diff --git a/modules/labs_common_variables/variables.tf b/modules/labs_common_variables/variables.tf
index c5b78bc..c5e496d 100644
--- a/modules/labs_common_variables/variables.tf
+++ b/modules/labs_common_variables/variables.tf
@@ -67,8 +67,8 @@ variable "centos_7" {
 variable "almalinux_9" {
   type = map(string)
   default = {
-    name           = "AlmaLinux-9.0-20220718"
-    uuid           = "541650fc-dd19-4f38-bb1d-7333ed9dd688"
+    name           = "AlmaLinux-9.8 20260526"
+    uuid           = "172f1c52-fa06-4d7d-9db7-0735ab6ef403"
     user_data_file = "../../s2i2s_openstack_vm_data_scripts/almalinux9.sh"
   }
 }
diff --git a/s2i2s/mailbackup-relay/terraform.tfstate b/s2i2s/mailbackup-relay/terraform.tfstate
index 77bf112..740b043 100644
--- a/s2i2s/mailbackup-relay/terraform.tfstate
+++ b/s2i2s/mailbackup-relay/terraform.tfstate
@@ -1 +1 @@
-{"version":4,"terraform_version":"1.11.6","serial":2,"lineage":"f9a2b5d2-404e-18a6-4b56-e2adc0b26b4b","outputs":{"relay_fqdn":{"value":"mailbackup-relay.s2i2s.cloud.isti.cnr.it.","type":"string"},"relay_instance_id":{"value":"bfa00699-1e56-412f-be73-741a057f32d5","type":"string"},"relay_private_ip":{"value":["10.10.3.104"],"type":["list","string"]},"relay_public_ip":{"value":"146.48.31.50","type":"string"}},"resources":[{"mode":"data","type":"terraform_remote_state","name":"privnet_dns_router","provider":"provider[\"terraform.io/builtin/terraform\"]","instances":[{"schema_version":0,"attributes":{"backend":"local","config":{"value":{"path":"../main_net_dns_router/terraform.tfstate"},"type":["object",{"path":"string"}]},"defaults":null,"outputs":{"value":{"almalinux_9":{"name":"AlmaLinux-9.0-20220718","uuid":"541650fc-dd19-4f38-bb1d-7333ed9dd688"},"availability_zone_no_gpu_name":"cnr-isti-nova-a","availability_zone_with_gpu_name":"cnr-isti-nova-gpu-a","availability_zones_names":{"availability_zone_no_gpu":"cnr-isti-nova-a","availability_zone_with_gpu":"cnr-isti-nova-gpu-a"},"centos_7":{"name":"CentOS-7","user_data_file":"../../s2i2s_openstack_vm_data_scripts/el.sh","uuid":"f0187a99-64f6-462a-ab5f-ef52fe62f2ca"},"default_security_group_name":"default_for_all","dns_zone":{"attributes":{},"description":"DNS primary zone for the S2I2S project","disable_status_check":false,"email":"postmaster@isti.cnr.it","id":"e826e777-0196-4f63-b2a9-df07f70e618f","masters":[],"name":"s2i2s.cloud.isti.cnr.it.","project_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","region":"isti_area_pi_1","timeouts":null,"ttl":8600,"type":"PRIMARY","value_specs":null},"dns_zone_id":"e826e777-0196-4f63-b2a9-df07f70e618f","el7_data_file":"../../s2i2s_openstack_vm_data_scripts/el.sh","external_gateway_ip":[{"ip_address":"146.48.30.6","subnet_id":"57f87509-4016-46fb-b8c3-25fca7f72ccb"}],"external_network":{"id":"1d2ff137-6ff7-4017-be2b-0d6c4af2353b","name":"external-network"},"external_network_id":"1d2ff137-6ff7-4017-be2b-0d6c4af2353b","flavor_list":{"c1_large":"c1.large","c1_medium":"c1.medium","c1_small":"c1.small","c2_large":"c2.large","m1_large":"m1.large","m1_medium":"m1.medium","m1_xlarge":"m1.xlarge","m1_xxl":"m1.xxl","m2_large":"m2.large","m2_medium":"m2.medium","m2_small":"m2.small","m3_large":"m3.large"},"floating_ip_pools":{"main_public_ip_pool":"external-network"},"main_private_network":{"admin_state_up":true,"all_tags":[],"availability_zone_hints":[],"description":"S2I2S private network (use this as the main network)","dns_domain":"s2i2s.cloud.isti.cnr.it.","external":false,"id":"f371c239-6d5d-4ac8-a17e-af607752d82c","mtu":8942,"name":"s2i2s-proj-main","port_security_enabled":true,"qos_policy_id":"","region":"isti_area_pi_1","segments":[{"network_type":"geneve","physical_network":"","segmentation_id":47850}],"shared":false,"tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"transparent_vlan":false,"value_specs":null},"main_private_network_id":"f371c239-6d5d-4ac8-a17e-af607752d82c","main_region":"isti_area_pi_1","main_subnet_network":{"all_tags":[],"allocation_pool":[{"end":"10.10.7.254","start":"10.10.1.1"}],"cidr":"10.10.0.0/21","description":"S2I2S main private subnet","dns_nameservers":["146.48.29.97","146.48.29.98","146.48.29.99"],"dns_publish_fixed_ip":false,"enable_dhcp":true,"gateway_ip":"10.10.0.1","id":"19c649ee-96ea-438b-ac0c-512afdf5046d","ip_version":4,"ipv6_address_mode":"","ipv6_ra_mode":"","name":"s2i2s-proj-main-subnet","network_id":"f371c239-6d5d-4ac8-a17e-af607752d82c","no_gateway":false,"prefix_length":null,"region":"isti_area_pi_1","segment_id":"","service_types":[],"subnetpool_id":"","tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"value_specs":null},"main_subnet_network_id":"19c649ee-96ea-438b-ac0c-512afdf5046d","mtu_size":8942,"os_project_data":{"id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","name":"s2i2s-proj-cloud"},"policy_list":{"affinity":"affinity","anti_affinity":"anti-affinity","soft_affinity":"soft-affinity","soft_anti_affinity":"soft-anti-affinity"},"resolvers_ip":["146.48.29.97","146.48.29.98","146.48.29.99"],"ssh_sources":{"d4s_vpn_1_cidr":"146.48.122.27/32","d4s_vpn_2_cidr":"146.48.122.49/32","infrascience_net_cidr":"146.48.122.0/23","isti_net_cidr":"146.48.80.0/21","isti_vpn_gw1":"146.48.80.101/32","isti_vpn_gw2":"146.48.80.102/32","isti_vpn_gw3":"146.48.80.103/32","s2i2s_net_cidr":"146.48.28.0/22","s2i2s_vpn_1_cidr":"146.48.28.10/32","s2i2s_vpn_2_cidr":"146.48.28.11/32","shell_d4s_cidr":"146.48.122.95/32"},"ubuntu2204_data_file":"../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh","ubuntu_2204":{"name":"Ubuntu-Jammy-22.04","user_data_file":"../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh","uuid":"54768889-8556-4be4-a2eb-82a4d9b34627"}},"type":["object",{"almalinux_9":["map","string"],"availability_zone_no_gpu_name":"string","availability_zone_with_gpu_name":"string","availability_zones_names":["map","string"],"centos_7":["map","string"],"default_security_group_name":"string","dns_zone":["object",{"attributes":["map","string"],"description":"string","disable_status_check":"bool","email":"string","id":"string","masters":["set","string"],"name":"string","project_id":"string","region":"string","timeouts":["object",{"create":"string","delete":"string","update":"string"}],"ttl":"number","type":"string","value_specs":["map","string"]}],"dns_zone_id":"string","el7_data_file":"string","external_gateway_ip":["list",["object",{"ip_address":"string","subnet_id":"string"}]],"external_network":["map","string"],"external_network_id":"string","flavor_list":["map","string"],"floating_ip_pools":["map","string"],"main_private_network":["object",{"admin_state_up":"bool","all_tags":["set","string"],"availability_zone_hints":["set","string"],"description":"string","dns_domain":"string","external":"bool","id":"string","mtu":"number","name":"string","port_security_enabled":"bool","qos_policy_id":"string","region":"string","segments":["set",["object",{"network_type":"string","physical_network":"string","segmentation_id":"number"}]],"shared":"bool","