From 17be36fbd4114a7492fce162597e5c1ec426a8c4 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 29 Nov 2023 18:01:34 +0100 Subject: [PATCH] Some refactoring. And another attempt at modules. --- .../common_setups/25-ssh-jump-proxy.tf | 2 +- openstack-tf/common_setups/30-internal-ca.tf | 2 +- openstack-tf/common_setups/35-prometheus.tf | 2 +- openstack-tf/common_setups/40-postgresql.tf | 2 +- openstack-tf/common_setups/45-haproxy.tf | 2 +- .../.terraform.lock.hcl | 24 + .../15-security-groups.tf | 0 .../20-octavia.tf | 0 .../25-ssh-jump-proxy.tf | 0 .../30-internal-ca.tf | 0 .../35-prometheus.tf | 0 .../40-postgresql.tf | 0 .../45-haproxy.tf | 0 .../basic-infrastructure-no-modules/README.md | 11 + .../basic-infrastructure-no-modules/main.tf | 28 + .../outputs.tf | 1 + .../preprod.auto.tfvars | 1 + .../provider.tf | 3 + .../terraform.tfstate | 3476 +++++++++++++++++ .../variables.tf | 1 + .../00-terraform-provider.tf | 1 - .../basic-infrastructure/00-variables.tf | 1 - .../01-external-network-and-resolvers.tf | 1 - .../05-projects-and-users-vars.tf | 1 - .../d4s-preprod/basic-infrastructure/main.tf | 22 + .../basic-infrastructure/terraform.tfstate | 593 ++- .../project-setup/00-terraform-provider.tf | 1 - .../d4s-preprod/project-setup/00-variables.tf | 1 - .../01-external-network-and-resolvers.tf | 1 - .../project-setup/10-main-network.tf | 1 - .../d4s-preprod/project-setup/main.tf | 18 + .../project-setup/main_network_dns_zone.tf | 1 + .../d4s-preprod/project-setup/outputs.tf | 1 + .../project-setup/preprod.auto.tfvars | 1 + .../project-setup/terraform.tfstate | 203 +- .../d4s-preprod/project-setup/variables.tf | 1 + .../ssh-keys-management/.terraform.lock.hcl | 24 + .../00-terraform-provider.tf | 1 - .../05-projects-and-users-vars.tf | 1 - .../d4s-preprod/ssh-keys-management/main.tf | 30 + .../ssh-keys-management/provider.tf | 3 + .../ssh-keys-management/ssh-keys.tf | 1 - .../ssh-keys-management/terraform.tfstate | 157 + .../d4s-preprod/variables/outputs-preprod.tf | 7 + .../d4s-preprod/variables/preprod.auto.tfvars | 93 + .../{00-variables.tf => variables-preprod.tf} | 39 +- .../variables/variables-production.tf | 1 - .../modules/common_variables/outputs.tf | 139 +- .../modules/common_variables/variables.tf | 106 + .../modules/d4science_infra_setup/haproxy.tf | 138 + .../d4science_infra_setup/internal-ca.tf | 21 + .../modules/d4science_infra_setup/octavia.tf | 186 + .../d4science_infra_setup/postgresql.tf | 87 + .../d4science_infra_setup/prometheus.tf | 68 + .../d4science_infra_setup/security-groups.tf | 373 ++ .../d4science_infra_setup/ssh-jump-proxy.tf | 47 + .../terraform-provider.tf | 27 + .../main_network_dns_zone.tf | 31 +- .../variables.tf | 65 - openstack-tf/modules/ssh_keys/ssh-keys.tf | 21 +- 60 files changed, 5592 insertions(+), 477 deletions(-) create mode 100644 openstack-tf/d4s-preprod/basic-infrastructure-no-modules/.terraform.lock.hcl rename openstack-tf/d4s-preprod/{basic-infrastructure => basic-infrastructure-no-modules}/15-security-groups.tf (100%) rename openstack-tf/d4s-preprod/{basic-infrastructure => basic-infrastructure-no-modules}/20-octavia.tf (100%) rename openstack-tf/d4s-preprod/{basic-infrastructure => basic-infrastructure-no-modules}/25-ssh-jump-proxy.tf (100%) rename openstack-tf/d4s-preprod/{basic-infrastructure => basic-infrastructure-no-modules}/30-internal-ca.tf (100%) rename openstack-tf/d4s-preprod/{basic-infrastructure => basic-infrastructure-no-modules}/35-prometheus.tf (100%) rename openstack-tf/d4s-preprod/{basic-infrastructure => basic-infrastructure-no-modules}/40-postgresql.tf (100%) rename openstack-tf/d4s-preprod/{basic-infrastructure => basic-infrastructure-no-modules}/45-haproxy.tf (100%) create mode 100644 openstack-tf/d4s-preprod/basic-infrastructure-no-modules/README.md create mode 100644 openstack-tf/d4s-preprod/basic-infrastructure-no-modules/main.tf create mode 120000 openstack-tf/d4s-preprod/basic-infrastructure-no-modules/outputs.tf create mode 120000 openstack-tf/d4s-preprod/basic-infrastructure-no-modules/preprod.auto.tfvars create mode 100644 openstack-tf/d4s-preprod/basic-infrastructure-no-modules/provider.tf create mode 100644 openstack-tf/d4s-preprod/basic-infrastructure-no-modules/terraform.tfstate create mode 120000 openstack-tf/d4s-preprod/basic-infrastructure-no-modules/variables.tf delete mode 120000 openstack-tf/d4s-preprod/basic-infrastructure/00-terraform-provider.tf delete mode 120000 openstack-tf/d4s-preprod/basic-infrastructure/00-variables.tf delete mode 120000 openstack-tf/d4s-preprod/basic-infrastructure/01-external-network-and-resolvers.tf delete mode 120000 openstack-tf/d4s-preprod/basic-infrastructure/05-projects-and-users-vars.tf create mode 100644 openstack-tf/d4s-preprod/basic-infrastructure/main.tf delete mode 120000 openstack-tf/d4s-preprod/project-setup/00-terraform-provider.tf delete mode 120000 openstack-tf/d4s-preprod/project-setup/00-variables.tf delete mode 120000 openstack-tf/d4s-preprod/project-setup/01-external-network-and-resolvers.tf delete mode 120000 openstack-tf/d4s-preprod/project-setup/10-main-network.tf create mode 100644 openstack-tf/d4s-preprod/project-setup/main.tf create mode 120000 openstack-tf/d4s-preprod/project-setup/main_network_dns_zone.tf create mode 120000 openstack-tf/d4s-preprod/project-setup/outputs.tf create mode 120000 openstack-tf/d4s-preprod/project-setup/preprod.auto.tfvars create mode 120000 openstack-tf/d4s-preprod/project-setup/variables.tf create mode 100644 openstack-tf/d4s-preprod/ssh-keys-management/.terraform.lock.hcl delete mode 120000 openstack-tf/d4s-preprod/ssh-keys-management/00-terraform-provider.tf delete mode 120000 openstack-tf/d4s-preprod/ssh-keys-management/05-projects-and-users-vars.tf create mode 100644 openstack-tf/d4s-preprod/ssh-keys-management/main.tf create mode 100644 openstack-tf/d4s-preprod/ssh-keys-management/provider.tf delete mode 120000 openstack-tf/d4s-preprod/ssh-keys-management/ssh-keys.tf create mode 100644 openstack-tf/d4s-preprod/ssh-keys-management/terraform.tfstate create mode 100644 openstack-tf/d4s-preprod/variables/outputs-preprod.tf create mode 100644 openstack-tf/d4s-preprod/variables/preprod.auto.tfvars rename openstack-tf/d4s-preprod/variables/{00-variables.tf => variables-preprod.tf} (79%) create mode 100644 openstack-tf/modules/d4science_infra_setup/haproxy.tf create mode 100644 openstack-tf/modules/d4science_infra_setup/internal-ca.tf create mode 100644 openstack-tf/modules/d4science_infra_setup/octavia.tf create mode 100644 openstack-tf/modules/d4science_infra_setup/postgresql.tf create mode 100644 openstack-tf/modules/d4science_infra_setup/prometheus.tf create mode 100644 openstack-tf/modules/d4science_infra_setup/security-groups.tf create mode 100644 openstack-tf/modules/d4science_infra_setup/ssh-jump-proxy.tf create mode 100644 openstack-tf/modules/d4science_infra_setup/terraform-provider.tf delete mode 100644 openstack-tf/modules/main_private_net_and_dns_zone/variables.tf diff --git a/openstack-tf/common_setups/25-ssh-jump-proxy.tf b/openstack-tf/common_setups/25-ssh-jump-proxy.tf index 92d3cb5b..7f8097ee 100644 --- a/openstack-tf/common_setups/25-ssh-jump-proxy.tf +++ b/openstack-tf/common_setups/25-ssh-jump-proxy.tf @@ -3,7 +3,7 @@ resource "openstack_compute_instance_v2" "ssh_jump_proxy" { name = var.ssh_jump_proxy.name availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu flavor_name = var.ssh_jump_proxy.flavor - key_pair = var.ssh_key_file.name + key_pair = module.ssh_settings.ssh_key_name security_groups = [var.default_security_group_name,openstack_networking_secgroup_v2.access_to_the_jump_proxy.name] block_device { uuid = var.ubuntu_2204.uuid diff --git a/openstack-tf/common_setups/30-internal-ca.tf b/openstack-tf/common_setups/30-internal-ca.tf index b3ab313a..b346b5f1 100644 --- a/openstack-tf/common_setups/30-internal-ca.tf +++ b/openstack-tf/common_setups/30-internal-ca.tf @@ -2,7 +2,7 @@ resource "openstack_compute_instance_v2" "internal_ca" { name = var.internal_ca_data.name availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu flavor_name = var.internal_ca_data.flavor - key_pair = var.ssh_key_file.name + key_pair = module.ssh_settings.ssh_key_name security_groups = [var.default_security_group_name] block_device { uuid = var.ubuntu_2204.uuid diff --git a/openstack-tf/common_setups/35-prometheus.tf b/openstack-tf/common_setups/35-prometheus.tf index 9c75f3f5..62c7d084 100644 --- a/openstack-tf/common_setups/35-prometheus.tf +++ b/openstack-tf/common_setups/35-prometheus.tf @@ -8,7 +8,7 @@ resource "openstack_compute_instance_v2" "prometheus_server" { name = var.prometheus_server_data.name availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu flavor_name = var.prometheus_server_data.flavor - key_pair = var.ssh_key_file.name + key_pair = module.ssh_settings.ssh_key_name security_groups = [var.default_security_group_name,openstack_networking_secgroup_v2.restricted_web.name,openstack_networking_secgroup_v2.prometheus_access_from_grafana.name] block_device { uuid = var.ubuntu_2204.uuid diff --git a/openstack-tf/common_setups/40-postgresql.tf b/openstack-tf/common_setups/40-postgresql.tf index 3d748e93..083e47c0 100644 --- a/openstack-tf/common_setups/40-postgresql.tf +++ b/openstack-tf/common_setups/40-postgresql.tf @@ -57,7 +57,7 @@ resource "openstack_compute_instance_v2" "shared_postgresql_server" { name = var.shared_postgresql_server_data.name availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu flavor_name = var.shared_postgresql_server_data.flavor - key_pair = var.ssh_key_file.name + key_pair = module.ssh_settings.ssh_key_name security_groups = [var.default_security_group_name,openstack_networking_secgroup_v2.shared_postgresql_access.name] block_device { uuid = var.ubuntu_2204.uuid diff --git a/openstack-tf/common_setups/45-haproxy.tf b/openstack-tf/common_setups/45-haproxy.tf index c04543d6..2d8a729b 100644 --- a/openstack-tf/common_setups/45-haproxy.tf +++ b/openstack-tf/common_setups/45-haproxy.tf @@ -115,7 +115,7 @@ resource "openstack_compute_instance_v2" "main_haproxy_l7" { name = format("%s-%02d", var.haproxy_l7_data.name, count.index+1) availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu flavor_name = var.haproxy_l7_data.flavor - key_pair = var.ssh_key_file.name + key_pair = module.ssh_settings.ssh_key_name security_groups = [var.default_security_group_name,openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.name] scheduler_hints { group = openstack_compute_servergroup_v2.main_haproxy_l7.id diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/.terraform.lock.hcl b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/.terraform.lock.hcl new file mode 100644 index 00000000..46d2bb65 --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/.terraform.lock.hcl @@ -0,0 +1,24 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/terraform-provider-openstack/openstack" { + version = "1.53.0" + constraints = "~> 1.53.0" + hashes = [ + "h1:ZSJPqrlaHQ3sj7wyJuPSG+NblFZbAA6Y0d3GjSJf3o8=", + "zh:09da7ca98ffd3de7b9ce36c4c13446212a6e763ba1162be71b50f95d453cb68e", + "zh:14041bcbb87312411d88612056ed185650bfd01284b8ea0761ce8105a331708e", + "zh:35bf4c788fdbc17c8e40ebc7b33c7de4b45a2fa2efaa657b10f0e3bd37c9627f", + "zh:46ede8ef4cfa12d654c538afc1e1ec34a1f3e8eb4e986ee23dceae398b7176a6", + "zh:59675734990dab1e8d87997853ea75e8104bba730b3f5a7146ac735540c9d6bf", + "zh:6de52428849806498670e827b54810be7510a2a79449602c1aede4235a0ec036", + "zh:78b2a20601272afceffac8f8ca78a6b647b84196c0dd8dc710fae297f6be15a4", + "zh:7c41ed3a4fac09677e676ecf9f9edd1e38eef449e656cb01a848d2c799c6de8f", + "zh:852800228f4118a4aa6cfaa4468b851247cbed6f037fd204f08de69eb1edc149", + "zh:86d618e7f9a07d978b8bc4b190be350a00de64ec535f9c8f5dfe133542a55483", + "zh:963a9e72b66d8bcf43de9b14a674ae3ca3719ce2f829217f7a65b66fc3773397", + "zh:a8e72ab67795071bda61f99a6de3d2d40122fb51971768fd75e1324abe874ced", + "zh:ce1890cf3af17d569af3bc7673cec0a8f78e6f5d701767593f3d29c551f44848", + "zh:e6f1b96eb684f527a47f71923f268c86a36d7894751b31ee9e726d7502a639cd", + ] +} diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/15-security-groups.tf b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/15-security-groups.tf similarity index 100% rename from openstack-tf/d4s-preprod/basic-infrastructure/15-security-groups.tf rename to openstack-tf/d4s-preprod/basic-infrastructure-no-modules/15-security-groups.tf diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/20-octavia.tf b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/20-octavia.tf similarity index 100% rename from openstack-tf/d4s-preprod/basic-infrastructure/20-octavia.tf rename to openstack-tf/d4s-preprod/basic-infrastructure-no-modules/20-octavia.tf diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/25-ssh-jump-proxy.tf b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/25-ssh-jump-proxy.tf similarity index 100% rename from openstack-tf/d4s-preprod/basic-infrastructure/25-ssh-jump-proxy.tf rename to openstack-tf/d4s-preprod/basic-infrastructure-no-modules/25-ssh-jump-proxy.tf diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/30-internal-ca.tf b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/30-internal-ca.tf similarity index 100% rename from openstack-tf/d4s-preprod/basic-infrastructure/30-internal-ca.tf rename to openstack-tf/d4s-preprod/basic-infrastructure-no-modules/30-internal-ca.tf diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/35-prometheus.tf b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/35-prometheus.tf similarity index 100% rename from openstack-tf/d4s-preprod/basic-infrastructure/35-prometheus.tf rename to openstack-tf/d4s-preprod/basic-infrastructure-no-modules/35-prometheus.tf diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/40-postgresql.tf b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/40-postgresql.tf similarity index 100% rename from openstack-tf/d4s-preprod/basic-infrastructure/40-postgresql.tf rename to openstack-tf/d4s-preprod/basic-infrastructure-no-modules/40-postgresql.tf diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/45-haproxy.tf b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/45-haproxy.tf similarity index 100% rename from openstack-tf/d4s-preprod/basic-infrastructure/45-haproxy.tf rename to openstack-tf/d4s-preprod/basic-infrastructure-no-modules/45-haproxy.tf diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/README.md b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/README.md new file mode 100644 index 00000000..01a121df --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/README.md @@ -0,0 +1,11 @@ +# Main services + +* Load balancer as a service (openstack), L4. + +> * Main HAPROXY load balancer + +* Two VMs as HAPROXY L7 instances for the main services. The dataminers will be also served by this load balancer. +* A shell server, with floating IP address, that will be used as a proxy to reach all the other VMs. +* A internal CA service. +* A Prometheus instance. +* A PostgreSQL server instance, with a dedicated network diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/main.tf b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/main.tf new file mode 100644 index 00000000..509fa0eb --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/main.tf @@ -0,0 +1,28 @@ +# Define required providers +terraform { +required_version = ">= 0.14.0" + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } + } +} + +data "terraform_remote_state" "privnet_dns_router" { + backend = "local" + + config = { + path = "../project-setup/terraform.tfstate" + } +} + +# module "ssh_settings" { +# source = "../../modules/ssh-key-ref" +# } +# module "common_variables" { +# source = "../../modules/common_variables" +# } +#module "d4science_infra_setup" { +# source = "../../modules/d4science_infra_setup" +#} diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/outputs.tf b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/outputs.tf new file mode 120000 index 00000000..5c8e7fba --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/outputs.tf @@ -0,0 +1 @@ +../../modules/common_variables/outputs.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/preprod.auto.tfvars b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/preprod.auto.tfvars new file mode 120000 index 00000000..5f628cbf --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/preprod.auto.tfvars @@ -0,0 +1 @@ +../variables/preprod.auto.tfvars \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/provider.tf b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/provider.tf new file mode 100644 index 00000000..b23015cc --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/provider.tf @@ -0,0 +1,3 @@ +provider "openstack" { + cloud = "d4s-pre" +} diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/terraform.tfstate b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/terraform.tfstate new file mode 100644 index 00000000..6c3c5645 --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/terraform.tfstate @@ -0,0 +1,3476 @@ +{ + "version": 4, + "terraform_version": "1.6.4", + "serial": 219, + "lineage": "6a53b692-c1a8-ed53-bc6c-b7fb5e017eb8", + "outputs": { + "almalinux_9": { + "value": { + "name": "AlmaLinux-9.0-20220718", + "uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688" + }, + "type": [ + "map", + "string" + ] + }, + "availability_zone_no_gpu_name": { + "value": "cnr-isti-nova-a", + "type": "string" + }, + "availability_zone_with_gpu_name": { + "value": "cnr-isti-nova-gpu-a", + "type": "string" + }, + "availability_zones_names": { + "value": { + "availability_zone_no_gpu": "cnr-isti-nova-a", + "availability_zone_with_gpu": "cnr-isti-nova-gpu-a" + }, + "type": [ + "map", + "string" + ] + }, + "basic_services_ip": { + "value": { + "ca": "10.1.32.4", + "ca_cidr": "10.1.32.4/32", + "haproxy_l7_1": "10.1.32.11", + "haproxy_l7_1_cidr": "10.1.32.11/32", + "haproxy_l7_2": "10.1.32.12", + "haproxy_l7_2_cidr": "10.1.32.12/32", + "octavia_main": "10.1.32.20", + "octavia_main_cidr": "10.1.32.20/32", + "prometheus": "10.1.32.10", + "prometheus_cidr": "10.1.32.10/32", + "ssh_jump": "10.1.32.5", + "ssh_jump_cidr": "10.1.32.5/32" + }, + "type": [ + "map", + "string" + ] + }, + "centos_7": { + "value": { + "name": "CentOS-7", + "uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" + }, + "type": [ + "map", + "string" + ] + }, + "default_security_group_name": { + "value": "default_for_all", + "type": "string" + }, + "dns_zone": { + "value": { + "description": "DNS primary zone for the d4s-pre-cloud project", + "email": "postmaster@isti.cnr.it", + "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c", + "ttl": "8600", + "zone_name": "cloud-pre.d4science.org." + }, + "type": [ + "map", + "string" + ] + }, + "dns_zone_id": { + "value": "c1a4b4bc-f167-4387-855d-38f0f99ca05c", + "type": "string" + }, + "el7_data_file": { + "value": "../../openstack_vm_data_scripts/el7.sh", + "type": "string" + }, + "external_network": { + "value": { + "id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "name": "external-network" + }, + "type": [ + "map", + "string" + ] + }, + "external_network_id": { + "value": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "type": "string" + }, + "external_router": { + "value": { + "description": "D4Science Preprod main router", + "id": "cc26064a-bb08-4c0b-929f-d0cb39f934a3", + "name": "d4s-pre-cloud-external-router" + }, + "type": [ + "map", + "string" + ] + }, + "floating_ip_pools": { + "value": { + "main_public_ip_pool": "external-network" + }, + "type": [ + "map", + "string" + ] + }, + "haproxy_l7_data": { + "value": { + "flavor": "m1.medium", + "haproxy_1": "haproxy-l7-1", + "haproxy_2": "haproxy-l7-2", + "name": "main-haproxy-l7", + "vm_count": "2" + }, + "type": [ + "map", + "string" + ] + }, + "internal_ca_data": { + "value": { + "flavor": "m1.small", + "name": "ca" + }, + "type": [ + "map", + "string" + ] + }, + "main_haproxy_l7_ip": { + "value": [ + "10.1.32.11", + "10.1.32.12" + ], + "type": [ + "list", + "string" + ] + }, + "main_loadbalancer_ip": { + "value": "10.1.32.20", + "type": "string" + }, + "main_private_network": { + "value": { + "description": "D4Science Preprod private network (use this as the main network)", + "name": "d4s-pre-cloud-main" + }, + "type": [ + "object", + { + "description": "string", + "name": "string" + } + ] + }, + "main_private_network_id": { + "value": "23fd8a99-d551-4ada-8d3a-9859542ebb8c", + "type": "string" + }, + "main_private_subnet": { + "value": { + "allocation_end": "10.1.35.254", + "allocation_start": "10.1.32.100", + "cidr": "10.1.32.0/22", + "description": "D4Science Preprod main private subnet", + "gateway_ip": "10.1.32.1", + "name": "d4s-pre-cloud-main-subnet" + }, + "type": [ + "map", + "string" + ] + }, + "main_private_subnet_id": { + "value": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04", + "type": "string" + }, + "main_region": { + "value": "isti_area_pi_1", + "type": "string" + }, + "mtu_size": { + "value": 8942, + "type": "number" + }, + "networks_with_d4s_services": { + "value": { + "garr_ct1_net": "90.147.166.0/23", + "garr_na_net": "90.147.152.0/24", + "garr_pa1_net": "90.147.188.0/23", + "infrascience_net": "146.48.122.0/23", + "isti_net": "146.48.80.0/21", + "s2i2s_net": "146.48.28.0/22" + }, + "type": [ + "map", + "string" + ] + }, + "octavia_information": { + "value": { + "main_lb_description": "Main L4 load balancer for the D4Science PRE production", + "main_lb_hostname": "main-lb", + "main_lb_name": "d4s-pre-cloud-l4-load-balancer", + "octavia_flavor": "octavia_amphora-mvcpu-ha", + "octavia_flavor_id": "394988b5-6603-4a1e-a939-8e177c6681c7", + "octavia_vrrp_ip_1": "10.1.34.232/32", + "octavia_vrrp_ip_2": "10.1.33.229/32", + "swarm_lb_name": "d4s-pre-cloud-l4-swarm-load-balancer" + }, + "type": [ + "map", + "string" + ] + }, + "os_project_data": { + "value": { + "id": "6fdc02e2827b405dad99f34698659742" + }, + "type": [ + "map", + "string" + ] + }, + "prometheus_server_data": { + "value": { + "flavor": "m1.medium", + "name": "prometheus", + "public_grafana_server_cidr": "146.48.122.132/32", + "vol_data_device": "/dev/vdb", + "vol_data_name": "prometheus-data", + "vol_data_size": "100" + }, + "type": [ + "map", + "string" + ] + }, + "resolvers_ip": { + "value": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "type": [ + "list", + "string" + ] + }, + "resource_registry_addresses": { + "value": {}, + "type": [ + "map", + "string" + ] + }, + "shared_postgresql_server_data": { + "value": { + "allocation_pool_end": "192.168.3.254", + "allocation_pool_start": "192.168.0.100", + "flavor": "m1.medium", + "name": "shared-postgresql-server", + "network_cidr": "192.168.0.0/22", + "network_description": "Network used to communicate with the shared postgresql service", + "network_name": "postgresql-srv-net", + "server_cidr": "192.168.0.5/22", + "server_ip": "192.168.0.5", + "vol_data_device": "/dev/vdb", + "vol_data_name": "shared-postgresql-data", + "vol_data_size": "100" + }, + "type": [ + "map", + "string" + ] + }, + "smartexecutor_addresses": { + "value": {}, + "type": [ + "map", + "string" + ] + }, + "ssh_jump_proxy": { + "value": { + "flavor": "m2.small", + "name": "ssh-jump-proxy" + }, + "type": [ + "map", + "string" + ] + }, + "ssh_sources": { + "value": { + "d4s_vpn_1_cidr": "146.48.122.27/32", + "d4s_vpn_2_cidr": "146.48.122.49/32", + "infrascience_net_cidr": "146.48.122.0/23", + "s2i2s_vpn_1_cidr": "146.48.28.10/32", + "s2i2s_vpn_2_cidr": "146.48.28.11/32", + "shell_d4s_cidr": "146.48.122.95/32" + }, + "type": [ + "map", + "string" + ] + }, + "ubuntu1804_data_file": { + "value": "../../openstack_vm_data_scripts/ubuntu1804.sh", + "type": "string" + }, + "ubuntu2204_data_file": { + "value": "../../openstack_vm_data_scripts/ubuntu2204.sh", + "type": "string" + }, + "ubuntu_1804": { + "value": { + "name": "Ubuntu-Bionic-18.04", + "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" + }, + "type": [ + "map", + "string" + ] + }, + "ubuntu_2204": { + "value": { + "name": "Ubuntu-Jammy-22.04", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" + }, + "type": [ + "map", + "string" + ] + } + }, + "resources": [ + { + "mode": "data", + "type": "terraform_remote_state", + "name": "privnet_dns_router", + "provider": "provider[\"terraform.io/builtin/terraform\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "backend": "local", + "config": { + "value": { + "path": "../project-setup/terraform.tfstate" + }, + "type": [ + "object", + { + "path": "string" + } + ] + }, + "defaults": null, + "outputs": { + "value": { + "almalinux9_img": { + "name": "AlmaLinux-9.0-20220718", + "uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688" + }, + "availability_zone_no_gpu_name": "cnr-isti-nova-a", + "availability_zone_with_gpu_name": "cnr-isti-nova-gpu-a", + "centos7_img": { + "name": "CentOS-7", + "uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" + }, + "dns_zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c", + "el7_datafile": "../../openstack_vm_data_scripts/el7.sh", + "external_gateway_ip": "146.48.30.241", + "external_network_id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "external_network_name": "external-network", + "main_private_network_id": "23fd8a99-d551-4ada-8d3a-9859542ebb8c", + "main_region_name": "isti_area_pi_1", + "main_subnet_network_id": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04", + "mtu_size_value": 8942, + "resolvers_ip": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "ssh_sources_list": { + "d4s_vpn_1_cidr": "146.48.122.27/32", + "d4s_vpn_2_cidr": "146.48.122.49/32", + "infrascience_net_cidr": "146.48.122.0/23", + "s2i2s_vpn_1_cidr": "146.48.28.10/32", + "s2i2s_vpn_2_cidr": "146.48.28.11/32", + "shell_d4s_cidr": "146.48.122.95/32" + }, + "ubuntu1804_datafile": "../../openstack_vm_data_scripts/ubuntu1804.sh", + "ubuntu1804_img": { + "name": "Ubuntu-Bionic-18.04", + "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" + }, + "ubuntu2204_datafile": "../../openstack_vm_data_scripts/ubuntu2204.sh", + "ubuntu2204_img": { + "name": "Ubuntu-Jammy-22.04", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" + } + }, + "type": [ + "object", + { + "almalinux9_img": [ + "map", + "string" + ], + "availability_zone_no_gpu_name": "string", + "availability_zone_with_gpu_name": "string", + "centos7_img": [ + "map", + "string" + ], + "dns_zone_id": "string", + "el7_datafile": "string", + "external_gateway_ip": "string", + "external_network_id": "string", + "external_network_name": "string", + "main_private_network_id": "string", + "main_region_name": "string", + "main_subnet_network_id": "string", + "mtu_size_value": "number", + "resolvers_ip": [ + "list", + "string" + ], + "ssh_sources_list": [ + "map", + "string" + ], + "ubuntu1804_datafile": "string", + "ubuntu1804_img": [ + "map", + "string" + ], + "ubuntu2204_datafile": "string", + "ubuntu2204_img": [ + "map", + "string" + ] + } + ] + }, + "workspace": null + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "managed", + "type": "openstack_blockstorage_volume_v3", + "name": "prometheus_data_vol", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "attachment": [ + { + "device": "/dev/vdb", + "id": "82e89633-3a48-4ede-9acf-41145f88f5a7", + "instance_id": "3759635e-239f-4026-a668-450b58a8eaac" + } + ], + "availability_zone": "nova", + "consistency_group_id": null, + "description": "", + "enable_online_resize": null, + "id": "82e89633-3a48-4ede-9acf-41145f88f5a7", + "image_id": null, + "metadata": {}, + "multiattach": null, + "name": "prometheus-data", + "region": "isti_area_pi_1", + "scheduler_hints": [], + "size": 100, + "snapshot_id": "", + "source_replica": null, + "source_vol_id": "", + "timeouts": null, + "volume_type": "cephUnencrypted" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "mode": "managed", + "type": "openstack_blockstorage_volume_v3", + "name": "shared_postgresql_data_vol", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "attachment": [ + { + "device": "/dev/vdb", + "id": "1b6dcdbc-c293-438f-a017-291f63bfce18", + "instance_id": "9ede65c7-70ca-4698-8551-754aa4f6fa1e" + } + ], + "availability_zone": "nova", + "consistency_group_id": null, + "description": "", + "enable_online_resize": null, + "id": "1b6dcdbc-c293-438f-a017-291f63bfce18", + "image_id": null, + "metadata": {}, + "multiattach": null, + "name": "shared-postgresql-data", + "region": "isti_area_pi_1", + "scheduler_hints": [], + "size": 