Add GCP hosts module

Signed-off-by: Jim Enright <[email protected]>
Co-authored-by: Yazan Al-Yasin <[email protected]>

Author: jimright

modules/hosts/README.md

@@ -1,14 +1,16 @@
 <!-- BEGIN_TF_DOCS -->
-# Terraform Module for Hosts on ENTER\_INFRA\_PROVIDER
+# Terraform Module for Hosts on GCP
 
-> [!IMPORTANT]  
-> This readme is automation generated using the [`terraform-docs`](https://terraform-docs.io/) command with the static contenta taken from [doc\_fragments/header.md](doc\_fragments/header.md)
-
-The `hosts` module contains resource files to provision and manage <ENTER\_INFRA\_PROVIDER> instances with flexible configuration options for compute resources, storage volumes, and networking. This module is designed for Cloudera on premise infrastructure deployments on <ENTER\_INFRA\_PROVIDER>.
+The `hosts` module contains resource files to provision and manage GCP compute instances with flexible configuration options for compute resources, storage volumes, and networking. This module is designed for Cloudera on premise infrastructure deployments on GCP IaaS.
 
 ## Key Features
 
-<ENTER\_KEY\_FEATURES>
+* **Flexible Instance Deployment**: Create single instances or multiple numbered instances with customizable naming patterns
+* **Multi-Zone Distribution**: Automatically distribute instances across multiple GCP zones for high availability
+* **Public and Private IP Management**: Support for ephemeral public IPs, static external IP addresses, or private-only configurations
+* **Custom Storage Volumes**: Attach additional persistent disks with configurable size, type, and mount points
+* **SSH Key Management**: Automated SSH public key injection for secure instance access
+* **Network Tag Support**: Apply network tags for firewall rule targeting and security group management
 
 ## Usage
 
@@ -24,21 +26,50 @@ No requirements.
 
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_google"></a> [google](#provider\_google) | n/a |
 
 ## Modules
 
 No modules.
 
 ## Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [google_compute_attached_disk.inventory](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_attached_disk) | resource |
+| [google_compute_disk.inventory](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_disk) | resource |
+| [google_compute_instance.pvc_base](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance) | resource |
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_name"></a> [name](#input\_name) | Instance base name. If 'quantity' is 0, this is the exact name of the single instance. If 'quantity' > 0, name will be <name>-NN. | `string` | n/a | yes |
+| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | GCP project ID where instances will be created. | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | GCP region (e.g., us-central1) for the instances (used for regional resources if any, zone is primary for instances). | `string` | n/a | yes |
+| <a name="input_ssh_public_key"></a> [ssh\_public\_key](#input\_ssh\_public\_key) | The contents of the SSH public key to be added to the instance metadata for SSH access. | `string` | n/a | yes |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of subnet self-links or names to assign instances to. Instances will be distributed across these subnets. Must not be empty if instances are created. | `list(string)` | n/a | yes |
+| <a name="input_zones"></a> [zones](#input\_zones) | GCP zone (e.g., us-central1-a) where instances will be created. | `list(string)` | n/a | yes |
+| <a name="input_external_ip_address"></a> [external\_ip\_address](#input\_external\_ip\_address) | Optional: A pre-allocated static external IP address to assign to the instance. If provided, 'public\_ip' should typically be false as this takes precedence. | `string` | `null` | no |
+| <a name="input_image"></a> [image](#input\_image) | Self-link the image (e.g., 'debian-cloud', 'centos-cloud', or your custom project). | `any` | `null` | no |
+| <a name="input_image_os_user"></a> [image\_os\_user](#input\_image\_os\_user) | GCP image default user. (e.g., 'cloud-user' for rhel-8) | `string` | `"cloud-user"` | no |
+| <a name="input_instance_labels"></a> [instance\_labels](#input\_instance\_labels) | Map of labels (key-value pairs) to apply to the compute instances. | `map(string)` | `{}` | no |
+| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | GCP machine type (e.g., e2-medium, n1-standard-1). | `string` | `"e2-micro"` | no |
+| <a name="input_network_tags"></a> [network\_tags](#input\_network\_tags) | List of network tags to attach to instances (for firewall rules). | `list(string)` | `[]` | no |
+| <a name="input_public_ip"></a> [public\_ip](#input\_public\_ip) | Assign an ephemeral public IP address to the instance's network interface. Set to false if 'external\_ip\_address' is provided. | `bool` | `false` | no |
+| <a name="input_quantity"></a> [quantity](#input\_quantity) | Number of instances. If 0 (default), one instance will be created with the exact 'name'. If > 0, 'quantity' instances will be created with numbered names. | `number` | `0` | no |
+| <a name="input_root_volume"></a> [root\_volume](#input\_root\_volume) | Root volume configuration for the boot disk. | <pre>object({<br/>    delete_on_termination = optional(bool, true)<br/>    volume_size           = optional(number, 20)<br/>    volume_type           = optional(string, "pd-standard")<br/>  })</pre> | `{}` | no |
+| <a name="input_startup_script"></a> [startup\_script](#input\_startup\_script) | Optional startup script (content, not path) to run on instance creation. | `string` | `"#!/bin/bash\nyum makecache >> /var/log/startup_script.log 2>&1\n"` | no |
+| <a name="input_subnetwork_project_id"></a> [subnetwork\_project\_id](#input\_subnetwork\_project\_id) | The project ID of the subnetwork. Defaults to var.project\_id if not set (for non-Shared VPC scenarios). | `string` | `""` | no |
+| <a name="input_volumes"></a> [volumes](#input\_volumes) | List of additional persistent volumes to create and attach to each instance. | <pre>list(object({<br/>    name_suffix = string<br/>    device_name = string # e.g. "sdb", "sdc" (will be /dev/sdb, /dev/sdc on instance)<br/>    mount       = string<br/>    volume_size = optional(number, 100)<br/>    volume_type = optional(string, "pd-standard")<br/>    labels      = optional(map(string), {})<br/>  }))</pre> | `[]` | no |
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_instance_details"></a> [instance\_details](#output\_instance\_details) | A list of detailed information for each created instance. |
+| <a name="output_instances"></a> [instances](#output\_instances) | A list of the provisioned GCP compute instance objects. If quantity was 0, this list contains one instance. |
+| <a name="output_storage_volumes"></a> [storage\_volumes](#output\_storage\_volumes) | Map of additional storage volumes, keyed by instance ID. Each value is a list of volume details attached to that instance. |
 <!-- END_TF_DOCS -->