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"create":"string","delete":"string"}],"transparent_vlan":"bool","value_specs":["map","string"]}],"main_private_network_id":"string","main_region":"string","main_subnet_network":["object",{"all_tags":["set","string"],"allocation_pool":["set",["object",{"end":"string","start":"string"}]],"cidr":"string","description":"string","dns_nameservers":["list","string"],"dns_publish_fixed_ip":"bool","enable_dhcp":"bool","gateway_ip":"string","id":"string","ip_version":"number","ipv6_address_mode":"string","ipv6_ra_mode":"string","name":"string","network_id":"string","no_gateway":"bool","prefix_length":"number","region":"string","segment_id":"string","service_types":["list","string"],"subnetpool_id":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"create":"string","delete":"string"}],"value_specs":["map","string"]}],"main_subnet_network_id":"string","mtu_size":"number","os_project_data":["map","string"],"policy_list":["map","string"],"resolvers_ip":["list","string"],"ssh_sources":["map","string"],"ubuntu2204_data_file":"string","ubuntu_2204":["map","string"]}]},"workspace":null},"sensitive_attributes":[]}]},{"mode":"data","type":"terraform_remote_state","name":"project_setup","provider":"provider[\"terraform.io/builtin/terraform\"]","instances":[{"schema_version":0,"attributes":{"backend":"local","config":{"value":{"path":"../project-setup/terraform.tfstate"},"type":["object",{"path":"string"}]},"defaults":null,"outputs":{"value":{"access_to_the_jump_proxy":{"all_tags":[],"delete_default_rules":true,"description":"Security group that allows SSH access to the jump node from a limited set of sources","id":"4c6b6683-77fa-4d1a-8ba2-41acf10a12ba","name":"ssh_access_to_the_jump_node","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"availability_zones_names":{"availability_zone_no_gpu":"cnr-isti-nova-a","availability_zone_with_gpu":"cnr-isti-nova-gpu-a"},"basic_services_ip":{"ca":"10.10.0.4","ca_cidr":"10.10.0.4/32","haproxy_l7_1":"10.10.0.11","haproxy_l7_1_cidr":"10.10.0.11/32","haproxy_l7_2":"10.10.0.12","haproxy_l7_2_cidr":"10.10.0.12/32","octavia_main":"10.10.0.20","octavia_main_cidr":"10.10.0.20/32","prometheus":"10.10.0.10","prometheus_cidr":"10.10.0.10/32","ssh_jump":"10.10.0.5","ssh_jump_cidr":"10.10.0.5/32"},"debugging":{"all_tags":[],"delete_default_rules":true,"description":"Security group that allows web app debugging via tunnel from the ssh jump node","id":"6c21f51b-9cad-4051-99b6-221bed658a83","name":"debugging_from_jump_node","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"default_security_group":{"all_tags":[],"delete_default_rules":true,"description":"Default security group with rules for ssh access via jump proxy, prometheus scraping","id":"1ec8a419-f9cf-473f-a022-6499d67d57b8","name":"default_for_all","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"default_security_group_id":"1ec8a419-f9cf-473f-a022-6499d67d57b8","default_security_group_name":"default_for_all","dns_zone":{"attributes":{},"description":"DNS primary zone for the S2I2S project","disable_status_check":false,"email":"postmaster@isti.cnr.it","id":"e826e777-0196-4f63-b2a9-df07f70e618f","masters":[],"name":"s2i2s.cloud.isti.cnr.it.","project_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","region":"isti_area_pi_1","timeouts":null,"ttl":8600,"type":"PRIMARY","value_specs":null},"dns_zone_id":"e826e777-0196-4f63-b2a9-df07f70e618f","floating_ip_pools":{"main_public_ip_pool":"external-network"},"haproxy_l7_data":{"flavor":"m1.medium","name":"main-haproxy-l7","vm_count":"2"},"internal_ca_data":{"flavor":"m1.small","name":"ca"},"internal_ca_id":"286b7a4d-33c6-451f-9019-d9fd79265181","main_haproxy_l7_ids":["b42a0e99-6172-4a5d-886c-c0fb016da60e","b770644a-5c39-4db2-8811-fb62751bd789"],"main_haproxy_l7_ip":["10.10.0.11","10.10.0.12"],"main_lb_to_haproxy_l7_security_group":{"all_tags":[],"delete_default_rules":true,"description":"Traffic coming from the main L4 lb directed to the haproxy l7 servers","id":"613cacac-ac46-46ab-ba7a-d66f61cce84d","name":"traffic_from_main_lb_to_haproxy_l7","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"main_loadbalancer_hostname":"octavia-main-lb.s2i2s.cloud.isti.cnr.it.","main_loadbalancer_id":"44dbe548-a436-4816-927a-2912f443b50f","main_loadbalancer_ip":"10.10.0.20","main_loadbalancer_public_ip":"146.48.30.30","main_private_network":{"admin_state_up":true,"all_tags":[],"availability_zone_hints":[],"description":"S2I2S private network (use this as the main network)","dns_domain":"s2i2s.cloud.isti.cnr.it.","external":false,"id":"f371c239-6d5d-4ac8-a17e-af607752d82c","mtu":8942,"name":"s2i2s-proj-main","port_security_enabled":true,"qos_policy_id":"","region":"isti_area_pi_1","segments":[{"network_type":"geneve","physical_network":"","segmentation_id":47850}],"shared":false,"tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"transparent_vlan":false,"value_specs":null},"main_private_subnet":{"all_tags":[],"allocation_pool":[{"end":"10.10.7.254","start":"10.10.1.1"}],"cidr":"10.10.0.0/21","description":"S2I2S main private subnet","dns_nameservers":["146.48.29.97","146.48.29.98","146.48.29.99"],"dns_publish_fixed_ip":false,"enable_dhcp":true,"gateway_ip":"10.10.0.1","id":"19c649ee-96ea-438b-ac0c-512afdf5046d","ip_version":4,"ipv6_address_mode":"","ipv6_ra_mode":"","name":"s2i2s-proj-main-subnet","network_id":"f371c239-6d5d-4ac8-a17e-af607752d82c","no_gateway":false,"prefix_length":null,"region":"isti_area_pi_1","segment_id":"","service_types":[],"subnetpool_id":"","tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"value_specs":null},"main_region":"isti_area_pi_1","main_subnet_network_id":"19c649ee-96ea-438b-ac0c-512afdf5046d","mtu_size":8942,"os_project_data":{"id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","name":"s2i2s-proj-cloud"},"prometheus_access_from_grafana":{"all_tags":[],"delete_default_rules":true,"description":"The public grafana server must be able to get data from Prometheus","id":"48e9366f-23a8-47df-abcd-66f84d4af395","name":"prometheus_access_from_grafana","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"prometheus_hostname":"prometheus.s2i2s.cloud.isti.cnr.it.","prometheus_public_ip":"146.48.31.67","prometheus_server_data":{"flavor":"m1.medium","name":"prometheus","public_grafana_server_cidr":"146.48.28.103/32","vol_data_device":"/dev/vdb","vol_data_name":"prometheus-data","vol_data_size":"100"},"prometheus_server_id":"d2a37e7c-3eaa-4929-b70d-cfb55416d8bc","public_web":{"all_tags":[],"delete_default_rules":true,"description":"Security group that allows HTTPS and HTTP from everywhere, for the services that are not behind any load balancer","id":"31140e64-667a-4044-b388-79afcc6bcb69","name":"public_web_service","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"resolvers_ip":["146.48.29.97","146.48.29.98","146.48.29.99"],"restricted_web":{"all_tags":[],"delete_default_rules":true,"description":"Security group that restricts HTTPS