ISTI-provisioning
/
openstack-infrastructure-terraform
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

See #3277. VM resources for ai4yb.it.

This commit is contained in:
Andrea Dell'Amico 2024-03-14 19:34:34 +01:00
parent f8b6771042
commit c492ae216a
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
10 changed files with 839 additions and 625 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
kdd/wp-ai4yb/main.tf Normal file
View File

@ -0,0 +1,94 @@
# Define required providers
terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "~> 1.53.0"
}
}
}
data "terraform_remote_state" "privnet_dns_router" {
backend = "local"
config = {
path = "../main_net_dns_router/terraform.tfstate"
}
}
module "ssh_settings" {
source = "../../modules/ssh-key-ref"
}
#
# Uses common_variables as module
#
module "common_variables" {
source = "../../modules/labs_common_variables"
}
resource "openstack_compute_instance_v2" "wp_ai4yb" {
name = "wp-ai4yb"
availability_zone_hints = module.common_variables.availability_zone_no_gpu_name
flavor_name = module.common_variables.flavor_list.m1_medium
key_pair = module.ssh_settings.ssh_key_name
security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name]
block_device {
uuid = module.common_variables.ubuntu_2204.uuid
source_type = "image"
volume_size = 30
boot_index = 0
destination_type = "volume"
delete_on_termination = false
}
network {
name = data.terraform_remote_state.privnet_dns_router.outputs.main_private_network.name
}
user_data = file("${data.terraform_remote_state.privnet_dns_router.outputs.ubuntu2204_data_file}")
# Do not replace the instance when the ssh key changes
lifecycle {
ignore_changes = [
# Ignore changes to tags, e.g. because a management agent
# updates these based on some ruleset managed elsewhere.
key_pair, user_data, network
]
}
}
# Allocate and associate a floating IP address
#
resource "openstack_networking_floatingip_v2" "wp_ai4yb_ip" {
pool = module.common_variables.floating_ip_pools.main_public_ip_pool
# The DNS association does not work because of a bug in the OpenStack API
description = "AI for your business site"
}
resource "openstack_compute_floatingip_associate_v2" "wp_ai4yb_fp" {
floating_ip = openstack_networking_floatingip_v2.wp_ai4yb_ip.address
instance_id = openstack_compute_instance_v2.wp_ai4yb.id
}
#
# Add a DNS record to the floating IP address
#
module "dns_records_create" {
source = "../../modules/dns_resources"
dns_resources_map = {
wp = {
zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id
name = join(".", ["wp-ai4yb", data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.name])
description = "AI for your business Wordpress"
ttl = 8600
type = "A"
records = [openstack_networking_floatingip_v2.wp_ai4yb_ip.address]
},
phpadmin = {
zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id
name = join(".", ["phpadmin-ai4yb", data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.name])
description = "PHPMyAdmin for the AI for your business Wordpress DB"
ttl = 8600
type = "CNAME"
records = [join(".", ["wp-ai4yb", data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.name])]
}
}
}