modules/hosts/doc_fragments/header.md

@@ -1,13 +1,15 @@
-# Terraform Module for Hosts on ENTER_INFRA_PROVIDER
+# Terraform Module for Hosts on GCP
 
-> [!IMPORTANT]  
-> This readme is automation generated using the [`terraform-docs`](https://terraform-docs.io/) command with the static contenta taken from [doc_fragments/header.md](doc_fragments/header.md)
-
-The `hosts` module contains resource files to provision and manage <ENTER_INFRA_PROVIDER> instances with flexible configuration options for compute resources, storage volumes, and networking. This module is designed for Cloudera on premise infrastructure deployments on <ENTER_INFRA_PROVIDER>.
+The `hosts` module contains resource files to provision and manage GCP compute instances with flexible configuration options for compute resources, storage volumes, and networking. This module is designed for Cloudera on premise infrastructure deployments on GCP IaaS.
 
 ## Key Features
 
-<ENTER_KEY_FEATURES>
+* **Flexible Instance Deployment**: Create single instances or multiple numbered instances with customizable naming patterns
+* **Multi-Zone Distribution**: Automatically distribute instances across multiple GCP zones for high availability
+* **Public and Private IP Management**: Support for ephemeral public IPs, static external IP addresses, or private-only configurations
+* **Custom Storage Volumes**: Attach additional persistent disks with configurable size, type, and mount points
+* **SSH Key Management**: Automated SSH public key injection for secure instance access
+* **Network Tag Support**: Apply network tags for firewall rule targeting and security group management
 
 ## Usage
 

modules/hosts/examples/ex01-minimal_inputs/main.tf

@@ -12,13 +12,169 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-provider "aws" {
-  region = var.aws_region
+provider "google" {
+  project = var.project_id
+  region  = var.region
 }
 
