ISTI-provisioning
/
openstack-infrastructure-terraform
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Configurazioni per HPC e KDD.

This commit is contained in:
Andrea Dell'Amico 2024-01-22 11:14:48 +01:00
parent 54038932c0
commit cb89a962af
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
11 changed files with 1531 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -13,6 +13,7 @@ Ogni progetto ha una rete con CIDR differente, per comodità di intervento in ca
* S2I2S: 10.11.0.0/21 * S2I2S: 10.11.0.0/21
* KDD: 10.12.0.0/21 * KDD: 10.12.0.0/21
* HPC: 10.13.0.0/21
## Zona DNS associata al progetto ## Zona DNS associata al progetto

179
hpc/main_net_dns_router/main.tf Normal file
View File

@ -0,0 +1,179 @@
# Define required providers
terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "~> 1.53.0"
}
}
}
provider "openstack" {
# cloud = "hpc-lab"
cloud = "ISTI-Cloud"
}
module "labs_common_variables" {
source = "../../modules/labs_common_variables"
}
# Main module
module "main_private_net_and_dns_zone" {
source = "../../modules/labs_private_net_and_dns_zone"
dns_zone = {
zone_name = "hpc.cloud.isti.cnr.it."
email = "postmaster@isti.cnr.it"
description = "DNS primary zone for the hpc-lab project"
ttl = 8600
}
os_project_data = {
name = "hpc-lab-cloud"
id = "adaf7e28a31e465795359fcde26398b7"
}
main_private_network = {
name = "hpc-cloud-main"
description = "HPC lab private network (use this as the main network)"
}
main_private_subnet = {
name = "hpc-cloud-main-subnet"
description = "HPC lab main private subnet"
cidr = "10.13.0.0/21"
gateway_ip = "10.13.0.1"
allocation_start = "10.13.1.1"
allocation_end = "10.13.7.254"
}
external_router = {
name = "hpc-cloud-external-router"
description = "HPC lab main router"
}
default_firewall_rules_map = {
"ssh_from_isti_net" = {
description = "SSH from the ISTI network"
source = module.labs_common_variables.ssh_sources.isti_net_cidr
port_min = 22
port_max = 22
},
"ssh_from_s2i2s_vpn_1" = {
description = "SSH from the S2I2S VPN 1"
source = module.labs_common_variables.ssh_sources.s2i2s_vpn_1_cidr
port_min = 22
port_max = 22
},
"ssh_from_s2i2s_vpn_2" = {
description = "SSH from the S2I2S VPN 2"
source = module.labs_common_variables.ssh_sources.s2i2s_vpn_2_cidr
port_min = 22
port_max = 22
},
"http_from_everywhere" = {
description = "HTTP from everywhere"
source = "0.0.0.0/0"
port_min = 80
port_max = 80
},
"https_from_everywhere" = {
description = "HTTPS from everywhere"
source = "0.0.0.0/0"
port_min = 443
port_max = 443
}
}
}
output "os_project_data" {
value = module.main_private_net_and_dns_zone.os_project_data
}
output "dns_zone_id" {
value = module.main_private_net_and_dns_zone.dns_zone_id
}
output "main_private_network_id" {
value = module.main_private_net_and_dns_zone.main_private_network_id
}
output "main_subnet_network_id" {
value = module.main_private_net_and_dns_zone.main_subnet_network_id
}
output "external_gateway_ip" {
value = module.main_private_net_and_dns_zone.external_gateway_ip
}
output "main_region" {
value = module.labs_common_variables.main_region
}
output "external_network" {
value = module.labs_common_variables.external_network
}
output "external_network_id" {
value = module.labs_common_variables.external_network.id
}
output "floating_ip_pools" {
value = module.labs_common_variables.floating_ip_pools
}
output "resolvers_ip" {
value = module.labs_common_variables.resolvers_ip
}
output "mtu_size" {
value = module.labs_common_variables.mtu_size
}
output "availability_zones_names" {
value = module.labs_common_variables.availability_zones_names
}
output "availability_zone_no_gpu_name" {
value = module.labs_common_variables.availability_zones_names.availability_zone_no_gpu
}
output "availability_zone_with_gpu_name" {
value = module.labs_common_variables.availability_zones_names.availability_zone_with_gpu
}
output "ssh_sources" {
value = module.labs_common_variables.ssh_sources
}
output "ubuntu_1804" {
value = module.labs_common_variables.ubuntu_1804
}
output "ubuntu_2204" {
value = module.labs_common_variables.ubuntu_2204
}
output "centos_7" {
value = module.labs_common_variables.centos_7
}
output "almalinux_9" {
value = module.labs_common_variables.almalinux_9
}
output "ubuntu1804_data_file" {
value = module.labs_common_variables.ubuntu1804_data_file
}
output "ubuntu2204_data_file" {
value = module.labs_common_variables.ubuntu2204_data_file
}
output "el7_data_file" {
value = module.labs_common_variables.el7_data_file
}
output "policy_list" {
value = module.labs_common_variables.policy_list
}
output "flavor_list" {
value = module.labs_common_variables.flavor_list
}

