Fix the basic infra in preproduction.

This commit is contained in:
Andrea Dell'Amico 2023-12-19 13:31:36 +01:00
parent 2adc683253
commit 7d61ffdc16
Signed by: andrea.dellamico
GPG Key ID: 147ABE6CEB9E20FF
18 changed files with 89 additions and 210 deletions

View File

@ -1 +0,0 @@
../../common_setups/15-security-groups.tf

View File

@ -1 +0,0 @@
../../common_setups/20-octavia.tf

View File

@ -1 +0,0 @@
../../common_setups/25-ssh-jump-proxy.tf

View File

@ -1 +0,0 @@
../../common_setups/30-internal-ca.tf

View File

@ -1 +0,0 @@
../../common_setups/35-prometheus.tf

View File

@ -1 +0,0 @@
../../common_setups/40-postgresql.tf

View File

@ -1 +0,0 @@
../../common_setups/45-haproxy.tf

View File

@ -0,0 +1 @@
../../modules/d4science_infra_setup/haproxy.tf

View File

@ -0,0 +1 @@
../../modules/d4science_infra_setup/internal-ca.tf

View File

@ -17,9 +17,9 @@ data "terraform_remote_state" "privnet_dns_router" {
} }
} }
# module "ssh_settings" { module "ssh_settings" {
# source = "../../modules/ssh-key-ref" source = "../../modules/ssh-key-ref"
# } }
# module "common_variables" { # module "common_variables" {
# source = "../../modules/common_variables" # source = "../../modules/common_variables"
# } # }

