google subnetting changed

README.md

@@ -35,7 +35,7 @@ Create a file `mesos.tf` containing something like this:
         name                        = "mymesoscluster"
         masters                     = "3"
         slaves                      = "5"
-        network                     = "10.20.30.0/24"
+        subnetwork                  = "10.20.30.0/24"
         domain                      = "example.com"
         mesos_version               = "0.28.0"
         image                       = "rhel-7-v20160418"
@@ -61,7 +61,7 @@ If you decide to use a specific version of Mesos, which does exist as an Ubuntu
 #### Mesos built from a specific git commit
 
 You might want to try Mesos installed from a specific commit (e.g. "69d4cf654", or "master"). In order to do it, build a GCE virtual machine image (see [images/README.md](images/README.md)) with Mesos installed and use the `GCE_IMAGE_NAME` you give it as the `image` configuration option, e.g.:
-    
+
     image = "ubuntu-1404-trusty-mesos"
 
 ### Get the Terraform module
@@ -100,7 +100,7 @@ Download the `client.ovpn` file using e.g. `scp` and use it to establish VPN wit
 
 ### Visit the web interfaces
 When the cluster is set up, check the Google Developers Console for the *internal* addresses of the master nodes (or scroll back in the output of the apply step to retrieve them).
-- Go to <http://ipaddress:5050> for the Mesos Console 
+- Go to <http://ipaddress:5050> for the Mesos Console
 - and <http://ipaddress:8080> for the Marathon Console
 
 
@@ -115,5 +115,3 @@ terraform destroy
 - Cannot reach the log files of the Mesos slave nodes from the web interface on the leading master
 
 The installation and configuration used in this module is based on this excellent howto: <https://www.digitalocean.com/community/tutorials/how-to-configure-a-production-ready-mesosphere-cluster-on-ubuntu-14-04>
-
-

firewall.tf

@@ -1,6 +1,6 @@
 resource "google_compute_firewall" "mesos-internal" {
     name = "${var.name}-mesos-internal"
-    network = "${google_compute_network.mesos-net.name}"
+    network = "${google_compute_network.mesos-global-net.name}"
 
     allow {
         protocol = "tcp"
@@ -14,13 +14,13 @@ resource "google_compute_firewall" "mesos-internal" {
         protocol = "icmp"
     }
 
-    source_ranges = ["${google_compute_network.mesos-net.ipv4_range}"]
+    source_ranges = ["${google_compute_subnetwork.mesos-net.ip_cidr_range}"]
 
 }
 
 resource "google_compute_firewall" "mesos-http" {
-    name = "${var.name}-mesos-http"
-    network = "${google_compute_network.mesos-net.name}"
+    name = "${var.name}-${var.region}-mesos-http"
+    network = "${google_compute_network.mesos-global-net.name}"
 
     allow {
         protocol = "tcp"
@@ -32,8 +32,8 @@ resource "google_compute_firewall" "mesos-http" {
 }
 
 resource "google_compute_firewall" "mesos-https" {
-    name = "${var.name}-mesos-https"
-    network = "${google_compute_network.mesos-net.name}"
+    name = "${var.name}-${var.region}-mesos-https"
+    network = "${google_compute_network.mesos-global-net.name}"
 
     allow {
         protocol = "tcp"
@@ -45,8 +45,8 @@ resource "google_compute_firewall" "mesos-https" {
 }
 
 resource "google_compute_firewall" "mesos-ssh" {
-    name = "${var.name}-mesos-ssh"
-    network = "${google_compute_network.mesos-net.name}"
+    name = "${var.name}-${var.region}-mesos-ssh"
+    network = "${google_compute_network.mesos-global-net.name}"
 
     allow {
         protocol = "tcp"
@@ -58,8 +58,8 @@ resource "google_compute_firewall" "mesos-ssh" {
 }
 
 resource "google_compute_firewall" "vpn" {
-    name = "${var.name}-vpn"
-    network = "${google_compute_network.mesos-net.name}"
+    name = "${var.name}-${var.region}-vpn"
+    network = "${google_compute_network.mesos-global-net.name}"
 
     allow {
         protocol = "udp"

master.tf

@@ -4,7 +4,7 @@ resource "google_compute_instance" "mesos-master" {
     machine_type = "${var.master_machine_type}"
     zone = "${var.zone}"
     tags = ["mesos-master","http","https","ssh","vpn"]
-    
+
     disk {
       image = "${var.image}"
       type = "pd-ssd"
@@ -16,28 +16,28 @@ resource "google_compute_instance" "mesos-master" {
       clustername = "${var.name}"
       myid = "${count.index}"
       domain = "${var.domain}"
-      network = "${var.network}"
+      subnetwork = "${var.subnetwork}"
       mesosversion = "${var.mesos_version}"
     }
 
     service_account {
        scopes = ["userinfo-email", "compute-ro", "storage-ro"]
     }
-    
+
     # network interface
     network_interface {
-      network = "${google_compute_network.mesos-net.name}"
+      subnetwork = "${google_compute_subnetwork.mesos-net.name}"
       access_config {
         // ephemeral address
       }
     }
-    
+
     # define default connection for remote provisioners
     connection {
       user = "${var.gce_ssh_user}"
       key_file = "${var.gce_ssh_private_key_file}"
     }
-    
+
     # install mesos, haproxy, docker, openvpn, and configure the node
     provisioner "remote-exec" {
       scripts = [

