-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #36 from GO-EUC/rework
Rework
- Loading branch information
Showing
35 changed files
with
618 additions
and
1,970 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,12 +1,30 @@ | ||
| # Welcome to the GO-EUC lab Citrix ADC configuration repository | ||
|
|
||
|  | ||
|
|
||
| ### Welcome to the GO-EUC lab Citrix ADC configuration repository. | ||
| ## This part of the repo is designed to get a standalone Citrix ADC up and running. The ADC does (for now) serve the following purpose | ||
|
|
||
| ### This part of the repo is designed to get a standalone Citrix ADC up and running. The ADC does (for now) serve the following purpose | ||
| - Gateway for an OnPremises Citrix VAAD Environment | ||
|
|
||
| ### Please note: this repository is a work in progress. The following tasks are considered ToDo: | ||
| ## Please note: this repository is a work in progress. The following tasks are considered ToDo | ||
|
|
||
| - Upgrade to ADC 13.1 usage | ||
| - implement AAA | ||
|
|
||
| ### HowTo | ||
| Due to runtime restrictions, for now the submodules of the terraform repo are adressed individually. The file "run.sh" executes all modules and adds the required timeouts. The process will subsequently be altered to automatically match all runtime requirements. | ||
| ## HowTo Configure | ||
|
|
||
| You need to edit the following information to make this work in your environment | ||
|
|
||
| - ADC License: A valid ADC license needs to be put into the "./sources/license" folder | ||
| - ADC OVF: your ADC image sources need to be put into "./sources/image" | ||
| - provider.tf: review the required versions | ||
| - provider.tf: select either ACME staging or production certificates | ||
| - variables.tf: adjust all variables to represent your environment. Required ones are marked with a "# Comment". | ||
|
|
||
| ## HowTo Deploy | ||
|
|
||
| - apply.sh: Due to runtime restrictions, for now, the submodules of the terraform repo are addressed individually. The file "apply.sh" executes all modules and adds the required timeouts. The process will subsequently be altered to automatically match all runtime requirements. | ||
|
|
||
| ## HowTo Delete | ||
|
|
||
| - destroy.sh: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| git pull && | ||
| terraform init -upgrade && | ||
| terraform apply --auto-approve -target="module.adc-01-build" && | ||
| terraform apply --auto-approve -target="module.adc-02-reset-password" && | ||
| terraform apply --auto-approve -target="module.adc-03-license" && | ||
| terraform apply --auto-approve -target="module.adc-04-base" && | ||
| terraform apply --auto-approve -target="module.adc-05-ssl" && | ||
| terraform apply --auto-approve -target="module.adc-06-letsencrypt-lb" && | ||
| sudo terraform apply --auto-approve -target="module.adc-07-letsencrypt" && | ||
| terraform destroy --auto-approve -target="module.adc-06-letsencrypt-lb" && | ||
| terraform apply --auto-approve -target="module.adc-09-lb" && | ||
| terraform apply --auto-approve -target="module.adc-10-gateway" && | ||
| terraform apply --auto-approve -target="module.adc-11-cs" && | ||