View File

@ -0,0 +1 @@
../../modules/d4science_infra_setup/octavia.tf

View File

@ -0,0 +1 @@
../variables/outputs-preprod.tf

View File

@ -0,0 +1 @@
../../modules/d4science_infra_setup/postgresql.tf

View File

@ -0,0 +1 @@
../../modules/d4science_infra_setup/prometheus.tf

View File

@ -0,0 +1 @@
../../modules/d4science_infra_setup/security-groups.tf

View File

@ -0,0 +1 @@
../../modules/d4science_infra_setup/ssh-jump-proxy.tf

View File

@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.6.4", "terraform_version": "1.6.6",
"serial": 250, "serial": 260,
"lineage": "6a53b692-c1a8-ed53-bc6c-b7fb5e017eb8", "lineage": "6a53b692-c1a8-ed53-bc6c-b7fb5e017eb8",
"outputs": { "outputs": {
"almalinux_9": { "almalinux_9": {
@ -32,26 +32,6 @@
"string" "string"
] ]
}, },
"basic_services_ip": {
"value": {
"ca": "10.1.32.4",
"ca_cidr": "10.1.32.4/32",
"haproxy_l7_1": "10.1.32.11",
"haproxy_l7_1_cidr": "10.1.32.11/32",
"haproxy_l7_2": "10.1.32.12",
"haproxy_l7_2_cidr": "10.1.32.12/32",
"octavia_main": "10.1.32.20",
"octavia_main_cidr": "10.1.32.20/32",
"prometheus": "10.1.32.10",
"prometheus_cidr": "10.1.32.10/32",
"ssh_jump": "10.1.32.5",
"ssh_jump_cidr": "10.1.32.5/32"
},
"type": [
"map",
"string"
]
},
"centos_7": { "centos_7": {
"value": { "value": {
"name": "CentOS-7", "name": "CentOS-7",
@ -62,27 +42,6 @@
"string" "string"
] ]
}, },
"default_security_group_name": {
"value": "default_for_all",
"type": "string"
},
"dns_zone": {
"value": {
"description": "DNS primary zone for the d4s-pre-cloud project",
"email": "postmaster@isti.cnr.it",
"id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c",
"ttl": "8600",
"zone_name": "cloud-pre.d4science.org."
},
"type": [
"map",
"string"
]
},
"dns_zone_id": {
"value": "c1a4b4bc-f167-4387-855d-38f0f99ca05c",
"type": "string"
},
"el7_data_file": { "el7_data_file": {
"value": "../../openstack_vm_data_scripts/el7.sh", "value": "../../openstack_vm_data_scripts/el7.sh",
"type": "string" "type": "string"
@ -101,11 +60,20 @@
"value": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", "value": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b",
"type": "string" "type": "string"
}, },
"external_router": { "flavor_list": {
"value": { "value": {
"description": "D4Science Preprod main router", "c1_large": "c1.large",
"id": "cc26064a-bb08-4c0b-929f-d0cb39f934a3", "c1_medium": "c1.medium",
"name": "d4s-pre-cloud-external-router" "c1_small": "c1.small",
"c2_large": "c2.large",
"m1_large": "m1.large",
"m1_medium": "m1.medium",
"m1_xlarge": "m1.xlarge",
"m1_xxl": "m1.xxl",
"m2_large": "m2.large",
"m2_medium": "m2.medium",
"m2_small": "m2.small",
"m3_large": "m3.large"
}, },
"type": [ "type": [
"map", "map",
@ -158,41 +126,6 @@
"value": "10.1.32.20", "value": "10.1.32.20",
"type": "string" "type": "string"
}, },
"main_private_network": {
"value": {
"description": "D4Science Preprod private network (use this as the main network)",
"name": "d4s-pre-cloud-main"
},
"type": [
"object",
{
"description": "string",
"name": "string"
}
]
},
"main_private_network_id": {
"value": "23fd8a99-d551-4ada-8d3a-9859542ebb8c",
"type": "string"
},
"main_private_subnet": {
"value": {
"allocation_end": "10.1.35.254",
"allocation_start": "10.1.32.100",
"cidr": "10.1.32.0/22",
"description": "D4Science Preprod main private subnet",
"gateway_ip": "10.1.32.1",
"name": "d4s-pre-cloud-main-subnet"
},
"type": [
"map",
"string"
]
},
"main_private_subnet_id": {
"value": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04",
"type": "string"
},
"main_region": { "main_region": {
"value": "isti_area_pi_1", "value": "isti_area_pi_1",
"type": "string" "type": "string"
@ -201,6 +134,19 @@
"value": 8942, "value": 8942,
"type": "number" "type": "number"
}, },
"networks_list": {
"value": {
"orientdb": "orientdb-net",
"orientdb_se": "orientdb-se-net",
"shared_postgresql": "postgresql-srv-net",
"swarm": "swarm-nfs-net",
"timescaledb": "timescaledb-net"
},
"type": [
"map",
"string"
]
},
"networks_with_d4s_services": { "networks_with_d4s_services": {
"value": { "value": {
"garr_ct1_net": "90.147.166.0/23", "garr_ct1_net": "90.147.166.0/23",
