From 2465ab09138529763c1dbc8a5d32c11f543cfa86 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 15 Jun 2026 17:42:43 +0200 Subject: [PATCH] See #4349. Instance mailbackup-relay.s2i2s.cloud.isti.cnr.it. --- modules/labs_common_variables/outputs.tf | 4 + modules/labs_common_variables/variables.tf | 9 +- s2i2s/mailbackup-relay/main.tf | 165 +++++++++++++++++++++ s2i2s/mailbackup-relay/outputs.tf | 19 +++ s2i2s/mailbackup-relay/provider.tf | 14 ++ s2i2s/mailbackup-relay/terraform.tfstate | 1 + 6 files changed, 210 insertions(+), 2 deletions(-) create mode 100644 s2i2s/mailbackup-relay/main.tf create mode 100644 s2i2s/mailbackup-relay/outputs.tf create mode 100644 s2i2s/mailbackup-relay/provider.tf create mode 100644 s2i2s/mailbackup-relay/terraform.tfstate diff --git a/modules/labs_common_variables/outputs.tf b/modules/labs_common_variables/outputs.tf index 47a405c..0c44c8f 100644 --- a/modules/labs_common_variables/outputs.tf +++ b/modules/labs_common_variables/outputs.tf @@ -68,6 +68,10 @@ output "el7_data_file" { value = var.el7_data_file } +output "almalinux9_data_file" { + value = var.almalinux9_data_file +} + output "ssh_jump_proxy" { value = var.ssh_jump_proxy } diff --git a/modules/labs_common_variables/variables.tf b/modules/labs_common_variables/variables.tf index 3d03ba9..c5b78bc 100644 --- a/modules/labs_common_variables/variables.tf +++ b/modules/labs_common_variables/variables.tf @@ -67,8 +67,9 @@ variable "centos_7" { variable "almalinux_9" { type = map(string) default = { - name = "AlmaLinux-9.0-20220718" - uuid = "541650fc-dd19-4f38-bb1d-7333ed9dd688" + name = "AlmaLinux-9.0-20220718" + uuid = "541650fc-dd19-4f38-bb1d-7333ed9dd688" + user_data_file = "../../s2i2s_openstack_vm_data_scripts/almalinux9.sh" } } @@ -84,6 +85,10 @@ variable "el7_data_file" { default = "../../s2i2s_openstack_vm_data_scripts/el.sh" } +variable "almalinux9_data_file" { + default = "../../s2i2s_openstack_vm_data_scripts/almalinux9.sh" +} + variable "ssh_jump_proxy" { type = map(string) default = { diff --git a/s2i2s/mailbackup-relay/main.tf b/s2i2s/mailbackup-relay/main.tf new file mode 100644 index 0000000..bd210f8 --- /dev/null +++ b/s2i2s/mailbackup-relay/main.tf @@ -0,0 +1,165 @@ +# Dovecot mailbox backup relay (replacement for the old KVM +# bareos-mailbackup-relay.isti.cnr.it). +# +# AlmaLinux 9 VM in the S2I2S OpenStack project. It receives the per-user +# mdbox trees pushed by the imap{1..4}-b backends via `doveadm backup` / +# `dsync` over SSH and stages them on a large dedicated data volume; bareos-fd +# (port 9102) running on this host backs that volume up to the Bareos Director. +# +# On the production IMAP servers attachments are single-instance (shared +# between recipients); `doveadm backup` breaks that deduplication, so the +# staging tree needs far more space than the old 1.5 TB relay. Hence the 5 TB +# data volume here. + +data "terraform_remote_state" "privnet_dns_router" { + backend = "local" + config = { + path = "../main_net_dns_router/terraform.tfstate" + } +} + +# Project core resources (security groups, etc.) +data "terraform_remote_state" "project_setup" { + backend = "local" + config = { + path = "../project-setup/terraform.tfstate" + } +} + +module "labs_common_variables" { + source = "../../modules/labs_common_variables" +} + +module "ssh_settings" { + source = "../../modules/ssh-key-ref" +} + +locals { + # Bareos Director address (bareos-fd listens for it on 9102) + bareos_director_cidr = "146.48.28.141/32" + + # S2I2S area network: the imap backends SSH in from here to push mailboxes, + # and it is also the admin network. + ssh_source_cidr = "146.48.28.0/22" + + # From the network/DNS remote state + dns_zone = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone + dns_zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id + main_private_network_id = data.terraform_remote_state.privnet_dns_router.outputs.main_private_network_id + main_private_subnet_id = data.terraform_remote_state.privnet_dns_router.outputs.main_subnet_network_id + floating_ip_pool = data.terraform_remote_state.privnet_dns_router.outputs.floating_ip_pools.main_public_ip_pool + + # From the project-setup remote state + default_security_group_id = data.terraform_remote_state.project_setup.outputs.default_security_group_id + + # From common variables + availability_zone = module.labs_common_variables.availability_zones_names.availability_zone_no_gpu +} + +# --- Security group: SSH from the area network + bareos-fd from the Director --- +resource "openstack_networking_secgroup_v2" "relay_access" { + name = "mailbackup-relay-access" + description = "SSH from the S2I2S area network and bareos-fd from the Director" + delete_default_rules = true +} + +resource "openstack_networking_secgroup_rule_v2" "ssh_ingress" { + security_group_id = openstack_networking_secgroup_v2.relay_access.id + description = "SSH from the S2I2S area network (imap backends push + admin)" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = local.ssh_source_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "bareos_fd_ingress" { + security_group_id = openstack_networking_secgroup_v2.relay_access.id + description = "bareos-fd from the Bareos Director" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9102 + port_range_max = 9102 + remote_ip_prefix = local.bareos_director_cidr +} + +# --- Network port (main private network) --- +resource "openstack_networking_port_v2" "relay_port" { + name = "mailbackup-relay-port" + admin_state_up = true + network_id = local.main_private_network_id + security_group_ids = [ + local.default_security_group_id, + openstack_networking_secgroup_v2.relay_access.id, + ] + fixed_ip { + subnet_id = local.main_private_subnet_id + } +} + +# --- Data volume (5 TB, SSD-backed) --- +resource "openstack_blockstorage_volume_v3" "relay_data_vol" { + name = "mailbackup-relay-data" + size = 5120 + volume_type = "CephSSD" + enable_online_resize = true +} + +# --- Compute instance --- +resource "openstack_compute_instance_v2" "relay" { + name = "mailbackup-relay" + availability_zone_hints = local.availability_zone + flavor_name = "m2.medium" + key_pair = module.ssh_settings.ssh_key_name + + block_device { + uuid = module.labs_common_variables.almalinux_9.uuid + source_type = "image" + volume_size = 20 + boot_index = 0 + destination_type = "volume" + delete_on_termination = false + } + + network { + port = openstack_networking_port_v2.relay_port.id + } + + user_data = file("${module.labs_common_variables.almalinux9_data_file}") + + lifecycle { + ignore_changes = [ + key_pair, user_data, network + ] + } +} + +# --- Attach the data volume --- +resource "openstack_compute_volume_attach_v2" "relay_data_attach" { + instance_id = openstack_compute_instance_v2.relay.id + volume_id = openstack_blockstorage_volume_v3.relay_data_vol.id + device = "/dev/vdb" +} + +# --- Floating IP --- +resource "openstack_networking_floatingip_v2" "relay_ip" { + pool = local.floating_ip_pool + description = "Dovecot mailbox backup relay" +} + +resource "openstack_networking_floatingip_associate_v2" "relay_ip" { + floating_ip = openstack_networking_floatingip_v2.relay_ip.address + port_id = openstack_networking_port_v2.relay_port.id +} + +# --- DNS record --- +resource "openstack_dns_recordset_v2" "relay_dns" { + zone_id = local.dns_zone_id + name = "mailbackup-relay.${local.dns_zone.name}" + description = "Public IP of the Dovecot mailbox backup relay" + ttl = 8600 + type = "A" + records = [openstack_networking_floatingip_v2.relay_ip.address] +} diff --git a/s2i2s/mailbackup-relay/outputs.tf b/s2i2s/mailbackup-relay/outputs.tf new file mode 100644 index 0000000..4498e49 --- /dev/null +++ b/s2i2s/mailbackup-relay/outputs.tf @@ -0,0 +1,19 @@ +output "relay_instance_id" { + description = "Instance ID of the mailbox backup relay VM" + value = openstack_compute_instance_v2.relay.id +} + +output "relay_public_ip" { + description = "Floating IP address of the mailbox backup relay" + value = openstack_networking_floatingip_v2.relay_ip.address +} + +output "relay_fqdn" { + description = "DNS name of the mailbox backup relay" + value = openstack_dns_recordset_v2.relay_dns.name +} + +output "relay_private_ip" { + description = "Private IP address of the mailbox backup relay" + value = openstack_networking_port_v2.relay_port.all_fixed_ips +} diff --git a/s2i2s/mailbackup-relay/provider.tf b/s2i2s/mailbackup-relay/provider.tf new file mode 100644 index 0000000..a890a41 --- /dev/null +++ b/s2i2s/mailbackup-relay/provider.tf @@ -0,0 +1,14 @@ +# Define required providers +terraform { + required_version = ">= 0.14.0" + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = ">= 2.0.0" + } + } +} + +provider "openstack" { + cloud = "s2i2s" +} diff --git a/s2i2s/mailbackup-relay/terraform.tfstate b/s2i2s/mailbackup-relay/terraform.tfstate new file mode 100644 index 0000000..77bf112 --- /dev/null +++ b/s2i2s/mailbackup-relay/terraform.tfstate @@ -0,0 +1 @@ +{"version":4,"terraform_version":"1.11.6","serial":2,"lineage":"f9a2b5d2-404e-18a6-4b56-e2adc0b26b4b","outputs":{"relay_fqdn":{"value":"mailbackup-relay.s2i2s.cloud.isti.cnr.it.","type":"string"},"relay_instance_id":{"value":"bfa00699-1e56-412f-be73-741a057f32d5","type":"string"},"relay_private_ip":{"value":["10.10.3.104"],"type":["list","string"]},"relay_public_ip":{"value":"146.48.31.50","type":"string"}},"resources":[{"mode":"data","type":"terraform_remote_state","name":"privnet_dns_router","provider":"provider[\"terraform.io/builtin/terraform\"]","instances":[{"schema_version":0,"attributes":{"backend":"local","config":{"value":{"path":"../main_net_dns_router/terraform.tfstate"},"type":["object",{"path":"string"}]},"defaults":null,"outputs":{"value":{"almalinux_9":{"name":"AlmaLinux-9.0-20220718","uuid":"541650fc-dd19-4f38-bb1d-7333ed9dd688"},"availability_zone_no_gpu_name":"cnr-isti-nova-a","availability_zone_with_gpu_name":"cnr-isti-nova-gpu-a","availability_zones_names":{"availability_zone_no_gpu":"cnr-isti-nova-a","availability_zone_with_gpu":"cnr-isti-nova-gpu-a"},"centos_7":{"name":"CentOS-7","user_data_file":"../../s2i2s_openstack_vm_data_scripts/el.sh","uuid":"f0187a99-64f6-462a-ab5f-ef52fe62f2ca"},"default_security_group_name":"default_for_all","dns_zone":{"attributes":{},"description":"DNS primary zone for the S2I2S project","disable_status_check":false,"email":"postmaster@isti.cnr.it","id":"e826e777-0196-4f63-b2a9-df07f70e618f","masters":[],"name":"s2i2s.cloud.isti.cnr.it.","project_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","region":"isti_area_pi_1","timeouts":null,"ttl":8600,"type":"PRIMARY","value_specs":null},"dns_zone_id":"e826e777-0196-4f63-b2a9-df07f70e618f","el7_data_file":"../../s2i2s_openstack_vm_data_scripts/el.sh","external_gateway_ip":[{"ip_address":"146.48.30.6","subnet_id":"57f87509-4016-46fb-b8c3-25fca7f72ccb"}],"external_network":{"id":"1d2ff137-6ff7-4017-be2b-0d6c4af2353b","name":"external-network"},"external_network_id":"1d2ff137-6ff7-4017-be2b-0d6c4af2353b","flavor_list":{"c1_large":"c1.large","c1_medium":"c1.medium","c1_small":"c1.small","c2_large":"c2.large","m1_large":"m1.large","m1_medium":"m1.medium","m1_xlarge":"m1.xlarge","m1_xxl":"m1.xxl","m2_large":"m2.large","m2_medium":"m2.medium","m2_small":"m2.small","m3_large":"m3.large"},"floating_ip_pools":{"main_public_ip_pool":"external-network"},"main_private_network":{"admin_state_up":true,"all_tags":[],"availability_zone_hints":[],"description":"S2I2S private network (use this as the main network)","dns_domain":"s2i2s.cloud.isti.cnr.it.","external":false,"id":"f371c239-6d5d-4ac8-a17e-af607752d82c","mtu":8942,"name":"s2i2s-proj-main","port_security_enabled":true,"qos_policy_id":"","region":"isti_area_pi_1","segments":[{"network_type":"geneve","physical_network":"","segmentation_id":47850}],"shared":false,"tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"transparent_vlan":false,"value_specs":null},"main_private_network_id":"f371c239-6d5d-4ac8-a17e-af607752d82c","main_region":"isti_area_pi_1","main_subnet_network":{"all_tags":[],"allocation_pool":[{"end":"10.10.7.254","start":"10.10.1.1"}],"cidr":"10.10.0.0/21","description":"S2I2S main private subnet","dns_nameservers":["146.48.29.97","146.48.29.98","146.48.29.99"],"dns_publish_fixed_ip":false,"enable_dhcp":true,"gateway_ip":"10.10.0.1","id":"19c649ee-96ea-438b-ac0c-512afdf5046d","ip_version":4,"ipv6_address_mode":"","ipv6_ra_mode":"","name":"s2i2s-proj-main-subnet","network_id":"f371c239-6d5d-4ac8-a17e-af607752d82c","no_gateway":false,"prefix_length":null,"region":"isti_area_pi_1","segment_id":"","service_types":[],"subnetpool_id":"","tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"value_specs":null},"main_subnet_network_id":"19c649ee-96ea-438b-ac0c-512afdf5046d","mtu_size":8942,"os_project_data":{"id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","name":"s2i2s-proj-cloud"},"policy_list":{"affinity":"affinity","anti_affinity":"anti-affinity","soft_affinity":"soft-affinity","soft_anti_affinity":"soft-anti-affinity"},"resolvers_ip":["146.48.29.97","146.48.29.98","146.48.29.99"],"ssh_sources":{"d4s_vpn_