diff --git a/openstack-tf/d4s-production/accounting-dashboard-db/main.tf b/openstack-tf/d4s-production/accounting-dashboard-db/main.tf index 125823f..8d56863 100644 --- a/openstack-tf/d4s-production/accounting-dashboard-db/main.tf +++ b/openstack-tf/d4s-production/accounting-dashboard-db/main.tf @@ -29,6 +29,24 @@ module "ssh_settings" { source = "../../modules/ssh-key-ref" } +resource "openstack_networking_secgroup_v2" "accounting_dashboard_db_access_list" { + name = "accounting_dashboard_db_access_list" + delete_default_rules = "true" + description = "Allowed connections to the accounting dashboard database" +} + +resource "openstack_networking_secgroup_rule_v2" "access_to_the_accounting_dashboard_db" { + for_each = toset([var.accounting_dashoard_allowed_sources.infrascience_net,var.accounting_dashoard_allowed_sources.google_datastudio1,var.accounting_dashoard_allowed_sources.google_datastudio2,var.accounting_dashoard_allowed_sources.google_datastudio3,var.accounting_dashoard_allowed_sources.google_datastudio4,var.accounting_dashoard_allowed_sources.google_datastudio5,var.accounting_dashoard_allowed_sources.google_datastudio6,var.accounting_dashoard_allowed_sources.google_datastudio7,var.accounting_dashoard_allowed_sources.google_datastudio8,var.accounting_dashoard_allowed_sources.google_datastudio9,var.accounting_dashoard_allowed_sources.google_datastudio10,var.accounting_dashoard_allowed_sources.google_datastudio11,var.accounting_dashoard_allowed_sources.google_datastudio12,var.accounting_dashoard_allowed_sources.google_datastudio13,var.accounting_dashoard_allowed_sources.openstack_production]) + security_group_id = openstack_networking_secgroup_v2.accounting_dashboard_db_access_list.id + description = "Access to the Accounting Dashboard DB" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 5432 + port_range_max = 5432 + remote_ip_prefix = each.value +} + # Block device resource "openstack_blockstorage_volume_v3" "accounting_dashboard_db_data_vol" { name = var.accounting_dashboard_db_data.vol_data_name @@ -79,24 +97,35 @@ resource "openstack_compute_volume_attach_v2" "accounting_dashboard_db_data_atta depends_on = [openstack_compute_instance_v2.accounting_dashboard_db_server] } +# Floating IP and DNS record +resource "openstack_networking_floatingip_v2" "accounting_dashboard_db_ip" { + pool = data.terraform_remote_state.privnet_dns_router.outputs.floating_ip_pools.main_public_ip_pool + # The DNS association does not work because of a bug in the OpenStack API + description = "Accounting dashboard" +} + +resource "openstack_networking_floatingip_associate_v2" "accounting_dashboard_db" { + floating_ip = openstack_networking_floatingip_v2.accounting_dashboard_db_ip.address + port_id = openstack_compute_instance_v2.accounting_dashboard_db_server.network[0].fixed_ip_v4 +} + locals { - cname_target = "main-lb.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name}" + accounting_dashboard_recordset_name = "accounting-dashboard-db.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name}" } -# -# Add DNS record/s -# -module "dns_records_create" { - source = "../../modules/dns_resources" - - dns_resources_map = { - acccounting-dashboard-db-server = { - zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id - name = join(".", [var.accounting_dashboard_db_data.name, data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name]) - description = "Accounting Dashboard DB Server" - ttl = 8600 - type = "CNAME" - records = [local.cname_target] - } - } +resource "openstack_dns_recordset_v2" "accounting_dashboard_recordset" { + zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id + name = local.accounting_dashboard_recordset_name + description = "Public IP address of the Accounting Dashboard" + ttl = 8600 + type = "A" + records = [openstack_networking_floatingip_v2.accounting_dashboard_db_ip.address] +} + +output "accounting_dashboard_public_ip_address" { + value = openstack_networking_floatingip_v2.accounting_dashboard_db_ip.address +} + +output "accounting_dashboard_hostname" { + value = openstack_dns_recordset_v2.accounting_dashboard_recordset.name } diff --git a/openstack-tf/d4s-production/accounting-dashboard-db/variables.tf b/openstack-tf/d4s-production/accounting-dashboard-db/variables.tf index 57e9a21..89fe527 100644 --- a/openstack-tf/d4s-production/accounting-dashboard-db/variables.tf +++ b/openstack-tf/d4s-production/accounting-dashboard-db/variables.tf @@ -10,4 +10,26 @@ variable "accounting_dashboard_db_data" { vol_data_device = "/dev/vdb" server_ip = "192.168.0.10" } -} \ No newline at end of file +} + +variable "accounting_dashoard_allowed_sources" { + type = map(string) + default = { + "infrascience_net" = "146.48.122.0/23" + "google_datastudio1" = "64.18.0.0/20" + "google_datastudio2" = "64.233.160.0/19" + "google_datastudio3" = "66.102.0.0/20" + "google_datastudio4" = "66.249.80.0/20" + "google_datastudio5" = "72.14.192.0/18" + "google_datastudio6" = "74.125.0.0/16" + "google_datastudio7" = "108.177.8.0/21" + "google_datastudio8" = "173.194.0.0/16" + "google_datastudio9" = "207.126.144.0/20" + "google_datastudio10" = "209.85.128.0/17" + "google_datastudio11" = "216.58.192.0/19" + "google_datastudio12" = "216.239.32.0/19" + "google_datastudio13" = "142.251.74.0/23" + "openstack_production" = "146.48.31.57/32" + } +} +