100, + "snapshot_id": "", + "source_replica": null, + "source_vol_id": "", + "timeouts": null, + "volume_type": "cephUnencrypted" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_floatingip_associate_v2", + "name": "prometheus_server", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fixed_ip": "", + "floating_ip": "146.48.29.203", + "id": "146.48.29.203/3759635e-239f-4026-a668-450b58a8eaac/", + "instance_id": "3759635e-239f-4026-a668-450b58a8eaac", + "region": "isti_area_pi_1", + "timeouts": null, + "wait_until_associated": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_compute_instance_v2.prometheus_server", + "openstack_networking_floatingip_v2.prometheus_server_ip", + "openstack_networking_secgroup_v2.prometheus_access_from_grafana", + "openstack_networking_secgroup_v2.restricted_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_floatingip_associate_v2", + "name": "ssh_jump_proxy", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fixed_ip": "", + "floating_ip": "146.48.30.140", + "id": "146.48.30.140/a9698890-cab3-4566-8539-198c05cbe456/", + "instance_id": "a9698890-cab3-4566-8539-198c05cbe456", + "region": "isti_area_pi_1", + "timeouts": null, + "wait_until_associated": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_compute_instance_v2.ssh_jump_proxy", + "openstack_networking_floatingip_v2.ssh_jump_proxy_ip", + "openstack_networking_secgroup_v2.access_to_the_jump_proxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_instance_v2", + "name": "internal_ca", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.1.32.4", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", + "volume_size": 10, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2023-11-05 13:37:35 +0000 UTC", + "flavor_id": "2", + "flavor_name": "m1.small", + "floating_ip": null, + "force_delete": false, + "id": "b353a0f2-7c52-4eb7-a714-b91775acc2a5", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "adellam", + "metadata": null, + "name": "ca", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.1.32.4", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:db:f0:02", + "name": "d4s-pre-cloud-main", + "port": "", + "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [], + "security_groups": [ + "default_for_all" + ], + "stop_before_destroy": false, + "tags": [], + "timeouts": null, + "updated": "2023-11-05 13:38:26 +0000 UTC", + "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19" + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_instance_v2", + "name": "main_haproxy_l7", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.1.32.11", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", + "volume_size": 10, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2023-11-29 16:30:52 +0000 UTC", + "flavor_id": "4", + "flavor_name": "m1.medium", + "floating_ip": null, + "force_delete": false, + "id": "15d40030-a532-44f5-8993-39a82c4b78f0", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "adellam", + "metadata": null, + "name": "main-haproxy-l7-01", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.1.32.11", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:4e:42:1d", + "name": "d4s-pre-cloud-main", + "port": "", + "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [ + { + "additional_properties": {}, + "build_near_host_ip": "", + "different_cell": [], + "different_host": [], + "group": "796fad91-fa0c-459b-9402-e8ba87aae810", + "query": [], + "same_host": [], + "target_cell": "" + } + ], + "security_groups": [ + "default_for_all", + "traffic_from_main_lb_to_haproxy_l7" + ], + "stop_before_destroy": false, + "tags": [], + "timeouts": null, + "updated": "2023-11-29 16:31:31 +0000 UTC", + "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_compute_servergroup_v2.main_haproxy_l7", + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.1.32.12", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", + "volume_size": 10, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2023-11-29 16:30:52 +0000 UTC", + "flavor_id": "4", + "flavor_name": "m1.medium", + "floating_ip": null, + "force_delete": false, + "id": "440355f9-ea65-42e1-a1c6-921b8c77d58c", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "adellam", + "metadata": null, + "name": "main-haproxy-l7-02", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.1.32.12", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:82:68:bf", + "name": "d4s-pre-cloud-main", + "port": "", + "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [ + { + "additional_properties": {}, + "build_near_host_ip": "", + "different_cell": [], + "different_host": [], + "group": "796fad91-fa0c-459b-9402-e8ba87aae810", + "query": [], + "same_host": [], + "target_cell": "" + } + ], + "security_groups": [ + "default_for_all", + "traffic_from_main_lb_to_haproxy_l7" + ], + "stop_before_destroy": false, + "tags": [], + "timeouts": null, + "updated": "2023-11-29 16:31:38 +0000 UTC", + "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_compute_servergroup_v2.main_haproxy_l7", + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_instance_v2", + "name": "prometheus_server", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.1.32.10", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", + "volume_size": 10, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2023-11-05 13:37:35 +0000 UTC", + "flavor_id": "4", + "flavor_name": "m1.medium", + "floating_ip": null, + "force_delete": false, + "id": "3759635e-239f-4026-a668-450b58a8eaac", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "adellam", + "metadata": null, + "name": "prometheus", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.1.32.10", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:18:c6:58", + "name": "d4s-pre-cloud-main", + "port": "", + "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [], + "security_groups": [ + "default_for_all", + "prometheus_access_from_grafana", + "restricted_web_service" + ], + "stop_before_destroy": false, + "tags": [], + "timeouts": null, + "updated": "2023-11-05 14:24:55 +0000 UTC", + "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_networking_secgroup_v2.prometheus_access_from_grafana", + "openstack_networking_secgroup_v2.restricted_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_instance_v2", + "name": "shared_postgresql_server", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.1.34.99", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", + "volume_size": 10, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2023-11-05 14:54:15 +0000 UTC", + "flavor_id": "4", + "flavor_name": "m1.medium", + "floating_ip": null, + "force_delete": false, + "id": "9ede65c7-70ca-4698-8551-754aa4f6fa1e", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "adellam", + "metadata": null, + "name": "shared-postgresql-server", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.1.34.99", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:cd:83:b4", + "name": "d4s-pre-cloud-main", + "port": "", + "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" + }, + { + "access_network": false, + "fixed_ip_v4": "192.168.0.5", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:a1:1e:ba", + "name": "postgresql-srv-net", + "port": "", + "uuid": "e25395f4-f1aa-4819-b5a5-36d25ee5af54" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [], + "security_groups": [ + "access_to_the_shared_postgresql_service", + "default_for_all" + ], + "stop_before_destroy": false, + "tags": [], + "timeouts": null, + "updated": "2023-11-05 14:54:48 +0000 UTC", + "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_networking_secgroup_v2.shared_postgresql_access" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_instance_v2", + "name": "ssh_jump_proxy", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.1.32.5", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", + "volume_size": 30, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2023-11-05 13:37:34 +0000 UTC", + "flavor_id": "10", + "flavor_name": "m2.small", + "floating_ip": null, + "force_delete": false, + "id": "a9698890-cab3-4566-8539-198c05cbe456", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "adellam", + "metadata": null, + "name": "ssh-jump-proxy", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.1.32.5", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:52:d0:e8", + "name": "d4s-pre-cloud-main", + "port": "", + "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [], + "security_groups": [ + "default_for_all", + "ssh_access_to_the_jump_node" + ], + "stop_before_destroy": false, + "tags": [], + "timeouts": null, + "updated": "2023-11-05 13:38:23 +0000 UTC", + "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_networking_secgroup_v2.access_to_the_jump_proxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_servergroup_v2", + "name": "main_haproxy_l7", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "796fad91-fa0c-459b-9402-e8ba87aae810", + "members": [ + "440355f9-ea65-42e1-a1c6-921b8c77d58c", + "15d40030-a532-44f5-8993-39a82c4b78f0" + ], + "name": "main_haproxy_l7", + "policies": [ + "anti-affinity" + ], + "region": "isti_area_pi_1", + "rules": [ + { + "max_server_per_host": 0 + } + ], + "value_specs": null + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_volume_attach_v2", + "name": "prometheus_data_attach_vol", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "device": "/dev/vdb", + "id": "3759635e-239f-4026-a668-450b58a8eaac/82e89633-3a48-4ede-9acf-41145f88f5a7", + "instance_id": "3759635e-239f-4026-a668-450b58a8eaac", + "multiattach": null, + "region": "isti_area_pi_1", + "timeouts": null, + "vendor_options": [], + "volume_id": "82e89633-3a48-4ede-9acf-41145f88f5a7" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "openstack_blockstorage_volume_v3.prometheus_data_vol", + "openstack_compute_instance_v2.prometheus_server", + "openstack_networking_secgroup_v2.prometheus_access_from_grafana", + "openstack_networking_secgroup_v2.restricted_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_compute_volume_attach_v2", + "name": "shared_postgresql_data_attach_vol", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "device": "/dev/vdb", + "id": "9ede65c7-70ca-4698-8551-754aa4f6fa1e/1b6dcdbc-c293-438f-a017-291f63bfce18", + "instance_id": "9ede65c7-70ca-4698-8551-754aa4f6fa1e", + "multiattach": null, + "region": "isti_area_pi_1", + "timeouts": null, + "vendor_options": [], + "volume_id": "1b6dcdbc-c293-438f-a017-291f63bfce18" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "openstack_blockstorage_volume_v3.shared_postgresql_data_vol", + "openstack_compute_instance_v2.shared_postgresql_server", + "openstack_networking_secgroup_v2.shared_postgresql_access" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_dns_recordset_v2", + "name": "alertmanager_server_recordset", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Prometheus alertmanager", + "disable_status_check": false, + "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c/949fc061-a783-4b22-8412-29b33263aafd", + "name": "alertmanager.cloud-pre.d4science.org.", + "project_id": "6fdc02e2827b405dad99f34698659742", + "records": [ + "prometheus.cloud-pre.d4science.org." + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "CNAME", + "value_specs": null, + "zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19" + } + ] + }, + { + "mode": "managed", + "type": "openstack_dns_recordset_v2", + "name": "main_lb_dns_recordset", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Public IP address of the main load balancer", + "disable_status_check": false, + "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c/e308b8b3-e408-45a9-b4e6-7879dacf010c", + "name": "main-lb.cloud-pre.d4science.org.", + "project_id": "6fdc02e2827b405dad99f34698659742", + "records": [ + "146.48.30.235" + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "A", + "value_specs": null, + "zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_networking_floatingip_v2.main_lb_ip" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_dns_recordset_v2", + "name": "prometheus_server_recordset", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Public IP address of the Prometheus server", + "disable_status_check": false, + "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c/e7f40c87-1dd1-491d-84a5-5f5206642024", + "name": "prometheus.cloud-pre.d4science.org.", + "project_id": "6fdc02e2827b405dad99f34698659742", + "records": [ + "146.48.29.203" + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "A", + "value_specs": null, + "zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_networking_floatingip_v2.prometheus_server_ip" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_dns_recordset_v2", + "name": "ssh_jump_proxy_recordset", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Public IP address of the SSH Proxy Jump server", + "disable_status_check": false, + "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c/af3483f0-aab1-4661-8a2d-b7ee1eb30961", + "name": "ssh-jump-proxy.cloud-pre.d4science.org.", + "project_id": "6fdc02e2827b405dad99f34698659742", + "records": [ + "146.48.30.140" + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "A", + "value_specs": null, + "zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_networking_floatingip_v2.ssh_jump_proxy_ip" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_listener_v2", + "name": "main_haproxy_http_listener", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "allowed_cidrs": [], + "connection_limit": -1, + "default_pool_id": "ea4e23f4-3655-43b2-acce-a5ef0919b4f8", + "default_tls_container_ref": "", + "description": "HTTP listener of the main HAPROXY instances", + "id": "3901f110-7c96-4317-926b-37260ea4afa4", + "insert_headers": {}, + "loadbalancer_id": "420fb3bd-a91e-41d2-8189-100a6272bf82", + "name": "main_haproxy_http_listener", + "protocol": "TCP", + "protocol_port": 80, + "region": "isti_area_pi_1", + "sni_container_refs": [], + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeout_client_data": 50000, + "timeout_member_connect": 5000, + "timeout_member_data": 50000, + "timeout_tcp_inspect": 0, + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_lb_loadbalancer_v2.main_lb" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_listener_v2", + "name": "main_haproxy_https_listener", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "allowed_cidrs": [], + "connection_limit": -1, + "default_pool_id": "f92a755d-257b-48e5-bb8c-b871ce88070a", + "default_tls_container_ref": "", + "description": "HTTPS listener of the main HAPROXY instances", + "id": "c4ea6eb4-5fb0-43ed-8e09-d06f22dd03be", + "insert_headers": {}, + "loadbalancer_id": "420fb3bd-a91e-41d2-8189-100a6272bf82", + "name": "main_haproxy_https_listener", + "protocol": "TCP", + "protocol_port": 443, + "region": "isti_area_pi_1", + "sni_container_refs": [], + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeout_client_data": 50000, + "timeout_member_connect": 5000, + "timeout_member_data": 50000, + "timeout_tcp_inspect": 0, + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_lb_loadbalancer_v2.main_lb" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_listener_v2", + "name": "main_haproxy_stats_listener", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "allowed_cidrs": [ + "146.48.122.27/32", + "146.48.122.49/32", + "146.48.28.10/32", + "146.48.28.11/32" + ], + "connection_limit": -1, + "default_pool_id": "ab1a2ff1-638e-4308-bc01-5c673454aea2", + "default_tls_container_ref": "", + "description": "Listener for the stats of the main HAPROXY instances", + "id": "3470d39d-bdac-4b58-8a83-c659b653235d", + "insert_headers": {}, + "loadbalancer_id": "420fb3bd-a91e-41d2-8189-100a6272bf82", + "name": "main_haproxy_stats_listener", + "protocol": "TCP", + "protocol_port": 8880, + "region": "isti_area_pi_1", + "sni_container_refs": [], + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeout_client_data": 50000, + "timeout_member_connect": 5000, + "timeout_member_data": 50000, + "timeout_tcp_inspect": 0, + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_lb_loadbalancer_v2.main_lb" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_loadbalancer_v2", + "name": "main_lb", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "availability_zone": "", + "description": "Main L4 load balancer for the D4Science PRE production", + "flavor_id": "394988b5-6603-4a1e-a939-8e177c6681c7", + "id": "420fb3bd-a91e-41d2-8189-100a6272bf82", + "loadbalancer_provider": "amphora", + "name": "d4s-pre-cloud-l4-load-balancer", + "region": "isti_area_pi_1", + "security_group_ids": [ + "8e3b170f-9076-440d-bc99-874f4d8c5cbb" + ], + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null, + "vip_address": "10.1.32.20", + "vip_network_id": "23fd8a99-d551-4ada-8d3a-9859542ebb8c", + "vip_port_id": "2ed727c8-709a-48ed-9ef6-3357769f4f8e", + "vip_subnet_id": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19" + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_members_v2", + "name": "main_haproxy_http_pool_members", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "ea4e23f4-3655-43b2-acce-a5ef0919b4f8", + "member": [ + { + "address": "10.1.32.11", + "admin_state_up": true, + "backup": false, + "id": "202c94c0-e071-4314-af8e-86a68ede56d4", + "monitor_address": "", + "monitor_port": 0, + "name": "haproxy l7 1", + "protocol_port": 80, + "subnet_id": "", + "weight": 1 + }, + { + "address": "10.1.32.12", + "admin_state_up": true, + "backup": false, + "id": "f5c7c9a1-ffa0-463b-8979-82f33898cf6a", + "monitor_address": "", + "monitor_port": 0, + "name": "haproxy l7 2", + "protocol_port": 80, + "subnet_id": "", + "weight": 1 + } + ], + "pool_id": "ea4e23f4-3655-43b2-acce-a5ef0919b4f8", + "region": "isti_area_pi_1", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_lb_listener_v2.main_haproxy_http_listener", + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_lb_pool_v2.main_haproxy_http_pool" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_members_v2", + "name": "main_haproxy_https_pool_members", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "f92a755d-257b-48e5-bb8c-b871ce88070a", + "member": [ + { + "address": "10.1.32.11", + "admin_state_up": true, + "backup": false, + "id": "ffaa8e06-ae81-4539-a38a-d43e42c501dc", + "monitor_address": "", + "monitor_port": 0, + "name": "haproxy l7 1", + "protocol_port": 443, + "subnet_id": "", + "weight": 1 + }, + { + "address": "10.1.32.12", + "admin_state_up": true, + "backup": false, + "id": "2966ef3c-c308-4671-8ea7-0d79d5405e4b", + "monitor_address": "", + "monitor_port": 0, + "name": "haproxy l7 2", + "protocol_port": 443, + "subnet_id": "", + "weight": 1 + } + ], + "pool_id": "f92a755d-257b-48e5-bb8c-b871ce88070a", + "region": "isti_area_pi_1", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_lb_listener_v2.main_haproxy_https_listener", + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_lb_pool_v2.main_haproxy_https_pool" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_members_v2", + "name": "main_haproxy_stats_pool_members", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "ab1a2ff1-638e-4308-bc01-5c673454aea2", + "member": [ + { + "address": "10.1.32.11", + "admin_state_up": true, + "backup": false, + "id": "4b0f6c55-908b-49c4-b1ee-85d54aad08f5", + "monitor_address": "", + "monitor_port": 0, + "name": "haproxy l7 1", + "protocol_port": 8880, + "subnet_id": "", + "weight": 1 + }, + { + "address": "10.1.32.12", + "admin_state_up": true, + "backup": false, + "id": "b1b1d56d-3876-42c9-bd6c-51aac81779cc", + "monitor_address": "", + "monitor_port": 0, + "name": "haproxy l7 2", + "protocol_port": 8880, + "subnet_id": "", + "weight": 1 + } + ], + "pool_id": "ab1a2ff1-638e-4308-bc01-5c673454aea2", + "region": "isti_area_pi_1", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_lb_listener_v2.main_haproxy_stats_listener", + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_lb_pool_v2.main_haproxy_stats_pool" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_monitor_v2", + "name": "main_haproxy_http_monitor", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "delay": 20, + "expected_codes": "200", + "http_method": "GET", + "id": "00982aaf-c899-44a0-b605-aad45c69ac83", + "max_retries": 3, + "max_retries_down": 3, + "name": "main_haproxy_http_monitor", + "pool_id": "ea4e23f4-3655-43b2-acce-a5ef0919b4f8", + "region": "isti_area_pi_1", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeout": 5, + "timeouts": null, + "type": "HTTP", + "url_path": "/_haproxy_health_check" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_lb_listener_v2.main_haproxy_http_listener", + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_lb_pool_v2.main_haproxy_http_pool" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_monitor_v2", + "name": "main_haproxy_https_monitor", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "delay": 20, + "expected_codes": "200", + "http_method": "GET", + "id": "db5e5413-705f-47b0-808d-c65fe7ce1718", + "max_retries": 3, + "max_retries_down": 3, + "name": "main_haproxy_https_monitor", + "pool_id": "f92a755d-257b-48e5-bb8c-b871ce88070a", + "region": "isti_area_pi_1", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeout": 5, + "timeouts": null, + "type": "HTTPS", + "url_path": "/_haproxy_health_check" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_lb_listener_v2.main_haproxy_https_listener", + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_lb_pool_v2.main_haproxy_https_pool" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_monitor_v2", + "name": "main_haproxy_stats_monitor", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "delay": 20, + "expected_codes": "", + "http_method": "", + "id": "28b45879-c2dc-4aac-8384-f45a8f2406dd", + "max_retries": 3, + "max_retries_down": 3, + "name": "main_haproxy_stats_monitor", + "pool_id": "ab1a2ff1-638e-4308-bc01-5c673454aea2", + "region": "isti_area_pi_1", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeout": 5, + "timeouts": null, + "type": "TCP", + "url_path": "" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_lb_listener_v2.main_haproxy_stats_listener", + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_lb_pool_v2.main_haproxy_stats_pool" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_pool_v2", + "name": "main_haproxy_http_pool", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "description": "Pool for the HTTP listener of the main HAPROXY instances", + "id": "ea4e23f4-3655-43b2-acce-a5ef0919b4f8", + "lb_method": "LEAST_CONNECTIONS", + "listener_id": "3901f110-7c96-4317-926b-37260ea4afa4", + "loadbalancer_id": null, + "name": "main-haproxy-lb-http", + "persistence": [ + { + "cookie_name": "", + "type": "SOURCE_IP" + } + ], + "protocol": "PROXYV2", + "region": "isti_area_pi_1", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_lb_listener_v2.main_haproxy_http_listener", + "openstack_lb_loadbalancer_v2.main_lb" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_pool_v2", + "name": "main_haproxy_https_pool", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "description": "Pool for the HTTPS listener of the main HAPROXY instances", + "id": "f92a755d-257b-48e5-bb8c-b871ce88070a", + "lb_method": "LEAST_CONNECTIONS", + "listener_id": "c4ea6eb4-5fb0-43ed-8e09-d06f22dd03be", + "loadbalancer_id": null, + "name": "main-haproxy-lb-https", + "persistence": [ + { + "cookie_name": "", + "type": "SOURCE_IP" + } + ], + "protocol": "PROXYV2", + "region": "isti_area_pi_1", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_lb_listener_v2.main_haproxy_https_listener", + "openstack_lb_loadbalancer_v2.main_lb" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_lb_pool_v2", + "name": "main_haproxy_stats_pool", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "description": "Pool for the stats of the main HAPROXY instances", + "id": "ab1a2ff1-638e-4308-bc01-5c673454aea2", + "lb_method": "LEAST_CONNECTIONS", + "listener_id": "3470d39d-bdac-4b58-8a83-c659b653235d", + "loadbalancer_id": null, + "name": "main-haproxy-lb-stats", + "persistence": [ + { + "cookie_name": "", + "type": "SOURCE_IP" + } + ], + "protocol": "TCP", + "region": "isti_area_pi_1", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_lb_listener_v2.main_haproxy_stats_listener", + "openstack_lb_loadbalancer_v2.main_lb" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_floatingip_associate_v2", + "name": "main_lb", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fixed_ip": "10.1.32.20", + "floating_ip": "146.48.30.235", + "id": "03f574a8-2868-4cbb-ab1f-0332ce2e89ee", + "port_id": "2ed727c8-709a-48ed-9ef6-3357769f4f8e", + "region": "isti_area_pi_1" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "openstack_lb_loadbalancer_v2.main_lb", + "openstack_networking_floatingip_v2.main_lb_ip" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_floatingip_v2", + "name": "main_lb_ip", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "address": "146.48.30.235", + "all_tags": [], + "description": "Main L4 load balancer for the D4Science PRE production", + "dns_domain": "", + "dns_name": "", + "fixed_ip": "10.1.32.20", + "id": "03f574a8-2868-4cbb-ab1f-0332ce2e89ee", + "pool": "external-network", + "port_id": "2ed727c8-709a-48ed-9ef6-3357769f4f8e", + "region": "isti_area_pi_1", + "subnet_id": null, + "subnet_ids": null, + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null, + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_floatingip_v2", + "name": "prometheus_server_ip", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "address": "146.48.29.203", + "all_tags": [], + "description": "Prometheus server", + "dns_domain": "", + "dns_name": "", + "fixed_ip": "10.1.32.10", + "id": "8abc5e0e-d1b6-4858-a74f-cace3cd1c10c", + "pool": "external-network", + "port_id": "b1c4b95e-29ab-4835-893d-fdc899b9b400", + "region": "isti_area_pi_1", + "subnet_id": null, + "subnet_ids": null, + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null, + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_floatingip_v2", + "name": "ssh_jump_proxy_ip", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "address": "146.48.30.140", + "all_tags": [], + "description": "SSH Proxy Jump Server", + "dns_domain": "", + "dns_name": "", + "fixed_ip": "10.1.32.5", + "id": "0a5f6054-836b-40fb-9bc5-97fa4ede5a62", + "pool": "external-network", + "port_id": "a29a4446-3320-431b-81b8-73c253817b3f", + "region": "isti_area_pi_1", + "subnet_id": null, + "subnet_ids": null, + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null, + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_network_v2", + "name": "shared_postgresql_net", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "all_tags": [], + "availability_zone_hints": [], + "description": "Network used to communicate with the shared postgresql service", + "dns_domain": "cloud-pre.d4science.org.", + "external": false, + "id": "e25395f4-f1aa-4819-b5a5-36d25ee5af54", + "mtu": 8942, + "name": "postgresql-srv-net", + "port_security_enabled": true, + "qos_policy_id": "", + "region": "isti_area_pi_1", + "segments": [], + "shared": false, + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null, + "transparent_vlan": false, + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "egress-ipv4", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "", + "direction": "egress", + "ethertype": "IPv4", + "id": "a9c0d805-ba04-403d-85b7-e5f9a4787c67", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "", + "security_group_id": "6a12a6b1-6bd5-4c68-b41d-1f5f88915971", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.default" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "grafana_d4s", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow HTTPS from grafana.d4science.org", + "direction": "ingress", + "ethertype": "IPv4", + "id": "b4335816-fd94-4107-9cdd-e97fd5f8dab5", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.122.132/32", + "security_group_id": "1a3161d4-00b1-411e-a3a6-5d3f1ec06483", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.prometheus_access_from_grafana" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "haproxy-l7-1-443", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "HTTPS traffic from HAPROXY L7 