Merge pull request #12744 from cuongdo/terraform_azure

acceptance: support nightlies on Azure

Author: cuongdo

pkg/acceptance/allocator_test.go

@@ -18,41 +18,30 @@ package acceptance
 // and run tests against dedicated test clusters.
 //
 // Required setup:
-// 1. Have a GCE account.
-// 2. Have someone grant permissions (for new *and* existing objects) for the
-//    GCS bucket referenced in `archivedStoreURL`. You'll want permissions
-//    granted to the following email addresses:
-//      a. The email address you use to log into Google Cloud Console.
-//      b. Your default Google Compute Engine service account (it'll look like
-//         111111111111-compute@developer.gserviceaccount.com)
-// 3. Set the environment variable GOOGLE_PROJECT to the name of the Google
-//    Project you want Terraform to use.
+// 1. Have an Azure account.
+// 2. Passphrase-less SSH key in ~/.ssh/{azure,azure.pub}.
+// 3. Set the ARM_SUBSCRIPTION_ID, ARM_CLIENT_ID, ARM_CLIENT_SECRET, and
+//    ARM_TENANT_ID variables as documented here:
+//    https://www.terraform.io/docs/providers/azurerm/#argument-reference
 //
 // Example use:
 //
-// build/builder.sh make build && make test \
+// make test \
 //	 TESTTIMEOUT=48h \
 //	 PKG=./pkg/acceptance \
 //	 TESTS=Rebalance_3To5Small \
-//	 TESTFLAGS='-v -remote -key-name google_compute_engine -cwd terraform -tf.keep-cluster=failed -tf.cockroach-binary=../../cockroach'
+//	 TESTFLAGS='-v -remote -key-name azure -cwd terraform/azure -tf.keep-cluster=failed'
 //
 // Things to note:
-// - You must use an SSH key without a passphrase. It is recommended that you
-//   create a new key for this purpose named google_compute_engine so that
-//   gcloud and related tools can use it too. Create the key with:
-//     ssh-keygen -f ~/.ssh/google_compute_engine
-// - Your SSH key (-key-name) for Google Cloud Platform must be in
-//   ~/.ssh/google_compute_engine
+// - You must use an SSH key without a passphrase. This is a Terraform
+//   requirement.
 // - If you want to manually fiddle with a test cluster, start the test with
 //   `-tf.keep-cluster=failed". After the cluster has been created, press
 //   Control-C and the cluster will remain up.
 // - These tests rely on a specific Terraform config that's specified using the
 //   -cwd test flag.
 // - You *must* set the TESTTIMEOUT high enough for any of these tests to
-//   finish. To be safe, specify a timeout of at least 24 hours.
-// - Your Google Cloud credentials must be accessible by Terraform, as described
-//   here:
-//   https://www.terraform.io/docs/providers/google/
+//   finish. To be really safe, specify a timeout of at least 24 hours.
 // - There are various flags that start with `tf.` that control the
 //   of Terrafarm and allocator tests, respectively. For example, you can add
 //   "-tf.cockroach-binary" to TESTFLAGS to specify a custom Linux CockroachDB
@@ -64,7 +53,8 @@ package acceptance
 //
 // Troubleshooting:
 // - The minimum recommended version of Terraform is 0.7.2. If you see strange
-//   Terraform errors, upgrade your install of Terraform.
+//   Terraform errors, upgrade your install of Terraform. Terraform 0.8.x or
+//   later might not work because of breaking changes to Terraform.
 // - Adding `-tf.keep-cluster=always` to your TESTFLAGS allows the cluster to
 //   stay around after the test completes.
 

pkg/acceptance/continuous_load_test.go

@@ -38,7 +38,7 @@ import (
 //   PKG=./pkg/acceptance \
 //   TESTTIMEOUT=6h \
 //   TESTS=ContinuousLoad_BlockWriter \
-//   TESTFLAGS='-v -remote -key-name google_compute_engine -cwd terraform -nodes 4 -tf.keep-cluster=failed'
+//   TESTFLAGS='-v -remote -key-name azure -cwd terraform/azure -nodes 4 -tf.keep-cluster=failed'
 //
 // Load is generated for the duration specified by TESTTIMEOUT, minus some time
 // required for the orderly teardown of resources created by the test.  Because