629
hpc/main_net_dns_router/terraform.tfstate Normal file
View File

@ -0,0 +1,629 @@
{
"version": 4,
"terraform_version": "1.6.6",
"serial": 16,
"lineage": "b2aa8a80-ab4a-7b4d-da5a-b76f7d41a2ed",
"outputs": {
"almalinux_9": {
"value": {
"name": "AlmaLinux-9.0-20220718",
"uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688"
},
"type": [
"map",
"string"
]
},
"availability_zone_no_gpu_name": {
"value": "cnr-isti-nova-a",
"type": "string"
},
"availability_zone_with_gpu_name": {
"value": "cnr-isti-nova-gpu-a",
"type": "string"
},
"availability_zones_names": {
"value": {
"availability_zone_no_gpu": "cnr-isti-nova-a",
"availability_zone_with_gpu": "cnr-isti-nova-gpu-a"
},
"type": [
"map",
"string"
]
},
"centos_7": {
"value": {
"name": "CentOS-7",
"uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca"
},
"type": [
"map",
"string"
]
},
"dns_zone_id": {
"value": "9d929715-2dd7-4859-a52a-bd148d2a6694",
"type": "string"
},
"el7_data_file": {
"value": "../../openstack_vm_data_scripts/el7.sh",
"type": "string"
},
"external_gateway_ip": {
"value": [
{
"ip_address": "146.48.30.35",
"subnet_id": "57f87509-4016-46fb-b8c3-25fca7f72ccb"
}
],
"type": [
"list",
[
"object",
{
"ip_address": "string",
"subnet_id": "string"
}
]
]
},
"external_network": {
"value": {
"id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b",
"name": "external-network"
},
"type": [
"map",
"string"
]
},
"external_network_id": {
"value": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b",
"type": "string"
},
"flavor_list": {
"value": {
"c1_large": "c1.large",
"c1_medium": "c1.medium",
"c1_small": "c1.small",
"c2_large": "c2.large",
"m1_large": "m1.large",
"m1_medium": "m1.medium",
"m1_xlarge": "m1.xlarge",
"m1_xxl": "m1.xxl",
"m2_large": "m2.large",
"m2_medium": "m2.medium",
"m2_small": "m2.small",
"m3_large": "m3.large"
},
"type": [
"map",
"string"
]
},
"floating_ip_pools": {
"value": {
"main_public_ip_pool": "external-network"
},
"type": [
"map",
"string"
]
},
"main_private_network_id": {
"value": "5ef3fcdd-590c-4034-a46d-9ddd60693c57",
"type": "string"
},
"main_region": {
"value": "isti_area_pi_1",
"type": "string"
},
"main_subnet_network_id": {
"value": "84e50cdf-3f92-4e2c-b366-4e30cfcb913e",
"type": "string"
},
"mtu_size": {
"value": 8942,
"type": "number"
},
"os_project_data": {
"value": {
"id": "adaf7e28a31e465795359fcde26398b7",
"name": "hpc-lab-cloud"
},
"type": [
"map",
"string"
]
},
"policy_list": {
"value": {
"affinity": "affinity",
"anti_affinity": "anti-affinity",
"soft_affinity": "soft-affinity",
"soft_anti_affinity": "soft-anti-affinity"
},
"type": [
"map",
"string"
]
},
"resolvers_ip": {
"value": [
"146.48.29.97",
"146.48.29.98",
"146.48.29.99"
],
"type": [
"list",
"string"
]
},
"ssh_sources": {
"value": {
"infrascience_net_cidr": "146.48.122.0/23",
"isti_net_cidr": "146.48.80.0/21",
"isti_vpn_gw1": "146.48.80.101/32",
"isti_vpn_gw2": "146.48.80.102/32",
"isti_vpn_gw3": "146.48.80.103/32",
"s2i2s_net_cidr": "146.48.28.0/22",
"s2i2s_vpn_1_cidr": "146.48.28.10/32",
"s2i2s_vpn_2_cidr": "146.48.28.11/32"
},
"type": [
"map",
"string"
]
},
"ubuntu1804_data_file": {
"value": "../../openstack_vm_data_scripts/ubuntu1804.sh",
"type": "string"
},
"ubuntu2204_data_file": {
"value": "../../openstack_vm_data_scripts/ubuntu2204.sh",
"type": "string"
},
"ubuntu_1804": {
"value": {
"name": "Ubuntu-Bionic-18.04",
"user_data_file": "../../openstack_vm_data_scripts/ubuntu1804.sh",
"uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89"
},
"type": [
"map",
"string"
]
},
"ubuntu_2204": {
"value": {
"name": "Ubuntu-Jammy-22.04",
"user_data_file": "../../openstack_vm_data_scripts/ubuntu2204.sh",
"uuid": "54768889-8556-4be4-a2eb-82a4d9b34627"
},
"type": [
"map",
"string"
]
}
},
"resources": [
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_dns_zone_v2",
"name": "primary_project_dns_zone",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"attributes": {},
"description": "DNS primary zone for the hpc-lab project",
"disable_status_check": false,
"email": "postmaster@isti.cnr.it",
"id": "9d929715-2dd7-4859-a52a-bd148d2a6694",
"masters": [],
"name": "hpc.cloud.isti.cnr.it.",
"project_id": "adaf7e28a31e465795359fcde26398b7",
"region": "isti_area_pi_1",
"timeouts": null,
"ttl": 8600,
"type": "PRIMARY",
"value_specs": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19"
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_network_v2",
"name": "main-private-network",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"admin_state_up": true,
"all_tags": [],
"availability_zone_hints": [],
"description": "HPC lab private network (use this as the main network)",
"dns_domain": "hpc.cloud.isti.cnr.it.",
"external": false,
"id": "5ef3fcdd-590c-4034-a46d-9ddd60693c57",
"mtu": 8942,
"name": "hpc-cloud-main",
"port_security_enabled": true,
"qos_policy_id": "",
"region": "isti_area_pi_1",
"segments": [
{
"network_type": "geneve",
"physical_network": "",
"segmentation_id": 30164
}
],
"shared": false,
"tags": null,
"tenant_id": "adaf7e28a31e465795359fcde26398b7",
"timeouts": null,
"transparent_vlan": false,
"value_specs": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0="
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_router_interface_v2",
"name": "private-network-routing",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"force_destroy": false,
"id": "c51ed0fc-2112-4a08-8343-f05388b12382",
"port_id": "c51ed0fc-2112-4a08-8343-f05388b12382",
"region": "isti_area_pi_1",
"router_id": "b162216d-9915-42a1-aa08-0b4b731f6c14",
