Fixes #27569. Add the main network interface as a port.

2024-06-07 14:59:41 +02:00 · 2024-06-07 14:59:41 +02:00 · 7356dd8a50
parent c64e3be555
commit 7356dd8a50
4 changed files with 6066 additions and 27 deletions
--- a/openstack-tf/d4s-production/accounting-dashboard-db/main.tf
+++ b/openstack-tf/d4s-production/accounting-dashboard-db/main.tf
@ -17,6 +17,14 @@ data "terraform_remote_state" "privnet_dns_router" {
  }
 }

+data "terraform_remote_state" "infrastructure_setup" {
+  backend = "local"
+
+  config = {
+    path = "../basic-infrastructure/terraform.tfstate"
+  }
+}
+
 #
 # Uses common_variables as module
 #
@ -36,7 +44,7 @@ resource "openstack_networking_secgroup_v2" "accounting_dashboard_db_access_list
 }

 resource "openstack_networking_secgroup_rule_v2" "access_to_the_accounting_dashboard_db" {
-  for_each = toset([var.accounting_dashoard_allowed_sources.infrascience_net,var.accounting_dashoard_allowed_sources.google_datastudio1,var.accounting_dashoard_allowed_sources.google_datastudio2,var.accounting_dashoard_allowed_sources.google_datastudio3,var.accounting_dashoard_allowed_sources.google_datastudio4,var.accounting_dashoard_allowed_sources.google_datastudio5,var.accounting_dashoard_allowed_sources.google_datastudio6,var.accounting_dashoard_allowed_sources.google_datastudio7,var.accounting_dashoard_allowed_sources.google_datastudio8,var.accounting_dashoard_allowed_sources.google_datastudio9,var.accounting_dashoard_allowed_sources.google_datastudio10,var.accounting_dashoard_allowed_sources.google_datastudio11,var.accounting_dashoard_allowed_sources.google_datastudio12,var.accounting_dashoard_allowed_sources.google_datastudio13,var.accounting_dashoard_allowed_sources.openstack_production])
+  for_each          = toset([var.accounting_dashoard_allowed_sources.infrascience_net, var.accounting_dashoard_allowed_sources.google_datastudio1, var.accounting_dashoard_allowed_sources.google_datastudio2, var.accounting_dashoard_allowed_sources.google_datastudio3, var.accounting_dashoard_allowed_sources.google_datastudio4, var.accounting_dashoard_allowed_sources.google_datastudio5, var.accounting_dashoard_allowed_sources.google_datastudio6, var.accounting_dashoard_allowed_sources.google_datastudio7, var.accounting_dashoard_allowed_sources.google_datastudio8, var.accounting_dashoard_allowed_sources.google_datastudio9, var.accounting_dashoard_allowed_sources.google_datastudio10, var.accounting_dashoard_allowed_sources.google_datastudio11, var.accounting_dashoard_allowed_sources.google_datastudio12, var.accounting_dashoard_allowed_sources.google_datastudio13, var.accounting_dashoard_allowed_sources.openstack_production])
  security_group_id = openstack_networking_secgroup_v2.accounting_dashboard_db_access_list.id
  description       = "Access to the Accounting Dashboard DB"
  direction         = "ingress"
@ -53,13 +61,28 @@ resource "openstack_blockstorage_volume_v3" "accounting_dashboard_db_data_vol" {
  size = var.accounting_dashboard_db_data.vol_data_size
 }