| terraform apply --auto-approve -target="module.adc-99-finish" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,7 @@ | ||
| terraform init && | ||
| terraform destroy --auto-approve -target="module._01_build" && | ||
| rm ./terraform.tfstate -f && | ||
| rm ./terraform.tfstate.backup -f && | ||
| rm ./.terraform.lock.hcl -f | ||
| terraform init --upgrade && | ||
| terraform destroy --auto-approve -target="module.adc-01-build" && | ||
| sleep 15s && | ||
| rm .terraform.lock.hcl -f && | ||
| rm terraform.tfstate.backup -f && | ||
| rm terraform.tfstate -f && | ||
| rm .terraform -f -r |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,49 +1,271 @@ | ||
| # Module _01_build | ||
| module "_01_build" { | ||
| source = "./modules/_01_build" | ||
| # Module terraform-module-citrix-adc-build | ||
| module "adc-01-build" { | ||
| source = "github.com/jansvensen/terraform-module-citrix-adc-build.git" | ||
|
|
||
| vsphere = { | ||
| server = var.vsphere.server | ||
| user = var.vsphere.user | ||
| password = var.vsphere.password | ||
| datacenter = var.vsphere.datacenter | ||
| host = var.vsphere.host | ||
| datastore = var.vsphere.datastore | ||
| timezone = var.vsphere.timezone | ||
| resourcepool = var.vsphere.resourcepool | ||
| } | ||
|
|
||
| vm = { | ||
| network = var.vm.network | ||
| mac = var.vm.mac | ||
| ip = var.vm.ip | ||
| gateway = var.vm.gateway | ||
| netmask = var.vm.netmask | ||
| name = var.vm.name | ||
| ovf = var.vm.ovf | ||
| } | ||
| } | ||
|
|
||
| # Module _02_reset_password | ||
| module "_02_reset_password" { | ||
| source = "./modules/_02_reset_password" | ||
| module "adc-02-reset-password" { | ||
| source = "github.com/jansvensen/terraform-module-citrix-adc-reset-password.git" | ||
|
|
||
| vm = { | ||
| ip = var.vm.ip | ||
| } | ||
| adc-base = { | ||
| username = var.adc-base.username | ||
| password = var.adc-base.password | ||
| oldpassword = var.adc-base.oldpassword | ||
| } | ||
| } | ||
|
|
||
| # Module _03_license | ||
| module "_03_license" { | ||
| source = "./modules/_03_license" | ||
| module "adc-03-license" { | ||
| source = "github.com/jansvensen/terraform-module-citrix-adc-license.git" | ||
|
|
||
| vm = { | ||
| ip = var.vm.ip | ||
| } | ||
| adc-base = { | ||
| username = var.adc-base.username | ||
| password = var.adc-base.password | ||
| } | ||
|
|
||
| adc-license = { | ||
| filename = var.adc-license.filename | ||
| filecontent = file(var.adc-license.filecontent) | ||
| } | ||
|
|
||
| } | ||
|
|
||
| # Module _04_base | ||
| module "_04_base" { | ||
| source = "./modules/_04_base" | ||
| module "adc-04-base" { | ||
| source = "github.com/jansvensen/terraform-module-citrix-adc-base.git" | ||
|
|
||
| vm = { | ||
| ip = var.vm.ip | ||
| hostname = var.vm.name | ||
| } | ||
|
|
||
| adc-base = { | ||
| username = var.adc-base.username | ||
| password = var.adc-base.password | ||
| environmentname = var.adc-base.environmentname | ||
| timezone = var.adc-base.timezone | ||
| } | ||
|
|
||
| adc-snip = { | ||
| ip = var.adc-snip.ip | ||
| netmask = var.adc-snip.netmask | ||
| icmp = var.adc-snip.icmp | ||
| } | ||
| } | ||
|
|
||
| # Module _05_letsencrypt_lb | ||
| module "_05_letsencrypt_lb" { | ||
| source = "./modules/_05_letsencrypt_lb" | ||
| module "adc-05-ssl" { | ||
