diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/15-security-groups.tf b/openstack-tf/d4s-preprod/basic-infrastructure/15-security-groups.tf deleted file mode 120000 index aad5041..0000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure/15-security-groups.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/15-security-groups.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/20-octavia.tf b/openstack-tf/d4s-preprod/basic-infrastructure/20-octavia.tf deleted file mode 120000 index a104722..0000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure/20-octavia.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/20-octavia.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/25-ssh-jump-proxy.tf b/openstack-tf/d4s-preprod/basic-infrastructure/25-ssh-jump-proxy.tf deleted file mode 120000 index 46b1d6c..0000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure/25-ssh-jump-proxy.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/25-ssh-jump-proxy.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/30-internal-ca.tf b/openstack-tf/d4s-preprod/basic-infrastructure/30-internal-ca.tf deleted file mode 120000 index ac62be5..0000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure/30-internal-ca.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/30-internal-ca.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/35-prometheus.tf b/openstack-tf/d4s-preprod/basic-infrastructure/35-prometheus.tf deleted file mode 120000 index 31f4592..0000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure/35-prometheus.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/35-prometheus.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/40-postgresql.tf b/openstack-tf/d4s-preprod/basic-infrastructure/40-postgresql.tf deleted file mode 120000 index 968cc5a..0000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure/40-postgresql.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/40-postgresql.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/45-haproxy.tf b/openstack-tf/d4s-preprod/basic-infrastructure/45-haproxy.tf deleted file mode 120000 index e3b6c11..0000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure/45-haproxy.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/45-haproxy.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/haproxy.tf b/openstack-tf/d4s-preprod/basic-infrastructure/haproxy.tf new file mode 120000 index 0000000..51d2cc3 --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure/haproxy.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/haproxy.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/internal-ca.tf b/openstack-tf/d4s-preprod/basic-infrastructure/internal-ca.tf new file mode 120000 index 0000000..c613c82 --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure/internal-ca.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/internal-ca.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/main.tf b/openstack-tf/d4s-preprod/basic-infrastructure/main.tf index 509fa0e..7c3516e 100644 --- a/openstack-tf/d4s-preprod/basic-infrastructure/main.tf +++ b/openstack-tf/d4s-preprod/basic-infrastructure/main.tf @@ -17,9 +17,9 @@ data "terraform_remote_state" "privnet_dns_router" { } } -# module "ssh_settings" { -# source = "../../modules/ssh-key-ref" -# } +module "ssh_settings" { + source = "../../modules/ssh-key-ref" +} # module "common_variables" { # source = "../../modules/common_variables" # } diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/octavia.tf b/openstack-tf/d4s-preprod/basic-infrastructure/octavia.tf new file mode 120000 index 0000000..387afa6 --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure/octavia.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/octavia.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/outputs-preprod.tf b/openstack-tf/d4s-preprod/basic-infrastructure/outputs-preprod.tf new file mode 120000 index 0000000..f4aca42 --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure/outputs-preprod.tf @@ -0,0 +1 @@ +../variables/outputs-preprod.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/postgresql.tf b/openstack-tf/d4s-preprod/basic-infrastructure/postgresql.tf new file mode 120000 index 0000000..fb68d4e --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure/postgresql.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/postgresql.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/prometheus.tf b/openstack-tf/d4s-preprod/basic-infrastructure/prometheus.tf new file mode 120000 index 0000000..d565196 --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure/prometheus.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/prometheus.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/security-groups.tf b/openstack-tf/d4s-preprod/basic-infrastructure/security-groups.tf new file mode 120000 index 0000000..7da1514 --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure/security-groups.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/security-groups.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/ssh-jump-proxy.tf b/openstack-tf/d4s-preprod/basic-infrastructure/ssh-jump-proxy.tf new file mode 120000 index 0000000..a940c35 --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure/ssh-jump-proxy.