3
kdd/wp-ai4yb/provider.tf Normal file
View File

@ -0,0 +1,3 @@
provider "openstack" {
cloud = "kdd-lab"
}

636
kdd/wp-ai4yb/terraform.tfstate Normal file
View File

@ -0,0 +1,636 @@
{
"version": 4,
"terraform_version": "1.6.6",
"serial": 6,
"lineage": "b3025fb1-c280-2fe4-f25e-4ff6c950c850",
"outputs": {},
"resources": [
{
"mode": "data",
"type": "terraform_remote_state",
"name": "privnet_dns_router",
"provider": "provider[\"terraform.io/builtin/terraform\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"backend": "local",
"config": {
"value": {
"path": "../main_net_dns_router/terraform.tfstate"
},
"type": [
"object",
{
"path": "string"
}
]
},
"defaults": null,
"outputs": {
"value": {
"almalinux_9": {
"name": "AlmaLinux-9.0-20220718",
"uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688"
},
"availability_zone_no_gpu_name": "cnr-isti-nova-a",
"availability_zone_with_gpu_name": "cnr-isti-nova-gpu-a",
"availability_zones_names": {
"availability_zone_no_gpu": "cnr-isti-nova-a",
"availability_zone_with_gpu": "cnr-isti-nova-gpu-a"
},
"centos_7": {
"name": "CentOS-7",
"user_data_file": "../../s2i2s_openstack_vm_data_scripts/el.sh",
"uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca"
},
"default_security_group_name": "default_for_all",
"dns_zone": {
"attributes": {},
"description": "DNS primary zone for the KDD project",
"disable_status_check": false,
"email": "postmaster@isti.cnr.it",
"id": "9d29d051-9567-4af4-9ffe-87eb643fc90b",
"masters": [],
"name": "kdd.cloud.isti.cnr.it.",
"project_id": "d6757d56e6e54ffe83a9701cc92af4c2",
"region": "isti_area_pi_1",
"timeouts": null,
"ttl": 8600,
"type": "PRIMARY",
"value_specs": null
},
"dns_zone_id": "9d29d051-9567-4af4-9ffe-87eb643fc90b",
"el7_data_file": "../../s2i2s_openstack_vm_data_scripts/el.sh",
"external_gateway_ip": [
{
"ip_address": "146.48.30.196",
"subnet_id": "57f87509-4016-46fb-b8c3-25fca7f72ccb"
}
],
"external_network": {
"id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b",
"name": "external-network"
},
"external_network_id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b",
"flavor_list": {
"c1_large": "c1.large",
"c1_medium": "c1.medium",
"c1_small": "c1.small",
"c2_large": "c2.large",
"m1_large": "m1.large",
"m1_medium": "m1.medium",
"m1_xlarge": "m1.xlarge",
"m1_xxl": "m1.xxl",
"m2_large": "m2.large",
"m2_medium": "m2.medium",
"m2_small": "m2.small",
"m3_large": "m3.large"
},
"floating_ip_pools": {
"main_public_ip_pool": "external-network"
},
"main_private_network": {
"admin_state_up": true,
"all_tags": [],
"availability_zone_hints": [],
"description": "KDD private network (use this as the main network)",
"dns_domain": "kdd.cloud.isti.cnr.it.",
"external": false,
"id": "fb006673-39b6-472b-ba20-f1087e7e38ef",
"mtu": 8942,
"name": "kdd-cloud-main",
"port_security_enabled": true,
"qos_policy_id": "",
"region": "isti_area_pi_1",
"segments": [
{
"network_type": "geneve",
"physical_network": "",
"segmentation_id": 6061
}
],
"shared": false,
"tags": [],
"tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2",
"timeouts": null,
"transparent_vlan": false,
"value_specs": null
},
"main_private_network_id": "fb006673-39b6-472b-ba20-f1087e7e38ef",
"main_region": "isti_area_pi_1",
"main_subnet_network": {
"all_tags": [],
"allocation_pool": [
{
"end": "10.12.7.254",
"start": "10.12.1.1"
}
],
"allocation_pools": [
{
"end": "10.12.7.254",
"start": "10.12.1.1"
}
],
"cidr": "10.12.0.0/21",
"description": "KDD main private subnet",
"dns_nameservers": [
"146.48.29.97",
"146.48.29.98",
"146.48.29.99"
],
"enable_dhcp": true,
"gateway_ip": "10.12.0.1",
"host_routes": [],
"id": "ddf59a67-2bbc-4678-a1ae-19ef01a295e2",
"ip_version": 4,
"ipv6_address_mode": "",
"ipv6_ra_mode": "",
"name": "kdd-cloud-main-subnet",
"network_id": "fb006673-39b6-472b-ba20-f1087e7e38ef",
"no_gateway": false,
"prefix_length": null,
"region": "isti_area_pi_1",
"service_types": [],
"subnetpool_id": "",
"tags": [],
"tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2",
"timeouts": null,
"value_specs": null
},
"main_subnet_network_id": "ddf59a67-2bbc-4678-a1ae-19ef01a295e2",
"mtu_size": 8942,
"os_project_data": {
"id": "d6757d56e6e54ffe83a9701cc92af4c2",
"name": "kdd-lab-cloud"
},
"policy_list": {
"affinity": "affinity",
"anti_affinity": "anti-affinity",
"soft_affinity": "soft-affinity",
"soft_anti_affinity": "soft-anti-affinity"
},
"resolvers_ip": [
"146.48.29.97",
"146.48.29.98",
"146.48.29.99"
],
"ssh_sources": {
"infrascience_net_cidr": "146.48.122.0/23",
"isti_net_cidr": "146.48.80.0/21",
"isti_vpn_gw1": "146.48.80.101/32",
"isti_vpn_gw2": "146.48.80.102/32",
"isti_vpn_gw3": "146.48.80.103/32",
"s2i2s_net_cidr": "146.48.28.0/22",
"s2i2s_vpn_1_cidr": "146.48.28.10/32",
"s2i2s_vpn_2_cidr": "146.48.28.11/32"
},
"ubuntu2204_data_file": "../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh",
"ubuntu_2204": {
"name": "Ubuntu-Jammy-22.04",
"user_data_file": "../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh",
"uuid": "54768889-8556-4be4-a2eb-82a4d9b34627"
}
},
"type": [
"object",
{
"almalinux_9": [
"map",
"string"
],
"availability_zone_no_gpu_name": "string",
"availability_zone_with_gpu_name": "string",
"availability_zones_names": [
"map",
"string"
],
"centos_7": [
"map",
"string"
],
"default_security_group_name": "string",
"dns_zone": [
"object",
{
"attributes": [
"map",
"string"
],
"description": "string",
"disable_status_check": "bool",
"email": "string",
"id": "string",
"masters": [
"set",
"string"
],
"name": "string",
"project_id": "string",
"region": "string",
"timeouts": [
"object",
{
"create": "string",
"delete": "string",
"update": "string"
}
],
"ttl": "number",
"type": "string",
"value_specs": [
"map",
"string"
]
}
],
"dns_zone_id": "string",
"el7_data_file": "string",
"external_gateway_ip": [
"list",
[
"object",
{
"ip_address": "string",
"subnet_id": "string"
}
]
],
"external_network": [
"map",
"string"
],
"external_network_id": "string",
"flavor_list": [
"map",
"string"
],
"floating_ip_pools": [
"map",
"string"
],
"main_private_network": [
"object",
{
"admin_state_up": "bool",
"all_tags": [
"set",