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "8d6d97a3-6238-4087-a02a-f4add0220d69", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.11/32", + "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.traffic_from_main_haproxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "haproxy-l7-1-80", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "HTTP traffic from HAPROXY L7 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "f7bec0a2-bbde-45f5-befe-5bdbe429cdf1", + "port_range_max": 80, + "port_range_min": 80, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.11/32", + "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.traffic_from_main_haproxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "haproxy-l7-1-8080", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "HTTP traffic from HAPROXY L7 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "5f129d0f-9a1e-43c7-a5ca-14093e2afa86", + "port_range_max": 8080, + "port_range_min": 8080, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.11/32", + "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.traffic_from_main_haproxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "haproxy-l7-1-8888", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "HTTP traffic from HAPROXY L7 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "ce312014-7558-47c9-9d89-0cd809f3b3ac", + "port_range_max": 8888, + "port_range_min": 8888, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.11/32", + "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.traffic_from_main_haproxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "haproxy-l7-2-443", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "HTTPS traffic from HAPROXY L7 2", + "direction": "ingress", + "ethertype": "IPv4", + "id": "0bd2c833-4d25-4213-9839-57ffeba300e6", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.12/32", + "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.traffic_from_main_haproxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "haproxy-l7-2-80", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "HTTP traffic from HAPROXY L7 2", + "direction": "ingress", + "ethertype": "IPv4", + "id": "d836453d-2d66-4c47-af52-2e5329761fb2", + "port_range_max": 80, + "port_range_min": 80, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.12/32", + "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.traffic_from_main_haproxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "haproxy-l7-2-8080", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "HTTP traffic from HAPROXY L7 2", + "direction": "ingress", + "ethertype": "IPv4", + "id": "5941483c-9349-4a61-95f2-8002419b9cbf", + "port_range_max": 8080, + "port_range_min": 8080, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.12/32", + "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.traffic_from_main_haproxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "haproxy-l7-2-8888", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "HTTP traffic from HAPROXY L7 2", + "direction": "ingress", + "ethertype": "IPv4", + "id": "2b65e9f5-1a4d-4a69-8072-1a9b87d08ffb", + "port_range_max": 8888, + "port_range_min": 8888, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.12/32", + "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.traffic_from_main_haproxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "haproxy_l7_1_peer", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Peer traffic from haproxy l7 1 to l7 2", + "direction": "ingress", + "ethertype": "IPv4", + "id": "c175b759-8009-4c29-8e1f-6065f78d10b4", + "port_range_max": 10000, + "port_range_min": 10000, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.11/32", + "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "haproxy_l7_2_peer", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Peer traffic from haproxy l7 2 to l7 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "2b14a58e-f7de-42c8-b1df-7d180a739f4e", + "port_range_max": 10000, + "port_range_min": 10000, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.12/32", + "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "http_from_everywhere", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow HTTP from everywhere", + "direction": "ingress", + "ethertype": "IPv4", + "id": "a05edc91-f960-479d-8527-37c466e20c07", + "port_range_max": 80, + "port_range_min": 80, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.restricted_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "https_from_d4s_vpn_1", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow HTTPS from D4Science VPN 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "16f6eb5d-6075-4cd7-98a3-b07d7579d34e", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.122.27/32", + "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.restricted_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "https_from_d4s_vpn_2", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow HTTPS from D4Science VPN 2", + "direction": "ingress", + "ethertype": "IPv4", + "id": "1e18c815-a595-494e-8006-619f5e74343f", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.122.49/32", + "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.restricted_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "https_from_s2i2s_vpn_1", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow HTTPS from S2I2S VPN 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "84a331ea-58ab-4c5b-9d8c-206c14af44a7", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.28.10/32", + "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.restricted_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "https_from_s2i2s_vpn_2", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow HTTPS from S2I2S VPN 2", + "direction": "ingress", + "ethertype": "IPv4", + "id": "79960c08-1f7e-4a91-8454-84452ad65d21", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.28.11/32", + "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.restricted_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "https_from_shell_d4s", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow HTTPS from shell.d4science.org", + "direction": "ingress", + "ethertype": "IPv4", + "id": "09a086d3-692d-4c34-a935-b4d9b363ca5f", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.122.95/32", + "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.restricted_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "ingress-icmp", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow ICMP from remote", + "direction": "ingress", + "ethertype": "IPv4", + "id": "8f57aad8-19d5-4f9e-b24b-8c6a9a864eda", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "icmp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "6a12a6b1-6bd5-4c68-b41d-1f5f88915971", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.default" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "lb3_1_haproxy_l7_443", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Traffic from the first main lb instance to HAPROXY l7 1 port 443", + "direction": "ingress", + "ethertype": "IPv4", + "id": "496c0553-fd80-43be-8958-08c5c5333116", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.34.232/32", + "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "lb3_1_haproxy_l7_80", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Traffic from the first main lb instance to HAPROXY l7 1 port 80", + "direction": "ingress", + "ethertype": "IPv4", + "id": "e0474d9d-2842-49f3-ae34-281ce1f80e32", + "port_range_max": 80, + "port_range_min": 80, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.34.232/32", + "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "lb3_1_haproxy_l7_8080", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Traffic from the first main lb instance to HAPROXY l7 1 port 8080", + "direction": "ingress", + "ethertype": "IPv4", + "id": "6c96d29f-05d7-4ac9-9a92-b58f492a9425", + "port_range_max": 8080, + "port_range_min": 8080, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.34.232/32", + "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "lb3_2_haproxy_l7_443", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Traffic from the first main lb instance to HAPROXY l7 2 port 443", + "direction": "ingress", + "ethertype": "IPv4", + "id": "3e08d7ac-098c-4f51-bbee-87f1ce9cf9b3", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.33.229/32", + "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "lb3_2_haproxy_l7_80", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Traffic from the first main lb instance to HAPROXY l7 2 port 80", + "direction": "ingress", + "ethertype": "IPv4", + "id": "c402f80c-734e-4394-80f0-817ea57af7b8", + "port_range_max": 80, + "port_range_min": 80, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.33.229/32", + "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "lb3_2_haproxy_l7_8080", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Traffic from the first main lb instance to HAPROXY l7 2 port 8080", + "direction": "ingress", + "ethertype": "IPv4", + "id": "2ddde65e-718c-44c5-829d-9318745bf8a3", + "port_range_max": 8080, + "port_range_min": 8080, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.33.229/32", + "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "prometheus-node", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Prometheus access to the node exporter", + "direction": "ingress", + "ethertype": "IPv4", + "id": "248b6e42-a91e-45b8-b768-d805a5e48f6e", + "port_range_max": 9100, + "port_range_min": 