| source = "github.com/jansvensen/terraform-module-citrix-adc-ssl.git" | ||
| vm = { | ||
| ip = var.vm.ip | ||
| } | ||
|
|
||
| adc-base = { | ||
| username = var.adc-base.username | ||
| password = var.adc-base.password | ||
| environmentname = var.adc-base.environmentname | ||
| fqdn_ext = var.adc-base.fqdn_ext | ||
| } | ||
| } | ||
|
|
||
| # Module _06_letsencrypt | ||
| module "_06_letsencrypt" { | ||
| source = "./modules/_06_letsencrypt" | ||
| module "adc-06-letsencrypt-lb" { | ||
| source = "github.com/jansvensen/terraform-module-citrix-adc-letsencrypt-lb.git" | ||
|
|
||
| vm = { | ||
| ip = var.vm.ip | ||
| } | ||
|
|
||
| adc-base = { | ||
| username = var.adc-base.username | ||
| password = var.adc-base.password | ||
| } | ||
|
|
||
| adc-letsencrypt-lb = { | ||
| backend-ip = var.adc-letsencrypt-lb.backend-ip | ||
| frontend-ip = var.adc-letsencrypt-lb.frontend-ip | ||
| servicetype = var.adc-letsencrypt-lb.servicetype | ||
| port = var.adc-letsencrypt-lb.port | ||
| } | ||
|
|
||
| } | ||
|
|
||
| # Module _07_ssl | ||
| module "_07_ssl" { | ||
| source = "./modules/_07_ssl" | ||
| module "adc-07-letsencrypt" { | ||
| source = "github.com/jansvensen/terraform-module-citrix-adc-letsencrypt.git" | ||
|
|
||
| vm = { | ||
| ip = var.vm.ip | ||
| } | ||
|
|
||
| adc-base = { | ||
| username = var.adc-base.username | ||
| password = var.adc-base.password | ||
| environmentname = var.adc-base.environmentname | ||
| fqdn_ext = var.adc-base.fqdn_ext | ||
| } | ||
|
|
||
| adc-letsencrypt-certificate = { | ||
| private_key_algorithm = var.adc-letsencrypt-certificate.private_key_algorithm | ||
| private_key_rsa_bits = var.adc-letsencrypt-certificate.private_key_rsa_bits | ||
| private_key_ecdsa_curve = var.adc-letsencrypt-certificate.private_key_ecdsa_curve | ||
| registration_email_address = var.adc-letsencrypt-certificate.registration_email_address | ||
| common_name = var.adc-letsencrypt-certificate.common_name | ||
| } | ||
|
|
||
| adc-letsencrypt-certificate-san = var.adc-letsencrypt-certificate-san | ||
|
|
||
| } | ||
|
|
||
| # Module _08_lb | ||
| module "_08_lb" { | ||
| source = "./modules/_08_lb" | ||
| module "adc-09-lb" { | ||
| source = "github.com/jansvensen/terraform-module-citrix-adc-lb.git" | ||
|
|
||
| vm = { | ||
| ip = var.vm.ip | ||
| } | ||
|
|
||
| adc-base = { | ||
| username = var.adc-base.username | ||
| password = var.adc-base.password | ||
| environmentname = var.adc-base.environmentname | ||
| } | ||
|
|
||
| adc-lb = { | ||
| name = var.adc-lb.name | ||
| type = var.adc-lb.type | ||
| port = var.adc-lb.port | ||
| lb-type = var.adc-lb.lb-type | ||
| backend-server = var.adc-lb.backend-server | ||
| fqdn_int = var.adc-base.fqdn_int | ||
| } | ||
| adc-lb-srv = { | ||
| name = var.adc-lb-srv.name | ||
| ip = var.adc-lb-srv.ip | ||
| } | ||
|
|
||
| adc-lb-generic = { | ||
| lbmethod = var.adc-lb-generic.lbmethod | ||
| persistencetype = var.adc-lb-generic.persistencetype | ||
| timeout = var.adc-lb-generic.timeout | ||
| sslsnicert = var.adc-lb-generic.sslsnicert | ||
| } | ||
| } | ||
|
|
||
| # Module _09_gw | ||
| module "_09_gw" { | ||
| source = "./modules/_09_gw" | ||
| module "adc-10-gateway" { | ||
