primo draft harbor terraform
This commit is contained in:
parent
055837555d
commit
a6f396f86c
|
@ -0,0 +1,165 @@
|
||||||
|
# Define required providers
|
||||||
|
terraform {
|
||||||
|
required_version = ">= 0.14.0"
|
||||||
|
required_providers {
|
||||||
|
openstack = {
|
||||||
|
source = "terraform-provider-openstack/openstack"
|
||||||
|
version = ">= 1.54.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
data "terraform_remote_state" "privnet_dns_router" {
|
||||||
|
backend = "local"
|
||||||
|
|
||||||
|
config = {
|
||||||
|
path = "../project-setup/terraform.tfstate"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
data "terraform_remote_state" "infrastructure_setup" {
|
||||||
|
backend = "local"
|
||||||
|
|
||||||
|
config = {
|
||||||
|
path = "../basic-infrastructure/terraform.tfstate"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Uses common_variables as module
|
||||||
|
#
|
||||||
|
module "common_variables" {
|
||||||
|
source = "../../modules/common_variables"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Module used
|
||||||
|
module "ssh_settings" {
|
||||||
|
source = "../../modules/ssh-key-ref"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_networking_secgroup_v2" "harbor_access_list" {
|
||||||
|
name = "harbor_access_list"
|
||||||
|
delete_default_rules = "true"
|
||||||
|
description = "Allowed connections to the harbor server"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_networking_secgroup_rule_v2" "access_to_the_harbor_server" {
|
||||||
|
for_each = toset([var.harbor_allowed_sources.infrascience_net, var.harbor_allowed_sources.openstack_production])
|
||||||
|
security_group_id = openstack_networking_secgroup_v2.harbor_access_list.id
|
||||||
|
description = "Access to the Harbor Server"
|
||||||
|
direction = "ingress"
|
||||||
|
ethertype = "IPv4"
|
||||||
|
protocol = "tcp"
|
||||||
|
port_range_min = 8080
|
||||||
|
port_range_max = 8080
|
||||||
|
remote_ip_prefix = each.value
|
||||||
|
}
|
||||||
|
|
||||||
|
# Block device
|
||||||
|
resource "openstack_blockstorage_volume_v3" "harbor_data_vol" {
|
||||||
|
name = var.harbor_data.vol_data_name
|
||||||
|
size = var.harbor_data.vol_data_size
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_blockstorage_volume_v3" "harbor_docker_vol" {
|
||||||
|
name = var.harbor_data.vol_docker_name
|
||||||
|
size = var.harbor_data.vol_docker_size
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Ports in the timescaleDB network
|
||||||
|
resource "openstack_networking_port_v2" "harbor_port_on_main_net" {
|
||||||
|
name = "harbor_port_on_main_net"
|
||||||
|
network_id = data.terraform_remote_state.privnet_dns_router.outputs.main_private_network_id
|
||||||
|
admin_state_up = "true"
|
||||||
|
fixed_ip {
|
||||||
|
subnet_id = data.terraform_remote_state.privnet_dns_router.outputs.main_subnet_network_id
|
||||||
|
}
|
||||||
|
security_group_ids = [
|
||||||
|
openstack_networking_secgroup_v2.harbor_access_list.id,
|
||||||
|
data.terraform_remote_state.infrastructure_setup.outputs.default_security_group.id
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
# Instance
|
||||||
|
resource "openstack_compute_instance_v2" "harbor_server" {
|
||||||
|
name = var.harbor_data.name
|
||||||
|
availability_zone_hints = module.common_variables.availability_zone_no_gpu_name
|
||||||
|
flavor_name = var.harbor_data.flavor
|
||||||
|
key_pair = module.ssh_settings.ssh_key_name
|
||||||
|
security_groups = [data.terraform_remote_state.infrastructure_setup.outputs.default_security_group.name, data.terraform_remote_state.infrastructure_setup.outputs.access_postgresql_security_group.name, openstack_networking_secgroup_v2.harbor_access_list.name]
|
||||||
|
block_device {
|
||||||
|
uuid = module.common_variables.ubuntu_2204.uuid
|
||||||
|
source_type = "image"
|
||||||
|
volume_size = 10
|
||||||
|
boot_index = 0
|
||||||
|
destination_type = "volume"
|
||||||
|
delete_on_termination = false
|
||||||
|
}
|
||||||
|
|
||||||
|
network {
|
||||||
|
name = module.common_variables.networks_with_d4s_services.infrascience_net
|
||||||
|
fixed_ip_v4 = var.harbor_data.server_ip
|
||||||
|
}
|
||||||
|
user_data = file("${module.common_variables.ubuntu2204_data_file}")
