diff --git a/kdd/wp-ai4yb/main.tf b/kdd/wp-ai4yb/main.tf new file mode 100644 index 0000000..427fa33 --- /dev/null +++ b/kdd/wp-ai4yb/main.tf @@ -0,0 +1,94 @@ +# Define required providers +terraform { + required_version = ">= 0.14.0" + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } + } +} + +data "terraform_remote_state" "privnet_dns_router" { + backend = "local" + + config = { + path = "../main_net_dns_router/terraform.tfstate" + } +} + +module "ssh_settings" { + source = "../../modules/ssh-key-ref" +} +# +# Uses common_variables as module +# +module "common_variables" { + source = "../../modules/labs_common_variables" +} + +resource "openstack_compute_instance_v2" "wp_ai4yb" { + name = "wp-ai4yb" + availability_zone_hints = module.common_variables.availability_zone_no_gpu_name + flavor_name = module.common_variables.flavor_list.m1_medium + key_pair = module.ssh_settings.ssh_key_name + security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name] + block_device { + uuid = module.common_variables.ubuntu_2204.uuid + source_type = "image" + volume_size = 30 + boot_index = 0 + destination_type = "volume" + delete_on_termination = false + } + network { + name = data.terraform_remote_state.privnet_dns_router.outputs.main_private_network.name + } + user_data = file("${data.terraform_remote_state.privnet_dns_router.outputs.ubuntu2204_data_file}") + # Do not replace the instance when the ssh key changes + lifecycle { + ignore_changes = [ + # Ignore changes to tags, e.g. because a management agent + # updates these based on some ruleset managed elsewhere. + key_pair, user_data, network + ] + } +} + +# Allocate and associate a floating IP address +# +resource "openstack_networking_floatingip_v2" "wp_ai4yb_ip" { + pool = module.common_variables.floating_ip_pools.main_public_ip_pool + # The DNS association does not work because of a bug in the OpenStack API + description = "AI for your business site" +} + +resource "openstack_compute_floatingip_associate_v2" "wp_ai4yb_fp" { + floating_ip = openstack_networking_floatingip_v2.wp_ai4yb_ip.address + instance_id = openstack_compute_instance_v2.wp_ai4yb.id +} +# +# Add a DNS record to the floating IP address +# +module "dns_records_create" { + source = "../../modules/dns_resources" + + dns_resources_map = { + wp = { + zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id + name = join(".", ["wp-ai4yb", data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.name]) + description = "AI for your business Wordpress" + ttl = 8600 + type = "A" + records = [openstack_networking_floatingip_v2.wp_ai4yb_ip.address] + }, + phpadmin = { + zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id + name = join(".", ["phpadmin-ai4yb", data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.name]) + description = "PHPMyAdmin for the AI for your business Wordpress DB" + ttl = 8600 + type = "CNAME" + records = [join(".", ["wp-ai4yb", data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.name])] + } + } +} diff --git a/kdd/wp-ai4yb/provider.tf b/kdd/wp-ai4yb/provider.tf new file mode 100644 index 0000000..0d5af91 --- /dev/null +++ b/kdd/wp-ai4yb/provider.tf @@ -0,0 +1,3 @@ +provider "openstack" { + cloud = "kdd-lab" +} diff --git a/kdd/wp-ai4yb/terraform.tfstate b/kdd/wp-ai4yb/terraform.tfstate new file mode 100644 index 0000000..527caa1 --- /dev/null +++ b/kdd/wp-ai4yb/terraform.tfstate @@ -0,0 +1,636 @@ +{ + "version": 4, + "terraform_version": "1.6.6", + "serial": 6, + "lineage": "b3025fb1-c280-2fe4-f25e-4ff6c950c850", + "outputs": {}, + "resources": [ + { + "mode": "data", + "type": "terraform_remote_state", + "name": "privnet_dns_router", + "provider": "provider[\"terraform.io/builtin/terraform\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "backend": "local", + "config": { + "value": { + "path": "../main_net_dns_router/terraform.tfstate" + }, + "type": [ + "object", + { + "path": "string" + } + ] + }, + "defaults": null, + "outputs": { + "value": { + "almalinux_9": { + "name": "AlmaLinux-9.0-20220718", + "uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688" + }, + "availability_zone_no_gpu_name": "cnr-isti-nova-a", + "availability_zone_with_gpu_name": "cnr-isti-nova-gpu-a", + "availability_zones_names": { + "availability_zone_no_gpu": "cnr-isti-nova-a", + "availability_zone_with_gpu": "cnr-isti-nova-gpu-a" + }, + "centos_7": { + "name": "CentOS-7", + "user_data_file": "../../s2i2s_openstack_vm_data_scripts/el.sh", + "uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" + }, + "default_security_group_name": "default_for_all", + "dns_zone": { + "attributes": {}, + "description": "DNS primary zone for the KDD project", + "disable_status_check": false, + "email": "postmaster@isti.cnr.it", + "id": "9d29d051-9567-4af4-9ffe-87eb643fc90b", + "masters": [], + "name": "kdd.cloud.isti.cnr.it.", + "project_id": "d6757d56e6e54ffe83a9701cc92af4c2", + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "PRIMARY", + "value_specs": null + }, + "dns_zone_id": "9d29d051-9567-4af4-9ffe-87eb643fc90b", + "el7_data_file": "../../s2i2s_openstack_vm_data_scripts/el.sh", + "external_gateway_ip": [ + { + "ip_address": "146.48.30.196", + "subnet_id": "57f87509-4016-46fb-b8c3-25fca7f72ccb" + } + ], + "external_network": { + "id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "name": "external-network" + }, + "external_network_id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "flavor_list": { + "c1_large": "c1.large", + "c1_medium": "c1.medium", + "c1_small": "c1.small", + "c2_large": "c2.large", + "m1_large": "m1.large", + "m1_medium": "m1.medium", + "m1_xlarge": "m1.xlarge", + "m1_xxl": "m1.xxl", + "m2_large": "m2.large", + "m2_medium": "m2.medium", + "m2_small": "m2.small", + "m3_large": "m3.large" + }, + "floating_ip_pools": { + "main_public_ip_pool": "external-network" + }, + "main_private_network": { + "admin_state_up": true, + "all_tags": [], + "availability_zone_hints": [], + "description": "KDD private network (use this as the main network)", + "dns_domain": "kdd.cloud.isti.cnr.it.", + "external": false, + "id": "fb006673-39b6-472b-ba20-f1087e7e38ef", + "mtu": 8942, + "name": "kdd-cloud-main", + "port_security_enabled": true, + "qos_policy_id": "", + "region": "isti_area_pi_1", + "segments": [ + { + "network_type": "geneve", + "physical_network": "", + "segmentation_id": 6061 + } + ], + "shared": false, + "tags": [], + "tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2", + "timeouts": null, + "transparent_vlan": false, + "value_specs": null + }, + "main_private_network_id": "fb006673-39b6-472b-ba20-f1087e7e38ef", + "main_region": "isti_area_pi_1", + "main_subnet_network": { + "all_tags": [], + "allocation_pool": [ + { + "end": "10.12.7.254", + "start": "10.12.1.1" + } + ], + "allocation_pools": [ + { + "end": "10.12.7.254", + "start": "10.12.1.1" + } + ], + "cidr": "10.12.0.0/21", + "description": "KDD main private subnet", + "dns_nameservers": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "enable_dhcp": true, + "gateway_ip": "10.12.0.1", + "host_routes": [], + "id": "ddf59a67-2bbc-4678-a1ae-19ef01a295e2", + "ip_version": 4, + "ipv6_address_mode": "", + "ipv6_ra_mode": "", + "name": "kdd-cloud-main-subnet", + "network_id": "fb006673-39b6-472b-ba20-f1087e7e38ef", + "no_gateway": false, + "prefix_length": null, + "region": "isti_area_pi_1", + "service_types": [], + "subnetpool_id": "", + "tags": [], + "tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2", + "timeouts": null, + "value_specs": null + }, + "main_subnet_network_id": "ddf59a67-2bbc-4678-a1ae-19ef01a295e2", + "mtu_size": 8942, + "os_project_data": { + "id": "d6757d56e6e54ffe83a9701cc92af4c2", + "name": "kdd-lab-cloud" + }, + "policy_list": { + "affinity": "affinity", + "anti_affinity": "anti-affinity", + "soft_affinity": "soft-affinity", + "soft_anti_affinity": "soft-anti-affinity" + }, + "resolvers_ip": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "ssh_sources": { + "infrascience_net_cidr": "146.48.122.0/23", + "isti_net_cidr": "146.48.80.0/21", + "isti_vpn_gw1": "146.48.80.101/32", + "isti_vpn_gw2": "146.48.80.102/32", + "isti_vpn_gw3": "146.48.80.103/32", + "s2i2s_net_cidr": "146.48.28.0/22", + "s2i2s_vpn_1_cidr": "146.48.28.10/32", + "s2i2s_vpn_2_cidr": "146.48.28.11/32" + }, + "ubuntu2204_data_file": "../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh", + "ubuntu_2204": { + "name": "Ubuntu-Jammy-22.04", + "user_data_file": "../../s2i2s_openstack_vm_data_scripts/ubuntu2204.sh", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" + } + }, + "type": [ + "object", + { + "almalinux_9": [ + "map", + "string" + ], + "availability_zone_no_gpu_name": "string", + "availability_zone_with_gpu_name": "string", + "availability_zones_names": [ + "map", + "string" + ], + "centos_7": [ + "map", + "string" + ], + "default_security_group_name": "string", + "dns_zone": [ + "object", + { + "attributes": [ + "map", + "string" + ], + "description": "string", + "disable_status_check": "bool", + "email": "string", + "id": "string", + "masters": [ + "set", + "string" + ], + "name": "string", + "project_id": "string", + "region": "string", + "timeouts": [ + "object", + { + "create": "string", + "delete": "string", + "update": "string" + } + ], + "ttl": "number", + "type": "string", + "value_specs": [ + "map", + "string" + ] + } + ], + "dns_zone_id": "string", + "el7_data_file": "string", + "external_gateway_ip": [ + "list", + [ + "object", + { + "ip_address": "string", + "subnet_id": "string" + } + ] + ], + "external_network": [ + "map", + "string" + ], + "external_network_id": "string", + "flavor_list": [ + "map", + "string" + ], + "floating_ip_pools": [ + "map", + "string" + ], + "main_private_network": [ + "object", + { + "admin_state_up": "bool", + "all_tags": [ + "set", + "string" + ], + "availability_zone_hints": [ + "set", + "string" + ], + "description": "string", + "dns_domain": "string", + "external": "bool", + "id": "string", + "mtu": "number", + "name": "string", + "port_security_enabled": "bool", + "qos_policy_id": "string", + "region": "string", + "segments": [ + "set", + [ + "object", + { + "network_type": "string", + "physical_network": "string", + "segmentation_id": "number" + } + ] + ], + "shared": "bool", + "tags": [ + "set", + "string" + ], + "tenant_id": "string", + "timeouts": [ + "object", + { + "create": "string", + "delete": "string" + } + ], + "transparent_vlan": "bool", + "value_specs": [ + "map", + "string" + ] + } + ], + "main_private_network_id": "string", + "main_region": "string", + "main_subnet_network": [ + "object", + { + "all_tags": [ + "set", + "string" + ], + "allocation_pool": [ + "set", + [ + "object", + { + "end": "string", + "start": "string" + } + ] + ], + "allocation_pools": [ + "list", + [ + "object", + { + "end": "string", + "start": "string" + } + ] + ], + "cidr": "string", + "description": "string", + "dns_nameservers": [ + "list", + "string" + ], + "enable_dhcp": "bool", + "gateway_ip": "string", + "host_routes": [ + "list", + [ + "object", + { + "destination_cidr": "string", + "next_hop": "string" + } + ] + ], + "id": "string", + "ip_version": "number", + "ipv6_address_mode": "string", + "ipv6_ra_mode": "string", + "name": "string", + "network_id": "string", + "no_gateway": "bool", + "prefix_length": "number", + "region": "string", + "service_types": [ + "list", + "string" + ], + "subnetpool_id": "string", + "tags": [ + "set", + "string" + ], + "tenant_id": "string", + "timeouts": [ + "object", + { + "create": "string", + "delete": "string" + } + ], + "value_specs": [ + "map", + "string" + ] + } + ], + "main_subnet_network_id": "string", + "mtu_size": "number", + "os_project_data": [ + "map", + "string" + ], + "policy_list": [ + "map", + "string" + ], + "resolvers_ip": [ + "list", + "string" + ], + "ssh_sources": [ + "map", + "string" + ], + "ubuntu2204_data_file": "string", + "ubuntu_2204": [ + "map", + "string" + ] + } + ] + }, + "workspace": null + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_floatingip_associate_v2", + "name": "wp_ai4yb_fp", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fixed_ip": "", + "floating_ip": "146.48.30.172", + "id": "146.48.30.172/c8bf6aa9-452c-4851-804a-cbc84e263ca1/", + "instance_id": "c8bf6aa9-452c-4851-804a-cbc84e263ca1", + "region": "isti_area_pi_1", + "timeouts": null, + "wait_until_associated": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_compute_instance_v2.wp_ai4yb", + "openstack_networking_floatingip_v2.wp_ai4yb_ip" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_instance_v2", + "name": "wp_ai4yb", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.12.1.115", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", + "volume_size": 30, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2024-03-14 18:32:19 +0000 UTC", + "flavor_id": "4", + "flavor_name": "m1.medium", + "floating_ip": null, + "force_delete": false, + "id": "c8bf6aa9-452c-4851-804a-cbc84e263ca1", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "adellam", + "metadata": null, + "name": "wp-ai4yb", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.12.1.115", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:48:ce:20", + "name": "kdd-cloud-main", + "port": "", + "uuid": "fb006673-39b6-472b-ba20-f1087e7e38ef" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [], + "security_groups": [ + "default_for_all" + ], + "stop_before_destroy": false, + "tags": null, + "timeouts": null, + "updated": "2024-03-14 18:33:07 +0000 UTC", + "user_data": "094aad1c2a9d617fb2d4622557b2841486c0ecd7", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_floatingip_v2", + "name": "wp_ai4yb_ip", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "address": "146.48.30.172", + "all_tags": [], + "description": "AI for your business site", + "dns_domain": "", + "dns_name": "", + "fixed_ip": "", + "id": "2805f6f7-8ed0-4418-8d24-438da7856773", + "pool": "external-network", + "port_id": "", + "region": "isti_area_pi_1", + "subnet_id": null, + "subnet_ids": null, + "tags": null, + "tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2", + "timeouts": null, + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "module": "module.dns_records_create", + "mode": "managed", + "type": "openstack_dns_recordset_v2", + "name": "add_dns_recordset", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "index_key": "phpadmin", + "schema_version": 0, + "attributes": { + "description": "PHPMyAdmin for the AI for your business Wordpress