"subnet_id": "84e50cdf-3f92-4e2c-b366-4e30cfcb913e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_network_v2.main-private-network",
"module.main_private_net_and_dns_zone.openstack_networking_router_v2.external-router",
"module.main_private_net_and_dns_zone.openstack_networking_subnet_v2.main-private-subnet"
]
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_router_v2",
"name": "external-router",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"admin_state_up": true,
"all_tags": [],
"availability_zone_hints": [],
"description": "HPC lab main router",
"distributed": false,
"enable_snat": true,
"external_fixed_ip": [
{
"ip_address": "146.48.30.35",
"subnet_id": "57f87509-4016-46fb-b8c3-25fca7f72ccb"
}
],
"external_gateway": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b",
"external_network_id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b",
"external_subnet_ids": null,
"id": "b162216d-9915-42a1-aa08-0b4b731f6c14",
"name": "hpc-cloud-external-router",
"region": "isti_area_pi_1",
"tags": [],
"tenant_id": "adaf7e28a31e465795359fcde26398b7",
"timeouts": null,
"value_specs": null,
"vendor_options": [
{
"set_router_gateway_after_create": true
}
]
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0="
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "default_firewall_rules",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"index_key": "http_from_everywhere",
"schema_version": 0,
"attributes": {
"description": "HTTP from everywhere",
"direction": "ingress",
"ethertype": "IPv4",
"id": "b5f56257-6a56-4b72-a480-cf0814b9dd93",
"port_range_max": 80,
"port_range_min": 80,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "0.0.0.0/0",
"security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
},
{
"index_key": "https_from_everywhere",
"schema_version": 0,
"attributes": {
"description": "HTTPS from everywhere",
"direction": "ingress",
"ethertype": "IPv4",
"id": "bcca0796-570e-406a-aa7d-0be5d9e70fea",
"port_range_max": 443,
"port_range_min": 443,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "0.0.0.0/0",
"security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
},
{
"index_key": "ssh_from_isti_net",
"schema_version": 0,
"attributes": {
"description": "SSH from the ISTI network",
"direction": "ingress",
"ethertype": "IPv4",
"id": "c0aa5f11-47f9-4cbc-9637-241ee636af84",
"port_range_max": 22,
"port_range_min": 22,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "146.48.80.0/21",
"security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
},
{
"index_key": "ssh_from_s2i2s_vpn_1",
"schema_version": 0,
"attributes": {
"description": "SSH from the S2I2S VPN 1",
"direction": "ingress",
"ethertype": "IPv4",
"id": "f6a02b76-2f1f-4050-8c00-52860f77f71f",
"port_range_max": 22,
"port_range_min": 22,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "146.48.28.10/32",
"security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
},
{
"index_key": "ssh_from_s2i2s_vpn_2",
"schema_version": 0,
"attributes": {
"description": "SSH from the S2I2S VPN 2",
"direction": "ingress",
"ethertype": "IPv4",
"id": "802e9225-6936-422a-8ebd-54534e87a718",
"port_range_max": 22,
"port_range_min": 22,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "146.48.28.11/32",
"security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "egress-ipv4",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "Allow all the egress traffic",
"direction": "egress",
"ethertype": "IPv4",
"id": "dc6c0752-2606-43d4-98b2-41cf2a9994da",
"port_range_max": 0,
"port_range_min": 0,
"protocol": "",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "",
"security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "ingress-icmp",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "Allow ICMP from remote",
"direction": "ingress",
"ethertype": "IPv4",
"id": "21f91e4c-b7d8-4fb0-9fff-ad928713451d",
"port_range_max": 0,
"port_range_min": 0,
"protocol": "icmp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "0.0.0.0/0",
"security_group_id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_secgroup_v2",
"name": "default",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_tags": [],
"delete_default_rules": true,
"description": "Default security group with rules that allow ssh access from the ISTI networks, http, https",
"id": "2f4c13cd-d431-4d52-b8a9-8eea0d7c5c86",
"name": "default_for_all",
"region": "isti_area_pi_1",
"tags": [],
"tenant_id": "adaf7e28a31e465795359fcde26398b7",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ=="
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_subnet_v2",
"name": "main-private-subnet",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_tags": [],
"allocation_pool": [
{
"end": "10.13.7.254",
"start": "10.13.1.1"
}
],
"allocation_pools": [
{
"end": "10.13.7.254",
"start": "10.13.1.1"
}
],
"cidr": "10.13.0.0/21",
"description": "HPC lab main private subnet",
"dns_nameservers": [
"146.48.29.97",
"146.48.29.98",
"146.48.29.99"
],
"enable_dhcp": true,
"gateway_ip": "10.13.0.1",
"host_routes": [],
"id": "84e50cdf-3f92-4e2c-b366-4e30cfcb913e",
"ip_version": 4,
"ipv6_address_mode": "",
"ipv6_ra_mode": "",
"name": "hpc-cloud-main-subnet",
"network_id": "5ef3fcdd-590c-4034-a46d-9ddd60693c57",
"no_gateway": false,
"prefix_length": null,
"region": "isti_area_pi_1",
"service_types": [],
"subnetpool_id": "",
"tags": null,
"tenant_id": "adaf7e28a31e465795359fcde26398b7",
"timeouts": null,
"value_specs": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_network_v2.main-private-network"
]
}
]
}
],
"check_results": null
}

