From cb89a962af18f0bfe19c54bed0835a2f65b61819 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 22 Jan 2024 11:14:48 +0100 Subject: [PATCH] Configurazioni per HPC e KDD. --- README.md | 1 + hpc/main_net_dns_router/main.tf | 179 +++++ hpc/main_net_dns_router/terraform.tfstate | 629 ++++++++++++++++++ kdd/main_net_dns_router/main.tf | 90 +-- kdd/main_net_dns_router/terraform.tfstate | 629 ++++++++++++++++++ .../main_network_dns_zone.tf | 1 + .../labs_private_net_and_dns_zone/outputs.tf | 4 + .../variables_main_network_dns.tf | 1 + s2i2s_openstack_vm_data_scripts/el7.sh | 22 + s2i2s_openstack_vm_data_scripts/ubuntu1804.sh | 22 + s2i2s_openstack_vm_data_scripts/ubuntu2204.sh | 18 + 11 files changed, 1531 insertions(+), 65 deletions(-) create mode 100644 hpc/main_net_dns_router/main.tf create mode 100644 hpc/main_net_dns_router/terraform.tfstate create mode 100644 kdd/main_net_dns_router/terraform.tfstate create mode 100644 s2i2s_openstack_vm_data_scripts/el7.sh create mode 100644 s2i2s_openstack_vm_data_scripts/ubuntu1804.sh create mode 100644 s2i2s_openstack_vm_data_scripts/ubuntu2204.sh diff --git a/README.md b/README.md index 40e1142..bb8bda9 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ Ogni progetto ha una rete con CIDR differente, per comodità di intervento in ca * S2I2S: 10.11.0.0/21 * KDD: 10.12.0.0/21 +* HPC: 10.13.0.0/21 ## Zona DNS associata al progetto diff --git a/hpc/main_net_dns_router/main.tf b/hpc/main_net_dns_router/main.tf new file mode 100644 index 0000000..ba6fa9c --- /dev/null +++ b/hpc/main_net_dns_router/main.tf @@ -0,0 +1,179 @@ +# Define required providers +terraform { + required_version = ">= 0.14.0" + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } + } +} + +provider "openstack" { + # cloud = "hpc-lab" + cloud = "ISTI-Cloud" +} + +module "labs_common_variables" { + source = "../../modules/labs_common_variables" +} +# Main module +module "main_private_net_and_dns_zone" { + source = "../../modules/labs_private_net_and_dns_zone" + dns_zone = { + zone_name = "hpc.cloud.isti.cnr.it." + email = "postmaster@isti.cnr.it" + description = "DNS primary zone for the hpc-lab project" + ttl = 8600 + } + os_project_data = { + name = "hpc-lab-cloud" + id = "adaf7e28a31e465795359fcde26398b7" + } + main_private_network = { + name = "hpc-cloud-main" + description = "HPC lab private network (use this as the main network)" + } + main_private_subnet = { + name = "hpc-cloud-main-subnet" + description = "HPC lab main private subnet" + cidr = "10.13.0.0/21" + gateway_ip = "10.13.0.1" + allocation_start = "10.13.1.1" + allocation_end = "10.13.7.254" + } + external_router = { + name = "hpc-cloud-external-router" + description = "HPC lab main router" + } + default_firewall_rules_map = { + "ssh_from_isti_net" = { + description = "SSH from the ISTI network" + source = module.labs_common_variables.ssh_sources.isti_net_cidr + port_min = 22 + port_max = 22 + }, + "ssh_from_s2i2s_vpn_1" = { + description = "SSH from the S2I2S VPN 1" + source = module.labs_common_variables.ssh_sources.s2i2s_vpn_1_cidr + port_min = 22 + port_max = 22 + }, + "ssh_from_s2i2s_vpn_2" = { + description = "SSH from the S2I2S VPN 2" + source = module.labs_common_variables.ssh_sources.s2i2s_vpn_2_cidr + port_min = 22 + port_max = 22 + }, + "http_from_everywhere" = { + description = "HTTP from everywhere" + source = "0.0.0.0/0" + port_min = 80 + port_max = 80 + }, + "https_from_everywhere" = { + description = "HTTPS from everywhere" + source = "0.0.0.0/0" + port_min = 443 + port_max = 443 + } + } + +} + +output "os_project_data" { + value = module.main_private_net_and_dns_zone.os_project_data +} + +output "dns_zone_id" { + value = module.main_private_net_and_dns_zone.dns_zone_id +} + +output "main_private_network_id" { + value = module.main_private_net_and_dns_zone.main_private_network_id +} + +output "main_subnet_network_id" { + value = module.main_private_net_and_dns_zone.main_subnet_network_id +} + +output "external_gateway_ip" { + value = module.main_private_net_and_dns_zone.external_gateway_ip +} + +output "main_region" { + value = module.labs_common_variables.main_region +} + +output "external_network" { + value = module.labs_common_variables.external_network +} + +output "external_network_id" { + value = module.labs_common_variables.external_network.id +} + +output "floating_ip_pools" { + value = module.labs_common_variables.floating_ip_pools + +} + +output "resolvers_ip" { + value = module.labs_common_variables.resolvers_ip +} + +output "mtu_size" { + value = module.labs_common_variables.mtu_size +} + +output "availability_zones_names" { + value = module.labs_common_variables.availability_zones_names +} + +output "availability_zone_no_gpu_name" { + value = module.labs_common_variables.availability_zones_names.availability_zone_no_gpu +} + +output "availability_zone_with_gpu_name" { + value = module.labs_common_variables.availability_zones_names.availability_zone_with_gpu +} + +output "ssh_sources" { + value = module.labs_common_variables.ssh_sources +} + +output "ubuntu_1804" { + value = module.labs_common_variables.ubuntu_1804 +} + +output "ubuntu_2204" { + value = module.labs_common_variables.ubuntu_2204 +} + +output "centos_7" { + value = module.labs_common_variables.centos_7 +} + +output "almalinux_9" { + value = module.labs_common_variables.almalinux_9 +} + +output "ubuntu1804_data_file" { + value = module.labs_common_variables.ubuntu1804_data_file +} + +output "ubuntu2204_data_file" { + value = module.labs_common_variables.ubuntu2204_data_file +} + +output "el7_data_file" { + value = module.labs_common_variables.el7_data_file +} + +output "policy_list" { + value = module.labs_common_variables.policy_list +} + +output "flavor_list" { + value = module.labs_common_variables.flavor_list +} diff --git a/hpc/main_net_dns_router/terraform.tfstate b/hpc/main_net_dns_router/terraform.tfstate new file mode 100644 index 0000000..6bffe8e --- /dev/null +++ b/hpc/main_net_dns_router/terraform.tfstate @@ -0,0 +1,629 @@ +{ + "version": 4, + "terraform_version": "1.6.6", + "serial": 16, + "lineage": "b2aa8a80-ab4a-7b4d-da5a-b76f7d41a2ed", + "outputs": { + "almalinux_9": { + "value": { + "name": "AlmaLinux-9.0-20220718", + "uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688" + }, + "type": [ + "map", + "string" + ] + }, + "availability_zone_no_gpu_name": { + "value": "cnr-isti-nova-a", + "type": "string" + }, + "availability_zone_with_gpu_name": { + "value": "cnr-isti-nova-gpu-a", + "type": "string" + }, + "availability_zones_names": { + "value": { + "availability_zone_no_gpu": "cnr-isti-nova-a", + "availability_zone_with_gpu": "cnr-isti-nova-gpu-a" + }, + "type": [ + "map", + "string" + ] + }, + "centos_7": { + "value": { + "name": "CentOS-7", + "uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" + }, + "type": [ + "map", + "string" + ] + }, + "dns_zone_id": { + "value": "9d929715-2dd7-4859-a52a-bd148d2a6694", + "type": "string" + }, + "el7_data_file": { + "value": "../../openstack_vm_data_scripts/el7.sh", + "type": "string" + }, + "external_gateway_ip": { + "value": [ + { + "ip_address": "146.48.30.35", + "subnet_id": "57f87509-4016-46fb-b8c3-25fca7f72ccb" + } + ], + "type": [ + "list", + [ + "object", + { + "ip_address": "string", + "subnet_id": "string" + } + ] + ] + }, + "external_network": { + "value": { + "id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "name": "external-network" + }, + "type": [ + "map", + "string" + ] + }, + "external_network_id": { + "value": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "type": "string" + }, + "flavor_list": { + "value": { + "c1_large": "c1.large", + "c1_medium": "c1.medium", + "c1_small": "c1.small", + "c2_large": "c2.large", + "m1_large": "m1.large", + "m1_medium": "m1.medium", + "m1_xlarge": "m1.xlarge", + "m1_xxl": "m1.xxl", + "m2_large": "m2.large", + "m2_medium": "m2.medium", + "m2_small": "m2.small", + "m3_large": "m3.large" + }, + "type": [ + "map", + "string" + ] + }, + "floating_ip_pools": { + "value": { + "main_public_ip_pool": "external-network" + }, + "type": [ + "map", + "string" + ] + }, + "main_private_network_id": { + "value": "5ef3fcdd-590c-4034-a46d-9ddd60693c57", + "type": "string" + }, + "main_region": { + "value": "isti_area_pi_1", + "type": "string" + }, + "main_subnet_network_id": { + "value": "84e50cdf-3f92-4e2c-b366-4e30cfcb913e", + "type": "string" + }, + "mtu_size": { + "value": 8942, + "type": "number" + }, + "os_project_data": { + "value": { + "id": "adaf7e28a31e465795359fcde26398b7", + "name": "hpc-lab-cloud" + }, + "type": [ + "map", + "string" + ] + }, + "policy_list": { + "value": { + "affinity": "affinity", + "anti_affinity": "anti-affinity", + "soft_affinity": "soft-affinity", + "soft_anti_affinity": "soft-anti-affinity" + }, + "type": [ + "map", + "string" + ] + }, + "resolvers_ip": { + "value": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "type": [ + "list", + "string" + ] + }, + "ssh_sources": { + "value": { + "infrascience_net_cidr": "146.48.122.0/23", + "isti_net_cidr": "146.48.80.0/21", + "isti_vpn_gw1": "146.48.80.101/32", + "isti_vpn_gw2": "146.48.80.102/32", + "isti_vpn_gw3": "146.48.80.103/32", + "s2i2s_net_cidr": "146.48.28.0/22", + "s2i2s_vpn_1_cidr": "146.48.28.10/32", + "s2i2s_vpn_2_cidr": "146.48.28.11/32" + }, + "type": [ + "map", + "string" + ] + }, + "ubuntu1804_data_file": { + "value": "../../openstack_vm_data_scripts/ubuntu1804.sh", + "type": "string" + }, + "ubuntu2204_data_file": { + "value": "../../openstack_vm_data_scripts/ubuntu2204.sh", + "type": "string" + }, + "ubuntu_1804": { + "value": { + "name": "Ubuntu-Bionic-18.04", + "user_data_file": "../../openstack_vm_data_scripts/ubuntu1804.sh", + "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" + }, + "type": [ + "map", + "string" + ] + }, + "ubuntu_2204": { + "value": { + "name": "Ubuntu-Jammy-22.04", + "user_data_file": "../../openstack_vm_data_scripts/ubuntu2204.sh", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" + }, + "type": [ + "map", + "string" + ] + } + }, + "resources": [ + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_dns_zone_v2", + "name": "primary_project_dns_zone", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "attributes": {}, + "description": "DNS primary zone for the hpc-lab project", + "disable_status_check": false, + "email": "postmaster@isti.cnr.it", + "id": "9d929715-2dd7-4859-a52a-bd148d2a6694", + "masters": [], + "name": "hpc.cloud.isti.cnr.it.", + "project_id": "adaf7e28a31e465795359fcde26398b7", + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "PRIMARY", + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19" + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_network_v2", + "name": "main-private-network", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "all_tags": [], + "availability_zone_hints": [], + "description": "HPC lab private network (use this as the main network)", + "dns_domain": "hpc.cloud.isti.cnr.it.", + "external": false, + "id": "5ef3fcdd-590c-4034-a46d-9ddd60693c57", + "mtu": 8942, + "name": "hpc-cloud-main", + "port_security_enabled": true, + "qos_policy_id": "", + "region": "isti_area_pi_1", + "segments": [ + { + "network_type": "geneve", + "physical_network": "", + "segmentation_id": 30164 + } + ], + "shared": false, + "tags": null, + "tenant_id": "adaf7e28a31e465795359fcde26398b7", + "timeouts": null, + "transparent_vlan": false, + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_router_interface_v2", + "name": "private-network-routing", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "force_destroy": false, + "id": "c51ed0fc-2112-4a08-8343-f05388b12382", + "port_id": "c51ed0fc-2112-4a08-8343-f05388b12382", + "region": "isti_area_pi_1", + "router_id": "b162216d-9915-42a1-aa08-0b4b731f6c14", + "subnet_id": "84e50cdf-3f92-4e2c-b366-4e30cfcb913e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_network_v2.main-private-network", + "module.main_private_net_and_dns_zone.openstack_networking_router_v2.external-router", + "module.main_private_net_and_dns_zone.openstack_networking_subnet_v2.main-private-subnet" + ] + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_router_v2", + "name": "external-router", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "all_tags": [], + "availability_zone_hints": [], + "description": "HPC lab main router", + "distributed": false, + "enable_snat": true, + "external_fixed_ip": [ + { + "ip_address": "146.48.30.35", + "subnet_id": "57f87509-4016-46fb-b8c3-25fca7f72ccb" + } + ], + "external_gateway": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "external_network_id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "external_subnet_ids": null, + "id": "b162216d-9915-42a1-aa08-0b4b731f6c14", + "name": "hpc-cloud-external-router", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "adaf7e28a31e465795359fcde26398b7", + "timeouts": null, + "value_specs": null, + "vendor_options": [ + { + "set_router_gateway_after_create": true + } + ] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "default_firewall_rules", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "index_key": "http_from_everywhere", + "schema_version": 0, + "attributes": { + "description": "HTTP from everywhere", + "direction": "ingress", + "ethertype": "IPv4", + "id": "b5f56257-6a56-4b72-a480-cf0814b9dd93", + "port_range_max": 80, + "port_range_min": 80, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + }, + { + "index_key": "https_from_everywhere", + "schema_version": 0, + "attributes": { + "description": "HTTPS from everywhere", + "direction": "ingress", + "ethertype": "IPv4", + "id": "bcca0796-570e-406a-aa7d-0be5d9e70fea", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + }, + { + "index_key": "ssh_from_isti_net", + "schema_version": 0, + "attributes": { + "description": "SSH from the ISTI network", + "direction": "ingress", + "ethertype": "IPv4", + "id": "c0aa5f11-47f9-4cbc-9637-241ee636af84", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.80.0/21", + "security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + }, + { + "index_key": "ssh_from_s2i2s_vpn_1", + "schema_version": 0, + "attributes": { + "description": "SSH from the S2I2S VPN 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "f6a02b76-2f1f-4050-8c00-52860f77f71f", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.28.10/32", + "security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + }, + { + "index_key": "ssh_from_s2i2s_vpn_2", + "schema_version": 0, + "attributes": { + "description": "SSH from the S2I2S VPN 