Fix some syntax errors and deploy the projects.

s2i2s/project-setup/octavia.tf

@@ -3,6 +3,10 @@
 # - No amphora VMs needed
 # - Uses the main subnet directly
 # - Lower overhead and faster provisioning
+# OVN limitations:
+# - Does not support allowed_cidrs on listeners
+# - Only supports ROUND_ROBIN and SOURCE_IP_PORT lb_method (not LEAST_CONNECTIONS)
+# - Only supports TCP and UDP-CONNECT health monitors (not HTTP/HTTPS)
 
 resource "openstack_lb_loadbalancer_v2" "main_lb" {
   vip_subnet_id         = local.main_private_subnet_id
@@ -37,19 +41,20 @@ resource "openstack_dns_recordset_v2" "main_lb_dns_recordset" {
 }
 
 # Main HAPROXY stats listener
+# Note: OVN provider does not support allowed_cidrs option.
+# Access restriction must be handled at the HAProxy level or via security groups.
 resource "openstack_lb_listener_v2" "main_haproxy_stats_listener" {
   loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id
   protocol        = "TCP"
   protocol_port   = 8880
   description     = "Listener for the stats of the main HAPROXY instances"
   name            = "main_haproxy_stats_listener"
-  allowed_cidrs   = [local.ssh_sources.d4s_vpn_1_cidr, local.ssh_sources.d4s_vpn_2_cidr, local.ssh_sources.s2i2s_vpn_1_cidr, local.ssh_sources.s2i2s_vpn_2_cidr]
 }
 
 resource "openstack_lb_pool_v2" "main_haproxy_stats_pool" {
   listener_id = openstack_lb_listener_v2.main_haproxy_stats_listener.id
   protocol    = "TCP"
-  lb_method   = "LEAST_CONNECTIONS"
+  lb_method   = "SOURCE_IP_PORT"
   name        = "main-haproxy-lb-stats"
   description = "Pool for the stats of the main HAPROXY instances"
   persistence {
@@ -94,7 +99,7 @@ resource "openstack_lb_listener_v2" "main_haproxy_http_listener" {
 resource "openstack_lb_pool_v2" "main_haproxy_http_pool" {
   listener_id = openstack_lb_listener_v2.main_haproxy_http_listener.id
   protocol    = "TCP"
-  lb_method   = "LEAST_CONNECTIONS"
+  lb_method   = "SOURCE_IP_PORT"
   name        = "main-haproxy-lb-http"
   description = "Pool for the HTTP listener of the main HAPROXY instances"
   persistence {
@@ -120,10 +125,7 @@ resource "openstack_lb_members_v2" "main_haproxy_http_pool_members" {
 resource "openstack_lb_monitor_v2" "main_haproxy_http_monitor" {
   pool_id        = openstack_lb_pool_v2.main_haproxy_http_pool.id
   name           = "main_haproxy_http_monitor"
-  type           = "HTTP"
+  type           = "TCP"
-  http_method    = "GET"
-  url_path       = "/_haproxy_health_check"
-  expected_codes = "200"
   delay          = 20
   timeout        = 5
   max_retries    = 3
@@ -146,7 +148,7 @@ resource "openstack_lb_listener_v2" "main_haproxy_https_listener" {
 resource "openstack_lb_pool_v2" "main_haproxy_https_pool" {
   listener_id = openstack_lb_listener_v2.main_haproxy_https_listener.id
   protocol    = "TCP"
-  lb_method   = "LEAST_CONNECTIONS"
+  lb_method   = "SOURCE_IP_PORT"
   name        = "main-haproxy-lb-https"
   description = "Pool for the HTTPS listener of the main HAPROXY instances"
   persistence {
@@ -172,10 +174,7 @@ resource "openstack_lb_members_v2" "main_haproxy_https_pool_members" {
 resource "openstack_lb_monitor_v2" "main_haproxy_https_monitor" {
   pool_id        = openstack_lb_pool_v2.main_haproxy_https_pool.id
   name           = "main_haproxy_https_monitor"
-  type           = "HTTPS"
+  type           = "TCP"
-  http_method    = "GET"
-  url_path       = "/_haproxy_health_check"
-  expected_codes = "200"
   delay          = 20
   timeout        = 5
   max_retries    = 3

s2i2s/project-setup/provider.tf

@@ -10,5 +10,5 @@ terraform {
 }
 
 provider "openstack" {
-  cloud = "ISTI-Cloud"
+  cloud = "s2i2s"
 }