90
kdd/main_net_dns_router/main.tf
View File

@ -14,7 +14,7 @@ provider "openstack" {
cloud = "ISTI-Cloud" cloud = "ISTI-Cloud"
} }
module "common_variables" { module "labs_common_variables" {
source = "../../modules/labs_common_variables" source = "../../modules/labs_common_variables"
} }
# Main module # Main module
@ -27,7 +27,8 @@ module "main_private_net_and_dns_zone" {
ttl = 8600 ttl = 8600
} }
os_project_data = { os_project_data = {
id = "1b45adf388934758b56d0dfdb4bfacf3" name = "kdd-lab-cloud"
id = "d6757d56e6e54ffe83a9701cc92af4c2"
} }
main_private_network = { main_private_network = {
name = "kdd-cloud-main" name = "kdd-cloud-main"
@ -80,7 +81,9 @@ module "main_private_net_and_dns_zone" {
} }
output "os_project_data" {
value = module.main_private_net_and_dns_zone.os_project_data
}
output "dns_zone_id" { output "dns_zone_id" {
value = module.main_private_net_and_dns_zone.dns_zone_id value = module.main_private_net_and_dns_zone.dns_zone_id
@ -101,122 +104,79 @@ output "external_gateway_ip" {
# Module used # Module used
output "main_region" { output "main_region" {
value = module.common_variables.main_region value = module.labs_common_variables.main_region
} }
output "external_network" { output "external_network" {
value = module.common_variables.external_network value = module.labs_common_variables.external_network
} }
output "external_network_id" { output "external_network_id" {
value = module.common_variables.external_network.id value = module.labs_common_variables.external_network.id
} }
output "floating_ip_pools" { output "floating_ip_pools" {
value = module.common_variables.floating_ip_pools value = module.labs_common_variables.floating_ip_pools
} }
output "resolvers_ip" { output "resolvers_ip" {
value = module.common_variables.resolvers_ip value = module.labs_common_variables.resolvers_ip
} }
output "mtu_size" { output "mtu_size" {
value = module.common_variables.mtu_size value = module.labs_common_variables.mtu_size
} }
output "availability_zones_names" { output "availability_zones_names" {
value = module.common_variables.availability_zones_names value = module.labs_common_variables.availability_zones_names
} }
output "availability_zone_no_gpu_name" { output "availability_zone_no_gpu_name" {
value = module.common_variables.availability_zones_names.availability_zone_no_gpu value = module.labs_common_variables.availability_zones_names.availability_zone_no_gpu
} }
output "availability_zone_with_gpu_name" { output "availability_zone_with_gpu_name" {
value = module.common_variables.availability_zones_names.availability_zone_with_gpu value = module.labs_common_variables.availability_zones_names.availability_zone_with_gpu
} }
output "ssh_sources" { output "ssh_sources" {
value = module.common_variables.ssh_sources value = module.labs_common_variables.ssh_sources
}
output "networks_with_d4s_services" {
value = module.common_variables.networks_with_d4s_services
} }
output "ubuntu_1804" { output "ubuntu_1804" {
value = module.common_variables.ubuntu_1804 value = module.labs_common_variables.ubuntu_1804
} }
output "ubuntu_2204" { output "ubuntu_2204" {
value = module.common_variables.ubuntu_2204 value = module.labs_common_variables.ubuntu_2204
} }
output "centos_7" { output "centos_7" {
value = module.common_variables.centos_7 value = module.labs_common_variables.centos_7
} }
output "almalinux_9" { output "almalinux_9" {
value = module.common_variables.almalinux_9 value = module.labs_common_variables.almalinux_9
} }
output "ubuntu1804_data_file" { output "ubuntu1804_data_file" {
value = module.common_variables.ubuntu1804_data_file value = module.labs_common_variables.ubuntu1804_data_file
} }
output "ubuntu2204_data_file" { output "ubuntu2204_data_file" {
value = module.common_variables.ubuntu2204_data_file value = module.labs_common_variables.ubuntu2204_data_file
} }
output "el7_data_file" { output "el7_data_file" {
value = module.common_variables.el7_data_file value = module.labs_common_variables.el7_data_file
} }
output "ssh_jump_proxy" {
value = module.common_variables.ssh_jump_proxy
}
output "internal_ca_data" {
value = module.common_variables.internal_ca_data
}
output "prometheus_server_data" {
value = module.common_variables.prometheus_server_data
}
output "shared_postgresql_server_data" {
value = module.common_variables.shared_postgresql_server_data
}
output "haproxy_l7_data" {
value = module.common_variables.haproxy_l7_data
}
output "resource_registry_addresses" {
value = module.common_variables.resource_registry_addresses
}
output "smartexecutor_addresses" {
value = module.common_variables.smartexecutor_addresses
}
#Added by Francesco
output "policy_list" { output "policy_list" {
value = module.common_variables.policy_list value = module.labs_common_variables.policy_list
} }
#Added by Francesco
output "flavor_list" { output "flavor_list" {
value = module.common_variables.flavor_list value = module.labs_common_variables.flavor_list
} }
#Added by Francesco
output "security_group_list" {
value = module.common_variables.security_group_list
}
#Added by Francesco
output "networks_list" {
value = module.common_variables.networks_list
}