pkg/acceptance/terraform/azure/main.tf

@@ -0,0 +1,266 @@
+# Terraform configuration for nightly tests running on Azure.
+#
+# To perform the required one-time Azure setup:
+# 1. Create a resource group for the tests and set ${var.azure_location} to
+#    its name.
+# 2. Create a storage account and set ${var.azure_vhd_storage_account} to its
+#    name.
+# 3. Create a storage container for the previously created storage account and
+#    set ${var.vhd_storage_container} to its name.
+
+provider "azurerm" {
+  # There are no Azure credentials here.
+  #
+  # So, set the ARM_SUBSCRIPTION_ID, ARM_CLIENT_ID, ARM_CLIENT_SECRET,
+  # ARM_TENANT_ID environment variables to provide credentials for Azure
+  # Resource Manager.
+  #
+  # See https://www.terraform.io/docs/providers/azurerm to understand the Azure
+  # permissions needed to run Terraform against it.
+}
+
+#
+# Networking.
+#
+
+resource "azurerm_virtual_network" "cockroach" {
+  name = "${var.prefix}-vn"
+  address_space = ["192.168.0.0/16"]
+  location = "${var.azure_location}"
+  resource_group_name = "${var.azure_resource_group}"
+}
+
+# Firewall rules.
+resource "azurerm_network_security_group" "cockroach" {
+  name = "${var.prefix}-nsg"
+  location = "${var.azure_location}"
+  resource_group_name = "${var.azure_resource_group}"
+
+  security_rule {
+    name = "${var.prefix}-cockroach-ssh"
+    priority = 100
+    direction = "Inbound"
+    access = "Allow"
+    protocol = "Tcp"
+    source_port_range = "*"
+    destination_port_range = "22"
+    source_address_prefix = "*"
+    destination_address_prefix = "*"
+  }
+
+  security_rule {
+    name = "${var.prefix}-cockroach-http"
+    priority = 101
+    direction = "Inbound"
+    access = "Allow"
+    protocol = "Tcp"
+    source_port_range = "*"
+    destination_port_range = "8080"
+    source_address_prefix = "*"
+    destination_address_prefix = "*"
+  }
+
+  security_rule {
+    name = "${var.prefix}-cockroach-sql"
+    priority = 102
+    direction = "Inbound"
+    access = "Allow"
+    protocol = "Tcp"
+    source_port_range = "*"
+    destination_port_range = "26257"
+    source_address_prefix = "*"
+    destination_address_prefix = "*"
+  }
+
+  # Azure Network Security Groups have a low-priority default deny all rule.
+  # See:
+  # https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg#default-rules
+
+  tags {
+    environment = "test"
+  }
+}
+
+resource "azurerm_subnet" "cockroach" {
+  name = "${var.prefix}-subnet"
+  resource_group_name = "${var.azure_resource_group}"
+  virtual_network_name = "${azurerm_virtual_network.cockroach.name}"
+  address_prefix = "192.168.1.0/24"
+}
+
+#
+# CockroachDB nodes.
+#
+
+resource "azurerm_public_ip" "cockroach" {
+  count = "${var.num_instances}"
+  name = "${var.prefix}-ip-${count.index + 1}"
+  location = "${var.azure_location}"
+  resource_group_name = "${var.azure_resource_group}"
+  public_ip_address_allocation = "dynamic"
+  domain_name_label="${var.prefix}-cockroach-${count.index + 1}"
+
+  tags {
+    environment = "test"
+  }
+}
+
+resource "azurerm_network_interface" "cockroach" {
+  count = "${var.num_instances}"
+
+  name = "${var.prefix}-cockroach-nic-${count.index + 1}"
+  location = "${var.azure_location}"
+  resource_group_name = "${var.azure_resource_group}"
+  network_security_group_id = "${azurerm_network_security_group.cockroach.id}"
+
+  ip_configuration {
+    name = "testconfiguration1"
+    subnet_id = "${azurerm_subnet.cockroach.id}"
+    private_ip_address_allocation = "dynamic"
+    public_ip_address_id = "${element(azurerm_public_ip.cockroach.*.id, count.index)}"
+  }
+}
+
+resource "azurerm_virtual_machine" "cockroach" {
+  count = "${var.num_instances}"
+  name = "${var.prefix}-cockroach-${count.index + 1}"
+  location = "${var.azure_location}"
+  resource_group_name = "${var.azure_resource_group}"
+  network_interface_ids = ["${element(azurerm_network_interface.cockroach.*.id, count.index)}"]
+  vm_size = "${var.azure_vm_size}"
+  delete_os_disk_on_termination = "true"
+
+  storage_image_reference {
+    publisher = "Canonical"
+    offer = "UbuntuServer"
+    sku = "16.04.0-LTS"
+    version = "latest"
+  }
+
+  # Don't recreate this VM when the VHD URI changes, because that may have
+  # unique identifiers that change every time this config is applied.
+  lifecycle {
+    ignore_changes  = [ "storage_os_disk" ]
+  }
+
+  storage_os_disk {
+    name = "disk1"
+    vhd_uri = "https://${var.azure_vhd_storage_account}.blob.core.windows.net/${var.vhd_storage_container}/${var.prefix}-cockroach-${count.index + 1}.vhd"
+    create_option = "FromImage"
+  }
+
+  os_profile {
+    computer_name = "${var.prefix}-cockroach-${count.index + 1}"
+    admin_username = "ubuntu"
+    # This password doesn't matter, because password auth is disabled below.