sources to the VPN nodes and shell.d4science.org. HTTP is open to all, because letsencrypt","id":"359d7ae7-cdff-47c2-bf69-7d423860d2d2","name":"restricted_web_service","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"ssh_jump_proxy":{"flavor":"m2.small","name":"ssh-jump-proxy"},"ssh_jump_proxy_hostname":"ssh-jump-proxy.s2i2s.cloud.isti.cnr.it.","ssh_jump_proxy_id":"6aed1634-ec4e-43b0-a8c6-2da42a27ad25","ssh_jump_proxy_public_ip":"146.48.31.105","ssh_sources":{"d4s_vpn_1_cidr":"146.48.122.27/32","d4s_vpn_2_cidr":"146.48.122.49/32","infrascience_net_cidr":"146.48.122.0/23","isti_net_cidr":"146.48.80.0/21","isti_vpn_gw1":"146.48.80.101/32","isti_vpn_gw2":"146.48.80.102/32","isti_vpn_gw3":"146.48.80.103/32","s2i2s_net_cidr":"146.48.28.0/22","s2i2s_vpn_1_cidr":"146.48.28.10/32","s2i2s_vpn_2_cidr":"146.48.28.11/32","shell_d4s_cidr":"146.48.122.95/32"},"traffic_from_main_haproxy":{"all_tags":[],"delete_default_rules":true,"description":"Allow traffic from the main L7 HAPROXY load balancers","id":"56ba7585-659a-49ac-8d8e-c85ebcb1179f","name":"traffic_from_the_main_load_balancers","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"ubuntu2204_data_file":"../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh","ubuntu_2204":{"name":"Ubuntu-Jammy-22.04","user_data_file":"../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh","uuid":"54768889-8556-4be4-a2eb-82a4d9b34627"}},"type":["object",{"access_to_the_jump_proxy":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"availability_zones_names":["map","string"],"basic_services_ip":["map","string"],"debugging":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"default_security_group":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"default_security_group_id":"string","default_security_group_name":"string","dns_zone":["object",{"attributes":["map","string"],"description":"string","disable_status_check":"bool","email":"string","id":"string","masters":["set","string"],"name":"string","project_id":"string","region":"string","timeouts":["object",{"create":"string","delete":"string","update":"string"}],"ttl":"number","type":"string","value_specs":["map","string"]}],"dns_zone_id":"string","floating_ip_pools":["map","string"],"haproxy_l7_data":["map","string"],"internal_ca_data":["map","string"],"internal_ca_id":"string","main_haproxy_l7_ids":["tuple",["string","string"]],"main_haproxy_l7_ip":["list","string"],"main_lb_to_haproxy_l7_security_group":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"main_loadbalancer_hostname":"string","main_loadbalancer_id":"string","main_loadbalancer_ip":"string","main_loadbalancer_public_ip":"string","main_private_network":["object",{"admin_state_up":"bool","all_tags":["set","string"],"availability_zone_hints":["set","string"],"description":"string","dns_domain":"string","external":"bool","id":"string","mtu":"number","name":"string","port_security_enabled":"bool","qos_policy_id":"string","region":"string","segments":["set",["object",{"network_type":"string","physical_network":"string","segmentation_id":"number"}]],"shared":"bool","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"create":"string","delete":"string"}],"transparent_vlan":"bool","value_specs":["map","string"]}],"main_private_subnet":["object",{"all_tags":["set","string"],"allocation_pool":["set",["object",{"end":"string","start":"string"}]],"cidr":"string","description":"string","dns_nameservers":["list","string"],"dns_publish_fixed_ip":"bool","enable_dhcp":"bool","gateway_ip":"string","id":"string","ip_version":"number","ipv6_address_mode":"string","ipv6_ra_mode":"string","name":"string","network_id":"string","no_gateway":"bool","prefix_length":"number","region":"string","segment_id":"string","service_types":["list","string"],"subnetpool_id":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"create":"string","delete":"string"}],"value_specs":["map","string"]}],"main_region":"string","main_subnet_network_id":"string","mtu_size":"number","os_project_data":["map","string"],"prometheus_access_from_grafana":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"prometheus_hostname":"string","prometheus_public_ip":"string","prometheus_server_data":["map","string"],"prometheus_server_id":"string","public_web":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"resolvers_ip":["list","string"],"restricted_web":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"ssh_jump_proxy":["map","string"],"ssh_jump_proxy_hostname":"string","ssh_jump_proxy_id":"string","ssh_jump_proxy_public_ip":"string","ssh_sources":["map","string"],"traffic_from_main_haproxy":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"ubuntu2204_data_file":"string","ubuntu_2204":["map","string"]}]},"workspace":null},"sensitive_attributes":[]}]},{"mode":"managed","type":"openstack_blockstorage_volume_v3","name":"relay_data_vol","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"attachment":[],"availability_zone":"nova","backup_id":"","consistency_group_id":null,"description":"","enable_online_resize":true,"id":"3f0225d3-7e5f-4eb2-a8a0-082165fb0322","image_id":null,"metadata":{},"name":"mailbackup-relay-data","region":"isti_area_pi_1","scheduler_hints":[],"size":5120,"snapshot_id":"","source_replica":null,"source_vol_id":"","timeouts":null,"volume_retype_policy":"never","volume_type":"CephSSD"},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0="}]},{"mode":"managed","type":"openstack_compute_instance_v2","name":"relay","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"access_ip_v4":"10.10.3.104","access_ip_v6":"","admin_pass":null,"all_metadata":{},"all_tags":[],"availability_zone":"cnr-isti-nova-a","availability_zone_hints":"cnr-isti-nova-a","block_device":[{"boot_index":0,"delete_on_termination":false,"destination_type":"volume","device_type":"","disk_bus":"","guest_format":"","multiattach":false,"source_type":"image","uuid":"541650fc-dd19-4f38-bb1d-7333ed9dd688","volume_size":20,"volume_type":""}],"config_drive":null,"created":"2026-06-15 15:30:18 +0000 UTC","flavor_id":"15","flavor_name":"m2.medium","force_delete":false,"hypervisor_hostname":"","id":"bfa00699-1e56-412f-be73-741a057f32d5","image_id":"Attempt to boot from volume - no image supplied","image_name":null,"key_pair":"adellam","metadata":null,"name":"mailbackup-relay","network":[{"access_network":false,"fixed_ip_v4":"10.10.3.104","fixed_ip_v6":"","mac":"fa:16:3e:0e:bc:10","name":"s2i2s-proj-main","port":"d181d599-251f-4a28-a69b-a617d1f99d80","uuid":"f371c239-6d5d-4ac8-a17e-af607752d82c"}],"network_mode":null,"personality":[],"power_state":"active","region":"isti_area_pi_1","scheduler_hints":[],"security_groups":["default_for_all","mailbackup-relay-access"],"stop_before_destroy":false,"tags":null,"timeouts":null,"updated":"2026-06-15 15:31:00 +0000 