629
kdd/main_net_dns_router/terraform.tfstate Normal file
View File

@ -0,0 +1,629 @@
{
"version": 4,
"terraform_version": "1.6.6",
"serial": 17,
"lineage": "c6d5332e-26ca-a882-04a1-5c0d0b8e53ea",
"outputs": {
"almalinux_9": {
"value": {
"name": "AlmaLinux-9.0-20220718",
"uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688"
},
"type": [
"map",
"string"
]
},
"availability_zone_no_gpu_name": {
"value": "cnr-isti-nova-a",
"type": "string"
},
"availability_zone_with_gpu_name": {
"value": "cnr-isti-nova-gpu-a",
"type": "string"
},
"availability_zones_names": {
"value": {
"availability_zone_no_gpu": "cnr-isti-nova-a",
"availability_zone_with_gpu": "cnr-isti-nova-gpu-a"
},
"type": [
"map",
"string"
]
},
"centos_7": {
"value": {
"name": "CentOS-7",
"uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca"
},
"type": [
"map",
"string"
]
},
"dns_zone_id": {
"value": "9d29d051-9567-4af4-9ffe-87eb643fc90b",
"type": "string"
},
"el7_data_file": {
"value": "../../openstack_vm_data_scripts/el7.sh",
"type": "string"
},
"external_gateway_ip": {
"value": [
{
"ip_address": "146.48.30.196",
"subnet_id": "57f87509-4016-46fb-b8c3-25fca7f72ccb"
}
],
"type": [
"list",
[
"object",
{
"ip_address": "string",
"subnet_id": "string"
}
]
]
},
"external_network": {
"value": {
"id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b",
"name": "external-network"
},
"type": [
"map",
"string"
]
},
"external_network_id": {
"value": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b",
"type": "string"
},
"flavor_list": {
"value": {
"c1_large": "c1.large",
"c1_medium": "c1.medium",
"c1_small": "c1.small",
"c2_large": "c2.large",
"m1_large": "m1.large",
"m1_medium": "m1.medium",
"m1_xlarge": "m1.xlarge",
"m1_xxl": "m1.xxl",
"m2_large": "m2.large",
"m2_medium": "m2.medium",
"m2_small": "m2.small",
"m3_large": "m3.large"
},
"type": [
"map",
"string"
]
},
"floating_ip_pools": {
"value": {
"main_public_ip_pool": "external-network"
},
"type": [
"map",
"string"
]
},
"main_private_network_id": {
"value": "fb006673-39b6-472b-ba20-f1087e7e38ef",
"type": "string"
},
"main_region": {
"value": "isti_area_pi_1",
"type": "string"
},
"main_subnet_network_id": {
"value": "ddf59a67-2bbc-4678-a1ae-19ef01a295e2",
"type": "string"
},
"mtu_size": {
"value": 8942,
"type": "number"
},
"os_project_data": {
"value": {
"id": "d6757d56e6e54ffe83a9701cc92af4c2",
"name": "kdd-lab-cloud"
},
"type": [
"map",
"string"
]
},
"policy_list": {
"value": {
"affinity": "affinity",
"anti_affinity": "anti-affinity",
"soft_affinity": "soft-affinity",
"soft_anti_affinity": "soft-anti-affinity"
},
"type": [
"map",
"string"
]
},
"resolvers_ip": {
"value": [
"146.48.29.97",
"146.48.29.98",
"146.48.29.99"
],
"type": [
"list",
"string"
]
},
"ssh_sources": {
"value": {
"infrascience_net_cidr": "146.48.122.0/23",
"isti_net_cidr": "146.48.80.0/21",
"isti_vpn_gw1": "146.48.80.101/32",
"isti_vpn_gw2": "146.48.80.102/32",
"isti_vpn_gw3": "146.48.80.103/32",
"s2i2s_net_cidr": "146.48.28.0/22",
"s2i2s_vpn_1_cidr": "146.48.28.10/32",
"s2i2s_vpn_2_cidr": "146.48.28.11/32"
},
"type": [
"map",
"string"
]
},
"ubuntu1804_data_file": {
"value": "../../openstack_vm_data_scripts/ubuntu1804.sh",
"type": "string"
},
"ubuntu2204_data_file": {
"value": "../../openstack_vm_data_scripts/ubuntu2204.sh",
"type": "string"
},
"ubuntu_1804": {
"value": {
"name": "Ubuntu-Bionic-18.04",
"user_data_file": "../../openstack_vm_data_scripts/ubuntu1804.sh",
"uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89"
},
"type": [
"map",
"string"
]
},
"ubuntu_2204": {
"value": {
"name": "Ubuntu-Jammy-22.04",
"user_data_file": "../../openstack_vm_data_scripts/ubuntu2204.sh",
"uuid": "54768889-8556-4be4-a2eb-82a4d9b34627"
},
"type": [
"map",
"string"
]
}
},
"resources": [
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_dns_zone_v2",
"name": "primary_project_dns_zone",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"attributes": {},
"description": "DNS primary zone for the kdd-lab project",
"disable_status_check": false,
"email": "postmaster@isti.cnr.it",
"id": "9d29d051-9567-4af4-9ffe-87eb643fc90b",
"masters": [],
"name": "kdd.cloud.isti.cnr.it.",
"project_id": "d6757d56e6e54ffe83a9701cc92af4c2",
"region": "isti_area_pi_1",
"timeouts": null,
"ttl": 8600,
"type": "PRIMARY",
"value_specs": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19"
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_network_v2",
"name": "main-private-network",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"admin_state_up": true,
"all_tags": [],
"availability_zone_hints": [],
"description": "KDD private network (use this as the main network)",
"dns_domain": "kdd.cloud.isti.cnr.it.",
"external": false,
"id": "fb006673-39b6-472b-ba20-f1087e7e38ef",
"mtu": 8942,
"name": "kdd-cloud-main",
"port_security_enabled": true,
"qos_policy_id": "",
"region": "isti_area_pi_1",
"segments": [
{
"network_type": "geneve",
"physical_network": "",
"segmentation_id": 6061
}
],
"shared": false,
"tags": [],
"tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2",
"timeouts": null,
"transparent_vlan": false,
"value_specs": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0="
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_router_interface_v2",
"name": "private-network-routing",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"force_destroy": false,
"id": "9768ac33-95a5-44ac-be3b-cdd718cb631e",
"port_id": "9768ac33-95a5-44ac-be3b-cdd718cb631e",
"region": "isti_area_pi_1",
"router_id": "69114a25-e298-4641-92e2-f375c9168ba6",
"subnet_id": "ddf59a67-2bbc-4678-a1ae-19ef01a295e2",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_network_v2.main-private-network",