+#
+# Ports in the timescaleDB network
+resource "openstack_networking_port_v2" "accounting_dashboard_port_on_main_net" {
+  name           = "accounting_dashboard_port_on_main_net"
+  network_id     = data.terraform_remote_state.privnet_dns_router.outputs.main_private_network_id
+  admin_state_up = "true"
+  fixed_ip {
+    subnet_id = data.terraform_remote_state.privnet_dns_router.outputs.main_subnet_network_id
+  }
+  security_group_ids = [
+    openstack_networking_secgroup_v2.accounting_dashboard_db_access_list.id,
+    data.terraform_remote_state.infrastructure_setup.outputs.default_security_group.id
+  ]
+}
+
 # Instance
 resource "openstack_compute_instance_v2" "accounting_dashboard_db_server" {
  name                    = var.accounting_dashboard_db_data.name
  availability_zone_hints = module.common_variables.availability_zone_no_gpu_name
  flavor_name             = var.accounting_dashboard_db_data.flavor
  key_pair                = module.ssh_settings.ssh_key_name
-  security_groups         = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name]
+  security_groups         = [data.terraform_remote_state.infrastructure_setup.outputs.default_security_group.name, data.terraform_remote_state.infrastructure_setup.outputs.access_postgresql_security_group.name, openstack_networking_secgroup_v2.accounting_dashboard_db_access_list.name]
  block_device {
    uuid                  = module.common_variables.ubuntu_2204.uuid
    source_type           = "image"
@ -69,15 +92,10 @@ resource "openstack_compute_instance_v2" "accounting_dashboard_db_server" {
    delete_on_termination = false
  }

-  network {
-    name = data.terraform_remote_state.privnet_dns_router.outputs.main_private_network.name
-  }
  network {
    name        = module.common_variables.networks_list.shared_postgresql
    fixed_ip_v4 = var.accounting_dashboard_db_data.server_ip
  }
-
-
  user_data = file("${module.common_variables.ubuntu2204_data_file}")
  # Do not replace the instance when the ssh key changes
  lifecycle {
@ -87,7 +105,6 @@ resource "openstack_compute_instance_v2" "accounting_dashboard_db_server" {
      key_pair, user_data, network
    ]
  }
-
 }

 resource "openstack_compute_volume_attach_v2" "accounting_dashboard_db_data_attach_vol" {
@ -97,6 +114,10 @@ resource "openstack_compute_volume_attach_v2" "accounting_dashboard_db_data_atta
  depends_on  = [openstack_compute_instance_v2.accounting_dashboard_db_server]
 }

+resource "openstack_compute_interface_attach_v2" "main_network_to_accounting_dashboard" {
+  instance_id = openstack_compute_instance_v2.accounting_dashboard_db_server.id
+  port_id     = openstack_networking_port_v2.accounting_dashboard_port_on_main_net.id
+}
 # Floating IP and DNS record
 resource "openstack_networking_floatingip_v2" "accounting_dashboard_db_ip" {
  pool = data.terraform_remote_state.privnet_dns_router.outputs.floating_ip_pools.main_public_ip_pool
@ -106,7 +127,7 @@ resource "openstack_networking_floatingip_v2" "accounting_dashboard_db_ip" {

 resource "openstack_networking_floatingip_associate_v2" "accounting_dashboard_db" {
  floating_ip = openstack_networking_floatingip_v2.accounting_dashboard_db_ip.address
-  port_id     = openstack_compute_instance_v2.accounting_dashboard_db_server.network[0].fixed_ip_v4
+  port_id     = openstack_networking_port_v2.accounting_dashboard_port_on_main_net.id
 }

 locals {
@ -123,9 +144,9 @@ resource "openstack_dns_recordset_v2" "accounting_dashboard_recordset" {
 }

 output "accounting_dashboard_public_ip_address" {
-  value       = openstack_networking_floatingip_v2.accounting_dashboard_db_ip.address
+  value = openstack_networking_floatingip_v2.accounting_dashboard_db_ip.address
 }