"string"
],
"availability_zone_hints": [
"set",
"string"
],
"description": "string",
"dns_domain": "string",
"external": "bool",
"id": "string",
"mtu": "number",
"name": "string",
"port_security_enabled": "bool",
"qos_policy_id": "string",
"region": "string",
"segments": [
"set",
[
"object",
{
"network_type": "string",
"physical_network": "string",
"segmentation_id": "number"
}
]
],
"shared": "bool",
"tags": [
"set",
"string"
],
"tenant_id": "string",
"timeouts": [
"object",
{
"create": "string",
"delete": "string"
}
],
"transparent_vlan": "bool",
"value_specs": [
"map",
"string"
]
}
],
"main_private_network_id": "string",
"main_region": "string",
"main_subnet_network": [
"object",
{
"all_tags": [
"set",
"string"
],
"allocation_pool": [
"set",
[
"object",
{
"end": "string",
"start": "string"
}
]
],
"allocation_pools": [
"list",
[
"object",
{
"end": "string",
"start": "string"
}
]
],
"cidr": "string",
"description": "string",
"dns_nameservers": [
"list",
"string"
],
"enable_dhcp": "bool",
"gateway_ip": "string",
"host_routes": [
"list",
[
"object",
{
"destination_cidr": "string",
"next_hop": "string"
}
]
],
"id": "string",
"ip_version": "number",
"ipv6_address_mode": "string",
"ipv6_ra_mode": "string",
"name": "string",
"network_id": "string",
"no_gateway": "bool",
"prefix_length": "number",
"region": "string",
"service_types": [
"list",
"string"
],
"subnetpool_id": "string",
"tags": [
"set",
"string"
],
"tenant_id": "string",
"timeouts": [
"object",
{
"create": "string",
"delete": "string"
}
],
"value_specs": [
"map",
"string"
]
}
],
"main_subnet_network_id": "string",
"mtu_size": "number",
"os_project_data": [
"map",
"string"
],
"policy_list": [
"map",
"string"
],
"resolvers_ip": [
"list",
"string"
],
"ssh_sources": [
"map",
"string"
],
"ubuntu2204_data_file": "string",
"ubuntu_2204": [
"map",
"string"
]
}
]
},
"workspace": null
},
"sensitive_attributes": []
}
]
},
{
"mode": "managed",
"type": "openstack_compute_floatingip_associate_v2",
"name": "wp_ai4yb_fp",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"fixed_ip": "",
"floating_ip": "146.48.30.172",
"id": "146.48.30.172/c8bf6aa9-452c-4851-804a-cbc84e263ca1/",
"instance_id": "c8bf6aa9-452c-4851-804a-cbc84e263ca1",
"region": "isti_area_pi_1",
"timeouts": null,
"wait_until_associated": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router",
"openstack_compute_instance_v2.wp_ai4yb",
"openstack_networking_floatingip_v2.wp_ai4yb_ip"
]
}
]
},
{
"mode": "managed",
"type": "openstack_compute_instance_v2",
"name": "wp_ai4yb",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"access_ip_v4": "10.12.1.115",
"access_ip_v6": "",
"admin_pass": null,
"all_metadata": {},
"all_tags": [],
"availability_zone": "cnr-isti-nova-a",
"availability_zone_hints": "cnr-isti-nova-a",
"block_device": [
{
"boot_index": 0,
"delete_on_termination": false,
"destination_type": "volume",
"device_type": "",
"disk_bus": "",
"guest_format": "",
"multiattach": false,
"source_type": "image",
"uuid": "54768889-8556-4be4-a2eb-82a4d9b34627",
"volume_size": 30,
"volume_type": ""
}
],
"config_drive": null,
"created": "2024-03-14 18:32:19 +0000 UTC",
"flavor_id": "4",
"flavor_name": "m1.medium",
"floating_ip": null,
"force_delete": false,
"id": "c8bf6aa9-452c-4851-804a-cbc84e263ca1",
"image_id": "Attempt to boot from volume - no image supplied",
"image_name": null,
"key_pair": "adellam",
"metadata": null,
"name": "wp-ai4yb",
"network": [
{
"access_network": false,
"fixed_ip_v4": "10.12.1.115",
"fixed_ip_v6": "",
"floating_ip": "",
"mac": "fa:16:3e:48:ce:20",
"name": "kdd-cloud-main",
"port": "",
"uuid": "fb006673-39b6-472b-ba20-f1087e7e38ef"
}
],
"network_mode": null,
"personality": [],
"power_state": "active",
"region": "isti_area_pi_1",
"scheduler_hints": [],
"security_groups": [
"default_for_all"
],
"stop_before_destroy": false,
"tags": null,
"timeouts": null,
"updated": "2024-03-14 18:33:07 +0000 UTC",
"user_data": "094aad1c2a9d617fb2d4622557b2841486c0ecd7",
"vendor_options": [],
"volume": []
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
]
}
]
},
{
"mode": "managed",
"type": "openstack_networking_floatingip_v2",
"name": "wp_ai4yb_ip",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"address": "146.48.30.172",
"all_tags": [],
"description": "AI for your business site",
"dns_domain": "",
"dns_name": "",
"fixed_ip": "",
"id": "2805f6f7-8ed0-4418-8d24-438da7856773",
"pool": "external-network",
"port_id": "",
"region": "isti_area_pi_1",
"subnet_id": null,
"subnet_ids": null,
"tags": null,
"tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2",
"timeouts": null,
"value_specs": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0="
}
]
},
{
"module": "module.dns_records_create",
"mode": "managed",
"type": "openstack_dns_recordset_v2",
"name": "add_dns_recordset",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"index_key": "phpadmin",
"schema_version": 0,
"attributes": {
"description": "PHPMyAdmin for the AI for your business Wordpress DB",
"disable_status_check": false,
"id": "9d29d051-9567-4af4-9ffe-87eb643fc90b/aaf72f62-81b2-46b4-835f-aa553f70d555",
"name": "phpadmin-ai4yb.kdd.cloud.isti.cnr.it.",
"project_id": "d6757d56e6e54ffe83a9701cc92af4c2",
"records": [
"wp-ai4yb.kdd.cloud.isti.cnr.it."
],
"region": "isti_area_pi_1",
"timeouts": null,
"ttl": 8600,
"type": "CNAME",
"value_specs": null,
"zone_id": "9d29d051-9567-4af4-9ffe-87eb643fc90b"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_floatingip_v2.wp_ai4yb_ip"
]
},
{
"index_key": "wp",
"schema_version": 0,
"attributes": {
"description": "AI for your business Wordpress",
"disable_status_check": false,
"id": "9d29d051-9567-4af4-9ffe-87eb643fc90b/9b1efb2a-20ce-4e97-a61b-bfe8ca564608",
"name": "wp-ai4yb.kdd.cloud.isti.cnr.it.",
"project_id": "d6757d56e6e54ffe83a9701cc92af4c2",
"records": [
"146.48.30.172"
],
"region": "isti_area_pi_1",
"timeouts": null,
"ttl": 8600,
"type": "A",
"value_specs": null,
"zone_id": "9d29d051-9567-4af4-9ffe-87eb643fc90b"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_floatingip_v2.wp_ai4yb_ip"
]
}
]
}
],
"check_results": null
}