UTC","user_data":"c8e67a71c133487bb9791a87e02ce77a173813ec","vendor_options":[]},"sensitive_attributes":[[{"type":"get_attr","value":"admin_pass"}]],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19","dependencies":["data.terraform_remote_state.privnet_dns_router","data.terraform_remote_state.project_setup","openstack_networking_port_v2.relay_port","openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_compute_volume_attach_v2","name":"relay_data_attach","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"device":"/dev/vdb","id":"bfa00699-1e56-412f-be73-741a057f32d5/3f0225d3-7e5f-4eb2-a8a0-082165fb0322","instance_id":"bfa00699-1e56-412f-be73-741a057f32d5","multiattach":null,"region":"isti_area_pi_1","tag":null,"timeouts":null,"vendor_options":[],"volume_id":"3f0225d3-7e5f-4eb2-a8a0-082165fb0322"},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=","dependencies":["data.terraform_remote_state.privnet_dns_router","data.terraform_remote_state.project_setup","openstack_blockstorage_volume_v3.relay_data_vol","openstack_compute_instance_v2.relay","openstack_networking_port_v2.relay_port","openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_dns_recordset_v2","name":"relay_dns","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"description":"Public IP of the Dovecot mailbox backup relay","disable_status_check":false,"id":"e826e777-0196-4f63-b2a9-df07f70e618f/6bd994d4-70da-43ee-b671-cbce4172fae9","name":"mailbackup-relay.s2i2s.cloud.isti.cnr.it.","project_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","records":["146.48.31.50"],"region":"isti_area_pi_1","timeouts":null,"ttl":8600,"type":"A","value_specs":null,"zone_id":"e826e777-0196-4f63-b2a9-df07f70e618f"},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19","dependencies":["data.terraform_remote_state.privnet_dns_router","openstack_networking_floatingip_v2.relay_ip"]}]},{"mode":"managed","type":"openstack_networking_floatingip_associate_v2","name":"relay_ip","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"fixed_ip":"10.10.3.104","floating_ip":"146.48.31.50","id":"9618ad56-946c-4f61-80a5-5448049ecf3b","port_id":"d181d599-251f-4a28-a69b-a617d1f99d80","region":"isti_area_pi_1"},"sensitive_attributes":[],"private":"bnVsbA==","dependencies":["data.terraform_remote_state.privnet_dns_router","data.terraform_remote_state.project_setup","openstack_networking_floatingip_v2.relay_ip","openstack_networking_port_v2.relay_port","openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_networking_floatingip_v2","name":"relay_ip","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"address":"146.48.31.50","all_tags":[],"description":"Dovecot mailbox backup relay","dns_domain":"","dns_name":"","fixed_ip":"","id":"9618ad56-946c-4f61-80a5-5448049ecf3b","pool":"external-network","port_id":"","region":"isti_area_pi_1","subnet_id":null,"subnet_ids":null,"tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"value_specs":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=","dependencies":["data.terraform_remote_state.privnet_dns_router"]}]},{"mode":"managed","type":"openstack_networking_port_v2","name":"relay_port","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"admin_state_up":true,"all_fixed_ips":["10.10.3.104"],"all_security_group_ids":["1ec8a419-f9cf-473f-a022-6499d67d57b8","a9a5d9d2-1430-42cf-aa5d-c67f3b68a622"],"all_tags":[],"allowed_address_pairs":[],"binding":[{"host_id":"","profile":"","vif_details":{},"vif_type":"","vnic_type":"normal"}],"description":"","device_id":"","device_owner":"","dns_assignment":[{"fqdn":"host-10-10-3-104.internal-cloud.isti.cnr.it.","hostname":"host-10-10-3-104","ip_address":"10.10.3.104"}],"dns_name":"","extra_dhcp_option":[],"fixed_ip":[{"ip_address":"","subnet_id":"19c649ee-96ea-438b-ac0c-512afdf5046d"}],"id":"d181d599-251f-4a28-a69b-a617d1f99d80","mac_address":"fa:16:3e:0e:bc:10","name":"mailbackup-relay-port","network_id":"f371c239-6d5d-4ac8-a17e-af607752d82c","no_fixed_ip":null,"no_security_groups":null,"port_security_enabled":true,"qos_policy_id":"","region":"isti_area_pi_1","security_group_ids":["1ec8a419-f9cf-473f-a022-6499d67d57b8","a9a5d9d2-1430-42cf-aa5d-c67f3b68a622"],"tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"value_specs":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=","dependencies":["data.terraform_remote_state.privnet_dns_router","data.terraform_remote_state.project_setup","openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_networking_secgroup_rule_v2","name":"bareos_fd_ingress","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"description":"bareos-fd from the Bareos Director","direction":"ingress","ethertype":"IPv4","id":"80054ae7-5b96-493b-8912-a45d918c4130","port_range_max":9102,"port_range_min":9102,"protocol":"tcp","region":"isti_area_pi_1","remote_address_group_id":"","remote_group_id":"","remote_ip_prefix":"146.48.28.141/32","security_group_id":"a9a5d9d2-1430-42cf-aa5d-c67f3b68a622","tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==","dependencies":["openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_networking_secgroup_rule_v2","name":"ssh_ingress","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"description":"SSH from the S2I2S area network (imap backends push + admin)","direction":"ingress","ethertype":"IPv4","id":"8f62e0e9-59bc-432f-a583-98a214b742e5","port_range_max":22,"port_range_min":22,"protocol":"tcp","region":"isti_area_pi_1","remote_address_group_id":"","remote_group_id":"","remote_ip_prefix":"146.48.28.0/22","security_group_id":"a9a5d9d2-1430-42cf-aa5d-c67f3b68a622","tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==","dependencies":["openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_networking_secgroup_v2","name":"relay_access","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"all_tags":[],"delete_default_rules":true,"description":"SSH from the S2I2S area network and bareos-fd from the Director","id":"a9a5d9d2-1430-42cf-aa5d-c67f3b68a622","name":"mailbackup-relay-access","region":"isti_area_pi_1","stateful":false,"tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ=="}]}],"check_results":null}
