From c3ef9453ea3170bd4937c7b7aa870c02faa4d84f Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 28 May 2024 18:55:18 +0200 Subject: [PATCH] Keycloak: add a nfs share for backward compatibility. --- .../modules/keycloak/keycloak-outputs.tf | 15 ++++++- .../modules/keycloak/keycloak-variables.tf | 3 +- openstack-tf/modules/keycloak/keycloak.tf | 43 +++++++++++++++++++ 3 files changed, 59 insertions(+), 2 deletions(-) diff --git a/openstack-tf/modules/keycloak/keycloak-outputs.tf b/openstack-tf/modules/keycloak/keycloak-outputs.tf index c358bf8..e097763 100644 --- a/openstack-tf/modules/keycloak/keycloak-outputs.tf +++ b/openstack-tf/modules/keycloak/keycloak-outputs.tf @@ -8,4 +8,17 @@ output "keycloak_recordsets" { output "keycloak_object_store" { value = var.keycloak_object_store -} \ No newline at end of file +} + +output "nfs_port_data" { + value = openstack_compute_interface_attach_v2.nfs_port_to_keycloak +} + +output "keycloak_nfs_volume_data" { + value = openstack_sharedfilesystem_share_v2.keycloak_static +} + +output "keycloak_nfs_volume_acls" { + value = openstack_sharedfilesystem_share_access_v2.keycloak_nfs_share_access + sensitive = true +} diff --git a/openstack-tf/modules/keycloak/keycloak-variables.tf b/openstack-tf/modules/keycloak/keycloak-variables.tf index 368240b..e7fb545 100644 --- a/openstack-tf/modules/keycloak/keycloak-variables.tf +++ b/openstack-tf/modules/keycloak/keycloak-variables.tf @@ -6,7 +6,8 @@ variable "keycloak_data" { vm_count = 1 vm_flavor = "m1.medium" boot_vol_size = 10 - } + share_description = "NFS share for the keycloak static data" + share_name = "keycloak_nfs_share" } } variable "keycloak_recordsets" { diff --git a/openstack-tf/modules/keycloak/keycloak.tf b/openstack-tf/modules/keycloak/keycloak.tf index a47a525..63d8a9a 100644 --- a/openstack-tf/modules/keycloak/keycloak.tf +++ b/openstack-tf/modules/keycloak/keycloak.tf @@ -132,3 +132,46 @@ resource "openstack_dns_recordset_v2" "keycloak_dns_recordset" { type = "CNAME" records = [local.cname_target] } + +# +# Manila NFS Share +# +# Managers +resource "openstack_networking_port_v2" "keycloak_nfs_port" { + count = var.keycloak_data.vm_count + name = format("%s-%02d", var.keycloak_data.srv_name, count.index + 1) + network_id = data.terraform_remote_state.privnet_dns_router.outputs.storage_nfs_network_id + admin_state_up = "true" + fixed_ip { + subnet_id = data.terraform_remote_state.privnet_dns_router.outputs.storage_nfs_subnet_id + } +} + +resource "openstack_networking_port_secgroup_associate_v2" "keycloak_nfs_port_secgroup" { + count = var.keycloak_data.vm_count + port_id = openstack_networking_port_v2.keycloak_nfs_port[count.index].id + security_group_ids = [data.terraform_remote_state.privnet_dns_router.outputs.nfs_share_no_ingress_secgroup_id] +} + +resource "openstack_compute_interface_attach_v2" "nfs_port_to_keycloak" { + count = var.keycloak_data.vm_count + instance_id = openstack_compute_instance_v2.keycloak[count.index].id + port_id = openstack_networking_port_v2.keycloak_nfs_port[count.index].id +} + +# Create a NFS share +resource "openstack_sharedfilesystem_share_v2" "keycloak_static" { + name = var.keycloak_data.share_name + description = var.keycloak_data.share_description + share_proto = "NFS" + size = 30 +} + +# Allow access to the NFS share +resource "openstack_sharedfilesystem_share_access_v2" "keycloak_nfs_share_access" { + count = var.keycloak_data.vm_count + share_id = openstack_sharedfilesystem_share_v2.keycloak_static.id + access_type = "ip" + access_to = openstack_compute_interface_attach_v2.nfs_port_to_keycloak[count.index].fixed_ip + access_level = "rw" +} \ No newline at end of file