|
||||||
|
# Do not replace the instance when the ssh key changes
|
||||||
|
lifecycle {
|
||||||
|
ignore_changes = [
|
||||||
|
# Ignore changes to tags, e.g. because a management agent
|
||||||
|
# updates these based on some ruleset managed elsewhere.
|
||||||
|
key_pair, user_data, network
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_compute_volume_attach_v2" "harbor_data_attach_vol" {
|
||||||
|
instance_id = openstack_compute_instance_v2.harbor_server.id
|
||||||
|
volume_id = openstack_blockstorage_volume_v3.harbor_data_vol.id
|
||||||
|
device = var.harbor_data.vol_data_device
|
||||||
|
depends_on = [openstack_compute_instance_v2.harbor_server]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_compute_volume_attach_v2" "harbor_docker_attach_vol" {
|
||||||
|
instance_id = openstack_compute_instance_v2.harbor_server.id
|
||||||
|
volume_id = openstack_blockstorage_volume_v3.harbor_docker_vol.id
|
||||||
|
device = var.harbor_data.vol_docker_device
|
||||||
|
depends_on = [openstack_compute_instance_v2.harbor_server]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_compute_interface_attach_v2" "main_network_to_harbor" {
|
||||||
|
instance_id = openstack_compute_instance_v2.harbor_server.id
|
||||||
|
port_id = openstack_networking_port_v2.harbor_port_on_main_net.id
|
||||||
|
}
|
||||||
|
# Floating IP and DNS record
|
||||||
|
resource "openstack_networking_floatingip_v2" "harbor_ip" {
|
||||||
|
pool = data.terraform_remote_state.privnet_dns_router.outputs.floating_ip_pools.main_public_ip_pool
|
||||||
|
# The DNS association does not work because of a bug in the OpenStack API
|
||||||
|
description = "Harbor ip"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_networking_floatingip_associate_v2" "harbor_floatingip_associate" {
|
||||||
|
floating_ip = openstack_networking_floatingip_v2.harbor_ip.address
|
||||||
|
port_id = openstack_networking_port_v2.harbor_port_on_main_net.id
|
||||||
|
}
|
||||||
|
|
||||||
|
locals {
|
||||||
|
harbor_recordset_name = "harbor.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_dns_recordset_v2" "harbor_recordset" {
|
||||||
|
zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id
|
||||||
|
name = local.harbor_recordset_name
|
||||||
|
description = "Public IP address of the Harbor Server"
|
||||||
|
ttl = 8600
|
||||||
|
type = "A"
|
||||||
|
records = [openstack_networking_floatingip_v2.harbor_ip.address]
|
||||||
|
}
|
||||||
|
|
||||||
|
output "harbor_public_ip_address" {
|
||||||
|
value = openstack_networking_floatingip_v2.harbor_ip.address
|
||||||
|
}
|
||||||
|
|
||||||
|
output "harbor_hostname" {
|
||||||
|
value = openstack_dns_recordset_v2.harbor_recordset.name
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
provider "openstack" {
|
||||||
|
cloud = "d4s-production"
|
||||||
|
}
|
|
@ -0,0 +1,25 @@
|
||||||
|
#Harbor variables
|
||||||
|
|
||||||
|
variable "harbor_data" {
|
||||||
|
type = map(string)
|
||||||
|
default = {
|
||||||
|
name = "harbor-server"
|
||||||
|
flavor = "m1.xxl"
|
||||||
|
vol_data_name = "harbor-data"
|
||||||
|
vol_data_size = "10"
|
||||||
|
vol_data_device = "/dev/vdb"
|
||||||
|
vol_docker_name = "harbor-docker"
|
||||||
|
vol_docker_size = "500"
|
||||||
|
vol_docker_device = "/dev/vdc"
|
||||||
|
server_ip = "146.48.122.5"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "harbor_allowed_sources" {
|
||||||
|
type = map(string)
|
||||||
|
default = {
|
||||||
|
"infrascience_net" = "146.48.122.0/23"
|
||||||
|
"openstack_production" = "146.48.31.57/32"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue