# Define required providers # terraform { # required_version = ">= 0.14.0" # required_providers { # openstack = { # source = "terraform-provider-openstack/openstack" # version = "~> 1.53.0" # } # } # } # # module "common_variables" { # source = "../../modules/common_variables" # } # # Server group # # resource "openstack_compute_servergroup_v2" "orientdb_cluster" { # name = "orientdb_cluster" # policies = ["soft-anti-affinity"] # } # # # # Network for the cluster traffic # # # resource "openstack_networking_network_v2" "orientdb_network" { # name = var.orientdb_net.network_name # admin_state_up = "true" # external = "false" # description = var.orientdb_net.network_description # mtu = module.common_variables.mtu_size_value # port_security_enabled = true # shared = false # region = module.common_variables.main_region_name # } # # Subnet # resource "openstack_networking_subnet_v2" "orientdb_subnet" { # name = "orientdb-subnet" # description = "Subnet used by the OrientDB service" # network_id = openstack_networking_network_v2.orientdb_network.id # cidr = var.orientdb_net.network_cidr # dns_nameservers = module.common_variables.resolvers_ip # ip_version = 4 # enable_dhcp = true # no_gateway = true # allocation_pool { # start = var.orientdb_net.allocation_pool_start # end = var.orientdb_net.allocation_pool_end # } # } # # # # Security groups # # # # Between OrientDB nodes # resource "openstack_networking_secgroup_v2" "orientdb_internal_traffic" { # name = "orientdb_internal_docker_traffic" # delete_default_rules = "true" # description = "Traffic between the OrientDB nodes" # } # resource "openstack_networking_secgroup_rule_v2" "everything_udp" { # count = var.orientdb_nodes_count # security_group_id = openstack_networking_secgroup_v2.orientdb_internal_traffic.id # description = "UDP traffic between OrientDB nodes" # direction = "ingress" # ethertype = "IPv4" # protocol = "udp" # remote_ip_prefix = var.orientdb_ip.*[count.index]/32 # } # resource "openstack_networking_secgroup_rule_v2" "everything_tcp" { # count = var.orientdb_nodes_count # security_group_id = openstack_networking_secgroup_v2.orientdb_internal_traffic.id # description = "TCP traffic between OrientDB nodes" # direction = "ingress" # ethertype = "IPv4" # protocol = "tcp" # remote_ip_prefix = var.orientdb_ip.*[count.index]/32 # } # resource "openstack_networking_secgroup_v2" "access_to_orientdb" { # name = "access_to_orientdb" # delete_default_rules = "true" # description = "Clients that talk to the OrientDB service" # } # resource "openstack_networking_secgroup_rule_v2" "access_to_orient_udp" { # security_group_id = openstack_networking_secgroup_v2.access_to_orientdb.id # description = "UDP traffic" # direction = "ingress" # ethertype = "IPv4" # protocol = "udp" # remote_ip_prefix = openstack_networking_subnet_v2.orientdb_subnet.cidr # } # resource "openstack_networking_secgroup_rule_v2" "access_to_orient_tcp" { # security_group_id = openstack_networking_secgroup_v2.access_to_orientdb.id # description = "TCP traffic" # direction = "ingress" # ethertype = "IPv4" # protocol = "tcp" # remote_ip_prefix = openstack_networking_subnet_v2.orientdb_subnet.cidr # } # # # # OrientDB # # # # Instance # resource "openstack_compute_instance_v2" "orientdb_servers" { # count = local.orientdb_nodes_count # name = format("%s-%02d", var.orientdb_data.node_name, count.index+1) # availability_zone_hints = module.common_variables.availability_zone_no_gpu_name # flavor_name = var.orientdb_data.node_flavor # key_pair = module.common_variables.ssh_key_file_config # security_groups = [openstack_networking_secgroup_v2.default.name,openstack_networking_secgroup_v2.orientdb_internal_traffic.name] # scheduler_hints { # group = openstack_compute_servergroup_v2.orientdb_cluster.id # } # block_device { # uuid = module.ubuntu2204.uuid # source_type = "image" # volume_size = 10 # boot_index = 0 # destination_type = "volume" # delete_on_termination = false # } # block_device { # source_type = "blank" # volume_size = var.orientdb_data.node_data_disk_size # boot_index = -1 # destination_type = "volume" # delete_on_termination = false # } # network { # name = var.main_private_network.name # } # network { # name = var.orientdb_net.network_name # fixed_ip_v4 = var.orientdb_ip.