6
modules/complete_infra_setup/haproxy.tf
View File

@ -1,11 +1,7 @@
#
# HAPROXY L7 behind the main Octavia balancer
#
# FIXME: terraform does not return the Octavia VRRP addresses, so we have to find them before creating the security group that allows the traffic between octavia and the haproxy instances
#
# openstack --os-cloud d4s-pre port list -f value | grep octavia-lb-vrrp
# 5cc2354e-4465-4a1d-8390-c214e208c6de octavia-lb-vrrp-72392023-a774-4b58-a025-c1e99c5d152a fa:16:3e:62:24:2c [{'subnet_id': 'cd77a2fd-4a36-4254-b1d0-70b3874c6d04', 'ip_address': '10.1.34.232'}] ACTIVE
# 8aa4e97f-723d-4a2a-b79f-912fa7651653 octavia-lb-vrrp-fbfcf712-0ceb-4a38-82da-0c9ebef5dff3 fa:16:3e:79:62:a5 [{'subnet_id': 'cd77a2fd-4a36-4254-b1d0-70b3874c6d04', 'ip_address': '10.1.33.229'}] ACTIVE
# We use a dedicated network between haproxy and octavia so that we do not have to know the VRRP addresses of the octavia nodes
#
# Server group
#

59
modules/complete_infra_setup/octavia.tf
View File

@ -1,11 +1,60 @@
# Main load balancer. L4, backed by Octavia
# Create the netework and subnet used to make Octavia and HAPROXY communicate
resource "openstack_networking_network_v2" "octavia-private-network" {
name = var.octavia_information.network_name
admin_state_up = "true"
external = "false"
description = var.octavia_information.network_description
dns_domain = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.name
mtu = module.labs_common_variables.mtu_size
port_security_enabled = true
shared = false
region = module.labs_common_variables.main_region
# tenant_id = data.terraform_remote_state.privnet_dns_router.outputs.os_project_data.id
}
resource "openstack_networking_subnet_v2" "octavia-private-subnet" {
name = var.octavia_information.subnet_name
description = var.octavia_information.subnet_description
network_id = openstack_networking_network_v2.octavia-private-network.id
cidr = var.octavia_information.subnet_cidr
gateway_ip = var.octavia_information.gateway_ip
dns_nameservers = module.labs_common_variables.resolvers_ip
ip_version = 4
enable_dhcp = true
# tenant_id = data.terraform_remote_state.privnet_dns_router.outputs.os_project_data.id
allocation_pool {
start = var.octavia_information.allocation_pool_start
end = var.octavia_information.allocation_pool_end
}
}
resource "openstack_networking_router_v2" "octavia-external-router" {
name = var.octavia_information.external_router_name
description = var.octavia_information.external_router_description
external_network_id = module.labs_common_variables.external_network.id
# tenant_id = data.terraform_remote_state.privnet_dns_router.outputs.os_project_data.id
enable_snat = true
vendor_options {
set_router_gateway_after_create = true
}
}
# Router interface configuration
resource "openstack_networking_router_interface_v2" "octavia-private-network-routing" {
router_id = openstack_networking_router_v2.octavia-external-router.id
# router_id = var.external_router.id
subnet_id = openstack_networking_subnet_v2.octavia-private-subnet.id
}
resource "openstack_lb_loadbalancer_v2" "main_lb" {
vip_subnet_id = var.main_private_subnet_id
vip_subnet_id = openstack_networking_subnet_v2.octavia-private-subnet.id
name = var.octavia_information.main_lb_name
description = var.octavia_information.main_lb_description
flavor_id = var.octavia_information.octavia_flavor_id
vip_address = var.basic_services_ip.octavia_main
# availability_zone = var.availability_zones_names.availability_zone_no_gpu
availability_zone = module.labs_common_variables.availability_zones_names.availability_zone_no_gpu
loadbalancer_provider = "amphora"
}
@ -24,13 +73,13 @@ resource "openstack_networking_floatingip_associate_v2" "main_lb" {
}
locals {
recordset_name = "${var.octavia_information.main_lb_hostname}.${var.dns_zone.zone_name}"
recordset_name = "${var.octavia_information.main_lb_hostname}.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.name}"
}
resource "openstack_dns_recordset_v2" "main_lb_dns_recordset" {
zone_id = var.dns_zone_id
zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.id
name = local.recordset_name
description = "Public IP address of the main load balancer"
description = "Public IP address of the main Octavia load balancer"
ttl = 8600
type = "A"
records = [openstack_networking_floatingip_v2.main_lb_ip.address]

