From 255d0c950284d282522b2b4eed5d0f33b9f58009 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 3 Feb 2026 16:49:26 +0100 Subject: [PATCH] Fix some syntax errors and deploy the projects. --- s2i2s/project-setup/octavia.tf | 23 +- s2i2s/project-setup/provider.tf | 2 +- s2i2s/project-setup/terraform.tfstate | 1926 ++++++++++++++++++++----- 3 files changed, 1567 insertions(+), 384 deletions(-) diff --git a/s2i2s/project-setup/octavia.tf b/s2i2s/project-setup/octavia.tf index ca03c9a..98faf84 100644 --- a/s2i2s/project-setup/octavia.tf +++ b/s2i2s/project-setup/octavia.tf @@ -3,6 +3,10 @@ # - No amphora VMs needed # - Uses the main subnet directly # - Lower overhead and faster provisioning +# OVN limitations: +# - Does not support allowed_cidrs on listeners +# - Only supports ROUND_ROBIN and SOURCE_IP_PORT lb_method (not LEAST_CONNECTIONS) +# - Only supports TCP and UDP-CONNECT health monitors (not HTTP/HTTPS) resource "openstack_lb_loadbalancer_v2" "main_lb" { vip_subnet_id = local.main_private_subnet_id @@ -37,19 +41,20 @@ resource "openstack_dns_recordset_v2" "main_lb_dns_recordset" { } # Main HAPROXY stats listener +# Note: OVN provider does not support allowed_cidrs option. +# Access restriction must be handled at the HAProxy level or via security groups. resource "openstack_lb_listener_v2" "main_haproxy_stats_listener" { loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id protocol = "TCP" protocol_port = 8880 description = "Listener for the stats of the main HAPROXY instances" name = "main_haproxy_stats_listener" - allowed_cidrs = [local.ssh_sources.d4s_vpn_1_cidr, local.ssh_sources.d4s_vpn_2_cidr, local.ssh_sources.s2i2s_vpn_1_cidr, local.ssh_sources.s2i2s_vpn_2_cidr] } resource "openstack_lb_pool_v2" "main_haproxy_stats_pool" { listener_id = openstack_lb_listener_v2.main_haproxy_stats_listener.id protocol = "TCP" - lb_method = "LEAST_CONNECTIONS" + lb_method = "SOURCE_IP_PORT" name = "main-haproxy-lb-stats" description = "Pool for the stats of the main HAPROXY instances" persistence { @@ -94,7 +99,7 @@ resource "openstack_lb_listener_v2" "main_haproxy_http_listener" { resource "openstack_lb_pool_v2" "main_haproxy_http_pool" { listener_id = openstack_lb_listener_v2.main_haproxy_http_listener.id protocol = "TCP" - lb_method = "LEAST_CONNECTIONS" + lb_method = "SOURCE_IP_PORT" name = "main-haproxy-lb-http" description = "Pool for the HTTP listener of the main HAPROXY instances" persistence { @@ -120,10 +125,7 @@ resource "openstack_lb_members_v2" "main_haproxy_http_pool_members" { resource "openstack_lb_monitor_v2" "main_haproxy_http_monitor" { pool_id = openstack_lb_pool_v2.main_haproxy_http_pool.id name = "main_haproxy_http_monitor" - type = "HTTP" - http_method = "GET" - url_path = "/_haproxy_health_check" - expected_codes = "200" + type = "TCP" delay = 20 timeout = 5 max_retries = 3 @@ -146,7 +148,7 @@ resource "openstack_lb_listener_v2" "main_haproxy_https_listener" { resource "openstack_lb_pool_v2" "main_haproxy_https_pool" { listener_id = openstack_lb_listener_v2.main_haproxy_https_listener.id protocol = "TCP" - lb_method = "LEAST_CONNECTIONS" + lb_method = "SOURCE_IP_PORT" name = "main-haproxy-lb-https" description = "Pool for the HTTPS listener of the main HAPROXY instances" persistence { @@ -172,10 +174,7 @@ resource "openstack_lb_members_v2" "main_haproxy_https_pool_members" { resource "openstack_lb_monitor_v2" "main_haproxy_https_monitor" { pool_id = openstack_lb_pool_v2.main_haproxy_https_pool.id name = "main_haproxy_https_monitor" - type = "HTTPS" - http_method = "GET" - url_path = "/_haproxy_health_check" - expected_codes = "200" + type = "TCP" delay = 20 timeout = 5 max_retries = 3 diff --git a/s2i2s/project-setup/provider.tf b/s2i2s/project-setup/provider.tf index dc47e64..97d0e50 100644 --- a/s2i2s/project-setup/provider.tf +++ b/s2i2s/project-setup/provider.tf @@ -10,5 +10,5 @@ terraform { } provider "openstack" { - cloud = "ISTI-Cloud" + cloud = "s2i2s" } diff --git a/s2i2s/project-setup/terraform.tfstate b/s2i2s/project-setup/terraform.tfstate index 7e751be..f1a2933 100644 --- a/s2i2s/project-setup/terraform.tfstate +++ b/s2i2s/project-setup/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.14.3", - "serial": 72, + "serial": 163, "lineage": "63543f0d-4b49-2066-95b6-653706374703", "outputs": { "access_to_the_jump_proxy": { @@ -9,11 +9,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Security group that allows SSH access to the jump node from a limited set of sources", - "id": "0f52158e-c767-4baf-9d6d-1986ca886dd0", + "id": "4c6b6683-77fa-4d1a-8ba2-41acf10a12ba", "name": "ssh_access_to_the_jump_node", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "type": [ @@ -77,11 +77,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Security group that allows web app debugging via tunnel from the ssh jump node", - "id": "9e217f67-497f-4e4c-98fc-8ba9bdfb29c9", + "id": "6c21f51b-9cad-4051-99b6-221bed658a83", "name": "debugging_from_jump_node", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "type": [ @@ -115,11 +115,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Default security group with rules for ssh access via jump proxy, prometheus scraping", - "id": "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e", + "id": "1ec8a419-f9cf-473f-a022-6499d67d57b8", "name": "default_for_all", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "type": [ @@ -149,7 +149,7 @@ ] }, "default_security_group_id": { - "value": "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e", + "value": "1ec8a419-f9cf-473f-a022-6499d67d57b8", "type": "string" }, "default_security_group_name": { @@ -162,10 +162,10 @@ "description": "DNS primary zone for the S2I2S project", "disable_status_check": false, "email": "postmaster@isti.cnr.it", - "id": "f668696a-cedb-4554-8f81-cf7dc1db773b", + "id": "e826e777-0196-4f63-b2a9-df07f70e618f", "masters": [], "name": "s2i2s.cloud.isti.cnr.it.", - "project_id": "d58ff441b31d4d0daf4a3e64d5332082", + "project_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "region": "isti_area_pi_1", "timeouts": null, "ttl": 8600, @@ -208,7 +208,7 @@ ] }, "dns_zone_id": { - "value": "f668696a-cedb-4554-8f81-cf7dc1db773b", + "value": "e826e777-0196-4f63-b2a9-df07f70e618f", "type": "string" }, "floating_ip_pools": { @@ -241,6 +241,23 @@ "string" ] }, + "internal_ca_id": { + "value": "286b7a4d-33c6-451f-9019-d9fd79265181", + "type": "string" + }, + "main_haproxy_l7_ids": { + "value": [ + "b42a0e99-6172-4a5d-886c-c0fb016da60e", + "b770644a-5c39-4db2-8811-fb62751bd789" + ], + "type": [ + "tuple", + [ + "string", + "string" + ] + ] + }, "main_haproxy_l7_ip": { "value": [ "10.10.0.11", @@ -256,11 +273,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Traffic coming from the main L4 lb directed to the haproxy l7 servers", - "id": "68966027-d706-441f-8540-499cd44034af", + "id": "613cacac-ac46-46ab-ba7a-d66f61cce84d", "name": "traffic_from_main_lb_to_haproxy_l7", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "type": [ @@ -294,7 +311,7 @@ "type": "string" }, "main_loadbalancer_id": { - "value": "fac5939a-0329-4bcb-8fd9-d2d5716b0e84", + "value": "44dbe548-a436-4816-927a-2912f443b50f", "type": "string" }, "main_loadbalancer_ip": { @@ -302,7 +319,7 @@ "type": "string" }, "main_loadbalancer_public_ip": { - "value": "146.48.30.162", + "value": "146.48.30.30", "type": "string" }, "main_private_network": { @@ -313,7 +330,7 @@ "description": "S2I2S private network (use this as the main network)", "dns_domain": "s2i2s.cloud.isti.cnr.it.", "external": false, - "id": "9b3cd2d7-f9f0-4d4a-ae0b-29c8ceb055f4", + "id": "f371c239-6d5d-4ac8-a17e-af607752d82c", "mtu": 8942, "name": "s2i2s-proj-main", "port_security_enabled": true, @@ -323,12 +340,12 @@ { "network_type": "geneve", "physical_network": "", - "segmentation_id": 55270 + "segmentation_id": 47850 } ], "shared": false, - "tags": [], - "tenant_id": "d58ff441b31d4d0daf4a3e64d5332082", + "tags": null, + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "transparent_vlan": false, "value_specs": null @@ -395,12 +412,6 @@ "start": "10.10.1.1" } ], - "allocation_pools": [ - { - "end": "10.10.7.254", - "start": "10.10.1.1" - } - ], "cidr": "10.10.0.0/21", "description": "S2I2S main private subnet", "dns_nameservers": [ @@ -408,22 +419,23 @@ "146.48.29.98", "146.48.29.99" ], + "dns_publish_fixed_ip": false, "enable_dhcp": true, "gateway_ip": "10.10.0.1", - "host_routes": [], - "id": "0a5dd0f6-e23d-469e-982c-7bb280221c12", + "id": "19c649ee-96ea-438b-ac0c-512afdf5046d", "ip_version": 4, "ipv6_address_mode": "", "ipv6_ra_mode": "", "name": "s2i2s-proj-main-subnet", - "network_id": "9b3cd2d7-f9f0-4d4a-ae0b-29c8ceb055f4", + "network_id": "f371c239-6d5d-4ac8-a17e-af607752d82c", "no_gateway": false, "prefix_length": null, "region": "isti_area_pi_1", + "segment_id": "", "service_types": [], "subnetpool_id": "", - "tags": [], - "tenant_id": "d58ff441b31d4d0daf4a3e64d5332082", + "tags": null, + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "value_specs": null }, @@ -444,34 +456,15 @@ } ] ], - "allocation_pools": [ - "list", - [ - "object", - { - "end": "string", - "start": "string" - } - ] - ], "cidr": "string", "description": "string", "dns_nameservers": [ "list", "string" ], + "dns_publish_fixed_ip": "bool", "enable_dhcp": "bool", "gateway_ip": "string", - "host_routes": [ - "list", - [ - "object", - { - "destination_cidr": "string", - "next_hop": "string" - } - ] - ], "id": "string", "ip_version": "number", "ipv6_address_mode": "string", @@ -481,6 +474,7 @@ "no_gateway": "bool", "prefix_length": "number", "region": "string", + "segment_id": "string", "service_types": [ "list", "string" @@ -510,7 +504,7 @@ "type": "string" }, "main_subnet_network_id": { - "value": "0a5dd0f6-e23d-469e-982c-7bb280221c12", + "value": "19c649ee-96ea-438b-ac0c-512afdf5046d", "type": "string" }, "mtu_size": { @@ -519,8 +513,8 @@ }, "os_project_data": { "value": { - "id": "d58ff441b31d4d0daf4a3e64d5332082", - "name": "s2i2s-proj" + "id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "name": "s2i2s-proj-cloud" }, "type": [ "map", @@ -532,11 +526,11 @@ "all_tags": [], "delete_default_rules": true, "description": "The public grafana server must be able to get data from Prometheus", - "id": "91492d1d-06dc-48e9-91f8-567c3c77d7d5", + "id": "48e9366f-23a8-47df-abcd-66f84d4af395", "name": "prometheus_access_from_grafana", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "type": [ @@ -570,7 +564,7 @@ "type": "string" }, "prometheus_public_ip": { - "value": "146.48.31.149", + "value": "146.48.31.67", "type": "string" }, "prometheus_server_data": { @@ -587,16 +581,20 @@ "string" ] }, + "prometheus_server_id": { + "value": "d2a37e7c-3eaa-4929-b70d-cfb55416d8bc", + "type": "string" + }, "public_web": { "value": { "all_tags": [], "delete_default_rules": true, "description": "Security group that allows HTTPS and HTTP from everywhere, for the services that are not behind any load balancer", - "id": "c0ec12e4-9a8f-4534-bfd2-d6892a1d6cc0", + "id": "31140e64-667a-4044-b388-79afcc6bcb69", "name": "public_web_service", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "type": [ @@ -641,11 +639,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Security group that restricts HTTPS sources to the VPN nodes and shell.d4science.org. HTTP is open to all, because letsencrypt", - "id": "54be0898-6c08-400b-9503-9d9dce935371", + "id": "359d7ae7-cdff-47c2-bf69-7d423860d2d2", "name": "restricted_web_service", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "type": [ @@ -688,8 +686,12 @@ "value": "ssh-jump-proxy.s2i2s.cloud.isti.cnr.it.", "type": "string" }, + "ssh_jump_proxy_id": { + "value": "6aed1634-ec4e-43b0-a8c6-2da42a27ad25", + "type": "string" + }, "ssh_jump_proxy_public_ip": { - "value": "146.48.30.179", + "value": "146.48.31.105", "type": "string" }, "ssh_sources": { @@ -716,11 +718,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Allow traffic from the main L7 HAPROXY load balancers", - "id": "1556ed52-f8d4-4f80-acbf-5b62c47b20bb", + "id": "56ba7585-659a-49ac-8d8e-c85ebcb1179f", "name": "traffic_from_the_main_load_balancers", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "type": [ @@ -811,21 +813,21 @@ "description": "DNS primary zone for the S2I2S project", "disable_status_check": false, "email": "postmaster@isti.cnr.it", - "id": "f668696a-cedb-4554-8f81-cf7dc1db773b", + "id": "e826e777-0196-4f63-b2a9-df07f70e618f", "masters": [], "name": "s2i2s.cloud.isti.cnr.it.", - "project_id": "d58ff441b31d4d0daf4a3e64d5332082", + "project_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "region": "isti_area_pi_1", "timeouts": null, "ttl": 8600, "type": "PRIMARY", "value_specs": null }, - "dns_zone_id": "f668696a-cedb-4554-8f81-cf7dc1db773b", + "dns_zone_id": "e826e777-0196-4f63-b2a9-df07f70e618f", "el7_data_file": "../../s2i2s_openstack_vm_data_scripts/el.sh", "external_gateway_ip": [ { - "ip_address": "146.48.31.101", + "ip_address": "146.48.30.6", "subnet_id": "57f87509-4016-46fb-b8c3-25fca7f72ccb" } ], @@ -858,7 +860,7 @@ "description": "S2I2S private network (use this as the main network)", "dns_domain": "s2i2s.cloud.isti.cnr.it.", "external": false, - "id": "9b3cd2d7-f9f0-4d4a-ae0b-29c8ceb055f4", + "id": "f371c239-6d5d-4ac8-a17e-af607752d82c", "mtu": 8942, "name": "s2i2s-proj-main", "port_security_enabled": true, @@ -868,17 +870,17 @@ { "network_type": "geneve", "physical_network": "", - "segmentation_id": 55270 + "segmentation_id": 47850 } ], "shared": false, - "tags": [], - "tenant_id": "d58ff441b31d4d0daf4a3e64d5332082", + "tags": null, + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "transparent_vlan": false, "value_specs": null }, - "main_private_network_id": "9b3cd2d7-f9f0-4d4a-ae0b-29c8ceb055f4", + "main_private_network_id": "f371c239-6d5d-4ac8-a17e-af607752d82c", "main_region": "isti_area_pi_1", "main_subnet_network": { "all_tags": [], @@ -888,12 +890,6 @@ "start": "10.10.1.1" } ], - "allocation_pools": [ - { - "end": "10.10.7.254", - "start": "10.10.1.1" - } - ], "cidr": "10.10.0.0/21", "description": "S2I2S main private subnet", "dns_nameservers": [ @@ -901,30 +897,31 @@ "146.48.29.98", "146.48.29.99" ], + "dns_publish_fixed_ip": false, "enable_dhcp": true, "gateway_ip": "10.10.0.1", - "host_routes": [], - "id": "0a5dd0f6-e23d-469e-982c-7bb280221c12", + "id": "19c649ee-96ea-438b-ac0c-512afdf5046d", "ip_version": 4, "ipv6_address_mode": "", "ipv6_ra_mode": "", "name": "s2i2s-proj-main-subnet", - "network_id": "9b3cd2d7-f9f0-4d4a-ae0b-29c8ceb055f4", + "network_id": "f371c239-6d5d-4ac8-a17e-af607752d82c", "no_gateway": false, "prefix_length": null, "region": "isti_area_pi_1", + "segment_id": "", "service_types": [], "subnetpool_id": "", - "tags": [], - "tenant_id": "d58ff441b31d4d0daf4a3e64d5332082", + "tags": null, + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "value_specs": null }, - "main_subnet_network_id": "0a5dd0f6-e23d-469e-982c-7bb280221c12", + "main_subnet_network_id": "19c649ee-96ea-438b-ac0c-512afdf5046d", "mtu_size": 8942, "os_project_data": { - "id": "d58ff441b31d4d0daf4a3e64d5332082", - "name": "s2i2s-proj" + "id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "name": "s2i2s-proj-cloud" }, "policy_list": { "affinity": "affinity", @@ -938,6 +935,8 @@ "146.48.29.99" ], "ssh_sources": { + "d4s_vpn_1_cidr": "146.48.122.27/32", + "d4s_vpn_2_cidr": "146.48.122.49/32", "infrascience_net_cidr": "146.48.122.0/23", "isti_net_cidr": "146.48.80.0/21", "isti_vpn_gw1": "146.48.80.101/32", @@ -945,7 +944,8 @@ "isti_vpn_gw3": "146.48.80.103/32", "s2i2s_net_cidr": "146.48.28.0/22", "s2i2s_vpn_1_cidr": "146.48.28.10/32", - "s2i2s_vpn_2_cidr": "146.48.28.11/32" + "s2i2s_vpn_2_cidr": "146.48.28.11/32", + "shell_d4s_cidr": "146.48.122.95/32" }, "ubuntu2204_data_file": "../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh", "ubuntu_2204": { @@ -1102,34 +1102,15 @@ } ] ], - "allocation_pools": [ - "list", - [ - "object", - { - "end": "string", - "start": "string" - } - ] - ], "cidr": "string", "description": "string", "dns_nameservers": [ "list", "string" ], + "dns_publish_fixed_ip": "bool", "enable_dhcp": "bool", "gateway_ip": "string", - "host_routes": [ - "list", - [ - "object", - { - "destination_cidr": "string", - "next_hop": "string" - } - ] - ], "id": "string", "ip_version": "number", "ipv6_address_mode": "string", @@ -1139,6 +1120,7 @@ "no_gateway": "bool", "prefix_length": "number", "region": "string", + "segment_id": "string", "service_types": [ "list", "string" @@ -1204,12 +1186,18 @@ { "schema_version": 0, "attributes": { - "attachment": [], + "attachment": [ + { + "device": "/dev/vdb", + "id": "59c354bc-bc05-4dbb-ad58-236da1186974", + "instance_id": "d2a37e7c-3eaa-4929-b70d-cfb55416d8bc" + } + ], "availability_zone": "nova", "consistency_group_id": null, "description": "", "enable_online_resize": true, - "id": "a5f16ebf-8c08-4d8e-b5ee-2e6a4d229408", + "id": "59c354bc-bc05-4dbb-ad58-236da1186974", "image_id": null, "metadata": {}, "multiattach": null, @@ -1229,6 +1217,479 @@ } ] }, + { + "mode": "managed", + "type": "openstack_compute_instance_v2", + "name": "internal_ca", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.10.0.4", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "fc3f705d-3cf5-4866-8ef6-ff6e2cdd4075", + "volume_size": 10, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2026-02-03 14:57:24 +0000 UTC", + "flavor_id": "2", + "flavor_name": "m1.small", + "floating_ip": null, + "force_delete": false, + "id": "286b7a4d-33c6-451f-9019-d9fd79265181", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "adellam", + "metadata": null, + "name": "ca", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.10.0.4", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:21:d8:29", + "name": "s2i2s-proj-main", + "port": "22a51c59-75c8-4031-a283-212751553d12", + "uuid": "f371c239-6d5d-4ac8-a17e-af607752d82c" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [], + "security_groups": [ + "default_for_all" + ], + "stop_before_destroy": false, + "tags": [], + "timeouts": null, + "updated": "2026-02-03 14:59:18 +0000 UTC", + "user_data": "164cdf695f3b4a01a2f8b9dc0af2f87629bd89a7", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "admin_pass" + } + ] + ], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_port_v2.internal_ca_port", + "openstack_networking_secgroup_v2.default" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_instance_v2", + "name": "main_haproxy_l7", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.10.0.11", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "fc3f705d-3cf5-4866-8ef6-ff6e2cdd4075", + "volume_size": 10, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2026-02-03 14:57:25 +0000 UTC", + "flavor_id": "4", + "flavor_name": "m1.medium", + "floating_ip": null, + "force_delete": false, + "id": "b42a0e99-6172-4a5d-886c-c0fb016da60e", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "adellam", + "metadata": null, + "name": "main-haproxy-l7-01", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.10.0.11", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:b1:42:7f", + "name": "s2i2s-proj-main", + "port": "bd7d2fb6-db15-42d5-9779-1411c914a65e", + "uuid": "f371c239-6d5d-4ac8-a17e-af607752d82c" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [ + { + "additional_properties": {}, + "build_near_host_ip": "", + "different_cell": [], + "different_host": [], + "group": "f691b2ad-07f9-452d-9bec-6f1a3e6f9626", + "query": [], + "same_host": [], + "target_cell": "" + } + ], + "security_groups": [ + "default_for_all", + "traffic_from_main_lb_to_haproxy_l7" + ], + "stop_before_destroy": false, + "tags": [], + "timeouts": null, + "updated": "2026-02-03 14:58:26 +0000 UTC", + "user_data": "164cdf695f3b4a01a2f8b9dc0af2f87629bd89a7", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "admin_pass" + } + ] + ], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_compute_servergroup_v2.main_haproxy_l7", + "openstack_networking_port_v2.main_haproxy_l7_port", + "openstack_networking_secgroup_v2.default", + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.10.0.12", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "fc3f705d-3cf5-4866-8ef6-ff6e2cdd4075", + "volume_size": 10, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2026-02-03 14:57:25 +0000 UTC", + "flavor_id": "4", + "flavor_name": "m1.medium", + "floating_ip": null, + "force_delete": false, + "id": "b770644a-5c39-4db2-8811-fb62751bd789", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "adellam", + "metadata": null, + "name": "main-haproxy-l7-02", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.10.0.12", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:a9:49:bb", + "name": "s2i2s-proj-main", + "port": "3018d5db-3d39-472f-b623-07c85e792ed5", + "uuid": "f371c239-6d5d-4ac8-a17e-af607752d82c" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [ + { + "additional_properties": {}, + "build_near_host_ip": "", + "different_cell": [], + "different_host": [], + "group": "f691b2ad-07f9-452d-9bec-6f1a3e6f9626", + "query": [], + "same_host": [], + "target_cell": "" + } + ], + "security_groups": [ + "default_for_all", + "traffic_from_main_lb_to_haproxy_l7" + ], + "stop_before_destroy": false, + "tags": [], + "timeouts": null, + "updated": "2026-02-03 14:58:25 +0000 UTC", + "user_data": "164cdf695f3b4a01a2f8b9dc0af2f87629bd89a7", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "admin_pass" + } + ] + ], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_compute_servergroup_v2.main_haproxy_l7", + "openstack_networking_port_v2.main_haproxy_l7_port", + "openstack_networking_secgroup_v2.default", + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_instance_v2", + "name": "prometheus_server", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.10.0.10", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "fc3f705d-3cf5-4866-8ef6-ff6e2cdd4075", + "volume_size": 10, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2026-02-03 14:57:28 +0000 UTC", + "flavor_id": "4", + "flavor_name": "m1.medium", + "floating_ip": null, + "force_delete": false, + "id": "d2a37e7c-3eaa-4929-b70d-cfb55416d8bc", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "adellam", + "metadata": null, + "name": "prometheus", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.10.0.10", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:bc:2d:03", + "name": "s2i2s-proj-main", + "port": "a6cf4c4b-d5b8-4fd9-a9b7-5a355aeea808", + "uuid": "f371c239-6d5d-4ac8-a17e-af607752d82c" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [], + "security_groups": [ + "default_for_all", + "prometheus_access_from_grafana", + "restricted_web_service" + ], + "stop_before_destroy": false, + "tags": [], + "timeouts": null, + "updated": "2026-02-03 14:59:22 +0000 UTC", + "user_data": "164cdf695f3b4a01a2f8b9dc0af2f87629bd89a7", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "admin_pass" + } + ] + ], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_port_v2.prometheus_server_port", + "openstack_networking_secgroup_v2.default", + "openstack_networking_secgroup_v2.prometheus_access_from_grafana", + "openstack_networking_secgroup_v2.restricted_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_instance_v2", + "name": "ssh_jump_proxy", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.10.0.5", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "fc3f705d-3cf5-4866-8ef6-ff6e2cdd4075", + "volume_size": 30, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2026-02-03 14:57:25 +0000 UTC", + "flavor_id": "10", + "flavor_name": "m2.small", + "floating_ip": null, + "force_delete": false, + "id": "6aed1634-ec4e-43b0-a8c6-2da42a27ad25", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "adellam", + "metadata": null, + "name": "ssh-jump-proxy", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.10.0.5", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:75:76:4e", + "name": "s2i2s-proj-main", + "port": "4ca1a42a-2cee-43a5-bec7-b044c1361af5", + "uuid": "f371c239-6d5d-4ac8-a17e-af607752d82c" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [], + "security_groups": [ + "default_for_all", + "ssh_access_to_the_jump_node" + ], + "stop_before_destroy": false, + "tags": [], + "timeouts": null, + "updated": "2026-02-03 15:00:14 +0000 UTC", + "user_data": "164cdf695f3b4a01a2f8b9dc0af2f87629bd89a7", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "admin_pass" + } + ] + ], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_port_v2.ssh_jump_proxy_port", + "openstack_networking_secgroup_v2.access_to_the_jump_proxy", + "openstack_networking_secgroup_v2.default" + ] + } + ] + }, { "mode": "managed", "type": "openstack_compute_servergroup_v2", @@ -1238,8 +1699,11 @@ { "schema_version": 0, "attributes": { - "id": "e71f9dcb-d071-4afa-93ad-3b833f54ced7", - "members": [], + "id": "f691b2ad-07f9-452d-9bec-6f1a3e6f9626", + "members": [ + "b42a0e99-6172-4a5d-886c-c0fb016da60e", + "b770644a-5c39-4db2-8811-fb62751bd789" + ], "name": "main_haproxy_l7", "policies": [ "anti-affinity" @@ -1258,6 +1722,174 @@ } ] }, + { + "mode": "managed", + "type": "openstack_compute_volume_attach_v2", + "name": "prometheus_data_attach_vol", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "device": "/dev/vdb", + "id": "d2a37e7c-3eaa-4929-b70d-cfb55416d8bc/59c354bc-bc05-4dbb-ad58-236da1186974", + "instance_id": "d2a37e7c-3eaa-4929-b70d-cfb55416d8bc", + "multiattach": null, + "region": "isti_area_pi_1", + "timeouts": null, + "vendor_options": [], + "volume_id": "59c354bc-bc05-4dbb-ad58-236da1186974" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_blockstorage_volume_v3.prometheus_data_vol", + "openstack_compute_instance_v2.prometheus_server", + "openstack_networking_port_v2.prometheus_server_port", + "openstack_networking_secgroup_v2.default", + "openstack_networking_secgroup_v2.prometheus_access_from_grafana", + "openstack_networking_secgroup_v2.restricted_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_dns_recordset_v2", + "name": "alertmanager_server_recordset", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Prometheus alertmanager", + "disable_status_check": false, + "id": "e826e777-0196-4f63-b2a9-df07f70e618f/b8256293-8c32-4fa9-a43c-fa115339504f", + "name": "alertmanager.s2i2s.cloud.isti.cnr.it.", + "project_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "records": [ + "prometheus.s2i2s.cloud.isti.cnr.it." + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "CNAME", + "value_specs": null, + "zone_id": "e826e777-0196-4f63-b2a9-df07f70e618f" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_dns_recordset_v2", + "name": "main_lb_dns_recordset", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Public IP address of the main Octavia load balancer", + "disable_status_check": false, + "id": "e826e777-0196-4f63-b2a9-df07f70e618f/a8190fb9-9468-4b95-9e66-9e1fa86bf1c2", + "name": "octavia-main-lb.s2i2s.cloud.isti.cnr.it.", + "project_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "records": [ + "146.48.30.30" + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "A", + "value_specs": null, + "zone_id": "e826e777-0196-4f63-b2a9-df07f70e618f" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_floatingip_v2.main_lb_ip" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_dns_recordset_v2", + "name": "prometheus_server_recordset", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Public IP address of the Prometheus server", + "disable_status_check": false, + "id": "e826e777-0196-4f63-b2a9-df07f70e618f/ba7b0d61-3364-4451-9c9e-45e957c400ca", + "name": "prometheus.s2i2s.cloud.isti.cnr.it.", + "project_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "records": [ + "146.48.31.67" + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "A", + "value_specs": null, + "zone_id": "e826e777-0196-4f63-b2a9-df07f70e618f" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_floatingip_v2.prometheus_server_ip" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_dns_recordset_v2", + "name": "ssh_jump_proxy_recordset", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Public IP address of the SSH Proxy Jump server", + "disable_status_check": false, + "id": "e826e777-0196-4f63-b2a9-df07f70e618f/72909fe7-c0a5-4060-bad6-be3c25680078", + "name": "ssh-jump-proxy.s2i2s.cloud.isti.cnr.it.", + "project_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "records": [ + "146.48.31.105" + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "A", + "value_specs": null, + "zone_id": "e826e777-0196-4f63-b2a9-df07f70e618f" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_floatingip_v2.ssh_jump_proxy_ip" + ] + } + ] + }, { "mode": "managed", "type": "openstack_lb_listener_v2", @@ -1268,21 +1900,21 @@ "schema_version": 0, "attributes": { "admin_state_up": true, - "allowed_cidrs": null, + "allowed_cidrs": [], "connection_limit": -1, - "default_pool_id": "", + "default_pool_id": "8ed17fa2-9259-4511-a91f-24820d80983a", "default_tls_container_ref": "", "description": "HTTP listener of the main HAPROXY instances", - "id": "1b635beb-b8db-48eb-81ed-52b4d9996f99", - "insert_headers": null, - "loadbalancer_id": "fac5939a-0329-4bcb-8fd9-d2d5716b0e84", + "id": "ef26b673-26ff-4466-9c51-9114d85eeb64", + "insert_headers": {}, + "loadbalancer_id": "44dbe548-a436-4816-927a-2912f443b50f", "name": "main_haproxy_http_listener", "protocol": "TCP", "protocol_port": 80, "region": "isti_area_pi_1", - "sni_container_refs": null, - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "sni_container_refs": [], + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeout_client_data": 50000, "timeout_member_connect": 5000, "timeout_member_data": 50000, @@ -1309,21 +1941,21 @@ "schema_version": 0, "attributes": { "admin_state_up": true, - "allowed_cidrs": null, + "allowed_cidrs": [], "connection_limit": -1, - "default_pool_id": "", + "default_pool_id": "c631cfb1-327b-4e28-8d3c-8532f566a527", "default_tls_container_ref": "", "description": "HTTPS listener of the main HAPROXY instances", - "id": "c91aeff4-0091-4f25-a6e0-aa3945bb833f", - "insert_headers": null, - "loadbalancer_id": "fac5939a-0329-4bcb-8fd9-d2d5716b0e84", + "id": "eb03441a-3aa4-4221-a698-81062c2cb9c1", + "insert_headers": {}, + "loadbalancer_id": "44dbe548-a436-4816-927a-2912f443b50f", "name": "main_haproxy_https_listener", "protocol": "TCP", "protocol_port": 443, "region": "isti_area_pi_1", - "sni_container_refs": null, - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "sni_container_refs": [], + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeout_client_data": 3600000, "timeout_member_connect": 10000, "timeout_member_data": 7200000, @@ -1340,6 +1972,47 @@ } ] }, + { + "mode": "managed", + "type": "openstack_lb_listener_v2", + "name": "main_haproxy_stats_listener", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "allowed_cidrs": [], + "connection_limit": -1, + "default_pool_id": "281bb090-bd54-4c1f-97ea-e5d2d6cff28d", + "default_tls_container_ref": "", + "description": "Listener for the stats of the main HAPROXY instances", + "id": "d410acca-25e5-45a2-9d22-90f33f2730d4", + "insert_headers": {}, + "loadbalancer_id": "44dbe548-a436-4816-927a-2912f443b50f", + "name": "main_haproxy_stats_listener", + "protocol": "TCP", + "protocol_port": 8880, + "region": "isti_area_pi_1", + "sni_container_refs": [], + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "timeout_client_data": 50000, + "timeout_member_connect": 5000, + "timeout_member_data": 50000, + "timeout_tcp_inspect": 0, + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_lb_loadbalancer_v2.main_lb" + ] + } + ] + }, { "mode": "managed", "type": "openstack_lb_loadbalancer_v2", @@ -1353,20 +2026,20 @@ "availability_zone": "", "description": "Main L4 load balancer for the S2I2S services", "flavor_id": "", - "id": "fac5939a-0329-4bcb-8fd9-d2d5716b0e84", + "id": "44dbe548-a436-4816-927a-2912f443b50f", "loadbalancer_provider": "ovn", "name": "s2i2s-cloud-l4-load-balancer", "region": "isti_area_pi_1", "security_group_ids": [ - "41031df4-e33b-4e26-bbbc-a4320eff6f4c" + "0b382ff1-38ac-44bd-9f63-27df73af0476" ], - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "vip_address": "10.10.0.20", - "vip_network_id": "9b3cd2d7-f9f0-4d4a-ae0b-29c8ceb055f4", - "vip_port_id": "da981c5e-30a8-47d7-9451-6c2568943286", - "vip_subnet_id": "0a5dd0f6-e23d-469e-982c-7bb280221c12" + "vip_network_id": "f371c239-6d5d-4ac8-a17e-af607752d82c", + "vip_port_id": "af6ed877-0aa6-4728-bba2-4e99666eca8c", + "vip_subnet_id": "19c649ee-96ea-438b-ac0c-512afdf5046d" }, "sensitive_attributes": [], "identity_schema_version": 0, @@ -1377,6 +2050,387 @@ } ] }, + { + "mode": "managed", + "type": "openstack_lb_members_v2", + "name": "main_haproxy_http_pool_members", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "8ed17fa2-9259-4511-a91f-24820d80983a", + "member": [ + { + "address": "10.10.0.11", + "admin_state_up": true, + "backup": false, + "id": "2a0877ca-2fe6-4fbe-8de8-bae08ad47cbf", + "monitor_address": "", + "monitor_port": 0, + "name": "haproxy l7 1", + "protocol_port": 80, + "subnet_id": "", + "weight": 1 + }, + { + "address": "10.10.0.12", + "admin_state_up": true, + "backup": false, + "id": "61c22a78-dd8c-4928-b301-733baac59389", + "monitor_address": "", + "monitor_port": 0, + "name": "haproxy l7 2", + "protocol_port": 80, + "subnet_id": "", + "weight": 1 + } + ], + "pool_id": "8ed17fa2-9259-4511-a91f-24820d80983a", + "region": "isti_area_pi_1", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_lb_listener_v2.main_haproxy_http_listener", + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_lb_pool_v2.main_haproxy_http_pool" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_members_v2", + "name": "main_haproxy_https_pool_members", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "c631cfb1-327b-4e28-8d3c-8532f566a527", + "member": [ + { + "address": "10.10.0.11", + "admin_state_up": true, + "backup": false, + "id": "0f143500-1d20-44c3-8624-70eb5aa600ea", + "monitor_address": "", + "monitor_port": 0, + "name": "haproxy l7 1", + "protocol_port": 443, + "subnet_id": "", + "weight": 1 + }, + { + "address": "10.10.0.12", + "admin_state_up": true, + "backup": false, + "id": "47925117-1d2c-4bef-adac-652ada82506e", + "monitor_address": "", + "monitor_port": 0, + "name": "haproxy l7 2", + "protocol_port": 443, + "subnet_id": "", + "weight": 1 + } + ], + "pool_id": "c631cfb1-327b-4e28-8d3c-8532f566a527", + "region": "isti_area_pi_1", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_lb_listener_v2.main_haproxy_https_listener", + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_lb_pool_v2.main_haproxy_https_pool" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_members_v2", + "name": "main_haproxy_stats_pool_members", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "281bb090-bd54-4c1f-97ea-e5d2d6cff28d", + "member": [ + { + "address": "10.10.0.11", + "admin_state_up": true, + "backup": false, + "id": "f8d622ee-162d-44bf-aec1-1bcba2201cf1", + "monitor_address": "", + "monitor_port": 0, + "name": "haproxy l7 1", + "protocol_port": 8880, + "subnet_id": "", + "weight": 1 + }, + { + "address": "10.10.0.12", + "admin_state_up": true, + "backup": false, + "id": "d6c2a4cf-bc49-4564-b3b5-f348939d9dd9", + "monitor_address": "", + "monitor_port": 0, + "name": "haproxy l7 2", + "protocol_port": 8880, + "subnet_id": "", + "weight": 1 + } + ], + "pool_id": "281bb090-bd54-4c1f-97ea-e5d2d6cff28d", + "region": "isti_area_pi_1", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_lb_listener_v2.main_haproxy_stats_listener", + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_lb_pool_v2.main_haproxy_stats_pool" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_monitor_v2", + "name": "main_haproxy_http_monitor", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "delay": 20, + "expected_codes": "", + "http_method": "", + "id": "837af662-7c87-4fd4-b25d-29aaac58f348", + "max_retries": 3, + "max_retries_down": 3, + "name": "main_haproxy_http_monitor", + "pool_id": "8ed17fa2-9259-4511-a91f-24820d80983a", + "region": "isti_area_pi_1", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "timeout": 5, + "timeouts": null, + "type": "TCP", + "url_path": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_lb_listener_v2.main_haproxy_http_listener", + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_lb_pool_v2.main_haproxy_http_pool" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_monitor_v2", + "name": "main_haproxy_https_monitor", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "delay": 20, + "expected_codes": "", + "http_method": "", + "id": "03e086f3-6fb6-4109-a6cc-1475ac25b694", + "max_retries": 3, + "max_retries_down": 