*[count.index] # } # user_data = "${file("${module.common_variables.ubuntu2204_datafile}")}" # depends_on = [ openstack_networking_subnet_v2.orientdb_subnet ] # } # locals { # orientdb_nodes_count = 3 # } # # Not using modules here # resource "openstack_compute_servergroup_v2" "orientdb_cluster" { name = "orientdb_cluster" policies = ["soft-anti-affinity"] } # # Network for the cluster traffic # resource "openstack_networking_network_v2" "orientdb_network" { name = var.orientdb_net.network_name admin_state_up = "true" external = "false" description = var.orientdb_net.network_description mtu = var.mtu_size port_security_enabled = true shared = false region = var.main_region } # Subnet resource "openstack_networking_subnet_v2" "orientdb_subnet" { name = "orientdb-subnet" description = "Subnet used by the OrientDB service" network_id = openstack_networking_network_v2.orientdb_network.id cidr = var.orientdb_net.network_cidr dns_nameservers = var.resolvers_ip ip_version = 4 enable_dhcp = true no_gateway = true allocation_pool { start = var.orientdb_net.allocation_pool_start end = var.orientdb_net.allocation_pool_end } } # # Network for the OrientDB SE # resource "openstack_networking_network_v2" "orientdb_se_network" { name = var.orientdb_se_net.network_name admin_state_up = "true" external = "false" description = var.orientdb_se_net.network_description mtu = var.mtu_size port_security_enabled = true shared = false region = var.main_region } # Subnet resource "openstack_networking_subnet_v2" "orientdb_se_subnet" { name = "orientdb-se-subnet" description = "Subnet used by the OrientDB for Smart Executor" network_id = openstack_networking_network_v2.orientdb_se_network.id cidr = var.orientdb_se_net.network_cidr dns_nameservers = var.resolvers_ip ip_version = 4 enable_dhcp = true no_gateway = true allocation_pool { start = var.orientdb_se_net.allocation_pool_start end = var.orientdb_se_net.allocation_pool_end } } # # Security groups # # Main OrientDB service # Between OrientDB nodes resource "openstack_networking_secgroup_v2" "orientdb_internal_traffic" { name = "orientdb_internal_docker_traffic" delete_default_rules = "true" description = "Traffic between the OrientDB nodes" } resource "openstack_networking_secgroup_rule_v2" "orientdb_ports" { count = var.orientdb_nodes_count security_group_id = openstack_networking_secgroup_v2.orientdb_internal_traffic.id description = "TCP traffic between OrientDB nodes" port_range_min = 2424 port_range_max = 2490 direction = "ingress" ethertype = "IPv4" protocol = "tcp" # remote_ip_prefix = format("%s-%02d", var.orientdb_ip, count.index+1, "/32") remote_ip_prefix = var.orientdb_cidr.*[count.index] } # Access from the clients resource "openstack_networking_secgroup_v2" "access_to_orientdb" { name = "access_to_orientdb" delete_default_rules = "true" description = "Clients that talk to the OrientDB service" } resource "openstack_networking_secgroup_rule_v2" "access_to_orient_from_clients" { for_each = toset([var.basic_services_ip.ssh_jump_cidr, openstack_networking_subnet_v2.orientdb_subnet.cidr]) security_group_id = openstack_networking_secgroup_v2.access_to_orientdb.id description = "TCP traffic from the resource registries and the SSH jump server" port_range_min = 2424 port_range_max = 2490 direction = "ingress" ethertype = "IPv4" protocol = "tcp" remote_ip_prefix = each.value } resource "openstack_networking_secgroup_rule_v2" "access_to_orient_from_haproxy" { for_each = toset( [var.basic_services_ip.haproxy_l7_1_cidr, var.basic_services_ip.haproxy_l7_2_cidr]) security_group_id = openstack_networking_secgroup_v2.access_to_orientdb.id description = "TCP traffic from the load balancers" port_range_min = 2424 port_range_max = 2424 direction = "ingress" ethertype = "IPv4" protocol = "tcp" remote_ip_prefix = each.value } # OrientDB for the Smart Executor nodes # Access from the clients resource "openstack_networking_secgroup_v2" "access_to_orientdb_se" { name = "access_to_orientdb_se" delete_default_rules = "true" description = "Clients that talk to the OrientDB service" } resource "openstack_networking_secgroup_rule_v2" "access_to_orient_se_from_clients" { for_each = toset([var.basic_services_ip.ssh_jump_cidr, openstack_networking_subnet_v2.orientdb_se_subnet.cidr]) security_group_id = openstack_networking_secgroup_v2.access_to_orientdb_se.id description = "TCP traffic from the resource registries and the SSH jump server" port_range_min = 2424 port_range_max = 2490 direction = "ingress" ethertype = "IPv4" protocol = "tcp" remote_ip_prefix = each.value } resource "openstack_networking_secgroup_rule_v2" "access_to_orient_se_from_haproxy" { for_each = toset( [var.basic_services_ip.haproxy_l7_1_cidr, var.basic_services_ip.haproxy_l7_2_cidr]) security_group_id = openstack_networking_secgroup_v2.access_to_orientdb_se.id description = "TCP traffic from the load balancers" port_range_min = 2424 port_range_max = 2424 direction = "ingress" ethertype = "IPv4" protocol = "tcp" remote_ip_prefix = each.value } # # OrientDB main cluster # # Instances used by the resource registry resource "openstack_compute_instance_v2" "orientdb_servers" { count = local.orientdb_nodes_count name = format("%s-%02d", var.orientdb_data.node_name, count.index+1) availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu flavor_name = var.orientdb_node_flavor key_pair = var.ssh_key_file.name security_groups = [var.default_security_group_name,openstack_networking_secgroup_v2.orientdb_internal_traffic.name,openstack_networking_secgroup_v2.access_to_orientdb.name] scheduler_hints { group = openstack_compute_servergroup_v2.orientdb_cluster.id } block_device { uuid = var.ubuntu_2204.uuid source_type = "image" volume_size = 10 boot_index = 0 destination_type = "volume" delete_on_termination = false } block_device { source_type = "blank" volume_size = var.orientdb_data.node_data_disk_size boot_index = -1 destination_type = "volume" delete_on_termination = false } network { name = var.main_private_network.name } network { name = var.orientdb_net.network_name fixed_ip_v4 = var.orientdb_ip.*[count.index] } user_data = "${file("${var.ubuntu2204_data_file}")}" depends_on = [ openstack_networking_subnet_v2.orientdb_subnet ] } # Instance used by the smart executors resource "openstack_compute_instance_v2" "orientdb_se_server" { name = "orientdb-se" availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu flavor_name = var.orientdb_se_node_flavor key_pair = var.ssh_key_file.name security_groups = [var.default_security_group_name,openstack_networking_secgroup_v2.access_to_orientdb_se.name] block_device { uuid = var.ubuntu_2204.uuid source_type = "image" volume_size = 10 boot_index = 0 destination_type = "volume" delete_on_termination = false } block_device { source_type = "blank" volume_size = var.orientdb_data.node_data_disk_size boot_index = -1 destination_type = "volume" delete_on_termination = false } network { name = var.main_private_network.name } network { name = var.orientdb_se_net.network_name fixed_ip_v4 = var.orientdb_se_ip } user_data = "${file("${var.ubuntu2204_data_file}")}" depends_on = [ openstack_networking_subnet_v2.orientdb_se_subnet ] } locals { orientdb_nodes_count = var.orientdb_nodes_count }