2023-11-17 16:50:33 +01:00
#
# Server groups for both the masters and the workers
#
resource " openstack_compute_servergroup_v2 " " mongodb " {
name = " mongodb "
policies = [ " anti-affinity " ]
}
#
# Security groups
#
# Rules
# 80 from 0/0
# 9101 from prometheus
# 27017 da: garr-ct1, garr-na, garr-pa1, InfraScience, S2I2S
resource " openstack_networking_secgroup_v2 " " mongodb_cluster_traffic " {
2023-12-14 12:55:20 +01:00
name = " mongodb_cluster_traffic "
delete_default_rules = " true "
description = " Traffic between the MongoDB nodes "
2023-11-17 16:50:33 +01:00
}
resource " openstack_networking_secgroup_rule_v2 " " access_to_the_mongodb_service_from_the_internal_network " {
2023-12-14 12:55:20 +01:00
security_group_id = openstack_networking_secgroup_v2 . mongodb_cluster_traffic . id
description = " Access to the MongoDB service "
direction = " ingress "
ethertype = " IPv4 "
protocol = " tcp "
port_range_min = 27017
port_range_max = 27017
remote_ip_prefix = var . main_private_subnet . cidr
2023-11-17 16:50:33 +01:00
}
resource " openstack_networking_secgroup_rule_v2 " " access_to_the_mongodb_service_from_the_outside " {
2024-02-07 12:06:45 +01:00
for_each = toset ( [ var . networks_with_d4s_services . infrascience_net , var . networks_with_d4s_services . s2i2s_net , var . networks_with_d4s_services . garr_ct1_net , var . networks_with_d4s_services . garr_pa1_net , var . networks_with_d4s_services . garr_na_net , var . networks_with_d4s_services . isti_net ] )
2023-12-14 12:55:20 +01:00
security_group_id = openstack_networking_secgroup_v2 . mongodb_cluster_traffic . id
description = " Access to the MongoDB service "
direction = " ingress "
ethertype = " IPv4 "
protocol = " tcp "
port_range_min = 27017
port_range_max = 27017
remote_ip_prefix = each . value
2023-11-17 16:50:33 +01:00
}
resource " openstack_networking_secgroup_rule_v2 " " mongodb_plain_http_for_letsencrypt " {
2023-12-14 12:55:20 +01:00
security_group_id = openstack_networking_secgroup_v2 . mongodb_cluster_traffic . id
description = " Plain HTTP for letsencrypt "
direction = " ingress "
ethertype = " IPv4 "
protocol = " tcp "
port_range_min = 80
port_range_max = 80
remote_ip_prefix = " 0.0.0.0/0 "
2023-11-17 16:50:33 +01:00
}
resource " openstack_networking_secgroup_rule_v2 " " mongodb_prometheus_exporter " {
2023-12-14 12:55:20 +01:00
security_group_id = openstack_networking_secgroup_v2 . mongodb_cluster_traffic . id
description = " Prometheus exporter for MongoDB "
direction = " ingress "
ethertype = " IPv4 "
protocol = " tcp "
port_range_min = 9101
port_range_max = 9101
2024-05-02 19:31:53 +02:00
remote_ip_prefix = join ( " / " , [ data . terraform_remote_state . infrastructure_data . outputs . prometheus_public_ip_address , " 32 " ] )
2023-11-17 16:50:33 +01:00
}
#
# Mongodb cluster VMs
#
# Instance
resource " openstack_compute_instance_v2 " " mongodb_cluster_nodes " {
2023-12-14 12:55:20 +01:00
count = var . mongodb_cluster_data . count
name = format ( " %s-%02d " , var . mongodb_cluster_data . name , count . index + 2 )
2023-11-17 16:50:33 +01:00
availability_zone_hints = var . availability_zones_names . availability_zone_no_gpu
2023-12-14 12:55:20 +01:00
flavor_name = var . mongodb_cluster_data . flavor
2024-02-07 12:06:45 +01:00
key_pair = module . ssh_settings . ssh_key_file
security_groups = [ data . terraform_remote_state . privnet_dns_router . outputs . default_security_group_name , openstack_networking_secgroup_v2 . mongodb_cluster_traffic . name ]
2023-11-17 16:50:33 +01:00
scheduler_hints {
group = openstack_compute_servergroup_v2 . mongodb . id
}
block_device {
uuid = var . mongodb_cluster_data . image_type_uuid
source_type = " image "
volume_size = 10
boot_index = 0
destination_type = " volume "
delete_on_termination = false
}
block_device {
source_type = " blank "
volume_size = var . mongodb_cluster_data . data _ disk_size
boot_index = -1
destination_type = " volume "
delete_on_termination = false
}
network {
2023-12-14 12:55:20 +01:00
name = var . main_private_network . name
fixed_ip_v4 = var . mongodb_ip . * [ count . index ]
}
2024-02-07 12:06:45 +01:00
user_data = file ( " ${ module . common_variables . ubuntu_2204 . user_data_file } " )