126
modules/complete_infra_setup/outputs.tf
View File

@ -1,126 +0,0 @@
output "main_region" {
value = var.main_region
}
output "external_network" {
value = var.external_network
}
output "external_network_id" {
value = var.external_network.id
}
output "floating_ip_pools" {
value = var.floating_ip_pools
}
output "resolvers_ip" {
value = var.resolvers_ip
}
output "mtu_size" {
value = var.mtu_size
}
output "availability_zones_names" {
value = var.availability_zones_names
}
output "availability_zone_no_gpu_name" {
value = var.availability_zones_names.availability_zone_no_gpu
}
output "availability_zone_with_gpu_name" {
value = var.availability_zones_names.availability_zone_with_gpu
}
output "ssh_sources" {
value = var.ssh_sources
}
output "networks_with_d4s_services" {
value = var.networks_with_d4s_services
}
output "ubuntu_1804" {
value = var.ubuntu_1804
}
output "ubuntu_2204" {
value = var.ubuntu_2204
}
output "centos_7" {
value = var.centos_7
}
output "almalinux_9" {
value = var.almalinux_9
}
output "ubuntu1804_data_file" {
value = var.ubuntu1804_data_file
}
output "ubuntu2204_data_file" {
value = var.ubuntu2204_data_file
}
output "el7_data_file" {
value = var.el7_data_file
}
output "ssh_jump_proxy" {
value = var.ssh_jump_proxy
}
output "internal_ca_data" {
value = var.internal_ca_data
}
output "prometheus_server_data" {
value = var.prometheus_server_data
}
output "shared_postgresql_server_data" {
value = var.shared_postgresql_server_data
}
output "haproxy_l7_data" {
value = var.haproxy_l7_data
}
output "resource_registry_addresses" {
value = var.resource_registry_addresses
}
output "smartexecutor_addresses" {
value = var.smartexecutor_addresses
}
#Added by Francesco
output "policy_list" {
value = var.policy_list
}
#Added by Francesco
output "flavor_list" {
value = var.flavor_list
}
#Added by Francesco
output "security_group_list" {
value = var.security_group_list
}
#Added by Francesco
output "networks_list" {
value = var.networks_list
}
# output "default_security_group_name" {
# value = var.default_security_group_name
# }

18
modules/complete_infra_setup/terraform-provider.tf
View File

@ -9,19 +9,17 @@ terraform {
}
}
module "labs_common_variables" {
source = "../../modules/labs_common_variables"
}
module "project_variables" {
source = "../variables"
}
data "terraform_remote_state" "privnet_dns_router" {
backend = "local"
config = {
path = "../project-setup/terraform.tfstate"
path = "../main_net_dns_router/terraform.tfstate"
}
}
# module "common_variables" {
# source = "../../modules/common_variables"
# }
# module "ssh_settings" {
# source = "../../modules/ssh-key-ref"
# }