+{"version":4,"terraform_version":"1.11.6","serial":6,"lineage":"f9a2b5d2-404e-18a6-4b56-e2adc0b26b4b","outputs":{"relay_fqdn":{"value":"mailbackup-relay.s2i2s.cloud.isti.cnr.it.","type":"string"},"relay_instance_id":{"value":"74ac7faf-cf79-4312-a265-818828a72384","type":"string"},"relay_private_ip":{"value":["10.10.3.104"],"type":["list","string"]},"relay_public_ip":{"value":"146.48.31.50","type":"string"}},"resources":[{"mode":"data","type":"terraform_remote_state","name":"privnet_dns_router","provider":"provider[\"terraform.io/builtin/terraform\"]","instances":[{"schema_version":0,"attributes":{"backend":"local","config":{"value":{"path":"../main_net_dns_router/terraform.tfstate"},"type":["object",{"path":"string"}]},"defaults":null,"outputs":{"value":{"almalinux_9":{"name":"AlmaLinux-9.0-20220718","uuid":"541650fc-dd19-4f38-bb1d-7333ed9dd688"},"availability_zone_no_gpu_name":"cnr-isti-nova-a","availability_zone_with_gpu_name":"cnr-isti-nova-gpu-a","availability_zones_names":{"availability_zone_no_gpu":"cnr-isti-nova-a","availability_zone_with_gpu":"cnr-isti-nova-gpu-a"},"centos_7":{"name":"CentOS-7","user_data_file":"../../s2i2s_openstack_vm_data_scripts/el.sh","uuid":"f0187a99-64f6-462a-ab5f-ef52fe62f2ca"},"default_security_group_name":"default_for_all","dns_zone":{"attributes":{},"description":"DNS primary zone for the S2I2S project","disable_status_check":false,"email":"postmaster@isti.cnr.it","id":"e826e777-0196-4f63-b2a9-df07f70e618f","masters":[],"name":"s2i2s.cloud.isti.cnr.it.","project_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","region":"isti_area_pi_1","timeouts":null,"ttl":8600,"type":"PRIMARY","value_specs":null},"dns_zone_id":"e826e777-0196-4f63-b2a9-df07f70e618f","el7_data_file":"../../s2i2s_openstack_vm_data_scripts/el.sh","external_gateway_ip":[{"ip_address":"146.48.30.6","subnet_id":"57f87509-4016-46fb-b8c3-25fca7f72ccb"}],"external_network":{"id":"1d2ff137-6ff7-4017-be2b-0d6c4af2353b","name":"external-network"},"external_network_id":"1d2ff137-6ff7-4017-be2b-0d6c4af2353b","flavor_list":{"c1_large":"c1.large","c1_medium":"c1.medium","c1_small":"c1.small","c2_large":"c2.large","m1_large":"m1.large","m1_medium":"m1.medium","m1_xlarge":"m1.xlarge","m1_xxl":"m1.xxl","m2_large":"m2.large","m2_medium":"m2.medium","m2_small":"m2.small","m3_large":"m3.large"},"floating_ip_pools":{"main_public_ip_pool":"external-network"},"main_private_network":{"admin_state_up":true,"all_tags":[],"availability_zone_hints":[],"description":"S2I2S private network (use this as the main network)","dns_domain":"s2i2s.cloud.isti.cnr.it.","external":false,"id":"f371c239-6d5d-4ac8-a17e-af607752d82c","mtu":8942,"name":"s2i2s-proj-main","port_security_enabled":true,"qos_policy_id":"","region":"isti_area_pi_1","segments":[{"network_type":"geneve","physical_network":"","segmentation_id":47850}],"shared":false,"tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"transparent_vlan":false,"value_specs":null},"main_private_network_id":"f371c239-6d5d-4ac8-a17e-af607752d82c","main_region":"isti_area_pi_1","main_subnet_network":{"all_tags":[],"allocation_pool":[{"end":"10.10.7.254","start":"10.10.1.1"}],"cidr":"10.10.0.0/21","description":"S2I2S main private subnet","dns_nameservers":["146.48.29.97","146.48.29.98","146.48.29.99"],"dns_publish_fixed_ip":false,"enable_dhcp":true,"gateway_ip":"10.10.0.1","id":"19c649ee-96ea-438b-ac0c-512afdf5046d","ip_version":4,"ipv6_address_mode":"","ipv6_ra_mode":"","name":"s2i2s-proj-main-subnet","network_id":"f371c239-6d5d-4ac8-a17e-af607752d82c","no_gateway":false,"prefix_length":null,"region":"isti_area_pi_1","segment_id":"","service_types":[],"subnetpool_id":"","tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"value_specs":null},"main_subnet_network_id":"19c649ee-96ea-438b-ac0c-512afdf5046d","mtu_size":8942,"os_project_data":{"id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","name":"s2i2s-proj-cloud"},"policy_list":{"affinity":"affinity","anti_affinity":"anti-affinity","soft_affinity":"soft-affinity","soft_anti_affinity":"soft-anti-affinity"},"resolvers_ip":["146.48.29.97","146.48.29.98","146.48.29.99"],"ssh_sources":{"d4s_vpn_1_cidr":"146.48.122.27/32","d4s_vpn_2_cidr":"146.48.122.49/32","infrascience_net_cidr":"146.48.122.0/23","isti_net_cidr":"146.48.80.0/21","isti_vpn_gw1":"146.48.80.101/32","isti_vpn_gw2":"146.48.80.102/32","isti_vpn_gw3":"146.48.80.103/32","s2i2s_net_cidr":"146.48.28.0/22","s2i2s_vpn_1_cidr":"146.48.28.10/32","s2i2s_vpn_2_cidr":"146.48.28.11/32","shell_d4s_cidr":"146.48.122.95/32"},"ubuntu2204_data_file":"../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh","ubuntu_2204":{"name":"Ubuntu-Jammy-22.04","user_data_file":"../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh","uuid":"54768889-8556-4be4-a2eb-82a4d9b34627"}},"type":["object",{"almalinux_9":["map","string"],"availability_zone_no_gpu_name":"string","availability_zone_with_gpu_name":"string","availability_zones_names":["map","string"],"centos_7":["map","string"],"default_security_group_name":"string","dns_zone":["object",{"attributes":["map","string"],"description":"string","disable_status_check":"bool","email":"string","id":"string","masters":["set","string"],"name":"string","project_id":"string","region":"string","timeouts":["object",{"create":"string","delete":"string","update":"string"}],"ttl":"number","type":"string","value_specs":["map","string"]}],"dns_zone_id":"string","el7_data_file":"string","external_gateway_ip":["list",["object",{"ip_address":"string","subnet_id":"string"}]],"external_network":["map","string"],"external_network_id":"string","flavor_list":["map","string"],"floating_ip_pools":["map","string"],"main_private_network":["object",{"admin_state_up":"bool","all_tags":["set","string"],"availability_zone_hints":["set","string"],"description":"string","dns_domain":"string","external":"bool","id":"string","mtu":"number","name":"string","port_security_enabled":"bool","qos_policy_id":"string","region":"string","segments":["set",["object",{"network_type":"string","physical_network":"string","segmentation_id":"number"}]],"shared":"bool","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"create":"string","delete":"string"}],"transparent_vlan":"bool","value_specs":["map","string"]}],"main_private_network_id":"string","main_region":"string","main_subnet_network":["object",{"all_tags":["set","string"],"allocation_pool":["set",["object",{"end":"string","start":"string"}]],"cidr":"string","description":"string","dns_nameservers":["list","string"],"dns_publish_fixed_ip":"bool","enable_dhcp":"bool","gateway_ip":"string","id":"string","ip_version":"number","ipv6_address_mode":"string","ipv6_ra_mode":"string","name":"string","network_id":"string","no_gateway":"bool","prefix_length":"number","region":"string","segment_id":"string","service_types":["list","string"],"subnetpool_id":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"create":"string","delete":"string"}],"value_specs":["map","string"]}],"main_subnet_network_id":"string","mtu_size":"number","os_project_data":["map","string"],"policy_list":["map","string"],"resolvers_ip":["list","string"],"ssh_sources":["map","string"],"ubuntu2204_data_file":"string","ubuntu_2204":["map","string"]}]},"workspace":null},"sensitive_attributes":[]}]},{"mode":"data","type":"terraform_remote_state","name":"project_setup","provider":"provider[\"terraform.io/builtin/terraform\"]","instances":[{"schema_version":0,"attributes":{"backend":"local","config":{"value":{"path":"../project-setup/terraform.tfstate"},"type":["object",{"path":"string"}]},"defaults":null,"outputs":{"value":{"access_to_the_jump_proxy":{"all_tags":[],"delete_default_rules":true,"description":"Security group that allows SSH access to the jump node from a limited set of