Public IP address for the static web VM.

This commit is contained in:
Andrea Dell'Amico 2024-06-19 11:50:44 +02:00
parent e164eacf0d
commit c1d2408ae8
Signed by: andrea.dellamico
GPG Key ID: 147ABE6CEB9E20FF
2 changed files with 180 additions and 51 deletions

View File

@ -9,8 +9,6 @@ terraform {
} }
} }
data "terraform_remote_state" "privnet_dns_router" { data "terraform_remote_state" "privnet_dns_router" {
backend = "local" backend = "local"
@ -26,23 +24,35 @@ module "common_variables" {
source = "../../modules/common_variables" source = "../../modules/common_variables"
} }
# Module used # Module used
module "ssh_settings" { module "ssh_settings" {
source = "../../modules/ssh-key-ref" source = "../../modules/ssh-key-ref"
} }
# SSH access from everywhere
resource "openstack_networking_secgroup_v2" "static_web_ssh_from_outside" {
name = "static_web_ssh_from_outside"
delete_default_rules = "true"
description = "Access the static web VM from the Internet"
}
resource "openstack_networking_secgroup_rule_v2" "static_web_public_ssh_access" {
security_group_id = openstack_networking_secgroup_v2.static_web_ssh_from_outside.id
description = "Access the static web VM from the Internet"
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 22
port_range_max = 22
remote_ip_prefix = "0.0.0.0/0"
}
# Instances # Instances
resource "openstack_compute_instance_v2" "static_web_service" { resource "openstack_compute_instance_v2" "static_web_service" {
name = "static-web" name = "static-web"
availability_zone_hints = module.common_variables.availability_zone_no_gpu_name availability_zone_hints = module.common_variables.availability_zone_no_gpu_name
flavor_name = module.common_variables.flavor_list.c1_small flavor_name = module.common_variables.flavor_list.c1_small
key_pair = module.ssh_settings.ssh_key_name key_pair = module.ssh_settings.ssh_key_name
security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers] security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers, openstack_networking_secgroup_v2.static_web_ssh_from_outside.name]
block_device { block_device {
uuid = module.common_variables.ubuntu_2204.uuid uuid = module.common_variables.ubuntu_2204.uuid
source_type = "image" source_type = "image"
@ -60,7 +70,6 @@ resource "openstack_compute_instance_v2" "static_web_service" {
} }
} }
# user_data script used # user_data script used
user_data = file("${module.common_variables.ubuntu_2204.user_data_file}") user_data = file("${module.common_variables.ubuntu_2204.user_data_file}")
# Do not replace the instance when the ssh key changes # Do not replace the instance when the ssh key changes
@ -73,26 +82,28 @@ resource "openstack_compute_instance_v2" "static_web_service" {
} }
} }
# Allocate a floating IP
resource "openstack_networking_floatingip_v2" "static_web_floating_ip" {
locals { pool = data.terraform_remote_state.privnet_dns_router.outputs.floating_ip_pools.main_public_ip_pool
cname_target = "main-lb.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name}" # The DNS association does not work because of a bug in the OpenStack API
# dns_name = "main-lb"
# dns_domain = var.dns_zone.zone_name
description = "Static Web VM public IP address"
} }
# resource "openstack_compute_floatingip_associate_v2" "static_web_ip" {
# Add DNS record/s floating_ip = openstack_networking_floatingip_v2.static_web_floating_ip.address
# instance_id = openstack_compute_instance_v2.static_web_service.id
module "dns_records_create" { depends_on = [openstack_networking_floatingip_v2.static_web_floating_ip]
source = "../../modules/dns_resources"
dns_resources_map = {
static-web = {
zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id
name = join(".", ["static-web", data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name])
description = "Static-Web service"
ttl = 8600
type = "CNAME"
records = [local.cname_target]
}
}
} }
resource "openstack_dns_recordset_v2" "static_web_dns_recordset" {
zone_id = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id
name = join(".", ["static-web", data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name])
description = "Static Web Hostname"
ttl = 8600
type = "A"
records = [openstack_networking_floatingip_v2.static_web_floating_ip.address]
depends_on = [openstack_networking_floatingip_v2.static_web_floating_ip]
}