3, + "name": "main_haproxy_https_monitor", + "pool_id": "c631cfb1-327b-4e28-8d3c-8532f566a527", + "region": "isti_area_pi_1", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "timeout": 5, + "timeouts": null, + "type": "TCP", + "url_path": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_lb_listener_v2.main_haproxy_https_listener", + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_lb_pool_v2.main_haproxy_https_pool" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_monitor_v2", + "name": "main_haproxy_stats_monitor", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "delay": 20, + "expected_codes": "", + "http_method": "", + "id": "2c0dfc3e-de80-40d9-9594-158062522f33", + "max_retries": 3, + "max_retries_down": 3, + "name": "main_haproxy_stats_monitor", + "pool_id": "281bb090-bd54-4c1f-97ea-e5d2d6cff28d", + "region": "isti_area_pi_1", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "timeout": 5, + "timeouts": null, + "type": "TCP", + "url_path": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_lb_listener_v2.main_haproxy_stats_listener", + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_lb_pool_v2.main_haproxy_stats_pool" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_pool_v2", + "name": "main_haproxy_http_pool", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "description": "Pool for the HTTP listener of the main HAPROXY instances", + "id": "8ed17fa2-9259-4511-a91f-24820d80983a", + "lb_method": "SOURCE_IP_PORT", + "listener_id": "ef26b673-26ff-4466-9c51-9114d85eeb64", + "loadbalancer_id": null, + "name": "main-haproxy-lb-http", + "persistence": [ + { + "cookie_name": "", + "type": "SOURCE_IP" + } + ], + "protocol": "TCP", + "region": "isti_area_pi_1", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_lb_listener_v2.main_haproxy_http_listener", + "openstack_lb_loadbalancer_v2.main_lb" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_pool_v2", + "name": "main_haproxy_https_pool", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "description": "Pool for the HTTPS listener of the main HAPROXY instances", + "id": "c631cfb1-327b-4e28-8d3c-8532f566a527", + "lb_method": "SOURCE_IP_PORT", + "listener_id": "eb03441a-3aa4-4221-a698-81062c2cb9c1", + "loadbalancer_id": null, + "name": "main-haproxy-lb-https", + "persistence": [ + { + "cookie_name": "", + "type": "SOURCE_IP" + } + ], + "protocol": "TCP", + "region": "isti_area_pi_1", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_lb_listener_v2.main_haproxy_https_listener", + "openstack_lb_loadbalancer_v2.main_lb" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_pool_v2", + "name": "main_haproxy_stats_pool", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "description": "Pool for the stats of the main HAPROXY instances", + "id": "281bb090-bd54-4c1f-97ea-e5d2d6cff28d", + "lb_method": "SOURCE_IP_PORT", + "listener_id": "d410acca-25e5-45a2-9d22-90f33f2730d4", + "loadbalancer_id": null, + "name": "main-haproxy-lb-stats", + "persistence": [ + { + "cookie_name": "", + "type": "SOURCE_IP" + } + ], + "protocol": "TCP", + "region": "isti_area_pi_1", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_lb_listener_v2.main_haproxy_stats_listener", + "openstack_lb_loadbalancer_v2.main_lb" + ] + } + ] + }, { "mode": "managed", "type": "openstack_networking_floatingip_associate_v2", @@ -1387,9 +2441,9 @@ "schema_version": 0, "attributes": { "fixed_ip": "10.10.0.20", - "floating_ip": "146.48.30.162", - "id": "96b66bce-e1bb-4bad-89ff-e6511d2b0068", - "port_id": "da981c5e-30a8-47d7-9451-6c2568943286", + "floating_ip": "146.48.30.30", + "id": "973de1d6-75e9-4b67-90fa-b24221975e6f", + "port_id": "af6ed877-0aa6-4728-bba2-4e99666eca8c", "region": "isti_area_pi_1" }, "sensitive_attributes": [], @@ -1413,9 +2467,9 @@ "schema_version": 0, "attributes": { "fixed_ip": "10.10.0.10", - "floating_ip": "146.48.31.149", - "id": "78e69528-4763-47e4-bb76-263871866f64", - "port_id": "14f4c125-725c-4a54-bb0e-d442f2dbc65a", + "floating_ip": "146.48.31.67", + "id": "35526990-3174-4822-aac3-b20a5c8a34bf", + "port_id": "a6cf4c4b-d5b8-4fd9-a9b7-5a355aeea808", "region": "isti_area_pi_1" }, "sensitive_attributes": [], @@ -1442,9 +2496,9 @@ "schema_version": 0, "attributes": { "fixed_ip": "10.10.0.5", - "floating_ip": "146.48.30.179", - "id": "b5fbccf0-fcd1-4402-924f-3a3624f5e265", - "port_id": "e1cf6d34-a286-4a19-aea2-100c8d087d41", + "floating_ip": "146.48.31.105", + "id": "a22d4285-4314-4dd9-9f8b-b52fb3f6dd60", + "port_id": "4ca1a42a-2cee-43a5-bec7-b044c1361af5", "region": "isti_area_pi_1" }, "sensitive_attributes": [], @@ -1469,20 +2523,20 @@ { "schema_version": 0, "attributes": { - "address": "146.48.30.162", + "address": "146.48.30.30", "all_tags": [], "description": "Main L4 load balancer for the S2I2S services", "dns_domain": "", "dns_name": "", - "fixed_ip": "", - "id": "96b66bce-e1bb-4bad-89ff-e6511d2b0068", + "fixed_ip": "10.10.0.20", + "id": "973de1d6-75e9-4b67-90fa-b24221975e6f", "pool": "external-network", - "port_id": "", + "port_id": "af6ed877-0aa6-4728-bba2-4e99666eca8c", "region": "isti_area_pi_1", "subnet_id": null, "subnet_ids": null, - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "value_specs": null }, @@ -1501,20 +2555,20 @@ { "schema_version": 0, "attributes": { - "address": "146.48.31.149", + "address": "146.48.31.67", "all_tags": [], "description": "Prometheus server", "dns_domain": "", "dns_name": "", - "fixed_ip": "", - "id": "78e69528-4763-47e4-bb76-263871866f64", + "fixed_ip": "10.10.0.10", + "id": "35526990-3174-4822-aac3-b20a5c8a34bf", "pool": "external-network", - "port_id": "", + "port_id": "a6cf4c4b-d5b8-4fd9-a9b7-5a355aeea808", "region": "isti_area_pi_1", "subnet_id": null, "subnet_ids": null, - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "value_specs": null }, @@ -1533,20 +2587,20 @@ { "schema_version": 0, "attributes": { - "address": "146.48.30.179", + "address": "146.48.31.105", "all_tags": [], "description": "SSH Proxy Jump Server", "dns_domain": "", "dns_name": "", - "fixed_ip": "", - "id": "b5fbccf0-fcd1-4402-924f-3a3624f5e265", + "fixed_ip": "10.10.0.5", + "id": "a22d4285-4314-4dd9-9f8b-b52fb3f6dd60", "pool": "external-network", - "port_id": "", + "port_id": "4ca1a42a-2cee-43a5-bec7-b044c1361af5", "region": "isti_area_pi_1", "subnet_id": null, "subnet_ids": null, - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "value_specs": null }, @@ -1570,51 +2624,51 @@ "10.10.0.4" ], "all_security_group_ids": [ - "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e" + "1ec8a419-f9cf-473f-a022-6499d67d57b8" ], "all_tags": [], "allowed_address_pairs": [], "binding": [ { "host_id": "", - "profile": "{}", + "profile": "", "vif_details": {}, - "vif_type": "unbound", + "vif_type": "", "vnic_type": "normal" } ], "description": "", - "device_id": "", - "device_owner": "", + "device_id": "286b7a4d-33c6-451f-9019-d9fd79265181", + "device_owner": "compute:cnr-isti-nova-a", "dns_assignment": [ { - "fqdn": "host-10-10-0-4.internal-cloud.isti.cnr.it.", - "hostname": "host-10-10-0-4", + "fqdn": "ca.internal-cloud.isti.cnr.it.", + "hostname": "ca", "ip_address": "10.10.0.4" } ], - "dns_name": "", + "dns_name": "ca", "extra_dhcp_option": [], "fixed_ip": [ { "ip_address": "10.10.0.4", - "subnet_id": "0a5dd0f6-e23d-469e-982c-7bb280221c12" + "subnet_id": "19c649ee-96ea-438b-ac0c-512afdf5046d" } ], - "id": "8fafcb49-0b9b-49df-9c1b-fa7c377f7975", - "mac_address": "fa:16:3e:24:37:3f", + "id": "22a51c59-75c8-4031-a283-212751553d12", + "mac_address": "fa:16:3e:21:d8:29", "name": "ca-port", - "network_id": "9b3cd2d7-f9f0-4d4a-ae0b-29c8ceb055f4", + "network_id": "f371c239-6d5d-4ac8-a17e-af607752d82c", "no_fixed_ip": null, "no_security_groups": null, "port_security_enabled": true, "qos_policy_id": "", "region": "isti_area_pi_1", "security_group_ids": [ - "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e" + "1ec8a419-f9cf-473f-a022-6499d67d57b8" ], - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "value_specs": null }, @@ -1643,53 +2697,53 @@ "10.10.0.11" ], "all_security_group_ids": [ - "68966027-d706-441f-8540-499cd44034af", - "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e" + "1ec8a419-f9cf-473f-a022-6499d67d57b8", + "613cacac-ac46-46ab-ba7a-d66f61cce84d" ], "all_tags": [], "allowed_address_pairs": [], "binding": [ { "host_id": "", - "profile": "{}", + "profile": "", "vif_details": {}, - "vif_type": "unbound", + "vif_type": "", "vnic_type": "normal" } ], "description": "", - "device_id": "", - "device_owner": "", + "device_id": "b42a0e99-6172-4a5d-886c-c0fb016da60e", + "device_owner": "compute:cnr-isti-nova-a", "dns_assignment": [ { - "fqdn": "host-10-10-0-11.internal-cloud.isti.cnr.it.", - "hostname": "host-10-10-0-11", + "fqdn": "main-haproxy-l7-01.internal-cloud.isti.cnr.it.", + "hostname": "main-haproxy-l7-01", "ip_address": "10.10.0.11" } ], - "dns_name": "", + "dns_name": "main-haproxy-l7-01", "extra_dhcp_option": [], "fixed_ip": [ { "ip_address": "10.10.0.11", - "subnet_id": "0a5dd0f6-e23d-469e-982c-7bb280221c12" + "subnet_id": "19c649ee-96ea-438b-ac0c-512afdf5046d" } ], - "id": "e96b8b2c-1e4f-490d-9db8-398f7a0e3f4a", - "mac_address": "fa:16:3e:c5:68:fb", + "id": "bd7d2fb6-db15-42d5-9779-1411c914a65e", + "mac_address": "fa:16:3e:b1:42:7f", "name": "main-haproxy-l7-01-port", - "network_id": "9b3cd2d7-f9f0-4d4a-ae0b-29c8ceb055f4", + "network_id": "f371c239-6d5d-4ac8-a17e-af607752d82c", "no_fixed_ip": null, "no_security_groups": null, "port_security_enabled": true, "qos_policy_id": "", "region": "isti_area_pi_1", "security_group_ids": [ - "68966027-d706-441f-8540-499cd44034af", - "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e" + "1ec8a419-f9cf-473f-a022-6499d67d57b8", + "613cacac-ac46-46ab-ba7a-d66f61cce84d" ], - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "value_specs": null }, @@ -1711,53 +2765,53 @@ "10.10.0.12" ], "all_security_group_ids": [ - "68966027-d706-441f-8540-499cd44034af", - "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e" + "1ec8a419-f9cf-473f-a022-6499d67d57b8", + "613cacac-ac46-46ab-ba7a-d66f61cce84d" ], "all_tags": [], "allowed_address_pairs": [], "binding": [ { "host_id": "", - "profile": "{}", + "profile": "", "vif_details": {}, - "vif_type": "unbound", + "vif_type": "", "vnic_type": "normal" } ], "description": "", - "device_id": "", - "device_owner": "", + "device_id": "b770644a-5c39-4db2-8811-fb62751bd789", + "device_owner": "compute:cnr-isti-nova-a", "dns_assignment": [ { - "fqdn": "host-10-10-0-12.internal-cloud.isti.cnr.it.", - "hostname": "host-10-10-0-12", + "fqdn": "main-haproxy-l7-02.internal-cloud.isti.cnr.it.", + "hostname": "main-haproxy-l7-02", "ip_address": "10.10.0.12" } ], - "dns_name": "", + "dns_name": "main-haproxy-l7-02", "extra_dhcp_option": [], "fixed_ip": [ { "ip_address": "10.10.0.12", - "subnet_id": "0a5dd0f6-e23d-469e-982c-7bb280221c12" + "subnet_id": "19c649ee-96ea-438b-ac0c-512afdf5046d" } ], - "id": "162ae928-c2e4-449e-9521-835ad03e339d", - "mac_address": "fa:16:3e:9d:d6:e4", + "id": "3018d5db-3d39-472f-b623-07c85e792ed5", + "mac_address": "fa:16:3e:a9:49:bb", "name": "main-haproxy-l7-02-port", - "network_id": "9b3cd2d7-f9f0-4d4a-ae0b-29c8ceb055f4", + "network_id": "f371c239-6d5d-4ac8-a17e-af607752d82c", "no_fixed_ip": null, "no_security_groups": null, "port_security_enabled": true, "qos_policy_id": "", "region": "isti_area_pi_1", "security_group_ids": [ - "68966027-d706-441f-8540-499cd44034af", - "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e" + "1ec8a419-f9cf-473f-a022-6499d67d57b8", + "613cacac-ac46-46ab-ba7a-d66f61cce84d" ], - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "value_specs": null }, @@ -1786,55 +2840,55 @@ "10.10.0.10" ], "all_security_group_ids": [ - "54be0898-6c08-400b-9503-9d9dce935371", - "91492d1d-06dc-48e9-91f8-567c3c77d7d5", - "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e" + "1ec8a419-f9cf-473f-a022-6499d67d57b8", + "359d7ae7-cdff-47c2-bf69-7d423860d2d2", + "48e9366f-23a8-47df-abcd-66f84d4af395" ], "all_tags": [], "allowed_address_pairs": [], "binding": [ { "host_id": "", - "profile": "{}", + "profile": "", "vif_details": {}, - "vif_type": "unbound", + "vif_type": "", "vnic_type": "normal" } ], "description": "", - "device_id": "", - "device_owner": "", + "device_id": "d2a37e7c-3eaa-4929-b70d-cfb55416d8bc", + "device_owner": "compute:cnr-isti-nova-a", "dns_assignment": [ { - "fqdn": "host-10-10-0-10.internal-cloud.isti.cnr.it.", - "hostname": "host-10-10-0-10", + "fqdn": "prometheus.internal-cloud.isti.cnr.it.", + "hostname": "prometheus", "ip_address": "10.10.0.10" } ], - "dns_name": "", + "dns_name": "prometheus", "extra_dhcp_option": [], "fixed_ip": [ { "ip_address": "10.10.0.10", - "subnet_id": "0a5dd0f6-e23d-469e-982c-7bb280221c12" + "subnet_id": "19c649ee-96ea-438b-ac0c-512afdf5046d" } ], - "id": "14f4c125-725c-4a54-bb0e-d442f2dbc65a", - "mac_address": "fa:16:3e:e1:d2:19", + "id": "a6cf4c4b-d5b8-4fd9-a9b7-5a355aeea808", + "mac_address": "fa:16:3e:bc:2d:03", "name": "prometheus-port", - "network_id": "9b3cd2d7-f9f0-4d4a-ae0b-29c8ceb055f4", + "network_id": "f371c239-6d5d-4ac8-a17e-af607752d82c", "no_fixed_ip": null, "no_security_groups": null, "port_security_enabled": true, "qos_policy_id": "", "region": "isti_area_pi_1", "security_group_ids": [ - "54be0898-6c08-400b-9503-9d9dce935371", - "91492d1d-06dc-48e9-91f8-567c3c77d7d5", - "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e" + "1ec8a419-f9cf-473f-a022-6499d67d57b8", + "359d7ae7-cdff-47c2-bf69-7d423860d2d2", + "48e9366f-23a8-47df-abcd-66f84d4af395" ], - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "value_specs": null }, @@ -1864,53 +2918,53 @@ "10.10.0.5" ], "all_security_group_ids": [ - "0f52158e-c767-4baf-9d6d-1986ca886dd0", - "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e" + "1ec8a419-f9cf-473f-a022-6499d67d57b8", + "4c6b6683-77fa-4d1a-8ba2-41acf10a12ba" ], "all_tags": [], "allowed_address_pairs": [], "binding": [ { "host_id": "", - "profile": "{}", + "profile": "", "vif_details": {}, - "vif_type": "unbound", + "vif_type": "", "vnic_type": "normal" } ], "description": "", - "device_id": "", - "device_owner": "", + "device_id": "6aed1634-ec4e-43b0-a8c6-2da42a27ad25", + "device_owner": "compute:cnr-isti-nova-a", "dns_assignment": [ { - "fqdn": "host-10-10-0-5.internal-cloud.isti.cnr.it.", - "hostname": "host-10-10-0-5", + "fqdn": "ssh-jump-proxy.internal-cloud.isti.cnr.it.", + "hostname": "ssh-jump-proxy", "ip_address": "10.10.0.5" } ], - "dns_name": "", + "dns_name": "ssh-jump-proxy", "extra_dhcp_option": [], "fixed_ip": [ { "ip_address": "10.10.0.5", - "subnet_id": "0a5dd0f6-e23d-469e-982c-7bb280221c12" + "subnet_id": "19c649ee-96ea-438b-ac0c-512afdf5046d" } ], - "id": "e1cf6d34-a286-4a19-aea2-100c8d087d41", - "mac_address": "fa:16:3e:36:7c:5c", + "id": "4ca1a42a-2cee-43a5-bec7-b044c1361af5", + "mac_address": "fa:16:3e:75:76:4e", "name": "ssh-jump-proxy-port", - "network_id": "9b3cd2d7-f9f0-4d4a-ae0b-29c8ceb055f4", + "network_id": "f371c239-6d5d-4ac8-a17e-af607752d82c", "no_fixed_ip": null, "no_security_groups": null, "port_security_enabled": true, "qos_policy_id": "", "region": "isti_area_pi_1", "security_group_ids": [ - "0f52158e-c767-4baf-9d6d-1986ca886dd0", - "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e" + "1ec8a419-f9cf-473f-a022-6499d67d57b8", + "4c6b6683-77fa-4d1a-8ba2-41acf10a12ba" ], - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null, "value_specs": null }, @@ -1937,15 +2991,15 @@ "description": "", "direction": "egress", "ethertype": "IPv4", - "id": "414f9a17-37a2-4149-9654-037ca7bc102e", + "id": "b231bb15-1585-4c96-9b48-b6907d89cf1d", "port_range_max": 0, "port_range_min": 0, "protocol": "", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "", - "security_group_id": "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "1ec8a419-f9cf-473f-a022-6499d67d57b8", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -1969,15 +3023,15 @@ "description": "Allow HTTPS from grafana.d4science.org", "direction": "ingress", "ethertype": "IPv4", - "id": "5e39f441-ea00-4953-a02c-0212757783f8", + "id": "2f887282-b19c-4223-9db7-cb1c47e50e4d", "port_range_max": 443, "port_range_min": 443, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "146.48.28.103/32", - "security_group_id": "91492d1d-06dc-48e9-91f8-567c3c77d7d5", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "48e9366f-23a8-47df-abcd-66f84d4af395", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2001,15 +3055,15 @@ "description": "HTTPS traffic from HAPROXY L7 1", "direction": "ingress", "ethertype": "IPv4", - "id": "80d8b03b-7630-4283-ad02-c75e1f8cef6d", + "id": "8f5353f9-98a9-4dc2-aa32-cb0a007bd182", "port_range_max": 443, "port_range_min": 443, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.11/32", - "security_group_id": "1556ed52-f8d4-4f80-acbf-5b62c47b20bb", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "56ba7585-659a-49ac-8d8e-c85ebcb1179f", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2033,15 +3087,15 @@ "description": "HTTP traffic from HAPROXY L7 1", "direction": "ingress", "ethertype": "IPv4", - "id": "558f252b-f799-4b95-8b12-8a4d7bd9e47d", + "id": "9cb7007d-1d03-44e7-9e99-816afc7ba905", "port_range_max": 80, "port_range_min": 80, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.11/32", - "security_group_id": "1556ed52-f8d4-4f80-acbf-5b62c47b20bb", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "56ba7585-659a-49ac-8d8e-c85ebcb1179f", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2065,15 +3119,15 @@ "description": "HTTP traffic from HAPROXY L7 1", "direction": "ingress", "ethertype": "IPv4", - "id": "84034709-9cae-494f-b7a0-fd49afae8783", + "id": "b02fab4f-49b2-475b-8c37-0104210ae4af", "port_range_max": 8080, "port_range_min": 8080, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.11/32", - "security_group_id": "1556ed52-f8d4-4f80-acbf-5b62c47b20bb", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "56ba7585-659a-49ac-8d8e-c85ebcb1179f", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2097,15 +3151,15 @@ "description": "HTTP traffic from HAPROXY L7 1", "direction": "ingress", "ethertype": "IPv4", - "id": "c379f3c4-866e-43d3-a76a-ba7b3a51c6b9", + "id": "e4721ff4-95ba-4c3f-a4c4-f09f578ee377", "port_range_max": 8888, "port_range_min": 8888, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.11/32", - "security_group_id": "1556ed52-f8d4-4f80-acbf-5b62c47b20bb", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "56ba7585-659a-49ac-8d8e-c85ebcb1179f", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2129,15 +3183,15 @@ "description": "HTTPS traffic from HAPROXY L7 2", "direction": "ingress", "ethertype": "IPv4", - "id": "b26ef85e-5760-4467-9d63-28d1e522c1d1", + "id": "0de5b769-eb27-4636-b453-47105706cc40", "port_range_max": 443, "port_range_min": 443, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.12/32", - "security_group_id": "1556ed52-f8d4-4f80-acbf-5b62c47b20bb", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "56ba7585-659a-49ac-8d8e-c85ebcb1179f", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2161,15 +3215,15 @@ "description": "HTTP traffic from HAPROXY L7 2", "direction": "ingress", "ethertype": "IPv4", - "id": "07eefd95-b2a0-445a-83b7-65e3df680fdc", + "id": "480b75d2-2c6e-4e2b-8f2f-7a30c27c767c", "port_range_max": 80, "port_range_min": 80, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.12/32", - "security_group_id": "1556ed52-f8d4-4f80-acbf-5b62c47b20bb", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "56ba7585-659a-49ac-8d8e-c85ebcb1179f", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2193,15 +3247,15 @@ "description": "HTTP traffic from HAPROXY L7 2", "direction": "ingress", "ethertype": "IPv4", - "id": "a0db70d8-dccc-413b-a06c-abf85fb9f0bc", + "id": "12bd97f1-9a9b-46b8-96dd-2adda86f3475", "port_range_max": 8080, "port_range_min": 8080, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.12/32", - "security_group_id": "1556ed52-f8d4-4f80-acbf-5b62c47b20bb", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "56ba7585-659a-49ac-8d8e-c85ebcb1179f", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2225,15 +3279,15 @@ "description": "HTTP traffic from HAPROXY L7 2", "direction": "ingress", "ethertype": "IPv4", - "id": "73b6f584-c824-4957-b9a3-3630b9e24863", + "id": "cc6792c1-b5aa-4835-a293-7284fc144e30", "port_range_max": 8888, "port_range_min": 8888, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.12/32", - "security_group_id": "1556ed52-f8d4-4f80-acbf-5b62c47b20bb", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "56ba7585-659a-49ac-8d8e-c85ebcb1179f", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2245,6 +3299,70 @@ } ] }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "haproxy_l7_1_peer", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Peer traffic from haproxy l7 1 to l7 2", + "direction": "ingress", + "ethertype": "IPv4", + "id": "f916f790-e372-4393-b0e2-d4f56a47db63", + "port_range_max": 10000, + "port_range_min": 10000, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.10.0.11/32", + "security_group_id": "613cacac-ac46-46ab-ba7a-d66f61cce84d", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "haproxy_l7_2_peer", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Peer traffic from haproxy l7 2 to l7 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "7dfd1cd5-e533-4d80-a4ba-9fabba824634", + "port_range_max": 10000, + "port_range_min": 10000, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.10.0.12/32", + "security_group_id": "613cacac-ac46-46ab-ba7a-d66f61cce84d", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, { "mode": "managed", "type": "openstack_networking_secgroup_rule_v2", @@ -2257,15 +3375,15 @@ "description": "Allow HTTP from everywhere", "direction": "ingress", "ethertype": "IPv4", - "id": "330f6f9f-ed8a-4261-b0dc-0a3708d251c7", + "id": "8e2d9198-7b9e-45a3-ada2-f62924d86e2f", "port_range_max": 80, "port_range_min": 80, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "0.0.0.0/0", - "security_group_id": "54be0898-6c08-400b-9503-9d9dce935371", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "359d7ae7-cdff-47c2-bf69-7d423860d2d2", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2289,15 +3407,15 @@ "description": "Allow HTTPS from D4Science VPN 1", "direction": "ingress", "ethertype": "IPv4", - "id": "4381df2b-f45f-4d9e-8f59-9b93472be73b", + "id": "cf5e6a80-2ef1-4261-85b4-fc53f10fc932", "port_range_max": 443, "port_range_min": 443, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "146.48.122.27/32", - "security_group_id": "54be0898-6c08-400b-9503-9d9dce935371", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "359d7ae7-cdff-47c2-bf69-7d423860d2d2", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2321,15 +3439,15 @@ "description": "Allow HTTPS from D4Science VPN 2", "direction": "ingress", "ethertype": "IPv4", - "id": "20941d5a-e371-4eea-9ca0-24b71d2c8239", + "id": "84bb5373-36e6-49a6-8605-c689e476833d", "port_range_max": 443, "port_range_min": 443, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "146.48.122.49/32", - "security_group_id": "54be0898-6c08-400b-9503-9d9dce935371", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "359d7ae7-cdff-47c2-bf69-7d423860d2d2", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2353,15 +3471,15 @@ "description": "Allow HTTPS from S2I2S VPN 1", "direction": "ingress", "ethertype": "IPv4", - "id": "79287b9b-cbc2-41eb-aa32-d1b44c3b2080", + "id": "6822707c-ca3a-4230-ab91-075310c4277a", "port_range_max": 443, "port_range_min": 443, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "146.48.28.10/32", - "security_group_id": "54be0898-6c08-400b-9503-9d9dce935371", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "359d7ae7-cdff-47c2-bf69-7d423860d2d2", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2385,15 +3503,15 @@ "description": "Allow HTTPS from S2I2S VPN 2", "direction": "ingress", "ethertype": "IPv4", - "id": "1370c330-ae0f-444e-8f9c-f4428b4412c6", + "id": "b981a99f-0a99-4d76-8da4-316542afba4d", "port_range_max": 443, "port_range_min": 443, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "146.48.28.11/32", - "security_group_id": "54be0898-6c08-400b-9503-9d9dce935371", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "359d7ae7-cdff-47c2-bf69-7d423860d2d2", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2417,15 +3535,15 @@ "description": "Allow HTTPS from shell.d4science.org", "direction": "ingress", "ethertype": "IPv4", - "id": "f5ffc1f1-1e95-4a15-99ad-b5e3dc2d9032", + "id": "b8a463f6-5587-4495-ac71-f0f34abf78e7", "port_range_max": 443, "port_range_min": 443, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "146.48.122.95/32", - "security_group_id": "54be0898-6c08-400b-9503-9d9dce935371", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "359d7ae7-cdff-47c2-bf69-7d423860d2d2", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2449,15 +3567,15 @@ "description": "Allow ICMP from remote", "direction": "ingress", "ethertype": "IPv4", - "id": "945e9b59-37f5-41f5-af7d-040c97145b24", + "id": "a2344bc4-79ca-4458-9185-b63791b50f0f", "port_range_max": 0, "port_range_min": 0, "protocol": "icmp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "0.0.0.0/0", - "security_group_id": "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "1ec8a419-f9cf-473f-a022-6499d67d57b8", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2469,6 +3587,72 @@ } ] }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "octavia_to_haproxy_l7_443", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Traffic from the octavia lb instance to HAPROXY l7 port 443", + "direction": "ingress", + "ethertype": "IPv4", + "id": "05ecdb59-5b66-4120-824a-ede0038e155c", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.10.0.0/21", + "security_group_id": "613cacac-ac46-46ab-ba7a-d66f61cce84d", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "octavia_to_haproxy_l7_80", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Traffic from the octavia lb instance to HAPROXY l7 port 80", + "direction": "ingress", + "ethertype": "IPv4", + "id": "17091b8b-774e-4760-8276-8e66eac4cfd4", + "port_range_max": 80, + "port_range_min": 80, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.10.0.0/21", + "security_group_id": "613cacac-ac46-46ab-ba7a-d66f61cce84d", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, { "mode": "managed", "type": "openstack_networking_secgroup_rule_v2", @@ -2481,15 +3665,15 @@ "description": "Traffic from the octavia lb instance to HAPROXY l7 port 8880", "direction": "ingress", "ethertype": "IPv4", - "id": "ff4620b9-1c81-46f7-b2be-bb94adbe07af", + "id": "2af01d24-e99a-4029-b27a-ff9b605015f8", "port_range_max": 8880, "port_range_min": 8880, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.0/21", - "security_group_id": "68966027-d706-441f-8540-499cd44034af", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "613cacac-ac46-46ab-ba7a-d66f61cce84d", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2514,15 +3698,15 @@ "description": "Prometheus access to the node exporter", "direction": "ingress", "ethertype": "IPv4", - "id": "8bd92fdb-683f-42cd-8e77-7906e4a5922d", + "id": "df3d2e24-2457-4140-af24-6d59d536c421", "port_range_max": 9100, "port_range_min": 9100, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.10/32", - "security_group_id": "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "1ec8a419-f9cf-473f-a022-6499d67d57b8", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2546,15 +3730,15 @@ "description": "Allow HTTP from everywhere", "direction": "ingress", "ethertype": "IPv4", - "id": "99eb7104-e65c-47a3-82d9-16f33134f297", + "id": "58149f48-3a84-4e0e-aa70-734f479c020f", "port_range_max": 