diff --git a/openstack-tf/d4s-dev/project-setup/00-provider-configuration.tf b/openstack-tf/d4s-dev/project-setup/00-provider-configuration.tf new file mode 100644 index 0000000..d91da11 --- /dev/null +++ b/openstack-tf/d4s-dev/project-setup/00-provider-configuration.tf @@ -0,0 +1,16 @@ +# Define required providers +terraform { +required_version = ">= 0.14.0" + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } + } +} + +provider "openstack" { + cloud = "d4s-dev" +# cloud = "ISTI-Cloud" +} + diff --git a/openstack-tf/d4s-dev/project-setup/00-terraform-provider.tf b/openstack-tf/d4s-dev/project-setup/00-terraform-provider.tf deleted file mode 120000 index c094d20..0000000 --- a/openstack-tf/d4s-dev/project-setup/00-terraform-provider.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_variables/00-terraform-provider.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/project-setup/00-variables.tf b/openstack-tf/d4s-dev/project-setup/00-variables.tf deleted file mode 120000 index df2af10..0000000 --- a/openstack-tf/d4s-dev/project-setup/00-variables.tf +++ /dev/null @@ -1 +0,0 @@ -../variables/00-variables.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/project-setup/01-external-network-and-resolvers.tf b/openstack-tf/d4s-dev/project-setup/01-external-network-and-resolvers.tf deleted file mode 120000 index c53c78a..0000000 --- a/openstack-tf/d4s-dev/project-setup/01-external-network-and-resolvers.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_variables/01-external-network-and-resolvers.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/project-setup/10-main-network.tf b/openstack-tf/d4s-dev/project-setup/10-main-network.tf deleted file mode 120000 index ab1d8c7..0000000 --- a/openstack-tf/d4s-dev/project-setup/10-main-network.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/10-main-network.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/project-setup/network-setup.tf b/openstack-tf/d4s-dev/project-setup/network-setup.tf new file mode 100644 index 0000000..5fb7e06 --- /dev/null +++ b/openstack-tf/d4s-dev/project-setup/network-setup.tf @@ -0,0 +1,4 @@ +module "main-network" { + source = "../../modules/main_private_net_and_dns_zone" +} + diff --git a/openstack-tf/d4s-dev/project-setup/setup-provider.tf b/openstack-tf/d4s-dev/project-setup/setup-provider.tf deleted file mode 100644 index 303deb2..0000000 --- a/openstack-tf/d4s-dev/project-setup/setup-provider.tf +++ /dev/null @@ -1,5 +0,0 @@ -provider "openstack" { -# cloud = "d4s-dev" - cloud = "ISTI-Cloud" -} - diff --git a/openstack-tf/d4s-dev/project-setup/terraform.tfstate b/openstack-tf/d4s-dev/project-setup/terraform.tfstate index 68602d9..3edc0dd 100644 --- a/openstack-tf/d4s-dev/project-setup/terraform.tfstate +++ b/openstack-tf/d4s-dev/project-setup/terraform.tfstate @@ -1,8 +1,8 @@ { "version": 4, "terraform_version": "1.6.3", - "serial": 12, - "lineage": "8e064d5b-7e27-7da1-5aa2-330932157309", + "serial": 6, + "lineage": "194691ec-f344-4bd2-98ae-cbd15e9c9cdf", "outputs": { "dns_zone_id": { "value": "cbae638a-9d99-44aa-946c-0f5ffb7fc488", @@ -32,7 +32,7 @@ "schema_version": 0, "attributes": { "description": "ACME challenge delegation", - "disable_status_check": false, + "disable_status_check": null, "id": "cbae638a-9d99-44aa-946c-0f5ffb7fc488/5e69d2f7-1926-4a74-b0c4-ad675975c144", "name": "_acme-challenge.cloud-dev.d4science.org.", "project_id": "e8f8ca72f30648a8b389b4e745ac83a9", @@ -47,10 +47,7 @@ "zone_id": "cbae638a-9d99-44aa-946c-0f5ffb7fc488" }, "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_dns_zone_v2.primary_project_dns_zone" - ] + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMCJ9" } ] }, @@ -65,7 +62,7 @@ "attributes": { "attributes": {}, "description": "DNS primary zone for the d4s-dev-cloud project", - "disable_status_check": false, + "disable_status_check": null, "email": "postmaster@isti.cnr.it", "id": "cbae638a-9d99-44aa-946c-0f5ffb7fc488", "masters": [], @@ -78,7 +75,7 @@ "value_specs": null }, "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19" + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMCJ9" } ] }, @@ -118,7 +115,7 @@ "value_specs": null }, "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIwIn0=" } ] }, @@ -140,12 +137,7 @@ "timeouts": null }, "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIwIn0=", - "dependencies": [ - "openstack_networking_network_v2.main-private-network", - "openstack_networking_router_v2.external-router", - "openstack_networking_subnet_v2.main-private-subnet" - ] + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIwIn0=" } ] }, @@ -180,14 +172,10 @@ "tenant_id": "e8f8ca72f30648a8b389b4e745ac83a9", "timeouts": null, "value_specs": null, - "vendor_options": [ - { - "set_router_gateway_after_create": true - } - ] + "vendor_options": [] }, "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIwIn0=" } ] }, @@ -240,10 +228,7 @@ "value_specs": null }, "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", - "dependencies": [ - "openstack_networking_network_v2.main-private-network" - ] + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIwIn0=" } ] } diff --git a/openstack-tf/d4s-dev/variables/00-variables.tf b/openstack-tf/d4s-dev/variables/00-variables.tf index 1f6b8fa..be3755f 100644 --- a/openstack-tf/d4s-dev/variables/00-variables.tf +++ b/openstack-tf/d4s-dev/variables/00-variables.tf @@ -79,7 +79,7 @@ variable "basic_services_ip" { variable "main_haproxy_l7_ip" { type = list(string) - default = ["10.1.40.11", "10.1.40.12"] + default = ["10.1.28.50", "10.1.30.241"] } diff --git a/openstack-tf/d4s-production/project-setup/10-main-network.tf b/openstack-tf/d4s-production/project-setup/10-main-network.tf deleted file mode 120000 index ab1d8c7..0000000 --- a/openstack-tf/d4s-production/project-setup/10-main-network.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/10-main-network.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/project-setup/10-main-network.tf b/openstack-tf/d4s-production/project-setup/10-main-network.tf new file mode 100644 index 0000000..724ea60 --- /dev/null +++ b/openstack-tf/d4s-production/project-setup/10-main-network.tf @@ -0,0 +1,89 @@ +resource "openstack_dns_zone_v2" "primary_project_dns_zone" { + name = var.dns_zone.zone_name + email = var.dns_zone.email + description = var.dns_zone.description + project_id = var.os_project_data.id + ttl = var.dns_zone.ttl + type = "PRIMARY" +} + +resource "openstack_networking_network_v2" "main-private-network" { + name = var.main_private_network.name + admin_state_up = "true" + external = "false" + description = var.main_private_network.description + dns_domain = var.dns_zone.zone_name + mtu = var.mtu_size + port_security_enabled = true + shared = false + region = var.main_region + tenant_id = var.os_project_data.id +} + +resource "openstack_networking_subnet_v2" "main-private-subnet" { + name = var.main_private_subnet.name + description = var.main_private_subnet.description + network_id = openstack_networking_network_v2.main-private-network.id + cidr = var.main_private_subnet.cidr + gateway_ip = var.main_private_subnet.gateway_ip + dns_nameservers = var.resolvers_ip + ip_version = 4 + enable_dhcp = true + tenant_id = var.os_project_data.id + allocation_pool { + start = var.main_private_subnet.allocation_start + end = var.main_private_subnet.allocation_end + } +} + +resource "openstack_networking_router_v2" "external-router" { + name = var.external_router.name + description = var.external_router.description + external_network_id = var.external_network.id + tenant_id = var.os_project_data.id + enable_snat = true + vendor_options { + set_router_gateway_after_create = true + } +} + +# Router interface configuration +resource "openstack_networking_router_interface_v2" "private-network-routing" { + router_id = openstack_networking_router_v2.external-router.id + # router_id = var.external_router.id + subnet_id = openstack_networking_subnet_v2.main-private-subnet.id +} + +locals { + acme_challenge_recordset_name = "_acme-challenge.${var.dns_zone.zone_name}" + acme_challenge_delegation = "_acme-challenge.d4science.net." +} + +resource "openstack_dns_recordset_v2" "acme_challenge_recordset" { + zone_id = openstack_dns_zone_v2.primary_project_dns_zone.id + name = local.acme_challenge_recordset_name + description = "ACME challenge delegation" + ttl = 8600 + type = "CNAME" + records = ["_acme-challenge.d4science.net."] +} + +output "main_private_network_id" { + description = "Main private network id" + value = openstack_networking_network_v2.main-private-network.id +} + +output "main_subnet_network_id" { + description = "Main subnet network id" + value = openstack_networking_subnet_v2.main-private-subnet.id +} + +output "dns_zone_id" { + description = "Id of the new DNS zone" + value = openstack_dns_zone_v2.primary_project_dns_zone.id +} + +output "external_gateway_ip" { + description = "Public IP address of the external gateway" + value = openstack_networking_router_v2.external-router.external_fixed_ip[0].ip_address +} diff --git a/openstack-tf/d4s-production/ssh-keys-management/ssh-keys.tf b/openstack-tf/d4s-production/ssh-keys-management/ssh-keys.tf index b6adaff..73242b5 120000 --- a/openstack-tf/d4s-production/ssh-keys-management/ssh-keys.tf +++ b/openstack-tf/d4s-production/ssh-keys-management/ssh-keys.tf @@ -1 +1 @@ -../../common_setups/ssh-keys.tf \ No newline at end of file +../../modules/ssh_keys/ssh-keys.tf \ No newline at end of file diff --git a/openstack-tf/common_setups/10-main-network.tf