2023-12-14 12:55:20 +01:00
# Do not replace the instance when the ssh key changes
lifecycle {
ignore_changes = [
# Ignore changes to tags, e.g. because a management agent
# updates these based on some ruleset managed elsewhere.
2023-12-19 14:51:53 +01:00
key_pair , user_data , network
2023-12-14 12:55:20 +01:00
]
2023-11-17 16:50:33 +01:00
}
}
# Allocate a floating IP
resource " openstack_networking_floatingip_v2 " " mongodb_cluster_floating_ip " {
count = var . mongodb_cluster_data . count
2023-12-14 12:55:20 +01:00
pool = var . floating_ip_pools . main_public_ip_pool
2023-11-17 16:50:33 +01:00
# The DNS association does not work because of a bug in the OpenStack API
# dns_name = "main-lb"
# dns_domain = var.dns_zone.zone_name
2023-12-14 12:55:20 +01:00
description = format ( " MongoDB cluster node %s-%02d " , var . mongodb_cluster_data . name , count . index + 2 )
2023-11-17 16:50:33 +01:00
}
resource " openstack_compute_floatingip_associate_v2 " " mongodb_cluster_ip " {
2023-12-14 12:55:20 +01:00
count = var . mongodb_cluster_data . count
2023-11-17 16:50:33 +01:00
floating_ip = element ( openstack_networking_floatingip_v2 . mongodb_cluster_floating_ip . * . address , count . index )
instance_id = element ( openstack_compute_instance_v2 . mongodb_cluster_nodes . * . id , count . index )
2023-12-14 12:55:20 +01:00
depends_on = [ openstack_networking_floatingip_v2 . mongodb_cluster_floating_ip ]
2023-11-17 16:50:33 +01:00
}
resource " openstack_dns_recordset_v2 " " mongodb_cluster_dns_recordsets " {
2023-12-14 12:55:20 +01:00
count = var . mongodb_cluster_data . count
2024-02-07 12:06:45 +01:00
zone_id = data . terraform_remote_state . privnet_dns_router . outputs . dns_zone_id
name = join ( " . " , [ element ( openstack_compute_instance_v2 . mongodb_cluster_nodes . * . name , count . index ) , data . terraform_remote_state . privnet_dns_router . outputs . dns_zone . zone_name ] )
2023-11-17 16:50:33 +01:00
description = " Mongodb public hostnames "
ttl = 8600
type = " A "
records = [ element ( openstack_networking_floatingip_v2 . mongodb_cluster_floating_ip . * . address , count . index ) ]
2023-12-14 12:55:20 +01:00
depends_on = [ openstack_networking_floatingip_v2 . mongodb_cluster_floating_ip ]
2023-11-17 16:50:33 +01:00
}
#
# MongoDB vol node
#
# Instance
resource " openstack_compute_instance_v2 " " mongodb_vol_node " {
2023-12-14 12:55:20 +01:00
name = " mongodb-vol "
2023-11-17 16:50:33 +01:00
availability_zone_hints = var . availability_zones_names . availability_zone_no_gpu
2023-12-14 12:55:20 +01:00
flavor_name = var . mongodb_vol_data . flavor
2024-02-07 12:06:45 +01:00
key_pair = module . ssh_settings . ssh_key_file
security_groups = [ data . terraform_remote_state . privnet_dns_router . outputs . default_security_group_name , openstack_networking_secgroup_v2 . mongodb_cluster_traffic . name ]
2023-11-17 16:50:33 +01:00
block_device {
uuid = var . mongodb_vol_data . image_type_uuid
source_type = " image "
volume_size = 10
boot_index = 0
destination_type = " volume "
delete_on_termination = false
}
block_device {
source_type = " blank "
volume_size = var . mongodb_vol_data . data _ disk_size
boot_index = -1
destination_type = " volume "
delete_on_termination = false
}
network {
2023-12-14 12:55:20 +01:00
name = var . main_private_network . name
2023-11-17 16:50:33 +01:00
fixed_ip_v4 = var . mongodb_vol_ip
}
2024-02-07 12:06:45 +01:00
user_data = file ( " ${ module . common_variables . ubuntu_2204 . user_data_file } " )
2023-12-14 12:55:20 +01:00
# Do not replace the instance when the ssh key changes
lifecycle {
ignore_changes = [
# Ignore changes to tags, e.g. because a management agent
# updates these based on some ruleset managed elsewhere.
2023-12-19 14:51:53 +01:00
key_pair , user_data , network
2023-12-14 12:55:20 +01:00
]
}
2023-11-17 16:50:33 +01:00
}
# Allocate a floating IP
resource " openstack_networking_floatingip_v2 " " mongodb_vol_floating_ip " {
pool = var . floating_ip_pools . main_public_ip_pool
# The DNS association does not work because of a bug in the OpenStack API
# dns_name = "main-lb"
# dns_domain = var.dns_zone.zone_name
description = " MongoDB Volatile "
}
resource " openstack_compute_floatingip_associate_v2 " " mongodb_vol_public_ip " {
floating_ip = openstack_networking_floatingip_v2 . mongodb_vol_floating_ip . address
instance_id = openstack_compute_instance_v2 . mongodb_vol_node . id
2023-12-14 12:55:20 +01:00
depends_on = [ openstack_networking_floatingip_v2 . mongodb_vol_floating_ip ]
2023-11-17 16:50:33 +01:00
}
resource " openstack_dns_recordset_v2 " " mongodb_vol_dns_recordsets " {
2024-02-07 12:06:45 +01:00
zone_id = data . terraform_remote_state . privnet_dns_router . outputs . dns_zone_id
name = join ( " . " , [ openstack_compute_instance_v2 . mongodb_vol_node . name ] , [ data . terraform_remote_state . privnet_dns_router . outputs . dns_zone . zone_name ] )
2023-11-17 16:50:33 +01:00
description = " Mongodb Volatile public hostnames "
ttl = 8600
type = " A "
records = [ openstack_networking_floatingip_v2 . mongodb_vol_floating_ip . address ]
2023-12-14 12:55:20 +01:00
depends_on = [ openstack_networking_floatingip_v2 . mongodb_vol_floating_ip ]
2023-11-17 16:50:33 +01:00
}