1_cidr":"146.48.122.27/32","d4s_vpn_2_cidr":"146.48.122.49/32","infrascience_net_cidr":"146.48.122.0/23","isti_net_cidr":"146.48.80.0/21","isti_vpn_gw1":"146.48.80.101/32","isti_vpn_gw2":"146.48.80.102/32","isti_vpn_gw3":"146.48.80.103/32","s2i2s_net_cidr":"146.48.28.0/22","s2i2s_vpn_1_cidr":"146.48.28.10/32","s2i2s_vpn_2_cidr":"146.48.28.11/32","shell_d4s_cidr":"146.48.122.95/32"},"ubuntu2204_data_file":"../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh","ubuntu_2204":{"name":"Ubuntu-Jammy-22.04","user_data_file":"../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh","uuid":"54768889-8556-4be4-a2eb-82a4d9b34627"}},"type":["object",{"almalinux_9":["map","string"],"availability_zone_no_gpu_name":"string","availability_zone_with_gpu_name":"string","availability_zones_names":["map","string"],"centos_7":["map","string"],"default_security_group_name":"string","dns_zone":["object",{"attributes":["map","string"],"description":"string","disable_status_check":"bool","email":"string","id":"string","masters":["set","string"],"name":"string","project_id":"string","region":"string","timeouts":["object",{"create":"string","delete":"string","update":"string"}],"ttl":"number","type":"string","value_specs":["map","string"]}],"dns_zone_id":"string","el7_data_file":"string","external_gateway_ip":["list",["object",{"ip_address":"string","subnet_id":"string"}]],"external_network":["map","string"],"external_network_id":"string","flavor_list":["map","string"],"floating_ip_pools":["map","string"],"main_private_network":["object",{"admin_state_up":"bool","all_tags":["set","string"],"availability_zone_hints":["set","string"],"description":"string","dns_domain":"string","external":"bool","id":"string","mtu":"number","name":"string","port_security_enabled":"bool","qos_policy_id":"string","region":"string","segments":["set",["object",{"network_type":"string","physical_network":"string","segmentation_id":"number"}]],"shared":"bool","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"create":"string","delete":"string"}],"transparent_vlan":"bool","value_specs":["map","string"]}],"main_private_network_id":"string","main_region":"string","main_subnet_network":["object",{"all_tags":["set","string"],"allocation_pool":["set",["object",{"end":"string","start":"string"}]],"cidr":"string","description":"string","dns_nameservers":["list","string"],"dns_publish_fixed_ip":"bool","enable_dhcp":"bool","gateway_ip":"string","id":"string","ip_version":"number","ipv6_address_mode":"string","ipv6_ra_mode":"string","name":"string","network_id":"string","no_gateway":"bool","prefix_length":"number","region":"string","segment_id":"string","service_types":["list","string"],"subnetpool_id":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"create":"string","delete":"string"}],"value_specs":["map","string"]}],"main_subnet_network_id":"string","mtu_size":"number","os_project_data":["map","string"],"policy_list":["map","string"],"resolvers_ip":["list","string"],"ssh_sources":["map","string"],"ubuntu2204_data_file":"string","ubuntu_2204":["map","string"]}]},"workspace":null},"sensitive_attributes":[]}]},{"mode":"data","type":"terraform_remote_state","name":"project_setup","provider":"provider[\"terraform.io/builtin/terraform\"]","instances":[{"schema_version":0,"attributes":{"backend":"local","config":{"value":{"path":"../project-setup/terraform.tfstate"},"type":["object",{"path":"string"}]},"defaults":null,"outputs":{"value":{"access_to_the_jump_proxy":{"all_tags":[],"delete_default_rules":true,"description":"Security group that allows SSH access to the jump node from a limited set of sources","id":"4c6b6683-77fa-4d1a-8ba2-41acf10a12ba","name":"ssh_access_to_the_jump_node","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"availability_zones_names":{"availability_zone_no_gpu":"cnr-isti-nova-a","availability_zone_with_gpu":"cnr-isti-nova-gpu-a"},"basic_services_ip":{"ca":"10.10.0.4","ca_cidr":"10.10.0.4/32","haproxy_l7_1":"10.10.0.11","haproxy_l7_1_cidr":"10.10.0.11/32","haproxy_l7_2":"10.10.0.12","haproxy_l7_2_cidr":"10.10.0.12/32","octavia_main":"10.10.0.20","octavia_main_cidr":"10.10.0.20/32","prometheus":"10.10.0.10","prometheus_cidr":"10.10.0.10/32","ssh_jump":"10.10.0.5","ssh_jump_cidr":"10.10.0.5/32"},"debugging":{"all_tags":[],"delete_default_rules":true,"description":"Security group that allows web app debugging