276
modules/complete_infra_setup/variables.tf
View File

@ -1,276 +0,0 @@
# Global definitions
variable "main_region" {
type = string
default = "isti_area_pi_1"
}
variable "external_network" {
type = map(string)
default = {
name = "external-network"
id = "1d2ff137-6ff7-4017-be2b-0d6c4af2353b"
}
}
variable "floating_ip_pools" {
type = map(string)
default = {
main_public_ip_pool = "external-network"
}
}
variable "resolvers_ip" {
type = list(string)
default = ["146.48.29.97", "146.48.29.98", "146.48.29.99"]
}
variable "mtu_size" {
type = number
default = 8942
}
variable "availability_zones_names" {
type = map(string)
default = {
availability_zone_no_gpu = "cnr-isti-nova-a"
availability_zone_with_gpu = "cnr-isti-nova-gpu-a"
}
}
variable "ubuntu_1804" {
type = map(string)
default = {
name = "Ubuntu-Bionic-18.04"
uuid = "7ed6a2cd-2b07-482e-8ce4-f018dff16c89"
user_data_file = "../../openstack_vm_data_scripts/ubuntu1804.sh"
}
}
variable "ubuntu_2204" {
type = map(string)
default = {
name = "Ubuntu-Jammy-22.04"
uuid = "54768889-8556-4be4-a2eb-82a4d9b34627"
user_data_file = "../../openstack_vm_data_scripts/ubuntu2204.sh"
}
}
variable "centos_7" {
type = map(string)
default = {
name = "CentOS-7"
uuid = "f0187a99-64f6-462a-ab5f-ef52fe62f2ca"
}
}
variable "almalinux_9" {
type = map(string)
default = {
name = "AlmaLinux-9.0-20220718"
uuid = "541650fc-dd19-4f38-bb1d-7333ed9dd688"
}
}
variable "ubuntu1804_data_file" {
default = "../../openstack_vm_data_scripts/ubuntu1804.sh"
}
variable "ubuntu2204_data_file" {
default = "../../openstack_vm_data_scripts/ubuntu2204.sh"
}
variable "el7_data_file" {
default = "../../openstack_vm_data_scripts/el7.sh"
}
variable "ssh_jump_proxy" {
type = map(string)
default = {
name = "ssh-jump-proxy"
flavor = "m2.small"
}
}
variable "internal_ca_data" {
type = map(string)
default = {
name = "ca"
flavor = "m1.small"
}
}
variable "prometheus_server_data" {
type = map(string)
default = {
name = "prometheus"
flavor = "m1.medium"
vol_data_name = "prometheus-data"
vol_data_size = "100"
vol_data_device = "/dev/vdb"
public_grafana_server_cidr = "146.48.122.132/32"
}
}
variable "shared_postgresql_server_data" {
type = map(string)
default = {
name = "shared-postgresql-server"
flavor = "m1.medium"
vol_data_name = "shared-postgresql-data"
vol_data_size = "100"
vol_data_device = "/dev/vdb"
# vol_backup_name = ""
# vol_backup_size = ""
# vol_backup_device = ""
network_name = "postgresql-srv-net"
network_description = "Network used to communicate with the shared postgresql service"
network_cidr = "192.168.0.0/22"
allocation_pool_start = "192.168.0.100"
allocation_pool_end = "192.168.3.254"
server_ip = "192.168.0.5"
server_cidr = "192.168.0.5/22"
}
}
variable "haproxy_l7_data" {
type = map(string)
default = {
name = "main-haproxy-l7"
haproxy_1 = "haproxy-l7-1"
haproxy_2 = "haproxy-l7-2"
flavor = "m1.medium"
vm_count = "2"
}
}
variable "resource_registry_addresses" {
type = map(string)
default = {
}
}
variable "smartexecutor_addresses" {
type = map(string)
default = {
}
}
# Added by Francesco
# Create in the path 'modules/ssh-key-ref' the file 'ssh-key-ref-outputs.tf'
# with the following outputs:
# output "ssh_key_file" {
# value = "~/.ssh/{YOUR_PRIVATE_KEYNAME}"
# sensitive = true
# }
# output "ssh_key_name" {
# value = "{YOUR_KEYNAME}"
# sensitive = false
# }
# Then you can use above outputs in your 'file.tf' (if it contains the soft link to variables.tf) as:
# module.ssh_settings.ssh_key_file
# module.ssh_settings.ssh_key_name
# e.g.
#
# resource "openstack_compute_instance_v2" "geoserver" {
# key_pair = module.ssh_settings.ssh_key_name
# Added by Francesco
variable "flavor_list" {
type = map(string)
default = {
c1_small = "c1.small" #RAM 2 - VCPUs 2
c1_medium = "c1.medium" #RAM 4 - VCPUs 4
c1_large = "c1.large" #RAM 8 - VCPUs 8
c2_large = "c2.large" #RAM 16 -VCPUs 16
m1_medium = "m1.medium" #RAM 4 - VCPUs 2
m1_large = "m1.large" #RAM 8 - VCPUs 4
m1_xlarge = "m1.xlarge" #RAM 16 - VCPUs 8
m1_xxl = "m1.xxl" #RAM 32 - VCPUS 16
m2_small = "m2.small" #RAM 8 - VCPUs 2
m2_medium = "m2.medium" #RAM 16 - VCPUs 4
m2_large = "m2.large" #RAM 32 - VCPUs 8
m3_large = "m3.large" #RAM 64 - VCPUs 16
}
}
# Added by Francesco
variable "security_group_list" {
type = map(string)
default = {
postgreSQL = "PostgreSQL service"
acaland = "acaland's dev machine"
haproxy = "traffic_from_main_lb_to_haproxy_l7"
access_to_orientdb = "access_to_orientdb"
dataminer-publish = "dataminer-publish"
docker_swarm_NFS = "Docker Swarm NFS"
public_HTTPS = "Public HTTPS"
orientdb_internal_docker_traffic = "orientdb_internal_docker_traffic"
limited_SSH_access = "Limited SSH access"
debugging_from_jump_node = "debugging_from_jump_node"
access_to_the_timescaledb_service = "access_to_the_timescaledb_service"
docker_swarm = "Docker Swarm"
http_and_https_from_the_load_balancers = "traffic_from_the_main_load_balancers"
limited_HTTPS_access = "restricted_web_service"
mongo = "mongo"
limited_SSH_access = "Limited SSH access"
default = "default"
cassandra = "Cassandra"
access_to_orientdb_se = "access_to_orientdb_se"
}
}
# Added by Francesco
variable "policy_list" {
type = map(string)
default = {
soft_anti_affinity = "soft-anti-affinity"
anti_affinity = "anti-affinity"
affinity = "affinity"
soft_affinity = "soft-affinity"
}
}
variable "networks_list" {
type = map(string)
default = {
shared_postgresql = "postgresql-srv-net"
swarm = "swarm-nfs-net"
timescaledb = "timescaledb-net"
orientdb = "orientdb-net"
orientdb_se = "orientdb-se-net"
}
}
variable "ssh_sources" {
type = map(string)
default = {
s2i2s_vpn_1_cidr = "146.48.28.10/32"
s2i2s_vpn_2_cidr = "146.48.28.11/32"
d4s_vpn_1_cidr = "146.48.122.27/32"
d4s_vpn_2_cidr = "146.48.122.49/32"
shell_d4s_cidr = "146.48.122.95/32"
infrascience_net_cidr = "146.48.122.0/23"
}
}
variable "networks_with_d4s_services" {
type = map(string)
default = {
"isti_net" = "146.48.80.0/21"
"s2i2s_net" = "146.48.28.0/22"
"infrascience_net" = "146.48.122.0/23"
"garr_ct1_net" = "90.147.166.0/23"
"garr_pa1_net" = "90.147.188.0/23"
"garr_na_net" = "90.147.152.0/24"
}
}
# variable "default_security_group_name" {
# default = "default_for_all"
# }