2", + "direction": "ingress", + "ethertype": "IPv4", + "id": "802e9225-6936-422a-8ebd-54534e87a718", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.28.11/32", + "security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "egress-ipv4", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow all the egress traffic", + "direction": "egress", + "ethertype": "IPv4", + "id": "dc6c0752-2606-43d4-98b2-41cf2a9994da", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "", + "security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "ingress-icmp", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow ICMP from remote", + "direction": "ingress", + "ethertype": "IPv4", + "id": "21f91e4c-b7d8-4fb0-9fff-ad928713451d", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "icmp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "default", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Default security group with rules that allow ssh access from the ISTI networks, http, https", + "id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86", + "name": "default_for_all", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "adaf7e28a31e465795359fcde26398b7", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_subnet_v2", + "name": "main-private-subnet", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "allocation_pool": [ + { + "end": "10.13.7.254", + "start": "10.13.1.1" + } + ], + "allocation_pools": [ + { + "end": "10.13.7.254", + "start": "10.13.1.1" + } + ], + "cidr": "10.13.0.0/21", + "description": "HPC lab main private subnet", + "dns_nameservers": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "enable_dhcp": true, + "gateway_ip": "10.13.0.1", + "host_routes": [], + "id": "84e50cdf-3f92-4e2c-b366-4e30cfcb913e", + "ip_version": 4, + "ipv6_address_mode": "", + "ipv6_ra_mode": "", + "name": "hpc-cloud-main-subnet", + "network_id": "5ef3fcdd-590c-4034-a46d-9ddd60693c57", + "no_gateway": false, + "prefix_length": null, + "region": "isti_area_pi_1", + "service_types": [], + "subnetpool_id": "", + "tags": null, + "tenant_id": "adaf7e28a31e465795359fcde26398b7", + "timeouts": null, + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_network_v2.main-private-network" + ] + } + ] + } + ], + "check_results": null +} diff --git a/kdd/main_net_dns_router/main.tf b/kdd/main_net_dns_router/main.tf index be96163..7e83d7e 100644 --- a/kdd/main_net_dns_router/main.tf +++ b/kdd/main_net_dns_router/main.tf @@ -14,7 +14,7 @@ provider "openstack" { cloud = "ISTI-Cloud" } -module "common_variables" { +module "labs_common_variables" { source = "../../modules/labs_common_variables" } # Main module @@ -27,7 +27,8 @@ module "main_private_net_and_dns_zone" { ttl = 8600 } os_project_data = { - id = "1b45adf388934758b56d0dfdb4bfacf3" + name = "kdd-lab-cloud" + id = "d6757d56e6e54ffe83a9701cc92af4c2" } main_private_network = { name = "kdd-cloud-main" @@ -80,7 +81,9 @@ module "main_private_net_and_dns_zone" { } - +output "os_project_data" { + value = module.main_private_net_and_dns_zone.os_project_data +} output "dns_zone_id" { value = module.main_private_net_and_dns_zone.dns_zone_id @@ -101,122 +104,79 @@ output "external_gateway_ip" { # Module used output "main_region" { - value = module.common_variables.main_region + value = module.labs_common_variables.main_region } output "external_network" { - value = module.common_variables.external_network + value = module.labs_common_variables.external_network } output "external_network_id" { - value = module.common_variables.external_network.id + value = module.labs_common_variables.external_network.id } output "floating_ip_pools" { - value = module.common_variables.floating_ip_pools + value = module.labs_common_variables.floating_ip_pools } output "resolvers_ip" { - value = module.common_variables.resolvers_ip + value = module.labs_common_variables.resolvers_ip } output "mtu_size" { - value = module.common_variables.mtu_size + value = module.labs_common_variables.mtu_size } output "availability_zones_names" { - value = module.common_variables.availability_zones_names + value = module.labs_common_variables.availability_zones_names } output "availability_zone_no_gpu_name" { - value = module.common_variables.availability_zones_names.availability_zone_no_gpu + value = module.labs_common_variables.availability_zones_names.availability_zone_no_gpu } output "availability_zone_with_gpu_name" { - value = module.common_variables.availability_zones_names.availability_zone_with_gpu + value = module.labs_common_variables.availability_zones_names.availability_zone_with_gpu } output "ssh_sources" { - value = module.common_variables.ssh_sources -} - -output "networks_with_d4s_services" { - value = module.common_variables.networks_with_d4s_services + value = module.labs_common_variables.ssh_sources } output "ubuntu_1804" { - value = module.common_variables.ubuntu_1804 + value = module.labs_common_variables.ubuntu_1804 } output "ubuntu_2204" { - value = module.common_variables.ubuntu_2204 + value = module.labs_common_variables.ubuntu_2204 } output "centos_7" { - value = module.common_variables.centos_7 + value = module.labs_common_variables.centos_7 } output "almalinux_9" { - value = module.common_variables.almalinux_9 + value = module.labs_common_variables.almalinux_9 } output "ubuntu1804_data_file" { - value = module.common_variables.ubuntu1804_data_file + value = module.labs_common_variables.ubuntu1804_data_file } output "ubuntu2204_data_file" { - value = module.common_variables.ubuntu2204_data_file + value = module.labs_common_variables.ubuntu2204_data_file } output "el7_data_file" { - value = module.common_variables.el7_data_file + value = module.labs_common_variables.el7_data_file } -output "ssh_jump_proxy" { - value = module.common_variables.ssh_jump_proxy -} - -output "internal_ca_data" { - value = module.common_variables.internal_ca_data -} - -output "prometheus_server_data" { - value = module.common_variables.prometheus_server_data -} - -output "shared_postgresql_server_data" { - value = module.common_variables.shared_postgresql_server_data -} - -output "haproxy_l7_data" { - value = module.common_variables.haproxy_l7_data -} - -output "resource_registry_addresses" { - value = module.common_variables.resource_registry_addresses -} - -output "smartexecutor_addresses" { - value = module.common_variables.smartexecutor_addresses -} - -#Added by Francesco output "policy_list" { - value = module.common_variables.policy_list + value = module.labs_common_variables.policy_list } -#Added by Francesco output "flavor_list" { - value = module.common_variables.flavor_list + value = module.labs_common_variables.flavor_list } -#Added by Francesco -output "security_group_list" { - value = module.common_variables.security_group_list -} - -#Added by Francesco -output "networks_list" { - value = module.common_variables.networks_list -} \ No newline at end of file diff --git a/kdd/main_net_dns_router/terraform.tfstate b/kdd/main_net_dns_router/terraform.tfstate new file mode 100644 index 0000000..8b29740 --- /dev/null +++ b/kdd/main_net_dns_router/terraform.tfstate @@ -0,0 +1,629 @@ +{ + "version": 4, + "terraform_version": "1.6.6", + "serial": 17, + "lineage": "c6d5332e-26ca-a882-04a1-5c0d0b8e53ea", + "outputs": { + "almalinux_9": { + "value": { + "name": "AlmaLinux-9.0-20220718", + "uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688" + }, + "type": [ + "map", + "string" + ] + }, + "availability_zone_no_gpu_name": { + "value": "cnr-isti-nova-a", + "type": "string" + }, + "availability_zone_with_gpu_name": { + "value": "cnr-isti-nova-gpu-a", + "type": "string" + }, + "availability_zones_names": { + "value": { + "availability_zone_no_gpu": "cnr-isti-nova-a", + "availability_zone_with_gpu": "cnr-isti-nova-gpu-a" + }, + "type": [ + "map", + "string" + ] + }, + "centos_7": { + "value": { + "name": "CentOS-7", + "uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" + }, + "type": [ + "map", + "string" + ] + }, + "dns_zone_id": { + "value": "9d29d051-9567-4af4-9ffe-87eb643fc90b", + "type": "string" + }, + "el7_data_file": { + "value": "../../openstack_vm_data_scripts/el7.sh", + "type": "string" + }, + "external_gateway_ip": { + "value": [ + { + "ip_address": "146.48.30.196", + "subnet_id": "57f87509-4016-46fb-b8c3-25fca7f72ccb" + } + ], + "type": [ + "list", + [ + "object", + { + "ip_address": "string", + "subnet_id": "string" + } + ] + ] + }, + "external_network": { + "value": { + "id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "name": "external-network" + }, + "type": [ + "map", + "string" + ] + }, + "external_network_id": { + "value": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "type": "string" + }, + "flavor_list": { + "value": { + "c1_large": "c1.large", + "c1_medium": "c1.medium", + "c1_small": "c1.small", + "c2_large": "c2.large", + "m1_large": "m1.large", + "m1_medium": "m1.medium", + "m1_xlarge": "m1.xlarge", + "m1_xxl": "m1.xxl", + "m2_large": "m2.large", + "m2_medium": "m2.medium", + "m2_small": "m2.small", + "m3_large": "m3.large" + }, + "type": [ + "map", + "string" + ] + }, + "floating_ip_pools": { + "value": { + "main_public_ip_pool": "external-network" + }, + "type": [ + "map", + "string" + ] + }, + "main_private_network_id": { + "value": "fb006673-39b6-472b-ba20-f1087e7e38ef", + "type": "string" + }, + "main_region": { + "value": "isti_area_pi_1", + "type": "string" + }, + "main_subnet_network_id": { + "value": "ddf59a67-2bbc-4678-a1ae-19ef01a295e2", + "type": "string" + }, + "mtu_size": { + "value": 8942, + "type": "number" + }, + "os_project_data": { + "value": { + "id": "d6757d56e6e54ffe83a9701cc92af4c2", + "name": "kdd-lab-cloud" + }, + "type": [ + "map", + "string" + ] + }, + "policy_list": { + "value": { + "affinity": "affinity", + "anti_affinity": "anti-affinity", + "soft_affinity": "soft-affinity", + "soft_anti_affinity": "soft-anti-affinity" + }, + "type": [ + "map", + "string" + ] + }, + "resolvers_ip": { + "value": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "type": [ + "list", + "string" + ] + }, + "ssh_sources": { + "value": { + "infrascience_net_cidr": "146.48.122.0/23", + "isti_net_cidr": "146.48.80.0/21", + "isti_vpn_gw1": "146.48.80.101/32", + "isti_vpn_gw2": "146.48.80.102/32", + "isti_vpn_gw3": "146.48.80.103/32", + "s2i2s_net_cidr": "146.48.28.0/22", + "s2i2s_vpn_1_cidr": "146.48.28.10/32", + "s2i2s_vpn_2_cidr": "146.48.28.11/32" + }, + "type": [ + "map", + "string" + ] + }, + "ubuntu1804_data_file": { + "value": "../../openstack_vm_data_scripts/ubuntu1804.sh", + "type": "string" + }, + "ubuntu2204_data_file": { + "value": "../../openstack_vm_data_scripts/ubuntu2204.sh", + "type": "string" + }, + "ubuntu_1804": { + "value": { + "name": "Ubuntu-Bionic-18.04", + "user_data_file": "../../openstack_vm_data_scripts/ubuntu1804.sh", + "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" + }, + "type": [ + "map", + "string" + ] + }, + "ubuntu_2204": { + "value": { + "name": "Ubuntu-Jammy-22.04", + "user_data_file": "../../openstack_vm_data_scripts/ubuntu2204.sh", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" + }, + "type": [ + "map", + "string" + ] + } + }, + "resources": [ + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_dns_zone_v2", + "name": "primary_project_dns_zone", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "attributes": {}, + "description": "DNS primary zone for the kdd-lab project", + "disable_status_check": false, + "email": "postmaster@isti.cnr.it", + "id": "9d29d051-9567-4af4-9ffe-87eb643fc90b", + "masters": [], + "name": "kdd.cloud.isti.cnr.it.", + "project_id": "d6757d56e6e54ffe83a9701cc92af4c2", + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "PRIMARY", + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19" + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_network_v2", + "name": "main-private-network", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "all_tags": [], + "availability_zone_hints": [], + "description": "KDD private network (use this as the main network)", + "dns_domain": "kdd.cloud.isti.cnr.it.", + "external": false, + "id": "fb006673-39b6-472b-ba20-f1087e7e38ef", + "mtu": 8942, + "name": "kdd-cloud-main", + "port_security_enabled": true, + "qos_policy_id": "", + "region": "isti_area_pi_1", + "segments": [ + { + "network_type": "geneve", + "physical_network": "", + "segmentation_id": 6061 + } + ], + "shared": false, + "tags": [], + "tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2", + "timeouts": null, + "transparent_vlan": false, + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_router_interface_v2", + "name": "private-network-routing", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "force_destroy": false, + "id": "9768ac33-95a5-44ac-be3b-cdd718cb631e", + "port_id": "9768ac33-95a5-44ac-be3b-cdd718cb631e", + "region": "isti_area_pi_1", + "router_id": "69114a25-e298-4641-92e2-f375c9168ba6", + "subnet_id": "ddf59a67-2bbc-4678-a1ae-19ef01a295e2", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_network_v2.main-private-network", + "module.main_private_net_and_dns_zone.openstack_networking_router_v2.external-router", + "module.main_private_net_and_dns_zone.openstack_networking_subnet_v2.main-private-subnet" + ] + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_router_v2", + "name": "external-router", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "all_tags": [], + "availability_zone_hints": [], + "description": "KDD main router", + "distributed": false, + "enable_snat": true, + "external_fixed_ip": [ + { + "ip_address": "146.48.30.196", + "subnet_id": "57f87509-4016-46fb-b8c3-25fca7f72ccb" + } + ], + "external_gateway": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "external_network_id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "external_subnet_ids": null, + "id": "69114a25-e298-4641-92e2-f375c9168ba6", + "name": "kdd-cloud-external-router", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2", + "timeouts": null, + "value_specs": null, + "vendor_options": [ + { + "set_router_gateway_after_create": true + } + ] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "default_firewall_rules", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "index_key": "http_from_everywhere", + "schema_version": 0, + "attributes": { + "description": "HTTP from everywhere", + "direction": "ingress", + "ethertype": "IPv4", + "id": "585726ab-e05e-4454-a6c1-76bf8f443410", + "port_range_max": 80, + "port_range_min": 80, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + }, + { + "index_key": "https_from_everywhere", + "schema_version": 0, + "attributes": { + "description": "HTTPS from everywhere", + "direction": "ingress", + "ethertype": "IPv4", + "id": "1a303ec1-3eca-4177-86b8-50923d027753", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + }, + { + "index_key": "ssh_from_isti_net", + "schema_version": 0, + "attributes": { + "description": "SSH from the ISTI network", + "direction": "ingress", + "ethertype": "IPv4", + "id": "fcaecb06-773a-4ec2-a37f-129a8e64334e", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.80.0/21", + "security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + }, + { + "index_key": "ssh_from_s2i2s_vpn_1", + "schema_version": 0, + "attributes": { + "description": "SSH from the S2I2S VPN 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "751ed54c-b8ef-4ebe-a55f-4dc291758afa", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.28.10/32", + "security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + }, + { + "index_key": "ssh_from_s2i2s_vpn_2", + "schema_version": 0, + "attributes": { + "description": "SSH from the S2I2S VPN 2", + "direction": "ingress", + "ethertype": "IPv4", + "id": "4fb45a09-1c70-4896-b07a-f538d4cfab84", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.28.11/32", + "security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "egress-ipv4", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow all the egress traffic", + "direction": "egress", + "ethertype": "IPv4", + "id": "cff1b501-fcd9-4510-943e-548be057fe34", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "", + "security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "ingress-icmp", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow ICMP from remote", + "direction": "ingress", + "ethertype": "IPv4", + "id": "95760403-b648-406b-a666-94679a19dcb9", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "icmp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545", + "tenant_id": "d3c30d05b2524faead8fabf0b511622e", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default" + ] + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "default", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Default security group with rules that allow ssh access from the ISTI networks, http, https", + "id": "c4371018-a8a7-48ea-9606-3a4fa2a20545", + "name": "default_for_all", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "module": "module.main_private_net_and_dns_zone", + "mode": "managed", + "type": "openstack_networking_subnet_v2", + "name": "main-private-subnet", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "allocation_pool": [ + { + "end": "10.12.7.254", + "start": "10.12.1.1" + } + ], + "allocation_pools": [ + { + "end": "10.12.7.254", + "start": "10.12.1.1" + } + ], + "cidr": "10.12.0.0/21", + "description": "kdd main private subnet", + "dns_nameservers": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "enable_dhcp": true, + "gateway_ip": "10.12.0.1", + "host_routes": [], + "id": "ddf59a67-2bbc-4678-a1ae-19ef01a295e2", + "ip_version": 4, + "ipv6_address_mode": "", + "ipv6_ra_mode": "", + "name": "kdd-cloud-main-subnet", + "network_id": "fb006673-39b6-472b-ba20-f1087e7e38ef", + "no_gateway": false, + "prefix_length": null, + "region": "isti_area_pi_1", + "service_types": [], + "subnetpool_id": "", + "tags": [], + "tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2", + "timeouts": null, + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "module.main_private_net_and_dns_zone.openstack_networking_network_v2.main-private-network" + ] + } + ] + } + ], + "check_results": null +} diff --git a/modules/labs_private_net_and_dns_zone/main_network_dns_zone.tf b/modules/labs_private_net_and_dns_zone/main_network_dns_zone.tf index b21450e..a8bc9a6 100644 --- a/modules/labs_private_net_and_dns_zone/main_network_dns_zone.tf +++ b/modules/labs_private_net_and_dns_zone/main_network_dns_zone.tf @@ -59,6 +59,7 @@ resource "openstack_networking_router_interface_v2" "private-network-routing" { resource "openstack_networking_secgroup_v2" "default" { name = module.labs_common_variables.default_security_group_name delete_default_rules = "true" + tenant_id = var.os_project_data.id description = "Default security group with rules that allow ssh access from the ISTI networks, http, https" } diff --git a/modules/labs_private_net_and_dns_zone/outputs.tf b/modules/labs_private_net_and_dns_zone/outputs.tf index f51c2a5..0bcd9da 100644 --- a/modules/labs_private_net_and_dns_zone/outputs.tf +++ b/modules/labs_private_net_and_dns_zone/outputs.tf @@ -13,3 +13,7 @@ output "main_subnet_network_id" { output "external_gateway_ip" { value = openstack_networking_router_v2.external-router.external_fixed_ip } + +output "os_project_data" { + value = var.os_project_data +} diff --git a/modules/labs_private_net_and_dns_zone/variables_main_network_dns.tf b/modules/labs_private_net_and_dns_zone/variables_main_network_dns.tf index 12278a2..62fdcfb 100644 --- a/modules/labs_private_net_and_dns_zone/variables_main_network_dns.tf +++ b/modules/labs_private_net_and_dns_zone/variables_main_network_dns.tf @@ -1,6 +1,7 @@ variable "os_project_data" { type = map(string) default = { + name = "" id = "" } } diff --git a/s2i2s_openstack_vm_data_scripts/el7.sh b/s2i2s_openstack_vm_data_scripts/el7.sh new file mode 100644 index 0000000..cfbcf3c --- /dev/null +++ b/s2i2s_openstack_vm_data_scripts/el7.