infrastructure-as-code/openstack-tf/modules/liferay/liferay.tf

#
# Liferay nodes
#
#
# Security group
#
resource "openstack_networking_secgroup_v2" "liferay_cluster_traffic" {
  name                 = "liferay_cluster_traffic"
  delete_default_rules = "true"
  description          = "Traffic between the Liferay cluster nodes"
}

resource "openstack_networking_secgroup_rule_v2" "traffic_between_liferay_nodes" {
  count             = var.liferay_data.vm_count
  security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id
  description       = "TCP traffic between liferay nodes"
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  remote_ip_prefix  = join("/", [element(var.liferay_ip_addrs.*, count.index), "32"])
}

resource "openstack_networking_secgroup_rule_v2" "udp_traffic_between_liferay_nodes" {
  count             = var.liferay_data.vm_count
  security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id
  description       = "UDP traffic between liferay nodes"
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "udp"
  remote_ip_prefix  = join("/", [element(var.liferay_ip_addrs.*, count.index), "32"])
}

resource "openstack_networking_secgroup_rule_v2" "igmp_ingress_between_liferay_nodes" {
  security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id
  description       = "Ingress IGMP traffic between liferay nodes"
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "igmp"
  remote_ip_prefix  = "0.0.0.0/0"
}

resource "openstack_networking_secgroup_rule_v2" "igmp_egress_between_liferay_nodes" {
  security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id
  description       = "Egress IGMP traffic between liferay nodes"
  direction         = "egress"
  ethertype         = "IPv4"
  protocol          = "igmp"
  remote_ip_prefix  = "0.0.0.0/0"
}

#
# Object storage container
#
# Creating object bucket to store avatars
#
# Note: No S3 for the time being
# resource "openstack_objectstorage_container_v1" "liferay" {
#   name   = "liferay-data"
#   versioning = true
# }

#
# Server group
#
resource "openstack_compute_servergroup_v2" "liferay" {
  name     = "liferay"
  policies = [var.liferay_data.affinity_policy]
}

# Instance(s)
resource "openstack_compute_instance_v2" "liferay" {
  count                   = var.liferay_data.vm_count
  name                    = format("%s-%02d", var.liferay_data.srv_name, count.index + 1)
  availability_zone_hints = module.common_variables.availability_zones_names.availability_zone_no_gpu
  flavor_name             = var.liferay_data.vm_flavor
  key_pair                = module.ssh_settings.ssh_key_name
  security_groups         = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, openstack_networking_secgroup_v2.liferay_cluster_traffic.name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers,module.common_variables.security_group_list.nfs_share_no_ingress]
  scheduler_hints {
    group = openstack_compute_servergroup_v2.liferay.id
  }
  block_device {
    uuid                  = data.terraform_remote_state.privnet_dns_router.outputs.ubuntu_1804.uuid
    source_type           = "image"
    volume_size           = var.liferay_data.boot_vol_size
    boot_index            = 0
    destination_type      = "volume"
    delete_on_termination = false
  }

  network {
    name        = data.terraform_remote_state.privnet_dns_router.outputs.main_private_network.name
    fixed_ip_v4 = var.liferay_ip_addrs.* [count.index]
  }
  network {
    name = module.common_variables.shared_postgresql_server_data.network_name
  }
  
  user_data = file("${data.terraform_remote_state.privnet_dns_router.outputs.ubuntu1804_data_file}")
  # Do not replace the instance when the ssh key changes
  lifecycle {
    ignore_changes = [
      # Ignore changes to tags, e.g. because a management agent
      # updates these based on some ruleset managed elsewhere.
      key_pair, user_data, network
    ]
  }
}

resource "openstack_dns_recordset_v2" "cdn_dns_recordset" {
  for_each = var.liferay_recordsets
  zone_id     = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id
  name        = each.value.name
  description = each.value.description
  ttl         = 8600
  type        = "CNAME"
  records     = [local.cname_target]
}

locals {
  cname_target     = "main-lb.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name}"
}

#
# Ports in the timescaleDB network
resource "openstack_networking_port_v2" "liferay_timescaledb_port" {
  count          = var.liferay_data.vm_count
  name           = format("%s-%02d", var.liferay_data.srv_name, count.index + 1)
  network_id     = data.terraform_remote_state.timescaledb.outputs.timescaledb_net.id
  admin_state_up = "true"
  fixed_ip {
    subnet_id = data.terraform_remote_state.timescaledb.outputs.timescaledb_subnet.id
  }
}

resource "openstack_compute_interface_attach_v2" "timescaledb_port_to_liferay" {
  count       = var.liferay_data.vm_count
  instance_id = openstack_compute_instance_v2.liferay[count.index].id
  port_id     = openstack_networking_port_v2.liferay_timescaledb_port[count.index].id
}

#
# Manila NFS Share
#
# Managers
resource "openstack_networking_port_v2" "liferay_nfs_port" {
  count          = var.liferay_data.vm_count
  name           = format("%s-%02d", var.liferay_data.srv_name, count.index + 1)
  network_id     = data.terraform_remote_state.privnet_dns_router.outputs.storage_nfs_network_id
  admin_state_up = "true"
  fixed_ip {
    subnet_id = data.terraform_remote_state.privnet_dns_router.outputs.storage_nfs_subnet_id
  }
}

resource "openstack_networking_port_secgroup_associate_v2" "liferay_nfs_port_secgroup" {
  count              = var.liferay_data.vm_count
  port_id            = openstack_networking_port_v2.liferay_nfs_port[count.index].id
  security_group_ids = [data.terraform_remote_state.privnet_dns_router.outputs.nfs_share_no_ingress_secgroup_id]
}

resource "openstack_compute_interface_attach_v2" "nfs_port_to_liferay" {
  count       = var.liferay_data.vm_count
  instance_id = openstack_compute_instance_v2.liferay[count.index].id
  port_id     = openstack_networking_port_v2.liferay_nfs_port[count.index].id
}

# Create a NFS share
resource "openstack_sharedfilesystem_share_v2" "liferay_static" {
  name        = var.liferay_data.share_name
  description = var.liferay_data.share_description
  share_proto = "NFS"
  size        = 30
}

# Allow access to the NFS share
resource "openstack_sharedfilesystem_share_access_v2" "liferay_nfs_share_access" {
  count       = var.liferay_data.vm_count
  share_id     = openstack_sharedfilesystem_share_v2.liferay_static.id
  access_type  = "ip"
  access_to    = openstack_compute_interface_attach_v2.nfs_port_to_liferay[count.index].fixed_ip
  access_level = "rw"
}