 output "accounting_dashboard_hostname" {
-  value       = openstack_dns_recordset_v2.accounting_dashboard_recordset.name
+  value = openstack_dns_recordset_v2.accounting_dashboard_recordset.name
 }
--- a/openstack-tf/d4s-production/accounting-dashboard-db/terraform.tfstate
+++ b/openstack-tf/d4s-production/accounting-dashboard-db/terraform.tfstate
--- a/openstack-tf/d4s-production/accounting-dashboard-db/variables.tf
+++ b/openstack-tf/d4s-production/accounting-dashboard-db/variables.tf
@ -15,20 +15,20 @@ variable "accounting_dashboard_db_data" {
 variable "accounting_dashoard_allowed_sources" {
  type = map(string)
  default = {
-    "infrascience_net" = "146.48.122.0/23"
-    "google_datastudio1" = "64.18.0.0/20"
-    "google_datastudio2" = "64.233.160.0/19"
-    "google_datastudio3" = "66.102.0.0/20"
-    "google_datastudio4" = "66.249.80.0/20"
-    "google_datastudio5" = "72.14.192.0/18"
-    "google_datastudio6" = "74.125.0.0/16"
-    "google_datastudio7" = "108.177.8.0/21"
-    "google_datastudio8" = "173.194.0.0/16"
-    "google_datastudio9" = "207.126.144.0/20"
-    "google_datastudio10" = "209.85.128.0/17"
-    "google_datastudio11" = "216.58.192.0/19"
-    "google_datastudio12" = "216.239.32.0/19"
-    "google_datastudio13" = "142.251.74.0/23"
+    "infrascience_net"     = "146.48.122.0/23"
+    "google_datastudio1"   = "64.18.0.0/20"
+    "google_datastudio2"   = "64.233.160.0/19"
+    "google_datastudio3"   = "66.102.0.0/20"
+    "google_datastudio4"   = "66.249.80.0/20"
+    "google_datastudio5"   = "72.14.192.0/18"
+    "google_datastudio6"   = "74.125.0.0/16"
+    "google_datastudio7"   = "108.177.8.0/21"
+    "google_datastudio8"   = "173.194.0.0/16"
+    "google_datastudio9"   = "207.126.144.0/20"
+    "google_datastudio10"  = "209.85.128.0/17"
+    "google_datastudio11"  = "216.58.192.0/19"
+    "google_datastudio12"  = "216.239.32.0/19"
+    "google_datastudio13"  = "142.251.74.0/23"
    "openstack_production" = "146.48.31.57/32"
  }
 }
--- a/openstack-tf/d4s-production/basic-infrastructure/terraform.tfstate
+++ b/openstack-tf/d4s-production/basic-infrastructure/terraform.tfstate
@ -1,9 +1,47 @@
 {
  "version": 4,
  "terraform_version": "1.7.5",
-  "serial": 585,
+  "serial": 587,
  "lineage": "954b57a1-c68e-fa2b-cf2f-79cc54aea13e",
  "outputs": {
+    "access_postgresql_security_group": {
+      "value": {
+        "all_tags": [],
+        "delete_default_rules": true,
+        "description": "Access the shared PostgreSQL service using the dedicated network",
+        "id": "347b507a-8df3-44ad-acb1-580e66991064",
+        "name": "access_to_the_shared_postgresql_service",
+        "region": "isti_area_pi_1",
+        "tags": [],
+        "tenant_id": "1b45adf388934758b56d0dfdb4bfacf3",
+        "timeouts": null
+      },
+      "type": [
+        "object",
+        {
+          "all_tags": [
+            "set",
+            "string"
+          ],
+          "delete_default_rules": "bool",
+          "description": "string",
+          "id": "string",
+          "name": "string",
+          "region": "string",
+          "tags": [
+            "set",
+            "string"
+          ],
+          "tenant_id": "string",
+          "timeouts": [
+            "object",
+            {
+              "delete": "string"
+            }
+          ]
+        }
+      ]
+    },
    "almalinux_9": {
      "value": {
        "name": "AlmaLinux-9.0-20220718",
@ -62,6 +100,44 @@
        "string"
      ]
    },
+    "default_security_group": {
+      "value": {
+        "all_tags": [],
+        "delete_default_rules": true,
+        "description": "Default security group with rules for ssh access via jump proxy, prometheus scraping",
+        "id": "ec201518-ab19-4342-8465-4b5524030a8e",
+        "name": "default_for_all",
+        "region": "isti_area_pi_1",
+        "tags": [],
+        "tenant_id": "1b45adf388934758b56d0dfdb4bfacf3",
+        "timeouts": null
+      },
+      "type": [
+        "object",
+        {
+          "all_tags": [
+            "set",
+            "string"
+          ],
+          "delete_default_rules": "bool",
+          "description": "string",
+          "id": "string",
+          "name": "string",
+          "region": "string",
+          "tags": [
+            "set",
+            "string"
+          ],
+          "tenant_id": "string",
+          "timeouts": [
+            "object",
+            {
+              "delete": "string"
+            }
+          ]
+        }
+      ]
+    },
    "default_security_group_name": {
      "value": "default_for_all",
      "type": "string"