"module.main_private_net_and_dns_zone.openstack_networking_router_v2.external-router",
"module.main_private_net_and_dns_zone.openstack_networking_subnet_v2.main-private-subnet"
]
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_router_v2",
"name": "external-router",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"admin_state_up": true,
"all_tags": [],
"availability_zone_hints": [],
"description": "KDD main router",
"distributed": false,
"enable_snat": true,
"external_fixed_ip": [
{
"ip_address": "146.48.30.196",
"subnet_id": "57f87509-4016-46fb-b8c3-25fca7f72ccb"
}
],
"external_gateway": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b",
"external_network_id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b",
"external_subnet_ids": null,
"id": "69114a25-e298-4641-92e2-f375c9168ba6",
"name": "kdd-cloud-external-router",
"region": "isti_area_pi_1",
"tags": [],
"tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2",
"timeouts": null,
"value_specs": null,
"vendor_options": [
{
"set_router_gateway_after_create": true
}
]
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0="
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "default_firewall_rules",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"index_key": "http_from_everywhere",
"schema_version": 0,
"attributes": {
"description": "HTTP from everywhere",
"direction": "ingress",
"ethertype": "IPv4",
"id": "585726ab-e05e-4454-a6c1-76bf8f443410",
"port_range_max": 80,
"port_range_min": 80,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "0.0.0.0/0",
"security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
},
{
"index_key": "https_from_everywhere",
"schema_version": 0,
"attributes": {
"description": "HTTPS from everywhere",
"direction": "ingress",
"ethertype": "IPv4",
"id": "1a303ec1-3eca-4177-86b8-50923d027753",
"port_range_max": 443,
"port_range_min": 443,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "0.0.0.0/0",
"security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
},
{
"index_key": "ssh_from_isti_net",
"schema_version": 0,
"attributes": {
"description": "SSH from the ISTI network",
"direction": "ingress",
"ethertype": "IPv4",
"id": "fcaecb06-773a-4ec2-a37f-129a8e64334e",
"port_range_max": 22,
"port_range_min": 22,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "146.48.80.0/21",
"security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
},
{
"index_key": "ssh_from_s2i2s_vpn_1",
"schema_version": 0,
"attributes": {
"description": "SSH from the S2I2S VPN 1",
"direction": "ingress",
"ethertype": "IPv4",
"id": "751ed54c-b8ef-4ebe-a55f-4dc291758afa",
"port_range_max": 22,
"port_range_min": 22,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "146.48.28.10/32",
"security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
},
{
"index_key": "ssh_from_s2i2s_vpn_2",
"schema_version": 0,
"attributes": {
"description": "SSH from the S2I2S VPN 2",
"direction": "ingress",
"ethertype": "IPv4",
"id": "4fb45a09-1c70-4896-b07a-f538d4cfab84",
"port_range_max": 22,
"port_range_min": 22,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "146.48.28.11/32",
"security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "egress-ipv4",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "Allow all the egress traffic",
"direction": "egress",
"ethertype": "IPv4",
"id": "cff1b501-fcd9-4510-943e-548be057fe34",
"port_range_max": 0,
"port_range_min": 0,
"protocol": "",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "",
"security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "ingress-icmp",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "Allow ICMP from remote",
"direction": "ingress",
"ethertype": "IPv4",
"id": "95760403-b648-406b-a666-94679a19dcb9",
"port_range_max": 0,
"port_range_min": 0,
"protocol": "icmp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "0.0.0.0/0",
"security_group_id": "c4371018-a8a7-48ea-9606-3a4fa2a20545",
"tenant_id": "d3c30d05b2524faead8fabf0b511622e",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_secgroup_v2.default"
]
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_secgroup_v2",
"name": "default",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_tags": [],
"delete_default_rules": true,
"description": "Default security group with rules that allow ssh access from the ISTI networks, http, https",
"id": "c4371018-a8a7-48ea-9606-3a4fa2a20545",
"name": "default_for_all",
"region": "isti_area_pi_1",
"tags": [],
"tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ=="
}
]
},
{
"module": "module.main_private_net_and_dns_zone",
"mode": "managed",
"type": "openstack_networking_subnet_v2",
"name": "main-private-subnet",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_tags": [],
"allocation_pool": [
{
"end": "10.12.7.254",
"start": "10.12.1.1"
}
],
"allocation_pools": [
{
"end": "10.12.7.254",
"start": "10.12.1.1"
}
],
"cidr": "10.12.0.0/21",
"description": "kdd main private subnet",
"dns_nameservers": [
"146.48.29.97",
"146.48.29.98",
"146.48.29.99"
],
"enable_dhcp": true,
"gateway_ip": "10.12.0.1",
"host_routes": [],
"id": "ddf59a67-2bbc-4678-a1ae-19ef01a295e2",
"ip_version": 4,
"ipv6_address_mode": "",
"ipv6_ra_mode": "",
"name": "kdd-cloud-main-subnet",
"network_id": "fb006673-39b6-472b-ba20-f1087e7e38ef",
"no_gateway": false,
"prefix_length": null,
"region": "isti_area_pi_1",
"service_types": [],
"subnetpool_id": "",
"tags": [],
"tenant_id": "d6757d56e6e54ffe83a9701cc92af4c2",
"timeouts": null,
"value_specs": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=",
"dependencies": [
"module.main_private_net_and_dns_zone.openstack_networking_network_v2.main-private-network"
]
}
]
}
],
"check_results": null
}