+    admin_password = "password_auth_disabled"
+  }
+
+  os_profile_linux_config {
+    disable_password_authentication = true
+    ssh_keys {
+      path = "/home/ubuntu/.ssh/authorized_keys"
+      key_data = "${file("~/.ssh/${var.key_name}.pub")}"
+    }
+  }
+
+  tags {
+    environment = "test"
+  }
+}
+
+# Supervisor config for CockroachDB nodes.
+data "template_file" "supervisor" {
+  count = "${var.num_instances}"
+  template = "${file("../common/supervisor.conf.tpl")}"
+  depends_on = [ "azurerm_virtual_machine.cockroach" ]
+
+  vars {
+    stores = "${var.stores}"
+    cockroach_port = "${var.sql_port}"
+    # The value of the --join flag must be empty for the first node,
+    # and a running node for all others. We build a list of addresses
+    # shifted by one (first element is empty), then take the value at index "instance.index".
+    join_address = "${element(concat(split(",", ""), azurerm_public_ip.cockroach.*.fqdn), count.index)}"
+    cockroach_flags = "${var.cockroach_flags}"
+    # If the following changes, (*terrafarm.Farmer).Add() must change too.
+    cockroach_env = "${var.cockroach_env}"
+    benchmark_name = "${var.benchmark_name}"
+  }
+}
+
+# Set up CockroachDB nodes.
+resource "null_resource" "cockroach-runner" {
+  count = "${var.num_instances}"
+  depends_on = [ "azurerm_virtual_machine.cockroach" ]
+
+  connection {
+    user = "ubuntu"
+    private_key = "${file(format("~/.ssh/%s", var.key_name))}"
+    host = "${element(azurerm_public_ip.cockroach.*.fqdn, count.index)}"
+  }
+
+  provisioner "file" {
+    source = "../common/download_binary.sh"
+    destination = "/home/ubuntu/download_binary.sh"
+  }
+
+  provisioner "file" {
+    source = "../common/nodectl"
+    destination = "/home/ubuntu/nodectl"
+  }
+
+  # This writes the filled-in supervisor template. It would be nice if we could
+  # use rendered templates in the file provisioner.
+  provisioner "remote-exec" {
+    inline = <<FILE
+echo '${element(data.template_file.supervisor.*.rendered, count.index)}' > supervisor.conf
+FILE
+  }
+
+  provisioner "file" {
+    # If no binary is specified, we'll copy /dev/null (always 0 bytes) to the
+    # instance. The "remote-exec" block will then overwrite that. There's no
+    # such thing as conditional file copying in Terraform, so we fake it.
+    source = "${coalesce(var.cockroach_binary, "/dev/null")}"
+    destination = "/home/ubuntu/cockroach"
+  }
+
+  # Launch CockroachDB.
+  provisioner "remote-exec" {
+    inline = [
+      # For consistency with other Terraform configs, we create the store in
+      # /mnt/data0.
+      "sudo mkdir /mnt/data0",
+      "sudo chown ubuntu:ubuntu /mnt/data0",
+      # This sleep is needed to avoid apt-get errors below. It appears that when
+      # the VM first launches, something is interfering with launches of apt-get.
+      "sleep 30",
+      # Install test dependencies. NTP synchronization is especially needed for
+      # Azure VMs.
+      "sudo apt-get -qqy update >/dev/null",
+      "sudo apt-get -qqy install supervisor ntpdate >/dev/null",
+      "sudo ntpdate -b pool.ntp.org",
+      "sudo apt-get -qqy install ntp >/dev/null",
+      "sudo sed -i  's/^#statsdir/statsdir/' /etc/ntp.conf",
+      "sudo service supervisor stop",
+      # TODO(cuongdo): Remove this dependency on Google Cloud SDK after we move
+      # the test data to Azure Storage.
+      "export CLOUD_SDK_REPO=\"cloud-sdk-$(lsb_release -c -s)\"",
+      "echo \"deb http://packages.cloud.google.com/apt $CLOUD_SDK_REPO main\" | sudo tee /etc/apt/sources.list.d/google-cloud-sdk.list",
+      "curl -sS https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -",
+      "sudo apt-get -qqy update >/dev/null",
+      "sudo apt-get -qqy install google-cloud-sdk >/dev/null",
+      # Install CockroachDB.
+      "mkdir /mnt/data0/logs",
+      "ln -sf /mnt/data0/logs logs",
+      "chmod 755 cockroach nodectl",
+      "[ $(stat --format=%s cockroach) -ne 0 ] || bash download_binary.sh cockroach/cockroach ${var.cockroach_sha}",
+      "if [ ! -e supervisor.pid ]; then supervisord -c supervisor.conf; fi",
+      "supervisorctl -c supervisor.conf start cockroach",
+      # Install load generators.
+      "bash download_binary.sh examples-go/block_writer ${var.block_writer_sha}",
+      "bash download_binary.sh examples-go/photos ${var.photos_sha}",
+    ]
+  }
+}

pkg/acceptance/terraform/azure/output.tf

@@ -0,0 +1,8 @@
+# Unlike the other cloud providers, this is a list of FQDNs instead of IP
+# addresses. This is because of an issue preventing the querying of dynamic
+# public IPs:
+#
+# https://github.com/hashicorp/terraform/issues/6634
+output "instances" {
+  value = "${join(",", azurerm_public_ip.cockroach.*.fqdn)}"
+}