DB", + "disable_status_check": false, + "id": "9d29d051-9567-4af4-9ffe-87eb643fc90b/aaf72f62-81b2-46b4-835f-aa553f70d555", + "name": "phpadmin-ai4yb.kdd.cloud.isti.cnr.it.", + "project_id": "d6757d56e6e54ffe83a9701cc92af4c2", + "records": [ + "wp-ai4yb.kdd.cloud.isti.cnr.it." + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "CNAME", + "value_specs": null, + "zone_id": "9d29d051-9567-4af4-9ffe-87eb643fc90b" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_floatingip_v2.wp_ai4yb_ip" + ] + }, + { + "index_key": "wp", + "schema_version": 0, + "attributes": { + "description": "AI for your business Wordpress", + "disable_status_check": false, + "id": "9d29d051-9567-4af4-9ffe-87eb643fc90b/9b1efb2a-20ce-4e97-a61b-bfe8ca564608", + "name": "wp-ai4yb.kdd.cloud.isti.cnr.it.", + "project_id": "d6757d56e6e54ffe83a9701cc92af4c2", + "records": [ + "146.48.30.172" + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "A", + "value_specs": null, + "zone_id": "9d29d051-9567-4af4-9ffe-87eb643fc90b" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_floatingip_v2.wp_ai4yb_ip" + ] + } + ] + } + ], + "check_results": null +} diff --git a/modules/complete_infra_setup/haproxy.tf b/modules/complete_infra_setup/haproxy.tf index 09cbfaf..5dbf7b0 100644 --- a/modules/complete_infra_setup/haproxy.tf +++ b/modules/complete_infra_setup/haproxy.tf @@ -1,11 +1,7 @@ # # HAPROXY L7 behind the main Octavia balancer # -# FIXME: terraform does not return the Octavia VRRP addresses, so we have to find them before creating the security group that allows the traffic between octavia and the haproxy instances -# -# openstack --os-cloud d4s-pre port list -f value | grep octavia-lb-vrrp -# 5cc2354e-4465-4a1d-8390-c214e208c6de octavia-lb-vrrp-72392023-a774-4b58-a025-c1e99c5d152a fa:16:3e:62:24:2c [{'subnet_id': 'cd77a2fd-4a36-4254-b1d0-70b3874c6d04', 'ip_address': '10.1.34.232'}] ACTIVE -# 8aa4e97f-723d-4a2a-b79f-912fa7651653 octavia-lb-vrrp-fbfcf712-0ceb-4a38-82da-0c9ebef5dff3 fa:16:3e:79:62:a5 [{'subnet_id': 'cd77a2fd-4a36-4254-b1d0-70b3874c6d04', 'ip_address': '10.1.33.229'}] ACTIVE +# We use a dedicated network between haproxy and octavia so that we do not have to know the VRRP addresses of the octavia nodes # # Server group # diff --git a/modules/complete_infra_setup/octavia.tf b/modules/complete_infra_setup/octavia.tf index 8782267..19593c8 100644 --- a/modules/complete_infra_setup/octavia.tf +++ b/modules/complete_infra_setup/octavia.tf @@ -1,11 +1,60 @@ # Main load balancer. L4, backed by Octavia + +# Create the netework and subnet used to make Octavia and HAPROXY communicate +resource "openstack_networking_network_v2" "octavia-private-network" { + name = var.octavia_information.network_name + admin_state_up = "true" + external = "false" + description = var.octavia_information.network_description + dns_domain = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.name + mtu = module.labs_common_variables.mtu_size + port_security_enabled = true + shared = false + region = module.labs_common_variables.main_region + # tenant_id = data.terraform_remote_state.privnet_dns_router.outputs.os_project_data.id +} + +resource "openstack_networking_subnet_v2" "octavia-private-subnet" { + name = var.octavia_information.subnet_name + description = var.octavia_information.subnet_description + network_id = openstack_networking_network_v2.octavia-private-network.id + cidr = var.octavia_information.subnet_cidr + gateway_ip = var.octavia_information.gateway_ip + dns_nameservers = module.labs_common_variables.resolvers_ip + ip_version = 4 + enable_dhcp = true + # tenant_id = data.terraform_remote_state.privnet_dns_router.outputs.os_project_data.id + allocation_pool { + start = var.octavia_information.allocation_pool_start + end = var.octavia_information.allocation_pool_end + } +} + +resource "openstack_networking_router_v2" "octavia-external-router" { + name = var.octavia_information.external_router_name + description = var.octavia_information.external_router_description + external_network_id = module.labs_common_variables.external_network.id + # tenant_id = data.terraform_remote_state.privnet_dns_router.outputs.os_project_data.id + enable_snat = true + vendor_options { + set_router_gateway_after_create = true + } +} + +# Router interface configuration +resource "openstack_networking_router_interface_v2" "octavia-private-network-routing" { + router_id = openstack_networking_router_v2.octavia-external-router.id + # router_id = var.external_router.id + subnet_id = openstack_networking_subnet_v2.octavia-private-subnet.id +} + resource "openstack_lb_loadbalancer_v2" "main_lb" { - vip_subnet_id = var.main_private_subnet_id + vip_subnet_id = openstack_networking_subnet_v2.octavia-private-subnet.id name = var.octavia_information.main_lb_name description = var.octavia_information.main_lb_description flavor_id = var.octavia_information.octavia_flavor_id vip_address = var.basic_services_ip.octavia_main - # availability_zone = var.availability_zones_names.availability_zone_no_gpu + availability_zone = module.labs_common_variables.availability_zones_names.availability_zone_no_gpu loadbalancer_provider = "amphora" } @@ -24,13 +73,13 @@ resource "openstack_networking_floatingip_associate_v2" "main_lb" { } locals { - recordset_name = "${var.octavia_information.main_lb_hostname}.