAL_DIR_PATH" {
-  type    = string
-  default = ""
-}
-
 variable "AWS_REGION" {
  type    = string
  default = "eu-west-3"