80, "port_range_min": 80, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "0.0.0.0/0", - "security_group_id": "c0ec12e4-9a8f-4534-bfd2-d6892a1d6cc0", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "31140e64-667a-4044-b388-79afcc6bcb69", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2578,15 +3762,15 @@ "description": "Allow HTTPS from everywhere", "direction": "ingress", "ethertype": "IPv4", - "id": "c537450d-693b-45ef-b461-2b76b872a1ba", + "id": "9a3826c7-105e-4761-8a7b-fb2d9f63c27c", "port_range_max": 443, "port_range_min": 443, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "0.0.0.0/0", - "security_group_id": "c0ec12e4-9a8f-4534-bfd2-d6892a1d6cc0", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "31140e64-667a-4044-b388-79afcc6bcb69", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2610,15 +3794,15 @@ "description": "https debug port 443 from the shell jump proxy", "direction": "ingress", "ethertype": "IPv4", - "id": "0060b542-b01e-48c5-95b1-99a7f24423b1", + "id": "0e2a05db-a7c9-489f-9b8a-6445022e9420", "port_range_max": 443, "port_range_min": 443, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.5/32", - "security_group_id": "9e217f67-497f-4e4c-98fc-8ba9bdfb29c9", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "6c21f51b-9cad-4051-99b6-221bed658a83", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2642,15 +3826,15 @@ "description": "http debug port 80 from the shell jump proxy", "direction": "ingress", "ethertype": "IPv4", - "id": "52efb525-7933-441a-b6bc-4eb351ff8f6a", + "id": "0456811c-4ebb-489d-8387-aedd09eb349a", "port_range_max": 80, "port_range_min": 80, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.5/32", - "security_group_id": "9e217f67-497f-4e4c-98fc-8ba9bdfb29c9", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "6c21f51b-9cad-4051-99b6-221bed658a83", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2674,15 +3858,15 @@ "description": "Tomcat debug on port 8100 from the shell jump proxy", "direction": "ingress", "ethertype": "IPv4", - "id": "557e734f-ed4e-4834-845d-f5671e99f16e", + "id": "c479d69a-8000-4d6b-985d-c8b9b58f7a7f", "port_range_max": 8100, "port_range_min": 8100, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.5/32", - "security_group_id": "9e217f67-497f-4e4c-98fc-8ba9bdfb29c9", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "6c21f51b-9cad-4051-99b6-221bed658a83", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2706,15 +3890,15 @@ "description": "SSH traffic from D4Science VPN 1", "direction": "ingress", "ethertype": "IPv4", - "id": "abe6773f-24b8-45cc-8903-cd9f15973746", + "id": "30eebdd6-f912-44ba-ba2a-f54c0e89449d", "port_range_max": 22, "port_range_min": 22, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "146.48.122.27/32", - "security_group_id": "0f52158e-c767-4baf-9d6d-1986ca886dd0", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "4c6b6683-77fa-4d1a-8ba2-41acf10a12ba", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2738,15 +3922,15 @@ "description": "SSH traffic from D4Science VPN 2", "direction": "ingress", "ethertype": "IPv4", - "id": "d756951e-6973-474c-b72c-8b9b93f7ce23", + "id": "ffa7c61d-9963-4da0-a713-00fda18d7e38", "port_range_max": 22, "port_range_min": 22, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "146.48.122.49/32", - "security_group_id": "0f52158e-c767-4baf-9d6d-1986ca886dd0", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "4c6b6683-77fa-4d1a-8ba2-41acf10a12ba", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2770,15 +3954,15 @@ "description": "SSH traffic from the InfraScience network", "direction": "ingress", "ethertype": "IPv4", - "id": "6ac4707b-92fc-4937-8dcc-8399b6d1b3fe", + "id": "f8010337-c98b-4adc-8285-bfb8eb7f0fa1", "port_range_max": 22, "port_range_min": 22, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "146.48.122.0/23", - "security_group_id": "0f52158e-c767-4baf-9d6d-1986ca886dd0", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "4c6b6683-77fa-4d1a-8ba2-41acf10a12ba", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2802,15 +3986,15 @@ "description": "SSH traffic from the jump proxy", "direction": "ingress", "ethertype": "IPv4", - "id": "25c5c1fc-b41d-42b6-8b80-39c6bc7966d4", + "id": "43f8a26d-29f6-4790-ab01-f4b12c9c52a8", "port_range_max": 22, "port_range_min": 22, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "10.10.0.5/32", - "security_group_id": "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "1ec8a419-f9cf-473f-a022-6499d67d57b8", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2834,15 +4018,15 @@ "description": "SSH traffic from S2I2S VPN 1", "direction": "ingress", "ethertype": "IPv4", - "id": "ef6e1012-da47-48ba-9101-841b59cbbfea", + "id": "b2165477-3d0b-489f-945c-d2ca9e6abd22", "port_range_max": 22, "port_range_min": 22, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "146.48.28.10/32", - "security_group_id": "0f52158e-c767-4baf-9d6d-1986ca886dd0", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "4c6b6683-77fa-4d1a-8ba2-41acf10a12ba", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2866,15 +4050,15 @@ "description": "SSH traffic from S2I2S VPN 2", "direction": "ingress", "ethertype": "IPv4", - "id": "9f49d053-e4aa-44b6-8dfe-926e3c87567f", + "id": "9410e2a2-9109-4f09-8248-a6a1c7962260", "port_range_max": 22, "port_range_min": 22, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "146.48.28.11/32", - "security_group_id": "0f52158e-c767-4baf-9d6d-1986ca886dd0", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "4c6b6683-77fa-4d1a-8ba2-41acf10a12ba", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2898,15 +4082,15 @@ "description": "SSH traffic from shell.d4science.org", "direction": "ingress", "ethertype": "IPv4", - "id": "b5855fc9-b5ee-489f-97bd-8fec48fefe07", + "id": "2533f58b-fe98-4202-841c-f00f58bca4dc", "port_range_max": 22, "port_range_min": 22, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", "remote_ip_prefix": "146.48.122.95/32", - "security_group_id": "0f52158e-c767-4baf-9d6d-1986ca886dd0", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "security_group_id": "4c6b6683-77fa-4d1a-8ba2-41acf10a12ba", + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2930,11 +4114,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Security group that allows SSH access to the jump node from a limited set of sources", - "id": "0f52158e-c767-4baf-9d6d-1986ca886dd0", + "id": "4c6b6683-77fa-4d1a-8ba2-41acf10a12ba", "name": "ssh_access_to_the_jump_node", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2955,11 +4139,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Security group that allows web app debugging via tunnel from the ssh jump node", - "id": "9e217f67-497f-4e4c-98fc-8ba9bdfb29c9", + "id": "6c21f51b-9cad-4051-99b6-221bed658a83", "name": "debugging_from_jump_node", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -2980,11 +4164,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Default security group with rules for ssh access via jump proxy, prometheus scraping", - "id": "c4a3a99c-83e0-46b6-9a28-62d742b6ec0e", + "id": "1ec8a419-f9cf-473f-a022-6499d67d57b8", "name": "default_for_all", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -3005,11 +4189,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Traffic coming from the main L4 lb directed to the haproxy l7 servers", - "id": "68966027-d706-441f-8540-499cd44034af", + "id": "613cacac-ac46-46ab-ba7a-d66f61cce84d", "name": "traffic_from_main_lb_to_haproxy_l7", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -3030,11 +4214,11 @@ "all_tags": [], "delete_default_rules": true, "description": "The public grafana server must be able to get data from Prometheus", - "id": "91492d1d-06dc-48e9-91f8-567c3c77d7d5", + "id": "48e9366f-23a8-47df-abcd-66f84d4af395", "name": "prometheus_access_from_grafana", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -3055,11 +4239,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Security group that allows HTTPS and HTTP from everywhere, for the services that are not behind any load balancer", - "id": "c0ec12e4-9a8f-4534-bfd2-d6892a1d6cc0", + "id": "31140e64-667a-4044-b388-79afcc6bcb69", "name": "public_web_service", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -3080,11 +4264,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Security group that restricts HTTPS sources to the VPN nodes and shell.d4science.org. HTTP is open to all, because letsencrypt", - "id": "54be0898-6c08-400b-9503-9d9dce935371", + "id": "359d7ae7-cdff-47c2-bf69-7d423860d2d2", "name": "restricted_web_service", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [], @@ -3105,11 +4289,11 @@ "all_tags": [], "delete_default_rules": true, "description": "Allow traffic from the main L7 HAPROXY load balancers", - "id": "1556ed52-f8d4-4f80-acbf-5b62c47b20bb", + "id": "56ba7585-659a-49ac-8d8e-c85ebcb1179f", "name": "traffic_from_the_main_load_balancers", "region": "isti_area_pi_1", - "tags": null, - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "tags": [], + "tenant_id": "d0dcc2b7f3004c9a81b87ab60ec3c0d3", "timeouts": null }, "sensitive_attributes": [],