@ -215,25 +161,21 @@
"string" "string"
] ]
}, },
"octavia_information": { "os_project_data": {
"value": { "value": {
"main_lb_description": "Main L4 load balancer for the D4Science PRE production", "id": "6fdc02e2827b405dad99f34698659742"
"main_lb_hostname": "main-lb",
"main_lb_name": "d4s-pre-cloud-l4-load-balancer",
"octavia_flavor": "octavia_amphora-mvcpu-ha",
"octavia_flavor_id": "394988b5-6603-4a1e-a939-8e177c6681c7",
"octavia_vrrp_ip_1": "10.1.33.159/32",
"octavia_vrrp_ip_2": "10.1.32.199/32",
"swarm_lb_name": "d4s-pre-cloud-l4-swarm-load-balancer"
}, },
"type": [ "type": [
"map", "map",
"string" "string"
] ]
}, },
"os_project_data": { "policy_list": {
"value": { "value": {
"id": "6fdc02e2827b405dad99f34698659742" "affinity": "affinity",
"anti_affinity": "anti-affinity",
"soft_affinity": "soft-affinity",
"soft_anti_affinity": "soft-anti-affinity"
}, },
"type": [ "type": [
"map", "map",
@ -272,6 +214,32 @@
"string" "string"
] ]
}, },
"security_group_list": {
"value": {
"acaland": "acaland's dev machine",
"access_to_orientdb": "access_to_orientdb",
"access_to_orientdb_se": "access_to_orientdb_se",
"access_to_the_timescaledb_service": "access_to_the_timescaledb_service",
"cassandra": "Cassandra",
"dataminer-publish": "dataminer-publish",
"debugging_from_jump_node": "debugging_from_jump_node",
"default": "default",
"docker_swarm": "Docker Swarm",
"docker_swarm_NFS": "Docker Swarm NFS",
"haproxy": "traffic_from_main_lb_to_haproxy_l7",
"http_and_https_from_the_load_balancers": "traffic_from_the_main_load_balancers",
"limited_HTTPS_access": "restricted_web_service",
"limited_SSH_access": "Limited SSH access",
"mongo": "mongo",
"orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic",
"postgreSQL": "PostgreSQL service",
"public_HTTPS": "Public HTTPS"
},
"type": [
"map",
"string"
]
},
"shared_postgresql_server_data": { "shared_postgresql_server_data": {
"value": { "value": {
"allocation_pool_end": "192.168.3.254", "allocation_pool_end": "192.168.3.254",
@ -334,6 +302,7 @@
"ubuntu_1804": { "ubuntu_1804": {
"value": { "value": {
"name": "Ubuntu-Bionic-18.04", "name": "Ubuntu-Bionic-18.04",
"user_data_file": "../../openstack_vm_data_scripts/ubuntu1804.sh",
"uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89"
}, },
"type": [ "type": [
@ -344,6 +313,7 @@
"ubuntu_2204": { "ubuntu_2204": {
"value": { "value": {
"name": "Ubuntu-Jammy-22.04", "name": "Ubuntu-Jammy-22.04",
"user_data_file": "../../openstack_vm_data_scripts/ubuntu2204.sh",
"uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627"
}, },
"type": [ "type": [
@ -2582,22 +2552,22 @@
{ {
"mode": "managed", "mode": "managed",
"type": "openstack_networking_secgroup_rule_v2", "type": "openstack_networking_secgroup_rule_v2",
"name": "lb3_1_haproxy_l7_443", "name": "octavia_to_haproxy_l7_443",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [ "instances": [
{ {
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"description": "Traffic from the first main lb instance to HAPROXY l7 1 port 443", "description": "Traffic from the octavia lb instance to HAPROXY l7 port 443",
"direction": "ingress", "direction": "ingress",
"ethertype": "IPv4", "ethertype": "IPv4",
"id": "99708119-4cee-4620-b12f-b30995d9e783", "id": "3436a7b9-9e18-4e19-af86-df62337a6f52",
"port_range_max": 443, "port_range_max": 443,
"port_range_min": 443, "port_range_min": 443,
"protocol": "tcp", "protocol": "tcp",
"region": "isti_area_pi_1", "region": "isti_area_pi_1",
"remote_group_id": "", "remote_group_id": "",
"remote_ip_prefix": "10.1.33.159/32", "remote_ip_prefix": "10.1.32.0/22",
"security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0",
"tenant_id": "6fdc02e2827b405dad99f34698659742", "tenant_id": "6fdc02e2827b405dad99f34698659742",
"timeouts": null "timeouts": null
@ -2613,22 +2583,22 @@
{ {
"mode": "managed", "mode": "managed",
"type": "openstack_networking_secgroup_rule_v2", "type": "openstack_networking_secgroup_rule_v2",
"name": "lb3_1_haproxy_l7_80", "name": "octavia_to_haproxy_l7_80",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [ "instances": [