b/openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf similarity index 93% rename from openstack-tf/common_setups/10-main-network.tf rename to openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf index 724ea60..2f8b386 100644 --- a/openstack-tf/common_setups/10-main-network.tf +++ b/openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf @@ -1,3 +1,13 @@ +# Define required providers +terraform { +required_version = ">= 0.14.0" + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } + } +} resource "openstack_dns_zone_v2" "primary_project_dns_zone" { name = var.dns_zone.zone_name email = var.dns_zone.email diff --git a/openstack-tf/modules/main_private_net_and_dns_zone/variables-external-network-and-resolvers.tf b/openstack-tf/modules/main_private_net_and_dns_zone/variables-external-network-and-resolvers.tf new file mode 100644 index 0000000..6df860a --- /dev/null +++ b/openstack-tf/modules/main_private_net_and_dns_zone/variables-external-network-and-resolvers.tf @@ -0,0 +1,50 @@ +# Global definitions +variable "main_region" { + type = string + default = "isti_area_pi_1" +} + +variable "external_network" { + type = map(string) + default = { + name = "external-network" + id = "1d2ff137-6ff7-4017-be2b-0d6c4af2353b" + } +} + +variable "floating_ip_pools" { + type = map(string) + default = { + main_public_ip_pool = "external-network" + } +} + +variable "resolvers_ip" { + type = list(string) + default = ["146.48.29.97", "146.48.29.98", "146.48.29.99"] +} + +variable "mtu_size" { + type = number + default = 8942 +} + +variable "availability_zones_names" { + type = map(string) + default = { + availability_zone_no_gpu = "cnr-isti-nova-a" + availability_zone_with_gpu = "cnr-isti-nova-gpu-a" + } +} + +variable "ssh_sources" { + type = map(string) + default = { + s2i2s_vpn_1_cidr = "146.48.28.10/32" + s2i2s_vpn_2_cidr = "146.48.28.11/32" + d4s_vpn_1_cidr = "146.48.122.27/32" + d4s_vpn_2_cidr = "146.48.122.49/32" + shell_d4s_cidr = "146.48.122.95/32" + infrascience_net_cidr = "146.48.122.0/23" + } +} diff --git a/openstack-tf/modules/main_private_net_and_dns_zone/variables.tf b/openstack-tf/modules/main_private_net_and_dns_zone/variables.tf new file mode 100644 index 0000000..be3755f --- /dev/null +++ b/openstack-tf/modules/main_private_net_and_dns_zone/variables.tf @@ -0,0 +1,95 @@ +variable "os_project_data" { + type = map(string) + default = { + id = "e8f8ca72f30648a8b389b4e745ac83a9" + } +} + +variable "dns_zone" { + type = map(string) + default = { + zone_name = "cloud-dev.d4science.org." + email = "postmaster@isti.cnr.it" + description = "DNS primary zone for the d4s-dev-cloud project" + ttl = 8600 + } +} + +variable "dns_zone_id" { + # Set with the correct value after the setup is complete + default = "" +} + +variable "main_private_network" { + type = map(string) + default = { + name = "d4s-dev-cloud-main" + description = "D4Science DEV private network (use this as the main network)" + } +} + +variable "main_private_network_id" { + # Set with the correct value after the setup is complete + default = "" +} + +variable "main_private_subnet" { + type = map(string) + default = { + name = "d4s-dev-cloud-sub" + description = "D4Science DEV main private subnet" + cidr = "10.1.28.0/22" + gateway_ip = "10.1.28.1" + allocation_start = "10.1.28.30" + allocation_end = "10.1.31.254" + } +} + +variable "main_private_subnet_id" { + # Set with the correct value after the setup is complete + default = "" +} + +variable "external_router" { + type = map(string) + default = { + name = "d4s-dev-cloud-external-router" + description = "D4Science DEV main router" + id = "2ae28c5f-036b-45db-bc9f-5bab8fa3e914" + } +} + +variable "basic_services_ip" { + type = map(string) + default = { + ca = "10.1.29.247" + ca_cidr = "10.1.29.247/32" + ssh_jump = "10.1.29.164" + ssh_jump_cidr = "10.1.29.164/32" + prometheus = "10.1.30.129" + prometheus_cidr = "10.1.30.129/32" + haproxy_l7_1 = "10.1.28.50" + haproxy_l7_1_cidr = "10.1.28.50/32" + haproxy_l7_2 = "10.1.30.241" + haproxy_l7_2_cidr = "10.1.30.241/32" + octavia_main = "10.1.28.227" + octavia_main_cidr = "10.1.28.227/32" + } +} + +variable "main_haproxy_l7_ip" { + type = list(string) + default = ["10.1.28.50", "10.1.30.241"] + +} + +variable "octavia_information" { + type = map(string) + default = { + main_lb_name = "lb-dev-l4" + main_lb_description = "Main L4 load balancer for the D4Science DEV" + octavia_flavor = "octavia_amphora-mvcpu-ha" + octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7" + main_lb_hostname = "main-lb" + } +} diff --git a/openstack-tf/common_setups/ssh-keys.tf b/openstack-tf/modules/ssh_keys/ssh-keys.tf similarity index 100% rename from openstack-tf/common_setups/ssh-keys.tf rename to openstack-tf/modules/ssh_keys/ssh-keys.tf