1
modules/labs_private_net_and_dns_zone/main_network_dns_zone.tf
View File

@ -59,6 +59,7 @@ resource "openstack_networking_router_interface_v2" "private-network-routing" {
resource "openstack_networking_secgroup_v2" "default" { resource "openstack_networking_secgroup_v2" "default" {
name = module.labs_common_variables.default_security_group_name name = module.labs_common_variables.default_security_group_name
delete_default_rules = "true" delete_default_rules = "true"
tenant_id = var.os_project_data.id
description = "Default security group with rules that allow ssh access from the ISTI networks, http, https" description = "Default security group with rules that allow ssh access from the ISTI networks, http, https"
} }

4
modules/labs_private_net_and_dns_zone/outputs.tf
View File

@ -13,3 +13,7 @@ output "main_subnet_network_id" {
output "external_gateway_ip" { output "external_gateway_ip" {
value = openstack_networking_router_v2.external-router.external_fixed_ip value = openstack_networking_router_v2.external-router.external_fixed_ip
} }
output "os_project_data" {
value = var.os_project_data
}

1
modules/labs_private_net_and_dns_zone/variables_main_network_dns.tf
View File

@ -1,6 +1,7 @@
variable "os_project_data" { variable "os_project_data" {
type = map(string) type = map(string)
default = { default = {
name = ""
id = "" id = ""
} }
} }

22
s2i2s_openstack_vm_data_scripts/el7.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
yum -y install python policycoreutils-python
/sbin/useradd --system --home-dir /srv/ansible -m --shell /bin/bash -c "Used for the Ansible provisioning tasks" ansible
# SSH keys of users authorized to execute ansible playbooks.
# The ones in the example belong to Andrea Dell'Amico and Tommaso Piccioli.
# Feel free to add yours if you are entitled to run the ansible provisioning on that server
mkdir /srv/ansible/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom" > /srv/ansible/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente" >> /srv/ansible/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvkwppFE+K5MjKqtkGJN63wkcwaqZG4HkgPqMSWrXmCfDPJ3FxjDHV9aQRJYVKZObc9+SsFc9IYXwB2A8FI0XwPkCH2hfFKDVNO4TktO/SrM+4tXbEfEDWX/PduBQLootYaMEVj++p2+s/mxVnxTAMzsR4txC9tkWR4JO4VJ2cpZfM8po4p1wA4YteW6Oiv0PqUEsLtPtBHGuCgovo8WS+qxcxpeBBnewEssgis2dzDSqx5HUmaOETAxxEHflapHWQLum0JjvXsG5jlf9jL44XJPkcHXAYk3gnhtyM0moJpUya+GX7+ttfWWvwxs0tYNDXNMRn91r1hMLWmas4D+T/Q== rcirillo@rcirillo-cnr" >> /srv/ansible/.ssh/authorized_keys
/bin/chown -R ansible:ansible /srv/ansible
/bin/chmod 700 /srv/ansible/.ssh
mkdir -p /etc/sudoers.d
echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible-user
/bin/chmod 600 /etc/sudoers.d/ansible-user
semanage fcontext -a -e /home /srv/ansible ; restorecon -vR /srv/ansible

22
s2i2s_openstack_vm_data_scripts/ubuntu1804.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
apt-get update -y
# Not needed anymore on Ubuntu 20.04+
apt-get install -y python
/usr/sbin/adduser --system --home /srv/ansible --shell /bin/bash --gecos "Used for the Ansible provisioning tasks" --group ansible
# SSH keys of users authorized to execute ansible playbooks.
# The ones in the example belong to Andrea Dell'Amico and Tommaso Piccioli.
# Feel free to add yours if you are entitled to run the ansible provisioning on that server
mkdir /srv/ansible/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom" > /srv/ansible/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente" >> /srv/ansible/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvkwppFE+K5MjKqtkGJN63wkcwaqZG4HkgPqMSWrXmCfDPJ3FxjDHV9aQRJYVKZObc9+SsFc9IYXwB2A8FI0XwPkCH2hfFKDVNO4TktO/SrM+4tXbEfEDWX/PduBQLootYaMEVj++p2+s/mxVnxTAMzsR4txC9tkWR4JO4VJ2cpZfM8po4p1wA4YteW6Oiv0PqUEsLtPtBHGuCgovo8WS+qxcxpeBBnewEssgis2dzDSqx5HUmaOETAxxEHflapHWQLum0JjvXsG5jlf9jL44XJPkcHXAYk3gnhtyM0moJpUya+GX7+ttfWWvwxs0tYNDXNMRn91r1hMLWmas4D+T/Q== rcirillo@rcirillo-cnr" >> /srv/ansible/.ssh/authorized_keys
/bin/chown -R ansible:ansible /srv/ansible
/bin/chmod 700 /srv/ansible/.ssh
mkdir -p /etc/sudoers.d
echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible-user
/bin/chmod 600 /etc/sudoers.d/ansible-user

18
s2i2s_openstack_vm_data_scripts/ubuntu2204.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
/usr/sbin/adduser --system --home /srv/ansible --shell /bin/bash --gecos "Used for the Ansible provisioning tasks" --group ansible
# SSH keys of users authorized to execute ansible playbooks.
# The ones in the example belong to Andrea Dell'Amico and Tommaso Piccioli.
# Feel free to add yours if you are entitled to run the ansible provisioning on that server
mkdir /srv/ansible/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom" > /srv/ansible/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente" >> /srv/ansible/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvkwppFE+K5MjKqtkGJN63wkcwaqZG4HkgPqMSWrXmCfDPJ3FxjDHV9aQRJYVKZObc9+SsFc9IYXwB2A8FI0XwPkCH2hfFKDVNO4TktO/SrM+4tXbEfEDWX/PduBQLootYaMEVj++p2+s/mxVnxTAMzsR4txC9tkWR4JO4VJ2cpZfM8po4p1wA4YteW6Oiv0PqUEsLtPtBHGuCgovo8WS+qxcxpeBBnewEssgis2dzDSqx5HUmaOETAxxEHflapHWQLum0JjvXsG5jlf9jL44XJPkcHXAYk3gnhtyM0moJpUya+GX7+ttfWWvwxs0tYNDXNMRn91r1hMLWmas4D+T/Q== rcirillo@rcirillo-cnr" >> /srv/ansible/.ssh/authorized_keys
/bin/chown -R ansible:ansible /srv/ansible
/bin/chmod 700 /srv/ansible/.ssh
mkdir -p /etc/sudoers.d
echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible-user
/bin/chmod 600 /etc/sudoers.d/ansible-user