{ {
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"description": "Traffic from the first main lb instance to HAPROXY l7 1 port 80", "description": "Traffic from the octavia lb instance to HAPROXY l7 port 80",
"direction": "ingress", "direction": "ingress",
"ethertype": "IPv4", "ethertype": "IPv4",
"id": "99d35bec-5bb6-46cc-b22f-23adc2b30881", "id": "d869e0c0-8ea5-498f-b38f-47c74cbe60a6",
"port_range_max": 80, "port_range_max": 80,
"port_range_min": 80, "port_range_min": 80,
"protocol": "tcp", "protocol": "tcp",
"region": "isti_area_pi_1", "region": "isti_area_pi_1",
"remote_group_id": "", "remote_group_id": "",
"remote_ip_prefix": "10.1.33.159/32", "remote_ip_prefix": "10.1.32.0/22",
"security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0",
"tenant_id": "6fdc02e2827b405dad99f34698659742", "tenant_id": "6fdc02e2827b405dad99f34698659742",
"timeouts": null "timeouts": null
@ -2644,115 +2614,22 @@
{ {
"mode": "managed", "mode": "managed",
"type": "openstack_networking_secgroup_rule_v2", "type": "openstack_networking_secgroup_rule_v2",
"name": "lb3_1_haproxy_l7_8080", "name": "octavia_to_haproxy_l7_8880",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [ "instances": [
{ {
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"description": "Traffic from the first main lb instance to HAPROXY l7 1 port 8080", "description": "Traffic from the octavia lb instance to HAPROXY l7 port 8880",
"direction": "ingress", "direction": "ingress",
"ethertype": "IPv4", "ethertype": "IPv4",
"id": "01f95b00-e717-4cc0-9a5b-7b33ea6bfdbd", "id": "3de492e5-804a-4cd0-8a86-79981600afab",
"port_range_max": 8080, "port_range_max": 8880,
"port_range_min": 8080, "port_range_min": 8880,
"protocol": "tcp", "protocol": "tcp",
"region": "isti_area_pi_1", "region": "isti_area_pi_1",
"remote_group_id": "", "remote_group_id": "",
"remote_ip_prefix": "10.1.33.159/32", "remote_ip_prefix": "10.1.32.0/22",
"security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0",
"tenant_id": "6fdc02e2827b405dad99f34698659742",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"openstack_networking_secgroup_v2.main_lb_to_haproxy_l7"
]
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "lb3_2_haproxy_l7_443",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "Traffic from the first main lb instance to HAPROXY l7 2 port 443",
"direction": "ingress",
"ethertype": "IPv4",
"id": "a6fd91df-518a-4310-b2b8-122e6c4b214d",
"port_range_max": 443,
"port_range_min": 443,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "10.1.32.199/32",
"security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0",
"tenant_id": "6fdc02e2827b405dad99f34698659742",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"openstack_networking_secgroup_v2.main_lb_to_haproxy_l7"
]
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "lb3_2_haproxy_l7_80",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "Traffic from the first main lb instance to HAPROXY l7 2 port 80",
"direction": "ingress",
"ethertype": "IPv4",
"id": "51a2fbbe-c50f-4038-bc33-f363713a7ca6",
"port_range_max": 80,
"port_range_min": 80,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "10.1.32.199/32",
"security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0",
"tenant_id": "6fdc02e2827b405dad99f34698659742",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"openstack_networking_secgroup_v2.main_lb_to_haproxy_l7"
]
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "lb3_2_haproxy_l7_8080",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "Traffic from the first main lb instance to HAPROXY l7 2 port 8080",
"direction": "ingress",
"ethertype": "IPv4",
"id": "8ceeb127-36b1-41cc-b993-1e61a5568d06",
"port_range_max": 8080,
"port_range_min": 8080,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "10.1.32.199/32",
"security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0",
"tenant_id": "6fdc02e2827b405dad99f34698659742", "tenant_id": "6fdc02e2827b405dad99f34698659742",
"timeouts": null "timeouts": null

View File

@ -0,0 +1 @@
../variables/variables-preprod.tf