sources","id":"4c6b6683-77fa-4d1a-8ba2-41acf10a12ba","name":"ssh_access_to_the_jump_node","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"availability_zones_names":{"availability_zone_no_gpu":"cnr-isti-nova-a","availability_zone_with_gpu":"cnr-isti-nova-gpu-a"},"basic_services_ip":{"ca":"10.10.0.4","ca_cidr":"10.10.0.4/32","haproxy_l7_1":"10.10.0.11","haproxy_l7_1_cidr":"10.10.0.11/32","haproxy_l7_2":"10.10.0.12","haproxy_l7_2_cidr":"10.10.0.12/32","octavia_main":"10.10.0.20","octavia_main_cidr":"10.10.0.20/32","prometheus":"10.10.0.10","prometheus_cidr":"10.10.0.10/32","ssh_jump":"10.10.0.5","ssh_jump_cidr":"10.10.0.5/32"},"debugging":{"all_tags":[],"delete_default_rules":true,"description":"Security group that allows web app debugging via tunnel from the ssh jump node","id":"6c21f51b-9cad-4051-99b6-221bed658a83","name":"debugging_from_jump_node","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"default_security_group":{"all_tags":[],"delete_default_rules":true,"description":"Default security group with rules for ssh access via jump proxy, prometheus scraping","id":"1ec8a419-f9cf-473f-a022-6499d67d57b8","name":"default_for_all","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"default_security_group_id":"1ec8a419-f9cf-473f-a022-6499d67d57b8","default_security_group_name":"default_for_all","dns_zone":{"attributes":{},"description":"DNS primary zone for the S2I2S project","disable_status_check":false,"email":"postmaster@isti.cnr.it","id":"e826e777-0196-4f63-b2a9-df07f70e618f","masters":[],"name":"s2i2s.cloud.isti.cnr.it.","project_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","region":"isti_area_pi_1","timeouts":null,"ttl":8600,"type":"PRIMARY","value_specs":null},"dns_zone_id":"e826e777-0196-4f63-b2a9-df07f70e618f","floating_ip_pools":{"main_public_ip_pool":"external-network"},"haproxy_l7_data":{"flavor":"m1.medium","name":"main-haproxy-l7","vm_count":"2"},"internal_ca_data":{"flavor":"m1.small","name":"ca"},"internal_ca_id":"286b7a4d-33c6-451f-9019-d9fd79265181","main_haproxy_l7_ids":["b42a0e99-6172-4a5d-886c-c0fb016da60e","b770644a-5c39-4db2-8811-fb62751bd789"],"main_haproxy_l7_ip":["10.10.0.11","10.10.0.12"],"main_lb_to_haproxy_l7_security_group":{"all_tags":[],"delete_default_rules":true,"description":"Traffic coming from the main L4 lb directed to the haproxy l7 servers","id":"613cacac-ac46-46ab-ba7a-d66f61cce84d","name":"traffic_from_main_lb_to_haproxy_l7","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"main_loadbalancer_hostname":"octavia-main-lb.s2i2s.cloud.isti.cnr.it.","main_loadbalancer_id":"44dbe548-a436-4816-927a-2912f443b50f","main_loadbalancer_ip":"10.10.0.20","main_loadbalancer_public_ip":"146.48.30.30","main_private_network":{"admin_state_up":true,"all_tags":[],"availability_zone_hints":[],"description":"S2I2S private network (use this as the main network)","dns_domain":"s2i2s.cloud.isti.cnr.it.","external":false,"id":"f371c239-6d5d-4ac8-a17e-af607752d82c","mtu":8942,"name":"s2i2s-proj-main","port_security_enabled":true,"qos_policy_id":"","region":"isti_area_pi_1","segments":[{"network_type":"geneve","physical_network":"","segmentation_id":47850}],"shared":false,"tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"transparent_vlan":false,"value_specs":null},"main_private_subnet":{"all_tags":[],"allocation_pool":[{"end":"10.10.7.254","start":"10.10.1.1"}],"cidr":"10.10.0.0/21","description":"S2I2S main private subnet","dns_nameservers":["146.48.29.97","146.48.29.98","146.48.29.99"],"dns_publish_fixed_ip":false,"enable_dhcp":true,"gateway_ip":"10.10.0.1","id":"19c649ee-96ea-438b-ac0c-512afdf5046d","ip_version":4,"ipv6_address_mode":"","ipv6_ra_mode":"","name":"s2i2s-proj-main-subnet","network_id":"f371c239-6d5d-4ac8-a17e-af607752d82c","no_gateway":false,"prefix_length":null,"region":"isti_area_pi_1","segment_id":"","service_types":[],"subnetpool_id":"","tags":null,"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"value_specs":null},"main_region":"isti_area_pi_1","main_subnet_network_id":"19c649ee-96ea-438b-ac0c-512afdf5046d","mtu_size":8942,"os_project_data":{"id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","name":"s2i2s-proj-cloud"},"prometheus_access_from_grafana":{"all_tags":[],"delete_default_rules":true,"description":"The public grafana server must be able to get data from Prometheus","id":"48e9366f-23a8-47df-abcd-66f84d4af395","name":"prometheus_access_from_grafana","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"prometheus_hostname":"prometheus.s2i2s.cloud.isti.cnr.it.","prometheus_public_ip":"146.48.31.67","prometheus_server_data":{"flavor":"m1.medium","name":"prometheus","public_grafana_server_cidr":"146.48.28.103/32","vol_data_device":"/dev/vdb","vol_data_name":"prometheus-data","vol_data_size":"100"},"prometheus_server_id":"d2a37e7c-3eaa-4929-b70d-cfb55416d8bc","public_web":{"all_tags":[],"delete_default_rules":true,"description":"Security group that allows HTTPS and HTTP from everywhere, for the services that are not behind any load balancer","id":"31140e64-667a-4044-b388-79afcc6bcb69","name":"public_web_service","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"resolvers_ip":["146.48.29.97","146.48.29.98","146.48.29.99"],"restricted_web":{"all_tags":[],"delete_default_rules":true,"description":"Security group that restricts HTTPS sources to the VPN nodes and shell.d4science.org. HTTP is open to all, because letsencrypt","id":"359d7ae7-cdff-47c2-bf69-7d423860d2d2","name":"restricted_web_service","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"ssh_jump_proxy":{"flavor":"m2.small","name":"ssh-jump-proxy"},"ssh_jump_proxy_hostname":"ssh-jump-proxy.s2i2s.cloud.isti.cnr.it.","ssh_jump_proxy_id":"6aed1634-ec4e-43b0-a8c6-2da42a27ad25","ssh_jump_proxy_public_ip":"146.48.31.105","ssh_sources":{"d4s_vpn_1_cidr":"146.48.122.27/32","d4s_vpn_2_cidr":"146.48.122.49/32","infrascience_net_cidr":"146.48.122.0/23","isti_net_cidr":"146.48.80.0/21","isti_vpn_gw1":"146.48.80.101/32","isti_vpn_gw2":"146.48.80.102/32","isti_vpn_gw3":"146.48.80.103/32","s2i2s_net_cidr":"146.48.28.0/22","s2i2s_vpn_1_cidr":"146.48.28.10/32","s2i2s_vpn_2_cidr":"146.48.28.11/32","shell_d4s_cidr":"146.48.122.95/32"},"traffic_from_main_haproxy":{"all_tags":[],"delete_default_rules":true,"description":"Allow traffic from the main L7 HAPROXY load