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/ssh-jump-proxy.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/terraform.tfstate b/openstack-tf/d4s-preprod/basic-infrastructure/terraform.tfstate index 9cc638a..9ccb6c1 100644 --- a/openstack-tf/d4s-preprod/basic-infrastructure/terraform.tfstate +++ b/openstack-tf/d4s-preprod/basic-infrastructure/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, - "terraform_version": "1.6.4", - "serial": 250, + "terraform_version": "1.6.6", + "serial": 260, "lineage": "6a53b692-c1a8-ed53-bc6c-b7fb5e017eb8", "outputs": { "almalinux_9": { @@ -32,26 +32,6 @@ "string" ] }, - "basic_services_ip": { - "value": { - "ca": "10.1.32.4", - "ca_cidr": "10.1.32.4/32", - "haproxy_l7_1": "10.1.32.11", - "haproxy_l7_1_cidr": "10.1.32.11/32", - "haproxy_l7_2": "10.1.32.12", - "haproxy_l7_2_cidr": "10.1.32.12/32", - "octavia_main": "10.1.32.20", - "octavia_main_cidr": "10.1.32.20/32", - "prometheus": "10.1.32.10", - "prometheus_cidr": "10.1.32.10/32", - "ssh_jump": "10.1.32.5", - "ssh_jump_cidr": "10.1.32.5/32" - }, - "type": [ - "map", - "string" - ] - }, "centos_7": { "value": { "name": "CentOS-7", @@ -62,27 +42,6 @@ "string" ] }, - "default_security_group_name": { - "value": "default_for_all", - "type": "string" - }, - "dns_zone": { - "value": { - "description": "DNS primary zone for the d4s-pre-cloud project", - "email": "postmaster@isti.cnr.it", - "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c", - "ttl": "8600", - "zone_name": "cloud-pre.d4science.org." - }, - "type": [ - "map", - "string" - ] - }, - "dns_zone_id": { - "value": "c1a4b4bc-f167-4387-855d-38f0f99ca05c", - "type": "string" - }, "el7_data_file": { "value": "../../openstack_vm_data_scripts/el7.sh", "type": "string" @@ -101,11 +60,20 @@ "value": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", "type": "string" }, - "external_router": { + "flavor_list": { "value": { - "description": "D4Science Preprod main router", - "id": "cc26064a-bb08-4c0b-929f-d0cb39f934a3", - "name": "d4s-pre-cloud-external-router" + "c1_large": "c1.large", + "c1_medium": "c1.medium", + "c1_small": "c1.small", + "c2_large": "c2.large", + "m1_large": "m1.large", + "m1_medium": "m1.medium", + "m1_xlarge": "m1.xlarge", + "m1_xxl": "m1.xxl", + "m2_large": "m2.large", + "m2_medium": "m2.medium", + "m2_small": "m2.small", + "m3_large": "m3.large" }, "type": [ "map", @@ -158,41 +126,6 @@ "value": "10.1.32.20", "type": "string" }, - "main_private_network": { - "value": { - "description": "D4Science Preprod private network (use this as the main network)", - "name": "d4s-pre-cloud-main" - }, - "type": [ - "object", - { - "description": "string", - "name": "string" - } - ] - }, - "main_private_network_id": { - "value": "23fd8a99-d551-4ada-8d3a-9859542ebb8c", - "type": "string" - }, - "main_private_subnet": { - "value": { - "allocation_end": "10.1.35.254", - "allocation_start": "10.1.32.100", - "cidr": "10.1.32.0/22", - "description": "D4Science Preprod main private subnet", - "gateway_ip": "10.1.32.1", - "name": "d4s-pre-cloud-main-subnet" - }, - "type": [ - "map", - "string" - ] - }, - "main_private_subnet_id": { - "value": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04", - "type": "string" - }, "main_region": { "value": "isti_area_pi_1", "type": "string" @@ -201,6 +134,19 @@ "value": 8942, "type": "number" }, + "networks_list": { + "value": { + "orientdb": "orientdb-net", + "orientdb_se": "orientdb-se-net", + "shared_postgresql": "postgresql-srv-net", + "swarm": "swarm-nfs-net", + "timescaledb": "timescaledb-net" + }, + "type": [ + "map", + "string" + ] + }, "networks_with_d4s_services": { "value": { "garr_ct1_net": "90.147.166.0/23", @@ -215,25 +161,21 @@ "string" ] }, - "octavia_information": { + "os_project_data": { "value": { - "main_lb_description": "Main L4 load balancer for the D4Science PRE production", - "main_lb_hostname": "main-lb", - "main_lb_name": "d4s-pre-cloud-l4-load-balancer", - "octavia_flavor": "octavia_amphora-mvcpu-ha", - "octavia_flavor_id": "394988b5-6603-4a1e-a939-8e177c6681c7", - "octavia_vrrp_ip_1": "10.1.33.159/32", - "octavia_vrrp_ip_2": "10.1.32.199/32", - "swarm_lb_name": "d4s-pre-cloud-l4-swarm-load-balancer" + "id": "6fdc02e2827b405dad99f34698659742" }, "type": [ "map", "string" ] }, - "os_project_data": { + "policy_list": { "value": { - "id": "6fdc02e2827b405dad99f34698659742" + "affinity": "affinity", + "anti_affinity": "anti-affinity", + "soft_affinity": "soft-affinity", + "soft_anti_affinity": "soft-anti-affinity" }, "type": [ "map", @@ -272,6 +214,32 @@ "string" ] }, + "security_group_list": { + "value": { + "acaland": "acaland's dev machine", + "access_to_orientdb": "access_to_orientdb", + "access_to_orientdb_se": "access_to_orientdb_se", + "access_to_the_timescaledb_service": "access_to_the_timescaledb_service", + "cassandra": "Cassandra", + "dataminer-publish": "dataminer-publish", + "debugging_from_jump_node": "debugging_from_jump_node", + "default": "default", + "docker_swarm": "Docker Swarm", + "docker_swarm_NFS": "Docker Swarm NFS", + "haproxy": "traffic_from_main_lb_to_haproxy_l7", + "http_and_https_from_the_load_balancers": "traffic_from_the_main_load_balancers", + "limited_HTTPS_access": "restricted_web_service", + "limited_SSH_access": "Limited SSH access", + "mongo": "mongo", + "orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic", + "postgreSQL": "PostgreSQL service", + "public_HTTPS": "Public HTTPS" + }, + "type": [ + "map", + "string" + ] + }, "shared_postgresql_server_data": { "value": { "allocation_pool_end": "192.168.3.254", @@ -334,6 +302,7 @@ "ubuntu_1804": { "value": { "name": "Ubuntu-Bionic-18.04", + "user_data_file": "../../openstack_vm_data_scripts/ubuntu1804.sh", "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" }, "type": [ @@ -344,6 +313,7 @@ "ubuntu_2204": { "value": { "name": "Ubuntu-Jammy-22.04", + "user_data_file": "../../openstack_vm_data_scripts/ubuntu2204.sh", "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" }, "type": [ @@ -2582,22 +2552,22 @@ { "mode": "managed", "type": "openstack_networking_secgroup_rule_v2", - "name": "lb3_1_haproxy_l7_443", + "name": "octavia_to_haproxy_l7_443", "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", "instances": [ { "schema_version": 0, "attributes": { - "description": "Traffic from the first main lb instance to HAPROXY l7 1 port 443", + "description": "Traffic from the octavia lb instance to HAPROXY l7 port 443", "direction": "ingress", "ethertype": "IPv4", - "id": "99708119-4cee-4620-b12f-b30995d9e783", + "id": "3436a7b9-9e18-4e19-af86-df62337a6f52", "port_range_max": 443, "port_range_min": 443, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", - "remote_ip_prefix": "10.1.33.159/32", + "remote_ip_prefix": "10.1.32.0/22", "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", "tenant_id": "6fdc02e2827b405dad99f34698659742", "timeouts": null @@ -2613,22 +2583,22 @@ { "mode": "managed", "type": "openstack_networking_secgroup_rule_v2", - "name": "lb3_1_haproxy_l7_80", + "name": "octavia_to_haproxy_l7_80", "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", "instances": [ { "schema_version": 0, "attributes": { - "description": "Traffic from the first main lb instance to HAPROXY l7 1 port 80", + "description": "Traffic from the octavia lb instance to HAPROXY l7 port 80", "direction": "ingress", "ethertype": "IPv4", - "id": "99d35bec-5bb6-46cc-b22f-23adc2b30881", + "id": "d869e0c0-8ea5-498f-b38f-47c74cbe60a6", "port_range_max": 80, "port_range_min": 80, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", - "remote_ip_prefix": "10.1.33.159/32", + "remote_ip_prefix": "10.1.32.0/22", "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", "tenant_id": "6fdc02e2827b405dad99f34698659742", "timeouts": null @@ -2644,115 +2614,22 @@ { "mode": "managed", "type": "openstack_networking_secgroup_rule_v2", - "name": "lb3_1_haproxy_l7_8080", + "name": "octavia_to_haproxy_l7_8880", "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", "instances": [ { "schema_version": 0, "attributes": { - "description": "Traffic from the first main lb instance to HAPROXY l7 1 port 8080", + "description": "Traffic from the octavia lb instance to HAPROXY l7 port 8880", "direction": "ingress", "ethertype": "IPv4", - "id": "01f95b00-e717-4cc0-9a5b-7b33ea6bfdbd", - "port_range_max": 8080, - "port_range_min": 8080, + "id": "3de492e5-804a-4cd0-8a86-79981600afab", + "port_range_max": 8880, + "port_range_min": 8880, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", - "remote_ip_prefix": "10.1.33.159/32", - "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "lb3_2_haproxy_l7_443", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Traffic from the first main lb instance to HAPROXY l7 2 port 443", - "direction": "ingress", - "ethertype": "IPv4", - "id": "a6fd91df-518a-4310-b2b8-122e6c4b214d", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.199/32", - "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "lb3_2_haproxy_l7_80", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Traffic from the first main lb instance to HAPROXY l7 2 port 80", - "direction": "ingress", - "ethertype": "IPv4", - "id": "51a2fbbe-c50f-4038-bc33-f363713a7ca6", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.199/32", - "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "lb3_2_haproxy_l7_8080", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Traffic from the first main lb instance to HAPROXY l7 2 port 8080", - "direction": "ingress", - "ethertype": "IPv4", - "id": "8ceeb127-36b1-41cc-b993-1e61a5568d06", - "port_range_max": 8080, - "port_range_min": 8080, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.199/32", + "remote_ip_prefix": "10.1.32.0/22", "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", "tenant_id": "6fdc02e2827b405dad99f34698659742", "timeouts": null diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/variables-preprod.tf b/openstack-tf/d4s-preprod/basic-infrastructure/variables-preprod.tf new file mode 120000 index 0000000..b6af771 --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure/variables-preprod.tf @@ -0,0 +1 @@ +../variables/variables-preprod.tf \ No newline at end of file