From c1d2408ae8ec12385225ab4a8276a5986f353ed8 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 19 Jun 2024 11:50:44 +0200 Subject: [PATCH] Public IP address for the static web VM. --- .../d4s-production/static-web/main.tf | 67 ++++--- .../static-web/terraform.tfstate | 164 +++++++++++++++--- 2 files changed, 180 insertions(+), 51 deletions(-) diff --git a/openstack-tf/d4s-production/static-web/main.tf b/openstack-tf/d4s-production/static-web/main.tf index b785970..c9e3ad3 100644 --- a/openstack-tf/d4s-production/static-web/main.tf +++ b/openstack-tf/d4s-production/static-web/main.tf @@ -9,8 +9,6 @@ terraform { } } - - data "terraform_remote_state" "privnet_dns_router" { backend = "local" @@ -26,23 +24,35 @@ module "common_variables" { source = "../../modules/common_variables" } - # Module used module "ssh_settings" { source = "../../modules/ssh-key-ref" } +# SSH access from everywhere +resource "openstack_networking_secgroup_v2" "static_web_ssh_from_outside" { + name = "static_web_ssh_from_outside" + delete_default_rules = "true" + description = "Access the static web VM from the Internet" +} - - - +resource "openstack_networking_secgroup_rule_v2" "static_web_public_ssh_access" { + security_group_id = openstack_networking_secgroup_v2.static_web_ssh_from_outside.id + description = "Access the static web VM from the Internet" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "0.0.0.0/0" +} # Instances resource "openstack_compute_instance_v2" "static_web_service" { name = "static-web" availability_zone_hints = module.common_variables.availability_zone_no_gpu_name flavor_name = module.common_variables.flavor_list.c1_small key_pair = module.ssh_settings.ssh_key_name - security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers] + security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers, openstack_networking_secgroup_v2.static_web_ssh_from_outside.name] block_device { uuid = module.common_variables.ubuntu_2204.uuid source_type = "image" @@ -60,7 +70,6 @@ resource "openstack_compute_instance_v2" "static_web_service" { } } - # user_data script used user_data = file("${module.common_variables.ubuntu_2204.user_data_file}") # Do not replace the instance when the ssh key changes @@ -73,26 +82,28 @@ resource "openstack_compute_instance_v2" "static_web_service" { } } - - -locals { - cname_target = "main-lb.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name}" +# Allocate a floating IP +resource "openstack_networking_floatingip_v2" "static_web_floating_ip" { + pool = data.terraform_remote_state.privnet_dns_router.outputs.floating_ip_pools.main_public_ip_pool + # The DNS association does not work because of a bug in the OpenStack API + # dns_name = "main-lb" + # dns_domain = var.dns_zone.zone_name + description = "Static Web VM public IP address" } -# -# Add DNS record/s -# -module "dns_records_create" { - source = "../../modules/dns_resources" - - dns_resources_map = { - static-web = { - zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id - name = join(".", ["static-web", data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name]) - description = "Static-Web service" - ttl = 8600 - type = "CNAME" - records = [local.cname_target] - } - } +resource "openstack_compute_floatingip_associate_v2" "static_web_ip" { + floating_ip = openstack_networking_floatingip_v2.static_web_floating_ip.address + instance_id = openstack_compute_instance_v2.static_web_service.id + depends_on = [openstack_networking_floatingip_v2.static_web_floating_ip] } + +resource "openstack_dns_recordset_v2" "static_web_dns_recordset" { + zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id + name = join(".", ["static-web", data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name]) + description = "Static Web Hostname" + ttl = 8600 + type = "A" + records = [openstack_networking_floatingip_v2.static_web_floating_ip.address] + depends_on = [openstack_networking_floatingip_v2.static_web_floating_ip] +} + diff --git a/openstack-tf/d4s-production/static-web/terraform.tfstate b/openstack-tf/d4s-production/static-web/terraform.tfstate index 83c0907..783a086 100644 --- a/openstack-tf/d4s-production/static-web/terraform.tfstate +++ b/openstack-tf/d4s-production/static-web/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, - "terraform_version": "1.6.4", - "serial": 19, + "terraform_version": "1.7.5", + "serial": 29, "lineage": "ff03bc33-bac1-cc22-30ba-8ec3ad084038", "outputs": {}, "resources": [ @@ -394,6 +394,34 @@ } ] }, + { + "mode": "managed", + "type": "openstack_compute_floatingip_associate_v2", + "name": "static_web_ip", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fixed_ip": "", + "floating_ip": "146.48.30.169", + "id": "146.48.30.169/cc6e4930-43c0-490c-869a-c00552dbd0b9/", + "instance_id": "cc6e4930-43c0-490c-869a-c00552dbd0b9", + "region": "isti_area_pi_1", + "timeouts": null, + "wait_until_associated": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_compute_instance_v2.static_web_service", + "openstack_networking_floatingip_v2.static_web_floating_ip", + "openstack_networking_secgroup_v2.static_web_ssh_from_outside" + ] + } + ] + }, { "mode": "managed", "type": "openstack_compute_instance_v2", @@ -456,18 +484,87 @@ "scheduler_hints": [], "security_groups": [ "default_for_all", + "static_web_ssh_from_outside", "traffic_from_the_main_load_balancers" ], "stop_before_destroy": false, - "tags": null, + "tags": [], "timeouts": null, "updated": "2024-04-29 14:40:47 +0000 UTC", - "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", + "user_data": "", "vendor_options": [], "volume": [] }, "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.static_web_ssh_from_outside" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_dns_recordset_v2", + "name": "static_web_dns_recordset", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Static Web Hostname", + "disable_status_check": false, + "id": "74135b34-1a9c-4c01-8cf0-22450a5660c4/ac85cf53-91aa-41ec-95a8-830e9b2007de", + "name": "static-web.cloud.d4science.org.", + "project_id": "1b45adf388934758b56d0dfdb4bfacf3", + "records": [ + "146.48.30.169" + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "A", + "value_specs": null, + "zone_id": "74135b34-1a9c-4c01-8cf0-22450a5660c4" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_floatingip_v2.static_web_floating_ip" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_floatingip_v2", + "name": "static_web_floating_ip", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "address": "146.48.30.169", + "all_tags": [], + "description": "Static Web VM public IP address", + "dns_domain": "", + "dns_name": "", + "fixed_ip": "10.1.43.93", + "id": "a5c2e4b7-1afd-437a-92ea-cb119e3c8cf2", + "pool": "external-network", + "port_id": "0885c795-d83b-4991-be5c-dc693af7e60f", + "region": "isti_area_pi_1", + "subnet_id": null, + "subnet_ids": null, + "tags": [], + "tenant_id": "1b45adf388934758b56d0dfdb4bfacf3", + "timeouts": null, + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", "dependencies": [ "data.terraform_remote_state.privnet_dns_router" ] @@ -475,38 +572,59 @@ ] }, { - "module": "module.dns_records_create", "mode": "managed", - "type": "openstack_dns_recordset_v2", - "name": "add_dns_recordset", + "type": "openstack_networking_secgroup_rule_v2", + "name": "static_web_public_ssh_access", "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", "instances": [ { - "index_key": "static-web", "schema_version": 0, "attributes": { - "description": "Static-Web service", - "disable_status_check": false, - "id": "74135b34-1a9c-4c01-8cf0-22450a5660c4/8b3c0ff8-72f3-4814-8832-0e3a24091721", - "name": "static-web.cloud.d4science.org.", - "project_id": "1b45adf388934758b56d0dfdb4bfacf3", - "records": [ - "main-lb.cloud.d4science.org." - ], + "description": "Access the static web VM from the Internet", + "direction": "ingress", + "ethertype": "IPv4", + "id": "a2ab2c54-ba6e-476d-80c3-f3d7ecda9314", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", "region": "isti_area_pi_1", - "timeouts": null, - "ttl": 8600, - "type": "CNAME", - "value_specs": null, - "zone_id": "74135b34-1a9c-4c01-8cf0-22450a5660c4" + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "bb1e11b2-0c13-45fc-b823-25605e969011", + "tenant_id": "1b45adf388934758b56d0dfdb4bfacf3", + "timeouts": null }, "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "openstack_networking_secgroup_v2.static_web_ssh_from_outside" ] } ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "static_web_ssh_from_outside", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Access the static web VM from the Internet", + "id": "bb1e11b2-0c13-45fc-b823-25605e969011", + "name": "static_web_ssh_from_outside", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "1b45adf388934758b56d0dfdb4bfacf3", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] } ], "check_results": null