balancers","id":"56ba7585-659a-49ac-8d8e-c85ebcb1179f","name":"traffic_from_the_main_load_balancers","region":"isti_area_pi_1","tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"ubuntu2204_data_file":"../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh","ubuntu_2204":{"name":"Ubuntu-Jammy-22.04","user_data_file":"../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh","uuid":"54768889-8556-4be4-a2eb-82a4d9b34627"}},"type":["object",{"access_to_the_jump_proxy":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"availability_zones_names":["map","string"],"basic_services_ip":["map","string"],"debugging":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"default_security_group":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"default_security_group_id":"string","default_security_group_name":"string","dns_zone":["object",{"attributes":["map","string"],"description":"string","disable_status_check":"bool","email":"string","id":"string","masters":["set","string"],"name":"string","project_id":"string","region":"string","timeouts":["object",{"create":"string","delete":"string","update":"string"}],"ttl":"number","type":"string","value_specs":["map","string"]}],"dns_zone_id":"string","floating_ip_pools":["map","string"],"haproxy_l7_data":["map","string"],"internal_ca_data":["map","string"],"internal_ca_id":"string","main_haproxy_l7_ids":["tuple",["string","string"]],"main_haproxy_l7_ip":["list","string"],"main_lb_to_haproxy_l7_security_group":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"main_loadbalancer_hostname":"string","main_loadbalancer_id":"string","main_loadbalancer_ip":"string","main_loadbalancer_public_ip":"string","main_private_network":["object",{"admin_state_up":"bool","all_tags":["set","string"],"availability_zone_hints":["set","string"],"description":"string","dns_domain":"string","external":"bool","id":"string","mtu":"number","name":"string","port_security_enabled":"bool","qos_policy_id":"string","region":"string","segments":["set",["object",{"network_type":"string","physical_network":"string","segmentation_id":"number"}]],"shared":"bool","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"create":"string","delete":"string"}],"transparent_vlan":"bool","value_specs":["map","string"]}],"main_private_subnet":["object",{"all_tags":["set","string"],"allocation_pool":["set",["object",{"end":"string","start":"string"}]],"cidr":"string","description":"string","dns_nameservers":["list","string"],"dns_publish_fixed_ip":"bool","enable_dhcp":"bool","gateway_ip":"string","id":"string","ip_version":"number","ipv6_address_mode":"string","ipv6_ra_mode":"string","name":"string","network_id":"string","no_gateway":"bool","prefix_length":"number","region":"string","segment_id":"string","service_types":["list","string"],"subnetpool_id":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"create":"string","delete":"string"}],"value_specs":["map","string"]}],"main_region":"string","main_subnet_network_id":"string","mtu_size":"number","os_project_data":["map","string"],"prometheus_access_from_grafana":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"prometheus_hostname":"string","prometheus_public_ip":"string","prometheus_server_data":["map","string"],"prometheus_server_id":"string","public_web":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"resolvers_ip":["list","string"],"restricted_web":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"ssh_jump_proxy":["map","string"],"ssh_jump_proxy_hostname":"string","ssh_jump_proxy_id":"string","ssh_jump_proxy_public_ip":"string","ssh_sources":["map","string"],"traffic_from_main_haproxy":["object",{"all_tags":["set","string"],"delete_default_rules":"bool","description":"string","id":"string","name":"string","region":"string","tags":["set","string"],"tenant_id":"string","timeouts":["object",{"delete":"string"}]}],"ubuntu2204_data_file":"string","ubuntu_2204":["map","string"]}]},"workspace":null},"sensitive_attributes":[]}]},{"mode":"managed","type":"openstack_blockstorage_volume_v3","name":"relay_data_vol","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"attachment":[{"device":"/dev/vdb","id":"3f0225d3-7e5f-4eb2-a8a0-082165fb0322","instance_id":"20011ef3-6c32-43a7-adfd-a764aabe8760"}],"availability_zone":"nova","backup_id":"","consistency_group_id":null,"description":"","enable_online_resize":true,"id":"3f0225d3-7e5f-4eb2-a8a0-082165fb0322","image_id":null,"metadata":{},"name":"mailbackup-relay-data","region":"isti_area_pi_1","scheduler_hints":[],"size":5120,"snapshot_id":"","source_replica":null,"source_vol_id":"","timeouts":null,"volume_retype_policy":"never","volume_type":"CephSSD"},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0="}]},{"mode":"managed","type":"openstack_compute_instance_v2","name":"relay","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"access_ip_v4":"10.10.3.104","access_ip_v6":"","admin_pass":null,"all_metadata":{},"all_tags":[],"availability_zone":"cnr-isti-nova-a","availability_zone_hints":"cnr-isti-nova-a","block_device":[{"boot_index":0,"delete_on_termination":false,"destination_type":"volume","device_type":"","disk_bus":"","guest_format":"","multiattach":false,"source_type":"image","uuid":"172f1c52-fa06-4d7d-9db7-0735ab6ef403","volume_size":20,"volume_type":""}],"config_drive":null,"created":"2026-06-15 18:25:57 +0000 UTC","flavor_id":"15","flavor_name":"m2.medium","force_delete":false,"hypervisor_hostname":"","id":"74ac7faf-cf79-4312-a265-818828a72384","image_id":"Attempt to boot from volume - no image supplied","image_name":null,"key_pair":"adellam","metadata":null,"name":"mailbackup-relay","network":[{"access_network":false,"fixed_ip_v4":"10.10.3.104","fixed_ip_v6":"","mac":"fa:16:3e:0e:bc:10","name":"s2i2s-proj-main","port":"d181d599-251f-4a28-a69b-a617d1f99d80","uuid":"f371c239-6d5d-4ac8-a17e-af607752d82c"}],"network_mode":null,"personality":[],"power_state":"active","region":"isti_area_pi_1","scheduler_hints":[],"security_groups":["default_for_all","mailbackup-relay-access"],"stop_before_destroy":false,"tags":null,"timeouts":null,"updated":"2026-06-15 18:27:14 +0000 UTC","user_data":"749bd1b6fd0548fbc575cb116e9322a31dff277a","vendor_options":[]},"sensitive_attributes":[[{"type":"get_attr","value":"admin_pass"}]],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19","dependencies":["data.terraform_remote_state.privnet_dns_router","data.terraform_remote_state.project_setup","openstack_networking_port_v2.relay_port","openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_compute_volume_attach_v2","name":"relay_data_attach","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"device":"/dev/vdb","id":"74ac7faf-cf79-4312-a265-818828a72384/3f0225d3-7e5f-4eb2-a8a0-082165fb0322","instance_id":"74ac7faf-cf79-4312-a265-818828a72384","multiattach":null,"region":"isti_area_pi_1","tag":null,"timeouts":null,"vendor_options":[],"volume_id":"3f0225d3-7e5f-4eb2-a8a0-082165fb0322"},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=","dependencies":["data.terraform_remote_state.privnet_dns_router","data.terraform_remote_state.project_setup","openstack_blockstorage_volume_v3.relay_data_vol","openstack_compute_instance_v2.relay","openstack_networking_port_v2.relay_port","openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_dns_recordset_v2","name":"relay_dns","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"description":"Public IP of the Dovecot mailbox backup