From 315910772c1d798057581d1b09c763fc4d49b09f Mon Sep 17 00:00:00 2001 From: Damien A <124083497+MasqAs@users.noreply.github.com> Date: Sun, 25 Feb 2024 17:25:34 +0100 Subject: [PATCH] Feature/tailscale access (#1) * AWS_R53_ENABLED: Delete unused variable * Add Tailscale Feature - Removed R53 configuration - Updated Ansible playbook to handle empty variables - Updated Ansible playbook to use variables file - Updated README to include updated requirements --------- Co-authored-by: Damien A --- .gitignore | 1 + README.md | 50 +++++++++---------------------- ansible/clab_vars.yml.sample | 3 ++ ansible/install_containerlab.yml | 36 ++++++++++++++++++---- terraform/ec2.tf | 14 ++++----- terraform/outputs.tf | 4 --- terraform/route53-record.tf | 12 -------- terraform/terraform.tfvars.sample | 4 +-- terraform/variables.tf | 15 ---------- 9 files changed, 54 insertions(+), 85 deletions(-) create mode 100644 ansible/clab_vars.yml.sample delete mode 100755 terraform/route53-record.tf diff --git a/.gitignore b/.gitignore index 547a471..65eca7a 100755 --- a/.gitignore +++ b/.gitignore @@ -42,3 +42,4 @@ network_images/*.tar.xz .DS_Store .vscode/settings.json .vscode +ansible/clab_vars.yml diff --git a/README.md b/README.md index 97c7b4b..d8f577c 100755 --- a/README.md +++ b/README.md @@ -1,11 +1,6 @@ # AWS ContainerLab Deployment -This project automates the deployment of ContainerLab on an AWS EC2 instance using Terraform for infrastructure provisioning and Ansible for software setup and configuration. It also configures a Route53 DNS record for easy access to the ContainerLab instance. - -## To Do - -- [ ] Improving documentation -- [ ] Complete DNS configuration conditioning +This project automates the deployment of ContainerLab on an AWS EC2 instance using Terraform for infrastructure provisioning and Ansible for software setup and configuration. It also configures a [tailscale access](https://tailscale.com) for easy access to the ContainerLab instance. ## Prerequisites @@ -14,9 +9,11 @@ Before you begin, ensure you have the following prerequisites installed and conf - AWS CLI - Terraform - Ansible +- Ansible module : [ansible.posix](https://galaxy.ansible.com/ui/repo/published/ansible/posix/) - Git (if cloning the repository) - An AWS account with the necessary permissions -- A configured AWS Key Pair +- A configured [AWS Key Pair](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html) +- Tailscale [Authentication Key](https://tailscale.com/kb/1085/auth-keys) ## Installation @@ -25,13 +22,21 @@ Before you begin, ensure you have the following prerequisites installed and conf Set your AWS credentials and other sensitive data in **terraform/terraform.tfvars**. Example: - ```bash + ```tfvars AWS_ACCESS_KEY = "your_access_key" AWS_SECRET_KEY = "your_secret_key" AWS_REGION = "desired_aws_region" AWS_KEY_NAME = "your_key_pair_name" ``` + Set your Tailscale Key and your git repository or local folder in **ansible/clab_variables.yml** + + ```yml + repo_git_url: "" + local_dir_path: "" + tailscale_auth_key: "" + ``` + **Important**: Never commit terraform.tfvars to version control as it contains sensitive information. 2. **Clone the Repository** @@ -60,23 +65,6 @@ Before you begin, ensure you have the following prerequisites installed and conf terraform apply ``` - If you want to clone a specific GitHub repository during installation, pass the repository URL as a variable: - - ```bash - terraform apply -var="GITHUB_REPO_URL=https://github.com/MasqAs/projet-vxlan-automation" - ``` - - Or, if you want to push a local directory: - - ```bash - terraform apply -var="LOCAL_DIR_PATH=/path/to/your/local/directory" - ``` - - >:pen: **if you use the local folder** - >Note that there is no synchronization between your remote folder and your local folder once the instance has been created. - - Enter `yes` when prompted to proceed. - 5. **Ansible Automation** The Terraform configuration will automatically trigger the Ansible playbook install_containerlab.yml after the EC2 instance is up. This playbook configures the instance with the necessary packages and settings, installs ContainerLab, and optionally clones the specified GitHub repository. @@ -85,21 +73,11 @@ Before you begin, ensure you have the following prerequisites installed and conf The `network_images` folder is intended for Docker images that will be used by ContainerLab. These images should be pre-downloaded and placed in this folder before running the Ansible playbook. During the setup process, the images will be copied to the remote `/tmp` directory of the ContainerLab host and then imported into Docker. -## Accessing ContainerLab - -- You can access the ContainerLab instance via SSH using the public IP or the DNS name provided by