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +yum -y install python policycoreutils-python + +/sbin/useradd --system --home-dir /srv/ansible -m --shell /bin/bash -c "Used for the Ansible provisioning tasks" ansible + +# SSH keys of users authorized to execute ansible playbooks. +# The ones in the example belong to Andrea Dell'Amico and Tommaso Piccioli. +# Feel free to add yours if you are entitled to run the ansible provisioning on that server + +mkdir /srv/ansible/.ssh +echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom" > /srv/ansible/.ssh/authorized_keys +echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente" >> /srv/ansible/.ssh/authorized_keys +echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvkwppFE+K5MjKqtkGJN63wkcwaqZG4HkgPqMSWrXmCfDPJ3FxjDHV9aQRJYVKZObc9+SsFc9IYXwB2A8FI0XwPkCH2hfFKDVNO4TktO/SrM+4tXbEfEDWX/PduBQLootYaMEVj++p2+s/mxVnxTAMzsR4txC9tkWR4JO4VJ2cpZfM8po4p1wA4YteW6Oiv0PqUEsLtPtBHGuCgovo8WS+qxcxpeBBnewEssgis2dzDSqx5HUmaOETAxxEHflapHWQLum0JjvXsG5jlf9jL44XJPkcHXAYk3gnhtyM0moJpUya+GX7+ttfWWvwxs0tYNDXNMRn91r1hMLWmas4D+T/Q== rcirillo@rcirillo-cnr" >> /srv/ansible/.ssh/authorized_keys +/bin/chown -R ansible:ansible /srv/ansible +/bin/chmod 700 /srv/ansible/.ssh +mkdir -p /etc/sudoers.d +echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible-user +/bin/chmod 600 /etc/sudoers.d/ansible-user + +semanage fcontext -a -e /home /srv/ansible ; restorecon -vR /srv/ansible + diff --git a/s2i2s_openstack_vm_data_scripts/ubuntu1804.sh b/s2i2s_openstack_vm_data_scripts/ubuntu1804.sh new file mode 100644 index 0000000..fbc98c7 --- /dev/null +++ b/s2i2s_openstack_vm_data_scripts/ubuntu1804.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +apt-get update -y +# Not needed anymore on Ubuntu 20.04+ +apt-get install -y python + +/usr/sbin/adduser --system --home /srv/ansible --shell /bin/bash --gecos "Used for the Ansible provisioning tasks" --group ansible + +# SSH keys of users authorized to execute ansible playbooks. +# The ones in the example belong to Andrea Dell'Amico and Tommaso Piccioli. +# Feel free to add yours if you are entitled to run the ansible provisioning on that server + +mkdir /srv/ansible/.ssh +echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom" > /srv/ansible/.ssh/authorized_keys +echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente" >> /srv/ansible/.ssh/authorized_keys +echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvkwppFE+K5MjKqtkGJN63wkcwaqZG4HkgPqMSWrXmCfDPJ3FxjDHV9aQRJYVKZObc9+SsFc9IYXwB2A8FI0XwPkCH2hfFKDVNO4TktO/SrM+4tXbEfEDWX/PduBQLootYaMEVj++p2+s/mxVnxTAMzsR4txC9tkWR4JO4VJ2cpZfM8po4p1wA4YteW6Oiv0PqUEsLtPtBHGuCgovo8WS+qxcxpeBBnewEssgis2dzDSqx5HUmaOETAxxEHflapHWQLum0JjvXsG5jlf9jL44XJPkcHXAYk3gnhtyM0moJpUya+GX7+ttfWWvwxs0tYNDXNMRn91r1hMLWmas4D+T/Q== rcirillo@rcirillo-cnr" >> /srv/ansible/.ssh/authorized_keys +/bin/chown -R ansible:ansible /srv/ansible +/bin/chmod 700 /srv/ansible/.ssh +mkdir -p /etc/sudoers.d +echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible-user +/bin/chmod 600 /etc/sudoers.d/ansible-user + diff --git a/s2i2s_openstack_vm_data_scripts/ubuntu2204.sh b/s2i2s_openstack_vm_data_scripts/ubuntu2204.sh new file mode 100644 index 0000000..2ce98b8 --- /dev/null +++ b/s2i2s_openstack_vm_data_scripts/ubuntu2204.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +/usr/sbin/adduser --system --home /srv/ansible --shell /bin/bash --gecos "Used for the Ansible provisioning tasks" --group ansible + +# SSH keys of users authorized to execute ansible playbooks. +# The ones in the example belong to Andrea Dell'Amico and Tommaso Piccioli. +# Feel free to add yours if you are entitled to run the ansible provisioning on that server + +mkdir /srv/ansible/.ssh +echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom" > /srv/ansible/.ssh/authorized_keys +echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente" >> /srv/ansible/.ssh/authorized_keys +echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvkwppFE+K5MjKqtkGJN63wkcwaqZG4HkgPqMSWrXmCfDPJ3FxjDHV9aQRJYVKZObc9+SsFc9IYXwB2A8FI0XwPkCH2hfFKDVNO4TktO/SrM+4tXbEfEDWX/PduBQLootYaMEVj++p2+s/mxVnxTAMzsR4txC9tkWR4JO4VJ2cpZfM8po4p1wA4YteW6Oiv0PqUEsLtPtBHGuCgovo8WS+qxcxpeBBnewEssgis2dzDSqx5HUmaOETAxxEHflapHWQLum0JjvXsG5jlf9jL44XJPkcHXAYk3gnhtyM0moJpUya+GX7+ttfWWvwxs0tYNDXNMRn91r1hMLWmas4D+T/Q== rcirillo@rcirillo-cnr" >> /srv/ansible/.ssh/authorized_keys +/bin/chown -R ansible:ansible /srv/ansible +/bin/chmod 700 /srv/ansible/.ssh +mkdir -p /etc/sudoers.d +echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible-user +/bin/chmod 600 /etc/sudoers.d/ansible-user +