relay","disable_status_check":false,"id":"e826e777-0196-4f63-b2a9-df07f70e618f/6bd994d4-70da-43ee-b671-cbce4172fae9","name":"mailbackup-relay.s2i2s.cloud.isti.cnr.it.","project_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","records":["146.48.31.50"],"region":"isti_area_pi_1","timeouts":null,"ttl":8600,"type":"A","value_specs":null,"zone_id":"e826e777-0196-4f63-b2a9-df07f70e618f"},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19","dependencies":["data.terraform_remote_state.privnet_dns_router","openstack_networking_floatingip_v2.relay_ip"]}]},{"mode":"managed","type":"openstack_networking_floatingip_associate_v2","name":"relay_ip","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"fixed_ip":"10.10.3.104","floating_ip":"146.48.31.50","id":"9618ad56-946c-4f61-80a5-5448049ecf3b","port_id":"d181d599-251f-4a28-a69b-a617d1f99d80","region":"isti_area_pi_1"},"sensitive_attributes":[],"private":"bnVsbA==","dependencies":["data.terraform_remote_state.privnet_dns_router","data.terraform_remote_state.project_setup","openstack_networking_floatingip_v2.relay_ip","openstack_networking_port_v2.relay_port","openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_networking_floatingip_v2","name":"relay_ip","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"address":"146.48.31.50","all_tags":[],"description":"Dovecot mailbox backup relay","dns_domain":"","dns_name":"","fixed_ip":"10.10.3.104","id":"9618ad56-946c-4f61-80a5-5448049ecf3b","pool":"external-network","port_id":"d181d599-251f-4a28-a69b-a617d1f99d80","region":"isti_area_pi_1","subnet_id":null,"subnet_ids":null,"tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"value_specs":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=","dependencies":["data.terraform_remote_state.privnet_dns_router"]}]},{"mode":"managed","type":"openstack_networking_port_v2","name":"relay_port","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"admin_state_up":true,"all_fixed_ips":["10.10.3.104"],"all_security_group_ids":["a0518da1-1e56-4aa0-ba86-55cb54d597e0","a9a5d9d2-1430-42cf-aa5d-c67f3b68a622"],"all_tags":[],"allowed_address_pairs":[],"binding":[{"host_id":"","profile":"","vif_details":{},"vif_type":"","vnic_type":"normal"}],"description":"","device_id":"20011ef3-6c32-43a7-adfd-a764aabe8760","device_owner":"compute:cnr-isti-nova-a","dns_assignment":[{"fqdn":"mailbackup-relay.internal-cloud.isti.cnr.it.","hostname":"mailbackup-relay","ip_address":"10.10.3.104"}],"dns_name":"mailbackup-relay","extra_dhcp_option":[],"fixed_ip":[{"ip_address":"","subnet_id":"19c649ee-96ea-438b-ac0c-512afdf5046d"}],"id":"d181d599-251f-4a28-a69b-a617d1f99d80","mac_address":"fa:16:3e:0e:bc:10","name":"mailbackup-relay-port","network_id":"f371c239-6d5d-4ac8-a17e-af607752d82c","no_fixed_ip":null,"no_security_groups":null,"port_security_enabled":true,"qos_policy_id":"","region":"isti_area_pi_1","security_group_ids":["1ec8a419-f9cf-473f-a022-6499d67d57b8","a9a5d9d2-1430-42cf-aa5d-c67f3b68a622"],"tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null,"value_specs":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=","dependencies":["data.terraform_remote_state.privnet_dns_router","data.terraform_remote_state.project_setup","openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_networking_secgroup_rule_v2","name":"bareos_fd_ingress","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"description":"bareos-fd from the Bareos Director","direction":"ingress","ethertype":"IPv4","id":"80054ae7-5b96-493b-8912-a45d918c4130","port_range_max":9102,"port_range_min":9102,"protocol":"tcp","region":"isti_area_pi_1","remote_address_group_id":"","remote_group_id":"","remote_ip_prefix":"146.48.28.141/32","security_group_id":"a9a5d9d2-1430-42cf-aa5d-c67f3b68a622","tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==","dependencies":["openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_networking_secgroup_rule_v2","name":"ssh_ingress","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"description":"SSH from the S2I2S area network (imap backends push + admin)","direction":"ingress","ethertype":"IPv4","id":"8f62e0e9-59bc-432f-a583-98a214b742e5","port_range_max":22,"port_range_min":22,"protocol":"tcp","region":"isti_area_pi_1","remote_address_group_id":"","remote_group_id":"","remote_ip_prefix":"146.48.28.0/22","security_group_id":"a9a5d9d2-1430-42cf-aa5d-c67f3b68a622","tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==","dependencies":["openstack_networking_secgroup_v2.relay_access"]}]},{"mode":"managed","type":"openstack_networking_secgroup_v2","name":"relay_access","provider":"provider[\"registry.opentofu.org/terraform-provider-openstack/openstack\"]","instances":[{"schema_version":0,"attributes":{"all_tags":[],"delete_default_rules":true,"description":"SSH from the S2I2S area network and bareos-fd from the Director","id":"a9a5d9d2-1430-42cf-aa5d-c67f3b68a622","name":"mailbackup-relay-access","region":"isti_area_pi_1","stateful":false,"tags":[],"tenant_id":"d0dcc2b7f3004c9a81b87ab60ec3c0d3","timeouts":null},"sensitive_attributes":[],"private":"eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ=="}]}],"check_results":null}
diff --git a/s2i2s_openstack_vm_data_scripts/almalinux9.sh b/s2i2s_openstack_vm_data_scripts/almalinux9.sh
new file mode 100644
index 0000000..8cf0edc
--- /dev/null
+++ b/s2i2s_openstack_vm_data_scripts/almalinux9.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# The AlmaLinux-9.0-20220718 cloud image loses an early-boot race between
+# sshd.service and sshd-keygen.target on first boot: sshd tries to start
+# before the host keys exist and fails. cloud-init usually rescues it later,
+# but that recovery is not guaranteed (e.g. it is skipped on `server rebuild`,
+# which keeps the instance-id). Make it deterministic: (re)generate any
+# missing host keys and (re)start sshd. Both commands are idempotent —
+# ssh-keygen -A never overwrites existing keys.
+/usr/bin/ssh-keygen -A
+/usr/bin/systemctl enable sshd
+/usr/bin/systemctl restart sshd
+
+dnf -y install python3 policycoreutils-python-utils
+
+/sbin/useradd --system --home-dir /srv/ansible -m --shell /bin/bash -c "Used for the Ansible provisioning tasks" ansible
+
+# SSH keys of users authorized to execute ansible playbooks.
+# The ones in the example belong to Andrea Dell'Amico and Tommaso Piccioli.
+# Feel free to add yours if you are entitled to run the ansible provisioning on that server
+
+mkdir /srv/ansible/.ssh
+echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom" > /srv/ansible/.ssh/authorized_keys
+echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente" >> /srv/ansible/.ssh/authorized_keys
+echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5al6w7Lsm2hVP5Ak3y1YVuqB02vrCvlNQSjF3+y4U/KwSsLDk0EtK6cZQuplehVK+XkdiIxECTokyvwulfHSMa25p8l4bjUA44TTdeWlHjcFgt2SFXbSeAY/XeoukKlafccKqVF0ySrKIIQj94oWIB15qIZMSg8HVIU6XtpHjlF2w8K+YrzmDnU3hs+f1bHp9gi5Q2JKVqm3ZIiUIvb1bYGNq7rdMf0xjAn1ZGuvmEIRSwqR8YMtyIHnrPsMh+sdnV3PosyUQRt/b74Df/ufvJ2t9QBlOprrCQxWibcjYktDOBP4AT5he3giXjz51FJqx7hEj2ISVSiwln5G/cPor franca@Mac.local" >> /srv/ansible/.ssh/authorized_keys
+/bin/chown -R ansible:ansible /srv/ansible
+/bin/chmod 700 /srv/ansible/.ssh
+mkdir -p /etc/sudoers.d
+echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible-user
+/bin/chmod 600 /etc/sudoers.d/ansible-user
+
+semanage fcontext -a -e /home /srv/ansible ; restorecon -vR /srv/ansible