128
s2i2s/main_net_dns_router/main.tf
View File

@ -16,6 +16,11 @@ provider "openstack" {
module "labs_common_variables" {
source = "../../modules/labs_common_variables"
}
module "project_variables" {
source = "../variables"
}
# Main module
module "main_private_net_and_dns_zone" {
source = "../../modules/labs_private_net_and_dns_zone"
@ -47,9 +52,9 @@ module "main_private_net_and_dns_zone" {
description = "S2I2S main router"
}
default_firewall_rules_map = {
"ssh_from_isti_net" = {
description = "SSH from the ISTI network"
source = module.labs_common_variables.ssh_sources.isti_net_cidr
"ssh_from_the_jump_proxy" = {
description = "SSH from the S2I2S VPN 1"
source = module.project_variables.basic_services_ip.ssh_jump_cidr
port_min = 22
port_max = 22
},
@ -64,123 +69,6 @@ module "main_private_net_and_dns_zone" {
source = module.labs_common_variables.ssh_sources.s2i2s_vpn_2_cidr
port_min = 22
port_max = 22
},
"http_from_everywhere" = {
description = "HTTP from everywhere"
source = "0.0.0.0/0"
port_min = 80
port_max = 80
},
"https_from_everywhere" = {
description = "HTTPS from everywhere"
source = "0.0.0.0/0"
port_min = 443
port_max = 443
}
}
}
output "os_project_data" {
value = module.main_private_net_and_dns_zone.os_project_data
}
output "dns_zone" {
value = module.main_private_net_and_dns_zone.dns_zone
}
output "dns_zone_id" {
value = module.main_private_net_and_dns_zone.dns_zone_id
}
output "main_private_network" {
value = module.main_private_net_and_dns_zone.main_private_network
}
output "main_private_network_id" {
value = module.main_private_net_and_dns_zone.main_private_network_id
}
output "main_subnet_network" {
value = module.main_private_net_and_dns_zone.main_subnet_network
}
output "main_subnet_network_id" {
value = module.main_private_net_and_dns_zone.main_subnet_network_id
}
output "external_gateway_ip" {
value = module.main_private_net_and_dns_zone.external_gateway_ip
}
output "main_region" {
value = module.labs_common_variables.main_region
}
output "external_network" {
value = module.labs_common_variables.external_network
}
output "external_network_id" {
value = module.labs_common_variables.external_network.id
}
output "floating_ip_pools" {
value = module.labs_common_variables.floating_ip_pools
}
output "resolvers_ip" {
value = module.labs_common_variables.resolvers_ip
}
output "mtu_size" {
value = module.labs_common_variables.mtu_size
}
output "availability_zones_names" {
value = module.labs_common_variables.availability_zones_names
}
output "availability_zone_no_gpu_name" {
value = module.labs_common_variables.availability_zones_names.availability_zone_no_gpu
}
output "availability_zone_with_gpu_name" {
value = module.labs_common_variables.availability_zones_names.availability_zone_with_gpu
}
output "ssh_sources" {
value = module.labs_common_variables.ssh_sources
}
output "ubuntu_2204" {
value = module.labs_common_variables.ubuntu_2204
}
output "centos_7" {
value = module.labs_common_variables.centos_7
}
output "almalinux_9" {
value = module.labs_common_variables.almalinux_9
}
output "ubuntu2204_data_file" {
value = module.labs_common_variables.ubuntu2204_data_file
}
output "el7_data_file" {
value = module.labs_common_variables.el7_data_file
}
output "policy_list" {
value = module.labs_common_variables.policy_list
}
output "flavor_list" {
value = module.labs_common_variables.flavor_list
}
output "default_security_group_name" {
value = module.labs_common_variables.default_security_group_name
}