View File

@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.6.4", "terraform_version": "1.7.5",
"serial": 19, "serial": 29,
"lineage": "ff03bc33-bac1-cc22-30ba-8ec3ad084038", "lineage": "ff03bc33-bac1-cc22-30ba-8ec3ad084038",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@ -394,6 +394,34 @@
} }
] ]
}, },
{
"mode": "managed",
"type": "openstack_compute_floatingip_associate_v2",
"name": "static_web_ip",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"fixed_ip": "",
"floating_ip": "146.48.30.169",
"id": "146.48.30.169/cc6e4930-43c0-490c-869a-c00552dbd0b9/",
"instance_id": "cc6e4930-43c0-490c-869a-c00552dbd0b9",
"region": "isti_area_pi_1",
"timeouts": null,
"wait_until_associated": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router",
"openstack_compute_instance_v2.static_web_service",
"openstack_networking_floatingip_v2.static_web_floating_ip",
"openstack_networking_secgroup_v2.static_web_ssh_from_outside"
]
}
]
},
{ {
"mode": "managed", "mode": "managed",
"type": "openstack_compute_instance_v2", "type": "openstack_compute_instance_v2",
@ -456,18 +484,87 @@
"scheduler_hints": [], "scheduler_hints": [],
"security_groups": [ "security_groups": [
"default_for_all", "default_for_all",
"static_web_ssh_from_outside",
"traffic_from_the_main_load_balancers" "traffic_from_the_main_load_balancers"
], ],
"stop_before_destroy": false, "stop_before_destroy": false,
"tags": null, "tags": [],
"timeouts": null, "timeouts": null,
"updated": "2024-04-29 14:40:47 +0000 UTC", "updated": "2024-04-29 14:40:47 +0000 UTC",
"user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", "user_data": "",
"vendor_options": [], "vendor_options": [],
"volume": [] "volume": []
}, },
"sensitive_attributes": [], "sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.static_web_ssh_from_outside"
]
}
]
},
{
"mode": "managed",
"type": "openstack_dns_recordset_v2",
"name": "static_web_dns_recordset",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "Static Web Hostname",
"disable_status_check": false,
"id": "74135b34-1a9c-4c01-8cf0-22450a5660c4/ac85cf53-91aa-41ec-95a8-830e9b2007de",
"name": "static-web.cloud.d4science.org.",
"project_id": "1b45adf388934758b56d0dfdb4bfacf3",
"records": [
"146.48.30.169"
],
"region": "isti_area_pi_1",
"timeouts": null,
"ttl": 8600,
"type": "A",
"value_specs": null,
"zone_id": "74135b34-1a9c-4c01-8cf0-22450a5660c4"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_floatingip_v2.static_web_floating_ip"
]
}
]
},
{
"mode": "managed",
"type": "openstack_networking_floatingip_v2",
"name": "static_web_floating_ip",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"address": "146.48.30.169",
"all_tags": [],
"description": "Static Web VM public IP address",
"dns_domain": "",
"dns_name": "",
"fixed_ip": "10.1.43.93",
"id": "a5c2e4b7-1afd-437a-92ea-cb119e3c8cf2",
"pool": "external-network",
"port_id": "0885c795-d83b-4991-be5c-dc693af7e60f",
"region": "isti_area_pi_1",
"subnet_id": null,
"subnet_ids": null,
"tags": [],
"tenant_id": "1b45adf388934758b56d0dfdb4bfacf3",
"timeouts": null,
"value_specs": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=",
"dependencies": [ "dependencies": [
"data.terraform_remote_state.privnet_dns_router" "data.terraform_remote_state.privnet_dns_router"
] ]
@ -475,38 +572,59 @@
] ]
}, },
{ {
"module": "module.dns_records_create",
"mode": "managed", "mode": "managed",
"type": "openstack_dns_recordset_v2", "type": "openstack_networking_secgroup_rule_v2",
"name": "add_dns_recordset", "name": "static_web_public_ssh_access",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [ "instances": [
{ {
"index_key": "static-web",
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"description": "Static-Web service", "description": "Access the static web VM from the Internet",
"disable_status_check": false, "direction": "ingress",
"id": "74135b34-1a9c-4c01-8cf0-22450a5660c4/8b3c0ff8-72f3-4814-8832-0e3a24091721", "ethertype": "IPv4",
"name": "static-web.cloud.d4science.org.", "id": "a2ab2c54-ba6e-476d-80c3-f3d7ecda9314",
"project_id": "1b45adf388934758b56d0dfdb4bfacf3", "port_range_max": 22,
"records": [ "port_range_min": 22,
"main-lb.cloud.d4science.org." "protocol": "tcp",
],
"region": "isti_area_pi_1", "region": "isti_area_pi_1",
"timeouts": null, "remote_group_id": "",
"ttl": 8600, "remote_ip_prefix": "0.0.0.0/0",
"type": "CNAME", "security_group_id": "bb1e11b2-0c13-45fc-b823-25605e969011",
"value_specs": null, "tenant_id": "1b45adf388934758b56d0dfdb4bfacf3",
"zone_id": "74135b34-1a9c-4c01-8cf0-22450a5660c4" "timeouts": null
}, },
"sensitive_attributes": [], "sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [ "dependencies": [
"data.terraform_remote_state.privnet_dns_router" "openstack_networking_secgroup_v2.static_web_ssh_from_outside"
] ]
} }
] ]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_v2",
"name": "static_web_ssh_from_outside",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_tags": [],
"delete_default_rules": true,
"description": "Access the static web VM from the Internet",
"id": "bb1e11b2-0c13-45fc-b823-25605e969011",
"name": "static_web_ssh_from_outside",
"region": "isti_area_pi_1",
"tags": [],
"tenant_id": "1b45adf388934758b56d0dfdb4bfacf3",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ=="
}
]
} }
], ],
"check_results": null "check_results": null