${var.dns_zone.zone_name}" + recordset_name = "${var.octavia_information.main_lb_hostname}.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.name}" } resource "openstack_dns_recordset_v2" "main_lb_dns_recordset" { - zone_id = var.dns_zone_id + zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.id name = local.recordset_name - description = "Public IP address of the main load balancer" + description = "Public IP address of the main Octavia load balancer" ttl = 8600 type = "A" records = [openstack_networking_floatingip_v2.main_lb_ip.address] diff --git a/modules/complete_infra_setup/outputs.tf b/modules/complete_infra_setup/outputs.tf deleted file mode 100644 index 285faca..0000000 --- a/modules/complete_infra_setup/outputs.tf +++ /dev/null @@ -1,126 +0,0 @@ - -output "main_region" { - value = var.main_region -} - -output "external_network" { - value = var.external_network -} - -output "external_network_id" { - value = var.external_network.id -} - -output "floating_ip_pools" { - value = var.floating_ip_pools - -} - -output "resolvers_ip" { - value = var.resolvers_ip -} - -output "mtu_size" { - value = var.mtu_size -} - -output "availability_zones_names" { - value = var.availability_zones_names -} - -output "availability_zone_no_gpu_name" { - value = var.availability_zones_names.availability_zone_no_gpu -} - -output "availability_zone_with_gpu_name" { - value = var.availability_zones_names.availability_zone_with_gpu -} - -output "ssh_sources" { - value = var.ssh_sources -} - -output "networks_with_d4s_services" { - value = var.networks_with_d4s_services -} - -output "ubuntu_1804" { - value = var.ubuntu_1804 -} - -output "ubuntu_2204" { - value = var.ubuntu_2204 -} - -output "centos_7" { - value = var.centos_7 -} - -output "almalinux_9" { - value = var.almalinux_9 -} - -output "ubuntu1804_data_file" { - value = var.ubuntu1804_data_file -} - -output "ubuntu2204_data_file" { - value = var.ubuntu2204_data_file -} - -output "el7_data_file" { - value = var.el7_data_file -} - -output "ssh_jump_proxy" { - value = var.ssh_jump_proxy -} - -output "internal_ca_data" { - value = var.internal_ca_data -} - -output "prometheus_server_data" { - value = var.prometheus_server_data -} - -output "shared_postgresql_server_data" { - value = var.shared_postgresql_server_data -} - -output "haproxy_l7_data" { - value = var.haproxy_l7_data -} - -output "resource_registry_addresses" { - value = var.resource_registry_addresses -} - -output "smartexecutor_addresses" { - value = var.smartexecutor_addresses -} - -#Added by Francesco -output "policy_list" { - value = var.policy_list -} - -#Added by Francesco -output "flavor_list" { - value = var.flavor_list -} - -#Added by Francesco -output "security_group_list" { - value = var.security_group_list -} - -#Added by Francesco -output "networks_list" { - value = var.networks_list -} - -# output "default_security_group_name" { -# value = var.default_security_group_name -# } - diff --git a/modules/complete_infra_setup/terraform-provider.tf b/modules/complete_infra_setup/terraform-provider.tf index 96ab017..0f56f13 100644 --- a/modules/complete_infra_setup/terraform-provider.tf +++ b/modules/complete_infra_setup/terraform-provider.tf @@ -9,19 +9,17 @@ terraform { } } +module "labs_common_variables" { + source = "../../modules/labs_common_variables" +} + +module "project_variables" { + source = "../variables" +} data "terraform_remote_state" "privnet_dns_router" { backend = "local" config = { - path = "../project-setup/terraform.tfstate" + path = "../main_net_dns_router/terraform.tfstate" } } - -# module "common_variables" { -# source = "../../modules/common_variables" -# } - -# module "ssh_settings" { -# source = "../../modules/ssh-key-ref" -# } - diff --git a/modules/complete_infra_setup/variables.tf b/modules/complete_infra_setup/variables.tf deleted file mode 100644 index 2fb96ba..0000000 --- a/modules/complete_infra_setup/variables.tf +++ /dev/null @@ -1,276 +0,0 @@ -# Global definitions -variable "main_region" { - type = string - default = "isti_area_pi_1" -} - -variable "external_network" { - type = map(string) - default = { - name = "external-network" - id = "1d2ff137-6ff7-4017-be2b-0d6c4af2353b" - } -} - -variable "floating_ip_pools" { - type = map(string) - default = { - main_public_ip_pool = "external-network" - } -} - -variable "resolvers_ip" { - type = list(string) - default = ["146.48.29.97", "146.48.29.98", "146.48.29.99"] -} - -variable "mtu_size" { - type = number - default = 8942 -} - -variable "availability_zones_names" { - type = map(string) - default = { - availability_zone_no_gpu = "cnr-isti-nova-a" - availability_zone_with_gpu = "cnr-isti-nova-gpu-a" - } -} - -variable "ubuntu_1804" { - type = map(string) - - default = { - name = "Ubuntu-Bionic-18.04" - uuid = "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" - user_data_file = "../../openstack_vm_data_scripts/ubuntu1804.sh" - } -} - -variable "ubuntu_2204" { - type = map(string) - default = { - name = "Ubuntu-Jammy-22.04" - uuid = "54768889-8556-4be4-a2eb-82a4d9b34627" - user_data_file = "../../openstack_vm_data_scripts/ubuntu2204.sh" - } -} - -variable "centos_7" { - type = map(string) - default = { - name = "CentOS-7" - uuid = "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" - } -} - -variable "almalinux_9" { - type = map(string) - default = { - name = "AlmaLinux-9.0-20220718" - uuid = "541650fc-dd19-4f38-bb1d-7333ed9dd688" - } -} - -variable "ubuntu1804_data_file" { - default = "../../openstack_vm_data_scripts/ubuntu1804.sh" -} - -variable "ubuntu2204_data_file" { - default = "../../openstack_vm_data_scripts/ubuntu2204.sh" -} - -variable "el7_data_file" { - default = "../../openstack_vm_data_scripts/el7.sh" -} - -variable "ssh_jump_proxy" { - type = map(string) - default = { - name = "ssh-jump-proxy" - flavor = "m2.small" - } -} - -variable "internal_ca_data" { - type = map(string) - default = { - name = "ca" - flavor = "m1.small" - } -} - -variable "prometheus_server_data" { - type = map(string) - default = { - name = "prometheus" - flavor = "m1.medium" - vol_data_name = "prometheus-data" - vol_data_size = "100" - vol_data_device = "/dev/vdb" - public_grafana_server_cidr = "146.48.122.132/32" - } -} - -variable "shared_postgresql_server_data" { - type = map(string) - default = { - name = "shared-postgresql-server" - flavor = "m1.medium" - vol_data_name = "shared-postgresql-data" - vol_data_size = "100" - vol_data_device = "/dev/vdb" - # vol_backup_name = "" - # vol_backup_size = "" - # vol_backup_device = "" - network_name = "postgresql-srv-net" - network_description = "Network used to communicate with the shared postgresql service" - network_cidr = "192.168.0.0/22" - allocation_pool_start = "192.168.0.100" - allocation_pool_end = "192.168.3.254" - server_ip = "192.168.0.5" - server_cidr = "192.168.0.5/22" - } -} - -variable "haproxy_l7_data" { - type = map(string) - default = { - name = "main-haproxy-l7" - haproxy_1 = "haproxy-l7-1" - haproxy_2 = "haproxy-l7-2" - flavor = "m1.medium" - vm_count = "2" - } -} - -variable "resource_registry_addresses" { - type = map(string) - default = { - } -} - -variable "smartexecutor_addresses" { - type = map(string) - default = { - } -} - -# Added by Francesco -# Create in the path 'modules/ssh-key-ref' the file 'ssh-key-ref-outputs.tf' -# with the following outputs: - -# output "ssh_key_file" { -# value = "~/.ssh/{YOUR_PRIVATE_KEYNAME}" -# sensitive = true -# } - -# output "ssh_key_name" { -# value = "{YOUR_KEYNAME}" -# sensitive = false -# } - -# Then you can use above outputs in your 'file.tf' (if it contains the soft link to variables.tf) as: -# module.ssh_settings.ssh_key_file -# module.ssh_settings.ssh_key_name - -# e.g. -# -# resource "openstack_compute_instance_v2" "geoserver" { -# key_pair = module.ssh_settings.ssh_key_name - -# Added by Francesco -variable "flavor_list" { - type = map(string) - default = { - c1_small = "c1.small" #RAM 2 - VCPUs 2 - c1_medium = "c1.medium" #RAM 4 - VCPUs 4 - c1_large = "c1.large" #RAM 8 - VCPUs 8 - c2_large = "c2.large" #RAM 16 -VCPUs 16 - m1_medium = "m1.medium" #RAM 4 - VCPUs 2 - m1_large = "m1.large" #RAM 8 - VCPUs 4 - m1_xlarge = "m1.xlarge" #RAM 16 - VCPUs 8 - m1_xxl = "m1.xxl" #RAM 32 - VCPUS 16 - m2_small = "m2.small" #RAM 8 - VCPUs 2 - m2_medium = "m2.medium" #RAM 16 - VCPUs 4 - m2_large = "m2.large" #RAM 32 - VCPUs 8 - m3_large = "m3.large" #RAM 64 - VCPUs 16 - } -} - -# Added by Francesco -variable "security_group_list" { - type = map(string) - default = { - postgreSQL = "PostgreSQL service" - acaland = "acaland's dev machine" - haproxy = "traffic_from_main_lb_to_haproxy_l7" - access_to_orientdb = "access_to_orientdb" - dataminer-publish = "dataminer-publish" - docker_swarm_NFS = "Docker Swarm NFS" - public_HTTPS = "Public HTTPS" - orientdb_internal_docker_traffic = "orientdb_internal_docker_traffic" - limited_SSH_access = "Limited SSH access" - debugging_from_jump_node = "debugging_from_jump_node" - access_to_the_timescaledb_service = "access_to_the_timescaledb_service" - docker_swarm = "Docker Swarm" - http_and_https_from_the_load_balancers = "traffic_from_the_main_load_balancers" - limited_HTTPS_access = "restricted_web_service" - mongo = "mongo" - limited_SSH_access = "Limited SSH access" - default = "default" - cassandra = "Cassandra" - access_to_orientdb_se = "access_to_orientdb_se" - } -} - -# Added by Francesco -variable "policy_list" { - type = map(string) - default = { - soft_anti_affinity = "soft-anti-affinity" - anti_affinity = "anti-affinity" - affinity = "affinity" - soft_affinity = "soft-affinity" - } -} - -variable "networks_list" { - type = map(string) - default = { - shared_postgresql = "postgresql-srv-net" - swarm = "swarm-nfs-net" - timescaledb = "timescaledb-net" - orientdb = "orientdb-net" - orientdb_se = "orientdb-se-net" - } -} - -variable "ssh_sources" { - type = map(string) - default = { - s2i2s_vpn_1_cidr = "146.48.28.10/32" - s2i2s_vpn_2_cidr = "146.48.28.11/32" - d4s_vpn_1_cidr = "146.48.122.27/32" - d4s_vpn_2_cidr = "146.48.122.49/32" - shell_d4s_cidr = "146.48.122.95/32" - infrascience_net_cidr = "146.48.122.0/23" - } -} - -variable "networks_with_d4s_services" { - type = map(string) - default = { - "isti_net" = "146.48.80.0/21" - "s2i2s_net" = "146.48.28.0/22" - "infrascience_net" = "146.48.122.0/23" - "garr_ct1_net" = "90.147.166.0/23" - "garr_pa1_net" = "90.147.188.0/23" - "garr_na_net" = "90.147.152.0/24" - } -} - -# variable "default_security_group_name" { -# default = "default_for_all" -# } - diff --git a/s2i2s/main_net_dns_router/main.tf b/s2i2s/main_net_dns_router/main.tf index 3388f05..9fd1614 100644 --- a/s2i2s/main_net_dns_router/main.tf +++ b/s2i2s/main_net_dns_router/main.tf @@ -16,6 +16,11 @@ provider "openstack" { module "labs_common_variables" { source = "../../modules/labs_common_variables" } + +module "project_variables" { + source = "../variables" +} + # Main module module "main_private_net_and_dns_zone" { source = "../../modules/labs_private_net_and_dns_zone" @@ -47,9 +52,9 @@ module "main_private_net_and_dns_zone" { description = "S2I2S main router" } default_firewall_rules_map = { - "ssh_from_isti_net" = { - description = "SSH from the ISTI network" - source = module.labs_common_variables.ssh_sources.isti_net_cidr + "ssh_from_the_jump_proxy" = { + description = "SSH from the S2I2S VPN 1" + source = module.project_variables.basic_services_ip.ssh_jump_cidr port_min = 22 port_max = 22 }, @@ -64,123 +69,6 @@ module "main_private_net_and_dns_zone" { source = module.labs_common_variables.ssh_sources.s2i2s_vpn_2_cidr port_min = 22 port_max = 22 - }, - "http_from_everywhere" = { - description = "HTTP from everywhere" - source = "0.0.0.0/0" - port_min = 80 - port_max = 80 - }, - "https_from_everywhere" = { - description = "HTTPS from everywhere" - source = "0.0.0.0/0" - port_min = 443 - port_max = 443 } } - -} - -output "os_project_data" { - value = module.main_private_net_and_dns_zone.os_project_data -} - -output "dns_zone" { - value = module.main_private_net_and_dns_zone.dns_zone -} - -output "dns_zone_id" { - value = module.main_private_net_and_dns_zone.dns_zone_id -} - -output "main_private_network" { - value = module.main_private_net_and_dns_zone.main_private_network -} - -output "main_private_network_id" { - value = module.main_private_net_and_dns_zone.main_private_network_id -} - -output "main_subnet_network" { - value = module.main_private_net_and_dns_zone.main_subnet_network -} -output "main_subnet_network_id" { - value = module.main_private_net_and_dns_zone.main_subnet_network_id -} - -output "external_gateway_ip" { - value = module.main_private_net_and_dns_zone.external_gateway_ip -} - -output "main_region" { - value = module.labs_common_variables.main_region -} - -output "external_network" { - value = module.labs_common_variables.external_network -} - -output "external_network_id" { - value = module.labs_common_variables.external_network.id -} - -output "floating_ip_pools" { - value = module.labs_common_variables.floating_ip_pools - -} - -output "resolvers_ip" { - value = module.labs_common_variables.resolvers_ip -} - -output "mtu_size" { - value = module.labs_common_variables.mtu_size -} - -output "availability_zones_names" { - value = module.labs_common_variables.availability_zones_names -} - -output "availability_zone_no_gpu_name" { - value = module.labs_common_variables.availability_zones_names.availability_zone_no_gpu -} - -output "availability_zone_with_gpu_name" { - value = module.labs_common_variables.availability_zones_names.availability_zone_with_gpu -} - -output "ssh_sources" { - value = module.labs_common_variables.ssh_sources -} - -output "ubuntu_2204" { - value = module.labs_common_variables.ubuntu_2204 -} - -output "centos_7" { - value = module.labs_common_variables.centos_7 -} - -output "almalinux_9" { - value = module.labs_common_variables.almalinux_9 -} - -output "ubuntu2204_data_file" { - value = module.labs_common_variables.ubuntu2204_data_file -} - -output "el7_data_file" { - value = module.labs_common_variables.el7_data_file -} - -output "policy_list" { - value = module.labs_common_variables.policy_list -} - -output "flavor_list" { - value = module.labs_common_variables.flavor_list -} - -output "default_security_group_name" { - value = module.labs_common_variables.default_security_group_name } diff --git a/s2i2s/main_net_dns_router/terraform.tfstate b/s2i2s/main_net_dns_router/terraform.tfstate index 218244e..97b8795 100644 --- a/s2i2s/main_net_dns_router/terraform.tfstate +++ b/s2i2s/main_net_dns_router/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 14, + "serial": 20, "lineage": "bad36b1d-a210-1782-e7b2-e07bde71f6be", "outputs": { "almalinux_9": { @@ -49,12 +49,12 @@ }, "dns_zone": { "value": { - "attributes": null, + "attributes": {}, "description": "DNS primary zone for the S2I2S project", "disable_status_check": false, "email": "postmaster@isti.cnr.it", "id": "f668696a-cedb-4554-8f81-cf7dc1db773b", - "masters": null, + "masters": [], "name": "s2i2s.cloud.isti.cnr.it.", "project_id": "d58ff441b31d4d0daf4a3e64d5332082", "region": "isti_area_pi_1", @@ -189,7 +189,7 @@ } ], "shared": false, - "tags": null, + "tags": [], "tenant_id": "d58ff441b31d4d0daf4a3e64d5332082", "timeouts": null, "transparent_vlan": false, @@ -292,7 +292,7 @@ "region": "isti_area_pi_1", "service_types": [], "subnetpool_id": "", - "tags": null, + "tags": [], "tenant_id": "d58ff441b31d4d0daf4a3e64d5332082", "timeouts": null, "value_specs": null @@ -459,12 +459,12 @@ { "schema_version": 0, "attributes": { - "attributes": null, + "attributes": {}, "description": "DNS primary zone for the S2I2S project", "disable_status_check": false, "email": "postmaster@isti.cnr.it", "id": "f668696a-cedb-4554-8f81-cf7dc1db773b", - "masters": null, + "masters": [], "name": "s2i2s.cloud.isti.cnr.it.", "project_id": "d58ff441b31d4d0daf4a3e64d5332082", "region": "isti_area_pi_1", @@ -508,7 +508,7 @@ } ], "shared": false, - "tags": null, + "tags": [], "tenant_id": "d58ff441b31d4d0daf4a3e64d5332082", "timeouts": null, "transparent_vlan": false, @@ -575,7 +575,7 @@ "id": "bca61b05-e34d-4d1c-8400-860e8ea66406", "name": "s2i2s-proj-external-router", "region": "isti_area_pi_1", - "tags": null, + "tags": [], "tenant_id": "d58ff441b31d4d0daf4a3e64d5332082", "timeouts": null, "value_specs": null, @@ -597,78 +597,6 @@ "name": "default_firewall_rules", "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", "instances": [ - { - "index_key": "http_from_everywhere", - "schema_version": 0, - "attributes": { - "description": "HTTP from everywhere", - "direction": "ingress", - "ethertype": "IPv4", - "id": "5321ff5a-c61d-4f60-8a02-b82d4657b785", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "0.0.0.0/0", - "security_group_id": "a330ab7b-7e10-4085-b0f4-c8a4b80a4586", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" - ] - }, - { - "index_key": "https_from_everywhere", - "schema_version": 0, - "attributes": { - "description": "HTTPS from everywhere", - "direction": "ingress", - "ethertype": "IPv4", - "id": "a55f413a-2728-4347-8fb5-a47b170e9a27", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "0.0.0.0/0", - "security_group_id": "a330ab7b-7e10-4085-b0f4-c8a4b80a4586", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" - ] - }, - { - "index_key": "ssh_from_isti_net", - "schema_version": 0, - "attributes": { - "description": "SSH from the ISTI network", - "direction": "ingress", - "ethertype": "IPv4", - "id": "5fe2dd36-b821-4b74-8a3e-52d3dd74149e", - "port_range_max": 22, - "port_range_min": 22, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.80.0/21", - "security_group_id": "a330ab7b-7e10-4085-b0f4-c8a4b80a4586", - "tenant_id": "d3c30d05b2524faead8fabf0b511622e", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" - ] - }, { "index_key": "ssh_from_s2i2s_vpn_1", "schema_version": 0, @@ -716,6 +644,30 @@ "dependencies": [ "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" ] + }, + { + "index_key": "ssh_from_the_jump_proxy", + "schema_version": 0, + "attributes": { + "description": "SSH from the S2I2S VPN 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "848ba8fc-1636-4a8b-a9fc-e41b06ed1d04", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.10.0.5/32", + "security_group_id": "a330ab7b-7e10-4085-b0f4-c8a4b80a4586", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] } ] }, @@ -799,7 +751,7 @@ "id": "a330ab7b-7e10-4085-b0f4-c8a4b80a4586", "name": "default_for_all", "region": "isti_area_pi_1", - "tags": null, + "tags": [], "tenant_id": "d58ff441b31d4d0daf4a3e64d5332082", "timeouts": null }, @@ -852,7 +804,7 @@ "region": "isti_area_pi_1", "service_types": [], "subnetpool_id": "", - "tags": null, + "tags": [], "tenant_id": "d58ff441b31d4d0daf4a3e64d5332082", "timeouts": null, "value_specs": null