via tunnel from the ssh jump node","id":"6c21f51b-9cad-4051-99b6-221bed658a83","name":"debugging_from_jump_node","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"default_security_group":{"all_tags":[],"delete_default_rules":true,"description":"Default security group with rules for ssh access via jump proxy, prometheus scraping","id":"1ec8a419-f9cf-473f-a022-6499d67d57b8","name":"default_for_all","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"default_security_group_id":"1ec8a419-f9cf-473f-a022-6499d67d57b8","default_security_group_name":"default_for_all","dns_zone":{"attributes":{},"description":"DNS primary zone for the S2I2S project","disable_status_check":false,"email":"postmaster@isti.cnr.it","id":"e826e777-0196-4f63-b2a9-df07f70e618f","masters":[],"name":"s2i2s.cloud.isti.cnr.it.","project_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","region":"isti_area_pi_1","timeouts":null,"ttl":8600,"type":"PRIMARY","value_specs":null},"dns_zone_id":"e826e777-0196-4f63-b2a9-df07f70e618f","floating_ip_pools":{"main_public_ip_pool":"external-network"},"haproxy_l7_data":{"flavor":"m1.medium","name":"main-haproxy-l7","vm_count":"2"},"internal_ca_data":{"flavor":"m1.small","name":"ca"},"internal_ca_id":"286b7a4d-33c6-451f-9019-d9fd79265181","main_haproxy_l7_ids":["b42a0e99-6172-4a5d-886c-c0fb016da60e","b770644a-5c39-4db2-8811-fb62751bd789"],"main_haproxy_l7_ip":["10.10.0.11","10.10.0.12"],"main_lb_to_haproxy_l7_security_group":{"all_tags":[],"delete_default_rules":true,"description":"Traffic coming from the main L4 lb directed to the haproxy l7 servers","id":"613cacac-ac46-46ab-ba7a-d66f61cce84d","name":"traffic_from_main_lb_to_haproxy_l7","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"main_loadbalancer_hostname":"octavia-main-lb.s2i2s.cloud.isti.cnr.it.","main_loadbalancer_id":"44dbe548-a436-4816-927a-2912f443b50f","main_loadbalancer_ip":"10.10.0.20","main_loadbalancer_public_ip":"146.48.30.30","main_private_network":{"admin_state_up":true,"all_tags":[],"availability_zone_hints":[],"description":"S2I2S private network (use this as the main network)","dns_domain":"s2i2s.cloud.isti.cnr.it.","external":false,"id":"f371c239-6d5d-4ac8-a17e-af607752d82c","mtu":8942,"name":"s2i2s-proj-main","port_security_enabled":true,"qos_policy_id":"","region":"isti_area_pi_1","segments":[{"network_type":"geneve","physical_network":"","segmentation_id":47850}],"shared":false,"tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"transparent_vlan":false,"value_specs":null},"main_private_subnet":{"all_tags":[],"allocation_pool":[{"end":"10.10.7.254","start":"10.10.1.1"}],"cidr":"10.10.0.0/21","description":"S2I2S main private subnet","dns_nameservers":["146.48.29.97","146.48.29.98","146.48.29.99"],"dns_publish_fixed_ip":false,"enable_dhcp":true,"gateway_ip":"10.10.0.1","id":"19c649ee-96ea-438b-ac0c-512afdf5046d","ip_version":4,"ipv6_address_mode":"","ipv6_ra_mode":"","name":"s2i2s-proj-main-subnet","network_id":"f371c239-6d5d-4ac8-a17e-af607752d82c","no_gateway":false,"prefix_length":null,"region":"isti_area_pi_1","segment_id":"","service_types":[],"subnetpool_id":"","tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"value_specs":null},"main_region":"isti_area_pi_1","main_subnet_network_id":"19c649ee-96ea-438b-ac0c-512afdf5046d","mtu_size":8942,"os_project_data":{"id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","name":"s2i2s-proj-cloud"},"prometheus_access_from_grafana":{"all_tags":[],"delete_default_rules":true,"description":"The public grafana server must be able to get data from Prometheus","id":"48e9366f-23a8-47df-abcd-66f84d4af395","name":"prometheus_access_from_grafana","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"prometheus_hostname":"prometheus.s2i2s.cloud.isti.cnr.it.","prometheus_public_ip":"146.48.31.67","prometheus_server_data":{"flavor":"m1.medium","name":"prometheus","public_grafana_server_cidr":"146.48.28.103/32","vol_data_device":"/dev/vdb","vol_data_name":"prometheus-data","vol_data_size":"100"},"prometheus_server_id":"d2a37e7c-3eaa-4929-b70d-cfb55416d8bc","public_web":{"all_tags":[],"delete_default_rules":true,"description":"Security group that allows HTTPS and HTTP from everywhere, for the services that are not behind any load