-module "ex01_hosts" {
-  source = "../.."
+data "google_compute_zones" "available" {
+  region = var.region
+}
+
+locals {
+  # Automatically fetches all zones in the selected region
+  zones = data.google_compute_zones.available.names
+
+  asset_tags = {
+    for k, v in var.asset_tags :
+    # Sanitize both key and value
+    lower(replace(replace(replace(replace(k,
+      " ", "-"),
+      "@", "_"),
+      ".", "_"),
+      "[^a-z0-9_-]", "-")
+    ) =>
+    lower(replace(replace(replace(replace(v,
+      " ", "-"),
+      "@", "_"),
+      ".", "_"),
+      "[^a-z0-9_-]", "-")
+    )
+  }
+
+  tag_cluster_node = "${var.prefix}-cluster-node" # General tag for all cluster instances
+
+}
+
+module "ex01_network" {
+  source = "../../../network"
+
+  project_id      = var.project_id
+  region          = var.region
+  zones           = local.zones
+  vpc_name        = "${var.prefix}-pvc-base"
+  vpc_exists      = false
+  prefix          = var.prefix
+  base_cidr_block = var.vpc_cidr
+
+  public_subnets  = var.public_subnets_config
+  private_subnets = var.private_subnets_config
+
+  asset_tags = local.asset_tags
+
+}
+
+module "ex01_nodes" {
+  source = "../../"
+
+  project_id      = var.project_id
+  region          = var.region
+  zones           = local.zones
+  name            = "${var.prefix}-hosts"
+  quantity        = 3
+  instance_labels = merge(local.asset_tags, { "cloudera-role" = "host" })
+  network_tags    = [local.tag_cluster_node]
+  image           = google_compute_image.cluster_image
+  image_os_user   = var.os_user
+  ssh_public_key  = data.tls_public_key.selected.public_key_openssh
+  subnet_ids      = [module.ex01_network.created_private_subnets[0].self_link]
+  public_ip       = true
+  instance_type   = var.instance_type
+  root_volume     = { volume_size = var.root_volume_size }
+  volumes         = var.data_volumes
+}
+
+# ------- SSH Keypair -------
+# Generate a new private key if needed
+resource "tls_private_key" "generated_private_key" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+# Save the generated private key to a file if needed
+resource "local_sensitive_file" "pem_file" {
+  filename             = "${var.prefix}-ssh-key.pem"
+  file_permission      = "600"
+  directory_permission = "700"
+  content              = tls_private_key.generated_private_key.private_key_pem
+}
+
+# Load the public key from the correct private key file
+data "tls_public_key" "selected" {
+  private_key_openssh = tls_private_key.generated_private_key.private_key_openssh
+}
+
+# ------- Image with MULTI_IP_SUBNET -------
+
+locals {
+
+  os_major_version = (
+    var.os_version != null
+    ? regex("^([0-9]+)", var.os_version)[0]
+    : "9" # default major is rhel9 if not set
+  )
 
-  # <ENTER_REQUIRED_INPUTS>
+  # os image mappings
+  os_family_map = {
+    rhel = {
+      project       = "rhel-cloud"
+      family_prefix = "rhel"
+    }
+    rocky = {
+      project       = "rocky-linux-cloud"
+      family_prefix = "rocky-linux"
+    }
+  }
 
+  gcp_image_project = lookup(
+    local.os_family_map,
+    var.os_type,
+    local.os_family_map["rhel"]
+  )["project"]
+
+  gcp_image_family = "${lookup(
+    local.os_family_map,
+    var.os_type,
+    local.os_family_map["rhel"]
+  )["family_prefix"]}-${local.os_major_version}"
+
+}
+
+# This data source gets the latest public RHEL/Rocky image to use as a source
+data "google_compute_image" "source_image" {
+  family  = local.gcp_image_family
+  project = local.gcp_image_project
 }
+
+# This resource creates your custom image with MULTI_IP_SUBNET to enable /24 mask when
+# Postgres reads "samenet" is set in pg_hba.conf
+resource "google_compute_image" "cluster_image" {
+  name         = "${var.prefix}-${local.gcp_image_family}"
+  source_image = data.google_compute_image.source_image.self_link
+  family       = local.gcp_image_family
+
+  # Enable MULTI_IP_SUBNET feature
+  dynamic "guest_os_features" {
+    for_each = toset([
+      "MULTI_IP_SUBNET",
+      "GVNIC",
+      "IDPF",
+      "SEV_CAPABLE",
+      "SEV_LIVE_MIGRATABLE",
+      "SEV_LIVE_MIGRATABLE_V2",
+      "SEV_SNP_CAPABLE",
+      "TDX_CAPABLE",
+      "UEFI_COMPATIBLE",
+      "VIRTIO_SCSI_MULTIQUEUE"
+    ])
+    content {
+      type = guest_os_features.value
+    }
+  }
+
+  labels = merge(local.asset_tags, { "guest-os-features" = "multi-ip-subnet" })
+
+  lifecycle {
+    ignore_changes = [source_image]
+  }
+}

modules/hosts/examples/ex01-minimal_inputs/terraform.tfvars.sample

@@ -12,9 +12,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# <ENTER_REQUIRED_INPUT_VALUES>
 
 # ------- Global Settings -------
-name_prefix = "<ENTER_VALUE>"
+prefix = "<ENTER_VALUE>"
 
 # ------- Cloud Settings -------
+project_id = "<ENTER_VALUE>"
+
+region = "<ENTER_VALUE>"
+