Route53. -- The public IP of the instance can be found in the Terraform output. -- The DNS name will be in the format containerlab ``. - -> :warning: **ROUTE 53** -> By default, Route 53 is disabled to avoid errors in case of incomplete configuration. -> To enable it, modify the variables: `AWS_R53_ENABLED` and `AWS_R53_ZONE_ID`. -> In any case, `AWS_R53_ZONE_ID` need to be configured. - ## Customization - You can customize the deployment by modifying the Terraform variables in **terraform/variables.tf**. - The Ansible playbook can be customized by editing **ansible/install_containerlab.yml**. +- You have to configure Ansible by add variables in **ansible/clab_variables.yml** ## Clean Up diff --git a/ansible/clab_vars.yml.sample b/ansible/clab_vars.yml.sample new file mode 100644 index 0000000..d3403d1 --- /dev/null +++ b/ansible/clab_vars.yml.sample @@ -0,0 +1,3 @@ +repo_git_url: "" +local_dir_path: "" +tailscale_auth_key: "" \ No newline at end of file diff --git a/ansible/install_containerlab.yml b/ansible/install_containerlab.yml index 729e3ad..3c240a7 100755 --- a/ansible/install_containerlab.yml +++ b/ansible/install_containerlab.yml @@ -1,11 +1,14 @@ --- - hosts: all become: yes - vars: - repo_git_url: "" - local_dir_path: "" + vars_files: + - ./clab_vars.yml tasks: + - name: Set hostname to ContainerLab + hostname: + name: ContainerLab + - name: Install required system packages apt: pkg: @@ -43,6 +46,27 @@ user: name: "{{ ansible_user_id }}" group: docker + + - name: Add Tailscale GPG apt Key + apt_key: + url: https://pkgs.tailscale.com/stable/ubuntu/focal.noarmor.gpg + state: present + + - name: Add Tailscale Repository + apt_repository: + repo: deb https://pkgs.tailscale.com/stable/ubuntu/ focal main + state: present + filename: tailscale + update_cache: yes + + - name: Update apt and install Tailscale + apt: + name: tailscale + state: latest + update_cache: yes + + - name: Run Tailscale CLI command + command: "sudo tailscale up --authkey {{ tailscale_auth_key }}" - name: Install ContainerLab shell: | @@ -76,15 +100,15 @@ update: yes version: "main" become: yes - when: repo_git_url | length > 0 + when: (repo_git_url is defined) and (repo_git_url | length > 0) - name: Synchronize local directory to VM - synchronize: + ansible.posix.synchronize: src: "{{ local_dir_path }}" dest: "/opt/containerlab/projet/" recursive: yes become: yes - when: local_dir_path | length > 0 + when: (local_dir_path is defined) and (local_dir_path | length > 0) - name: Copy network images to remote /tmp directory copy: diff --git a/terraform/ec2.tf b/terraform/ec2.tf index 8da8128..04c4df3 100755 --- a/terraform/ec2.tf +++ b/terraform/ec2.tf @@ -20,12 +20,6 @@ resource "aws_security_group" "netlab_sg" { protocol = "tcp" cidr_blocks = [var.AWS_LOCAL_IP] } - ingress { - from_port = 50080 - to_port = 50080 - protocol = "tcp" - cidr_blocks = [var.AWS_LOCAL_IP] - } } resource "aws_instance" "containerlab_host" { @@ -51,9 +45,11 @@ resource "aws_instance" "containerlab_host" { provisioner "local-exec" { command = < 0 ? "${aws_route53_record.containerlab_fqdn[0].name}.${data.aws_route53_zone.selected.name}" : "" -} diff --git a/terraform/route53-record.tf b/terraform/route53-record.tf deleted file mode 100755 index 7f901d3..0000000 --- a/terraform/route53-record.tf +++ /dev/null @@ -1,12 +0,0 @@ -data "aws_route53_zone" "selected" { - zone_id = var.AWS_R53_ZONE_ID -} - -resource "aws_route53_record" "containerlab_fqdn" { - count = var.AWS_R53_ENABLED ? 1 : 0 - zone_id = var.AWS_R53_ZONE_ID - name = "containerlab" - type = "A" - ttl = "300" - records = [aws_instance.containerlab_host.public_ip] -} \ No newline at end of file diff --git a/terraform/terraform.tfvars.sample b/terraform/terraform.tfvars.sample index 1ee77d0..9f0b803 100755 --- a/terraform/terraform.tfvars.sample +++ b/terraform/terraform.tfvars.sample @@ -1,6 +1,4 @@ AWS_ACCESS_KEY = "YOURACCESSKEY" AWS_SECRET_KEY = "YOURACCESSTOKEN" AWS_KEY_NAME = "AWS_key_name" -AWS_KEY_LOCATION = "~/.ssh/aws_key.pem" -AWS_R53_ENABLED = "false" -AWS_R53_ZONE_ID = "R53_ZONE_ID" \ No newline at end of file +AWS_KEY_LOCATION = "~/.ssh/aws_key.pem" \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index a13af31..7ed9478 100755 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -2,27 +2,12 @@ variable "AWS_ACCESS_KEY" {} variable "AWS_SECRET_KEY" {} variable "AWS_KEY_NAME" {} variable "AWS_KEY_LOCATION" {} -variable "AWS_R53_ZONE_ID" {} -variable "AWS_R53_ENABLED" { - type = bool - default = false -} variable "AWS_LOCAL_IP" { type = string default = "0.0.0.0/0" } -variable "GITHUB_REPO_URL" { - type = string - default = "" -} - -variable "LOCAL_DIR_PATH" { - type = string - default = "" -} - variable "AWS_REGION" { type = string default = "eu-west-3"