balancer","id":"31140e64-667a-4044-b388-79afcc6bcb69","name":"public_web_service","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"resolvers_ip":["146.48.29.97","146.48.29.98","146.48.29.99"],"restricted_web":{"all_tags":[],"delete_default_rules":true,"description":"Security group that restricts HTTPS sources to the VPN nodes and shell.d4science.org. HTTP is open to all, because letsencrypt","id":"359d7ae7-cdff-47c2-bf69-7d423860d2d2","name":"restricted_web_service","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"ssh_jump_proxy":{"flavor":"m2.small","name":"ssh-jump-proxy"},"ssh_jump_proxy_hostname":"ssh-jump-proxy.s2i2s.cloud.isti.cnr.it.","ssh_jump_proxy_id":"6aed1634-ec4e-43b0-a8c6-2da42a27ad25","ssh_jump_proxy_public_ip":"146.48.31.105","ssh_sources":{"d4s_vpn_1_cidr":"146.48.122.27/32","d4s_vpn_2_cidr":"146.48.122.49/32","infrascience_net_cidr":"146.48.122.0/23","isti_net_cidr":"146.48.80.0/21","isti_vpn_gw1":"146.48.80.101/32","isti_vpn_gw2":"146.48.80.102/32","isti_vpn_gw3":"146.48.80.103/32","s2i2s_net_cidr":"146.48.28.0/22","s2i2s_vpn_1_cidr":"146.48.28.10/32","s2i2s_vpn_2_cidr":"146.48.28.11/32","shell_d4s_cidr":"146.48.122.95/32"},"traffic_from_main_haproxy":{"all_tags":[],"delete_default_rules":true,"description":"Allow traffic from the main L7 HAPROXY load balancers","id":"56ba7585-659a-49ac-8d8e-c85ebcb1179f","name":"traffic_from_the_main_load_balancers","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"ubuntu2204_data_file":"../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh","ubuntu_2204":{"name":"Ubuntu-Jammy-22.04","user_data_file":"../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh","uuid":"54768889-8556-4be4-a2eb-82a4d9b34627"}},"type":["object",{"access_to_the_jump_proxy":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"availability_zones_names":["map","string"],"basic_services_ip":["map","string"],"debugging":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"default_security_group":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"default_security_group_id":"string","default_security_group_name":"string","dns_zone":["object",{"attributes":["map","string"],"description":"string","disable_status_check":"bool","email":"string","id":"string","masters":["set","string"],"name":"string","project_id":"string","region":"string","timeouts":["object",{"create":"string","delete":"string","update":"string"}],"ttl":"number","type":"string","value_specs":["map","string"]}],"dns_zone_id":"string","floating_ip_pools":["map","string"],"haproxy_l7_data":["map","string"],"internal_ca_data":["map","string"],"internal_ca_id":"string","main_haproxy_l7_ids":["tuple",["string","string"]],"main_haproxy_l7_ip":["list","string"],"main_lb_to_haproxy_l7_security_group":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"main_loadbalancer_hostname":"string","main_loadbalancer_id":"string","main_loadbalancer_ip":"string","main_loadbalancer_public_ip":"string","main_private_network":["object",{"admin_state_up":"bool","all_tags":["set","string"],"availability_zone_hints":["set","string"],"description":"string","dns_domain":"string","external":"bool","id":"string","mtu":"number","name":"string","port_security_enabled":"bool","qos_policy_id":"string","region":"string","segments":["set",["object",{"network_type":"string","physical_network":"string","segmentation_id":"number"}]],"shared":"bool","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"create":"string","delete":"string"}],"transparent_vlan":"bool","value_specs":["map","string"]}],"main_private_subnet":["object",{"all_tags":["set","string"],"allocation_pool":["set",["object",{"end":"string","start":"string"}]],"cidr":"string","description":"string","dns_nameservers":["list","string"],"dns_publish_fixed_ip":"bool","enable_dhcp":"bool","gateway_ip":"string","id":"string","ip_version":"number","ipv6_address_mode":"string","ipv6_ra_mode":"string","name":"string","network_id":"string","no_gateway":"bool","prefix_length":"number","region":"string","segment_id":"string","service_types":["list","string"],"subnetpool_id":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"create":"string","delete":"string"}],"value_specs":["map","string"]}],"main_region":"string","main_subnet_network_id":"string","mtu_size":"number","os_project_data":["map","string"],"prometheus_access_from_grafana":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"prometheus_hostname":"string","prometheus_public_ip":"string","prometheus_server_data