| source = "github.com/jansvensen/terraform-module-citrix-adc-gw.git" | ||
|
|
||
| vm = { | ||
| ip = var.vm.ip | ||
| } | ||
|
|
||
| adc-base = { | ||
| username = var.adc-base.username | ||
| password = var.adc-base.password | ||
| environmentname = var.adc-base.environmentname | ||
| } | ||
| adc-gw = { | ||
| name = var.adc-gw.name | ||
| fqdn_ext = var.adc-base.fqdn_ext | ||
| fqdn_int = var.adc-base.fqdn_int | ||
| staserver = var.adc-gw.staserver | ||
| dnsvservername = var.adc-gw.dnsvservername | ||
| authenticationpolicy = var.adc-gw.authenticationpolicy | ||
| citrix-backend = var.adc-gw.citrix-backend | ||
| servicetype = var.adc-gw.servicetype | ||
| ip = var.adc-gw.ip | ||
| port = var.adc-gw.port | ||
| dtls = var.adc-gw.dtls | ||
| appflowlog = var.adc-gw.appflowlog | ||
| staaddresstype = var.adc-gw.staaddresstype | ||
| } | ||
|
|
||
| adc-gw-authenticationldapaction = { | ||
| type = var.adc-gw-authenticationldapaction.type | ||
| servername = var.adc-gw-authenticationldapaction.servername | ||
| ldapBase = var.adc-gw-authenticationldapaction.ldapBase | ||
| ldapBindDn = var.adc-gw-authenticationldapaction.ldapBindDn | ||
| ldapBindDnPassword = var.adc-gw-authenticationldapaction.ldapBindDnPassword | ||
| ldapLoginName = var.adc-gw-authenticationldapaction.ldapLoginName | ||
| groupAttrName = var.adc-gw-authenticationldapaction.groupAttrName | ||
| subAttributeName = var.adc-gw-authenticationldapaction.subAttributeName | ||
| ssoNameAttribute = var.adc-gw-authenticationldapaction.ssoNameAttribute | ||
| secType = var.adc-gw-authenticationldapaction.secType | ||
| passwdChange = var.adc-gw-authenticationldapaction.passwdChange | ||
| } | ||
|
|
||
| adc-gw-authenticationldappolicy = { | ||
| rule = var.adc-gw-authenticationldappolicy.rule | ||
| reqaction = var.adc-gw-authenticationldappolicy.reqaction | ||
| } | ||
| } | ||
|
|
||
| # Module _10_cs | ||
| module "_10_cs" { | ||
| source = "./modules/_10_cs" | ||
| module "adc-11-cs" { | ||
| source = "github.com/jansvensen/terraform-module-citrix-adc-cs.git" | ||
|
|
||
| vm = { | ||
| ip = var.vm.ip | ||
| } | ||
|
|
||
| adc-base = { | ||
| username = var.adc-base.username | ||
| password = var.adc-base.password | ||
| environmentname = var.adc-base.environmentname | ||
| fqdn_int = var.adc-base.fqdn_int | ||
| fqdn_ext = var.adc-base.fqdn_ext | ||
| } | ||
|
|
||
| adc-cs = { | ||
| vserver_name = var.adc-cs.vserver_name | ||
| vserver_ip = var.adc-cs.vserver_ip | ||
| vserver_port = var.adc-cs.vserver_port | ||
| vserver_type = var.adc-cs.vserver_type | ||
| } | ||
|
|
||
| adc-cs-lb = { | ||
| name = var.adc-cs-lb.name | ||
| } | ||
|
|
||
| adc-cs-gw = { | ||
| name = var.adc-cs-gw.name | ||
| } | ||
| } | ||
|
|
||
| module "adc-99-finish" { | ||
| source = "github.com/jansvensen/terraform-module-citrix-adc-finish.git" | ||
|
|
||
| vm = { | ||
| ip = var.vm.ip | ||
| } | ||
|
|
||
| adc-base = { | ||
| username = var.adc-base.username | ||
| password = var.adc-base.password | ||
| environmentname = var.adc-base.environmentname | ||
| } | ||
|
|
||
| adc-finish = { | ||
| dnsvservername = var.adc-finish.dnsvservername | ||
| dnsvservertype = var.adc-finish.dnsvservertype | ||
| } | ||
| } |
Oops, something went wrong.