network.tf

@@ -1,4 +1,10 @@
-resource "google_compute_network" "mesos-net" {
-    name = "${var.name}-net"
-    ipv4_range = "${var.network}"
-}
+resource "google_compute_network" "mesos-global-net" {
+    name                    = "${var.name}-global-net"
+    auto_create_subnetworks = false # custom subnetted network will be created that can support google_compute_subnetwork resources
+}
+
+resource "google_compute_subnetwork" "mesos-net" {
+    name          = "${var.name}-${var.region}-net"
+    ip_cidr_range = "${var.subnetwork}"
+    network       = "${google_compute_network.mesos-global-net.self_link}" # parent network
+}

scripts/openvpn_install_redhat.sh

@@ -6,17 +6,17 @@ if [ ${HOSTNAME: -1} -eq 0 ]
 then
   # install packages
   sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-  sudo yum install -y openvpn easy-rsa 
-  
+  sudo yum install -y openvpn easy-rsa
+
   # use default openvpn configuration
   cd /etc/openvpn
   sudo cp  /usr/share/doc/openvpn*/sample/sample-config-files/server.conf server.conf > /dev/null
   echo "dh2048.pem" | sudo tee dh2048.pem > /dev/null
   sudo sed -i 's/dh dh1024.pem/dh dh2048.pem/g' server.conf
   sudo sed -i "s/;user nobody/user nobody/g" server.conf
   sudo sed -i "s/;group nogroup/group nogroup/g" server.conf
-  NETWORK=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/network" | cut -f1 -d"/")
-  echo "push \"route ${NETWORK} 255.255.255.0\"" | sudo tee -a server.conf > /dev/null
+  SUBNETWORK=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/subnetwork" | cut -f1 -d"/")
+  echo "push \"route ${SUBNETWORK} 255.255.255.0\"" | sudo tee -a server.conf > /dev/null
   echo "tun-mtu 1400" | sudo tee -a server.conf > /dev/null
   echo "mssfix 1360" | sudo tee -a server.conf > /dev/null
   sudo sed -i "s/;duplicate-cn/duplicate-cn/g" server.conf
@@ -63,11 +63,11 @@ then
   # enable whole network on vpn
   sudo firewall-cmd --add-masquerade
   sudo firewall-cmd --permanenet --add-masquerade
-  
+
   # create client certificates
   sudo -E ./pkitool client1
 
-  # template client config file 
+  # template client config file
   mkdir ~/openvpn && cd ~/openvpn
   sudo cp /usr/share/doc/openvpn*/sample/sample-config-files/client.conf client.ovpn
 

scripts/openvpn_install_ubuntu.sh

@@ -6,16 +6,16 @@ if [ ${HOSTNAME: -1} -eq 0 ]
 then
   # install packages
   sudo apt-get -y install openvpn easy-rsa
-  
+
   # use default openvpn configuration
   cd /etc/openvpn
   gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee server.conf > /dev/null
   echo "dh2048.pem" | sudo tee dh2048.pem > /dev/null
   sudo sed -i 's/dh dh1024.pem/dh dh2048.pem/g' server.conf
   sudo sed -i "s/;user nobody/user nobody/g" server.conf
   sudo sed -i "s/;group nogroup/group nogroup/g" server.conf
-  NETWORK=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/network" | cut -f1 -d"/")
-  echo "push \"route ${NETWORK} 255.255.255.0\"" | sudo tee -a server.conf > /dev/null
+  SUBNETWORK=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/subnetwork" | cut -f1 -d"/")
+  echo "push \"route ${SUBNETWORK} 255.255.255.0\"" | sudo tee -a server.conf > /dev/null
   echo "tun-mtu 1400" | sudo tee -a server.conf > /dev/null
   echo "mssfix 1360" | sudo tee -a server.conf > /dev/null
   sudo sed -i "s/;duplicate-cn/duplicate-cn/g" server.conf
@@ -59,11 +59,11 @@ then
 
   # enable whole network on vpn
   sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-  
+
   # create client certificates
   sudo -E ./pkitool client1
 
-  # template client config file 
+  # template client config file
   mkdir ~/openvpn && cd ~/openvpn
   sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf client.ovpn
 

slave.tf

@@ -9,7 +9,7 @@ resource "google_compute_instance" "mesos-slave" {
       image = "${var.image}"
       type = "pd-ssd"
     }
-    
+
     metadata {
       mastercount = "${var.masters}"
       clustername = "${var.name}"
@@ -22,7 +22,7 @@ resource "google_compute_instance" "mesos-slave" {
     }
 
     network_interface {
-      network = "${google_compute_network.mesos-net.name}"
+      subnetwork = "${google_compute_subnetwork.mesos-net.name}"
       access_config {
         //Ephemeral IP
       }

variables.tf

@@ -26,7 +26,7 @@ variable "slave_machine_type" {
 
 ## network stuff
 # the address of the subnet in CIDR
-variable "network" {
+variable "subnetwork" {
     default = "10.20.30.0/24"
 }
 # domain name used by haproxy
@@ -51,5 +51,3 @@ variable "slaves" {
 variable "distribution" {
     default = "redhat"
 }
-
-