":["map","string"],"prometheus_server_id":"string","public_web":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"resolvers_ip":["list","string"],"restricted_web":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"ssh_jump_proxy":["map","string"],"ssh_jump_proxy_hostname":"string","ssh_jump_proxy_id":"string","ssh_jump_proxy_public_ip":"string","ssh_sources":["map","string"],"traffic_from_main_haproxy":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"ubuntu2204_data_file":"string","ubuntu_2204":["map","string"]}]},"workspace":null},"sensitive_attributes":[]}]},{"mode":"managed","type":"openstack_blockstorage_volume_v3","name":"relay_data_vol","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"attachment":[],"availability_zone":"nova","backup_id":"","consistency_group_id":null,"description":"","enable_online_resize":true,"id":"3f0225d3-7e5f-4eb2-a8a0-082165fb0322","image_id":null,"metadata":{},"name":"mailbackup-relay-data","region":"isti_area_pi_1","scheduler_hints":[],"size":5120,"snapshot_id":"","source_replica":null,"source_vol_id":"","timeouts":null,"volume_retype_policy":"never","volume_type":"CephSSD"},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0="}]},{"mode":"managed","type":"openstack_compute_instance_v2","name":"relay","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"access_ip_v4":"10.10.3.104","access_ip_v6":"","admin_pass":null,"all_metadata":{},"all_tags":[],"availability_zone":"cnr-isti-nova-a","availability_zone_hints":"cnr-isti-nova-a","block_device":[{"boot_index":0,"delete_on_termination":false,"destination_type":"volume","device_type":"","disk_bus":"","guest_format":"","multiattach":false,"source_type":"image","uuid":"541650fc-dd19-4f38-bb1d-7333ed9dd688","volume_size":20,"volume_type":""}],"config_drive":null,"created":"2026-06-15 15:30:18 +0000 UTC","flavor_id":"15","flavor_name":"m2.medium","force_delete":false,"hypervisor_hostname":"","id":"bfa00699-1e56-412f-be73-741a057f32d5","image_id":"Attempt to boot from volume - no image supplied","image_name":null,"key_pair":"adellam","metadata":null,"name":"mailbackup-relay","network":[{"access_network":false,"fixed_ip_v4":"10.10.3.104","fixed_ip_v6":"","mac":"fa:16:3e:0e:bc:10","name":"s2i2s-proj-main","port":"d181d599-251f-4a28-a69b-a617d1f99d80","uuid":"f371c239-6d5d-4ac8-a17e-af607752d82c"}],"network_mode":null,"personality":[],"power_state":"active","region":"isti_area_pi_1","scheduler_hints":[],"security_groups":["default_for_all","mailbackup-relay-access"],"stop_before_destroy":false,"tags":null,"timeouts":null,"updated":"2026-06-15 15:31:00 +0000 UTC","user_data":"c8e67a71c133487bb9791a87e02ce77a173813ec","vendor_options":[]},"sensitive_attributes":[[{"type":"get_attr","value":"admin_pass"}]],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19","dependencies":["data.terraform_remote_state.privnet_dns_router","data.terraform_remote_state.project_setup","openstack_networking_port_v2.relay_port","openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_compute_volume_attach_v2","name":"relay_data_attach","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"device":"/dev/vdb","id":"bfa00699-1e56-412f-be73-741a057f32d5/3f0225d3-7e5f-4eb2-a8a0-082165fb0322","instance_id":"bfa00699-1e56-412f-be73-741a057f32d5","multiattach":null,"region":"isti_area_pi_1","tag":null,"timeouts":null,"vendor_options":[],"volume_id":"3f0225d3-7e5f-4eb2-a8a0-082165fb0322"},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=","dependencies":["data.terraform_remote_state.privnet_dns_router","data.terraform_remote_state.project_setup","openstack_blockstorage_volume_v3.relay_data_vol","openstack_compute_instance_v2.relay","openstack_networking_port_v2.relay_port","openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_dns_recordset_v2","name":"relay_dns","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"description":"Public IP of the Dovecot mailbox backup