118
s2i2s/main_net_dns_router/terraform.tfstate
View File

@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.6.6",
"serial": 14,
"serial": 20,
"lineage": "bad36b1d-a210-1782-e7b2-e07bde71f6be",
"outputs": {
"almalinux_9": {
@ -49,12 +49,12 @@
},
"dns_zone": {
"value": {
"attributes": null,
"attributes": {},
"description": "DNS primary zone for the S2I2S project",
"disable_status_check": false,
"email": "postmaster@isti.cnr.it",
"id": "f668696a-cedb-4554-8f81-cf7dc1db773b",
"masters": null,
"masters": [],
"name": "s2i2s.cloud.isti.cnr.it.",
"project_id": "d58ff441b31d4d0daf4a3e64d5332082",
"region": "isti_area_pi_1",
@ -189,7 +189,7 @@
}
],
"shared": false,
"tags": null,
"tags": [],
"tenant_id": "d58ff441b31d4d0daf4a3e64d5332082",
"timeouts": null,
"transparent_vlan": false,
@ -292,7 +292,7 @@
"region": "isti_area_pi_1",
"service_types": [],
"subnetpool_id": "",
"tags": null,
"tags": [],
"tenant_id": "d58ff441b31d4d0daf4a3e64d5332082",
"timeouts": null,
"value_specs": null
@ -459,12 +459,12 @@
{
"schema_version": 0,
"attributes": {
"attributes": null,
"attributes": {},
"description": "DNS primary zone for the S2I2S project",
"disable_status_check": false,
"email": "postmaster@isti.cnr.it",
"id": "f668696a-cedb-4554-8f81-cf7dc1db773b",
"masters": null,
"masters": [],
"name": "s2i2s.cloud.isti.cnr.it.",
"project_id": "d58ff441b31d4d0daf4a3e64d5332082",
"region": "isti_area_pi_1",
@ -508,7 +508,7 @@
}
],
"shared": false,
"tags": null,
"tags": [],
"tenant_id": "d58ff441b31d4d0daf4a3e64d5332082",
"timeouts": null,
"transparent_vlan": false,
@ -575,7 +575,7 @@
"id": "bca61b05-e34d-4d1c-8400-860e8ea66406",
"name": "s2i2s-proj-external-router",
"region": "isti_area_pi_1",
"tags": null,
"tags": [],
"tenant_id": "d58ff441b31d4d0daf4a3e64d5332082",
"timeouts": null,
"value_specs": null,
@ -597,78 +597,6 @@
"name": "default_firewall_rules",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"index_key": "http_from_everywhere",
"schema_version": 0,
"attributes": {
"description": "HTTP from everywhere",
"direction": "ingress",
"ethertype": "IPv4",
"id": "5321ff5a-c61d-4f60-8a02-b82d4657b785",
"port_range_max": 80,
"port_range_min": 80,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "0.0.0.0/0",
"security_group_id": "a330ab7b-7e10-4085-b0f4-c8a4b80a4586",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
},
{
"index_key": "https_from_everywhere",
"schema_version": 0,
"attributes": {
"description": "HTTPS from everywhere",
"direction": "ingress",
"ethertype": "IPv4",
"id": "a55f413a-2728-4347-8fb5-a47b170e9a27",
"port_range_max": 443,
"port_range_min": 443,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "0.0.0.0/0",
"security_group_id": "a330ab7b-7e10-4085-b0f4-c8a4b80a4586",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
},
{
"index_key": "ssh_from_isti_net",
"schema_version": 0,
"attributes": {
"description": "SSH from the ISTI network",
"direction": "ingress",
"ethertype": "IPv4",
"id": "5fe2dd36-b821-4b74-8a3e-52d3dd74149e",
"port_range_max": 22,
"port_range_min": 22,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "146.48.80.0/21",
"security_group_id": "a330ab7b-7e10-4085-b0f4-c8a4b80a4586",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
},
{
"index_key": "ssh_from_s2i2s_vpn_1",
"schema_version": 0,
@ -716,6 +644,30 @@
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
},
{
"index_key": "ssh_from_the_jump_proxy",
"schema_version": 0,
"attributes": {
"description": "SSH from the S2I2S VPN 1",
"direction": "ingress",
"ethertype": "IPv4",
"id": "848ba8fc-1636-4a8b-a9fc-e41b06ed1d04",
"port_range_max": 22,
"port_range_min": 22,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "10.10.0.5/32",
"security_group_id": "a330ab7b-7e10-4085-b0f4-c8a4b80a4586",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
}
]
},
@ -799,7 +751,7 @@
"id": "a330ab7b-7e10-4085-b0f4-c8a4b80a4586",
"name": "default_for_all",
"region": "isti_area_pi_1",
"tags": null,
"tags": [],
"tenant_id": "d58ff441b31d4d0daf4a3e64d5332082",
"timeouts": null
},
@ -852,7 +804,7 @@
"region": "isti_area_pi_1",
"service_types": [],
"subnetpool_id": "",
"tags": null,
"tags": [],
"tenant_id": "d58ff441b31d4d0daf4a3e64d5332082",
"timeouts": null,
"value_specs": null