Keycloak: add a nfs share for backward compatibility.

2024-05-28 18:55:18 +02:00 · 2024-05-28 18:55:18 +02:00 · c3ef9453ea
parent 129878d111
commit c3ef9453ea
3 changed files with 59 additions and 2 deletions
--- a/openstack-tf/modules/keycloak/keycloak-outputs.tf
+++ b/openstack-tf/modules/keycloak/keycloak-outputs.tf
@ -8,4 +8,17 @@ output "keycloak_recordsets" {

 output "keycloak_object_store" {
  value = var.keycloak_object_store
-}
+}
+
+output "nfs_port_data" {
+  value = openstack_compute_interface_attach_v2.nfs_port_to_keycloak
+}
+
+output "keycloak_nfs_volume_data" {
+  value = openstack_sharedfilesystem_share_v2.keycloak_static
+}
+
+output "keycloak_nfs_volume_acls" {
+  value = openstack_sharedfilesystem_share_access_v2.keycloak_nfs_share_access
+  sensitive = true
+}
--- a/openstack-tf/modules/keycloak/keycloak-variables.tf
+++ b/openstack-tf/modules/keycloak/keycloak-variables.tf
@ -6,7 +6,8 @@ variable "keycloak_data" {
    vm_count        = 1
    vm_flavor       = "m1.medium"
    boot_vol_size   = 10
-  }
+    share_description = "NFS share for the keycloak static data"
+    share_name = "keycloak_nfs_share"  }
 }

 variable "keycloak_recordsets" {
--- a/openstack-tf/modules/keycloak/keycloak.tf
+++ b/openstack-tf/modules/keycloak/keycloak.tf
@ -132,3 +132,46 @@ resource "openstack_dns_recordset_v2" "keycloak_dns_recordset" {
  type        = "CNAME"
  records     = [local.cname_target]
 }
+
+#
+# Manila NFS Share
+#
+# Managers
+resource "openstack_networking_port_v2" "keycloak_nfs_port" {
+  count          = var.keycloak_data.vm_count
+  name           = format("%s-%02d", var.keycloak_data.srv_name, count.index + 1)
+  network_id     = data.terraform_remote_state.privnet_dns_router.outputs.storage_nfs_network_id
+  admin_state_up = "true"
+  fixed_ip {
+    subnet_id = data.terraform_remote_state.privnet_dns_router.outputs.storage_nfs_subnet_id
+  }
+}
+
+resource "openstack_networking_port_secgroup_associate_v2" "keycloak_nfs_port_secgroup" {
+  count              = var.keycloak_data.vm_count
+  port_id            = openstack_networking_port_v2.keycloak_nfs_port[count.index].id
+  security_group_ids = [data.terraform_remote_state.privnet_dns_router.outputs.nfs_share_no_ingress_secgroup_id]
+}
+
+resource "openstack_compute_interface_attach_v2" "nfs_port_to_keycloak" {
+  count       = var.keycloak_data.vm_count
+  instance_id = openstack_compute_instance_v2.keycloak[count.index].id
+  port_id     = openstack_networking_port_v2.keycloak_nfs_port[count.index].id
+}
+
+# Create a NFS share
+resource "openstack_sharedfilesystem_share_v2" "keycloak_static" {
+  name        = var.keycloak_data.share_name
+  description = var.keycloak_data.share_description
+  share_proto = "NFS"
+  size        = 30
+}
+
+# Allow access to the NFS share
+resource "openstack_sharedfilesystem_share_access_v2" "keycloak_nfs_share_access" {
+  count       = var.keycloak_data.vm_count
+  share_id     = openstack_sharedfilesystem_share_v2.keycloak_static.id
+  access_type  = "ip"
+  access_to    = openstack_compute_interface_attach_v2.nfs_port_to_keycloak[count.index].fixed_ip
+  access_level = "rw"
+}