relay","disable_status_check":false,"id":"e826e777-0196-4f63-b2a9-df07f70e618f/6bd994d4-70da-43ee-b671-cbce4172fae9","name":"mailbackup-relay.s2i2s.cloud.isti.cnr.it.","project_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","records":["146.48.31.50"],"region":"isti_area_pi_1","timeouts":null,"ttl":8600,"type":"A","value_specs":null,"zone_id":"e826e777-0196-4f63-b2a9-df07f70e618f"},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19","dependencies":["data.terraform_remote_state.privnet_dns_router","openstack_networking_floatingip_v2.relay_ip"]}]},{"mode":"managed","type":"openstack_networking_floatingip_associate_v2","name":"relay_ip","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"fixed_ip":"10.10.3.104","floating_ip":"146.48.31.50","id":"9618ad56-946c-4f61-80a5-5448049ecf3b","port_id":"d181d599-251f-4a28-a69b-a617d1f99d80","region":"isti_area_pi_1"},"sensitive_attributes":[],"private":"bnVsbA==","dependencies":["data.terraform_remote_state.privnet_dns_router","data.terraform_remote_state.project_setup","openstack_networking_floatingip_v2.relay_ip","openstack_networking_port_v2.relay_port","openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_networking_floatingip_v2","name":"relay_ip","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"address":"146.48.31.50","all_tags":[],"description":"Dovecot mailbox backup relay","dns_domain":"","dns_name":"","fixed_ip":"","id":"9618ad56-946c-4f61-80a5-5448049ecf3b","pool":"external-network","port_id":"","region":"isti_area_pi_1","subnet_id":null,"subnet_ids":null,"tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"value_specs":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=","dependencies":["data.terraform_remote_state.privnet_dns_router"]}]},{"mode":"managed","type":"openstack_networking_port_v2","name":"relay_port","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"admin_state_up":true,"all_fixed_ips":["10.10.3.104"],"all_security_group_ids":["1ec8a419-f9cf-473f-a022-6499d67d57b8","a9a5d9d2-1430-42cf-aa5d-c67f3b68a622"],"all_tags":[],"allowed_address_pairs":[],"binding":[{"host_id":"","profile":"","vif_details":{},"vif_type":"","vnic_type":"normal"}],"description":"","device_id":"","device_owner":"","dns_assignment":[{"fqdn":"host-10-10-3-104.internal-cloud.isti.cnr.it.","hostname":"host-10-10-3-104","ip_address":"10.10.3.104"}],"dns_name":"","extra_dhcp_option":[],"fixed_ip":[{"ip_address":"","subnet_id":"19c649ee-96ea-438b-ac0c-512afdf5046d"}],"id":"d181d599-251f-4a28-a69b-a617d1f99d80","mac_address":"fa:16:3e:0e:bc:10","name":"mailbackup-relay-port","network_id":"f371c239-6d5d-4ac8-a17e-af607752d82c","no_fixed_ip":null,"no_security_groups":null,"port_security_enabled":true,"qos_policy_id":"","region":"isti_area_pi_1","security_group_ids":["1ec8a419-f9cf-473f-a022-6499d67d57b8","a9a5d9d2-1430-42cf-aa5d-c67f3b68a622"],"tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"value_specs":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=","dependencies":["data.terraform_remote_state.privnet_dns_router","data.terraform_remote_state.project_setup","openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_networking_secgroup_rule_v2","name":"bareos_fd_ingress","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"description":"bareos-fd from the Bareos Director","direction":"ingress","ethertype":"IPv4","id":"80054ae7-5b96-493b-8912-a45d918c4130","port_range_max":9102,"port_range_min":9102,"protocol":"tcp","region":"isti_area_pi_1","remote_address_group_id":"","remote_group_id":"","remote_ip_prefix":"146.48.28.141/32","security_group_id":"a9a5d9d2-1430-42cf-aa5d-c67f3b68a622","tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==","dependencies":["openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_networking_secgroup_rule_v2","name":"ssh_ingress","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"description":"SSH from the S2I2S area network (imap backends push + admin)","direction":"ingress","ethertype":"IPv4","id":"8f62e0e9-59bc-432f-a583-98a214b742e5","port_range_max":22,"port_range_min":22,"protocol":"tcp","region":"isti_area_pi_1","remote_address_group_id":"","remote_group_id":"","remote_ip_prefix":"146.48.28.0/22","security_group_id":"a9a5d9d2-1430-42cf-aa5d-c67f3b68a622","tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==","dependencies":["openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_networking_secgroup_v2","name":"relay_access","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"all_tags":[],"delete_default_rules":true,"description":"SSH from the S2I2S area network and bareos-fd from the Director","id":"a9a5d9d2-1430-42cf-aa5d-c67f3b68a622","name":"mailbackup-relay-access","region":"isti_area_pi_1","stateful":false,"tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ=="}]}],"check_results":null}