9100, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.10/32", + "security_group_id": "6a12a6b1-6bd5-4c68-b41d-1f5f88915971", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.default" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "public_http", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow HTTP from everywhere", + "direction": "ingress", + "ethertype": "IPv4", + "id": "451e920f-b130-412e-82a2-6f907781a534", + "port_range_max": 80, + "port_range_min": 80, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "003ecc82-445b-4e19-aea6-217dbd8c8deb", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.public_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "public_https", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow HTTPS from everywhere", + "direction": "ingress", + "ethertype": "IPv4", + "id": "36c80115-0fef-48c0-bcd8-3f7c1e9b17d6", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "003ecc82-445b-4e19-aea6-217dbd8c8deb", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.public_web" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "shared_postgresql_access_from_dedicated_subnet", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow connections to port 5432 from the 192.168.2.0/22 network", + "direction": "ingress", + "ethertype": "IPv4", + "id": "fe4eeca3-ec34-4fd1-8cae-89b077ff9f27", + "port_range_max": 5432, + "port_range_min": 5432, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "192.168.0.0/22", + "security_group_id": "3c14aba5-7ab0-4662-bc03-c1fa889f5be5", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.shared_postgresql_access" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "shell_443", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "https debug port 443 from the shell jump proxy", + "direction": "ingress", + "ethertype": "IPv4", + "id": "0dd4e586-a547-436a-8c4c-a21c96555a3b", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.5/32", + "security_group_id": "7e8f53e6-83df-4278-a14f-caaa9c356304", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.debugging" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "shell_80", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "http debug port 80 from the shell jump proxy", + "direction": "ingress", + "ethertype": "IPv4", + "id": "71042c57-5fea-4d60-bd23-72b134f2ec52", + "port_range_max": 80, + "port_range_min": 80, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.5/32", + "security_group_id": "7e8f53e6-83df-4278-a14f-caaa9c356304", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.debugging" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "shell_8100", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Tomcat debug on port 8100 from the shell jump proxy", + "direction": "ingress", + "ethertype": "IPv4", + "id": "3bde2477-e5ca-4c7c-9b04-b9ec56298119", + "port_range_max": 8100, + "port_range_min": 8100, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.5/32", + "security_group_id": "7e8f53e6-83df-4278-a14f-caaa9c356304", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.debugging" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "ssh-d4s-vpn-1", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "SSH traffic from D4Science VPN 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "94af5954-7f88-4237-87f3-df23654d19af", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.122.27/32", + "security_group_id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.access_to_the_jump_proxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "ssh-d4s-vpn-2", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "SSH traffic from D4Science VPN 2", + "direction": "ingress", + "ethertype": "IPv4", + "id": "4da00dbf-db42-418c-a7f9-f7ab5cd0307d", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.122.49/32", + "security_group_id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.access_to_the_jump_proxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "ssh-infrascience-net", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "SSH traffic from the InfraScience network", + "direction": "ingress", + "ethertype": "IPv4", + "id": "b3a54aa7-f9da-4e4e-bd10-5505926ebefd", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.122.0/23", + "security_group_id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.access_to_the_jump_proxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "ssh-jump-proxy", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "SSH traffic from the jump proxy", + "direction": "ingress", + "ethertype": "IPv4", + "id": "de92582a-7f56-4271-8e99-3bed0ca8e64b", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.5/32", + "security_group_id": "6a12a6b1-6bd5-4c68-b41d-1f5f88915971", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.default" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "ssh-s2i2s-vpn-1", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "SSH traffic from S2I2S VPN 1", + "direction": "ingress", + "ethertype": "IPv4", + "id": "b2ba067e-0a74-4a55-81ea-684146e5fcfa", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.28.10/32", + "security_group_id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.access_to_the_jump_proxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "ssh-s2i2s-vpn-2", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "SSH traffic from S2I2S VPN 2", + "direction": "ingress", + "ethertype": "IPv4", + "id": "42cfb632-a15a-4bc2-97ae-d935d2736d88", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.28.11/32", + "security_group_id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.access_to_the_jump_proxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "ssh-shell-d4s", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "SSH traffic from shell.d4science.org", + "direction": "ingress", + "ethertype": "IPv4", + "id": "a040fe4a-372f-4aca-ab58-3fc52a34780f", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "146.48.122.95/32", + "security_group_id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.access_to_the_jump_proxy" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "access_to_the_jump_proxy", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Security group that allows SSH access to the jump node from a limited set of sources", + "id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", + "name": "ssh_access_to_the_jump_node", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "debugging", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Security group that allows web app debugging via tunnel from the ssh jump node", + "id": "7e8f53e6-83df-4278-a14f-caaa9c356304", + "name": "debugging_from_jump_node", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "default", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Default security group with rules for ssh access via jump proxy, prometheus scraping", + "id": "6a12a6b1-6bd5-4c68-b41d-1f5f88915971", + "name": "default_for_all", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "main_lb_to_haproxy_l7", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Traffic coming the main L4 lb directed to the haproxy l7 servers", + "id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", + "name": "traffic_from_main_lb_to_haproxy_l7", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "prometheus_access_from_grafana", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "The public grafana server must be able to get data from Prometheus", + "id": "1a3161d4-00b1-411e-a3a6-5d3f1ec06483", + "name": "prometheus_access_from_grafana", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "public_web", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Security group that allows HTTPS and HTTP from everywhere, for the services that are not behind any load balancer", + "id": "003ecc82-445b-4e19-aea6-217dbd8c8deb", + "name": "public_web_service", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "restricted_web", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Security group that restricts HTTPS sources to the VPN nodes and shell.d4science.org. HTTP is open to all, because letsencrypt", + "id": "52701d3b-e36d-4712-b146-721f8b87c285", + "name": "restricted_web_service", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "shared_postgresql_access", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Access the shared PostgreSQL service using the dedicated network", + "id": "3c14aba5-7ab0-4662-bc03-c1fa889f5be5", + "name": "access_to_the_shared_postgresql_service", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "traffic_from_main_haproxy", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Allow traffic from the main L7 HAPROXY load balancers", + "id": "ce000350-813c-4209-9568-dd27d99bf94e", + "name": "traffic_from_the_main_load_balancers", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_subnet_v2", + "name": "shared_postgresql_subnet", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "allocation_pool": [ + { + "end": "192.168.3.254", + "start": "192.168.0.100" + } + ], + "allocation_pools": [ + { + "end": "192.168.3.254", + "start": "192.168.0.100" + } + ], + "cidr": "192.168.0.0/22", + "description": "subnet used to connect to the shared PostgreSQL service", + "dns_nameservers": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "enable_dhcp": true, + "gateway_ip": "", + "host_routes": [], + "id": "88f8ea7e-7a48-42a8-840e-00397d90df44", + "ip_version": 4, + "ipv6_address_mode": "", + "ipv6_ra_mode": "", + "name": "shared-postgresql-subnet", + "network_id": "e25395f4-f1aa-4819-b5a5-36d25ee5af54", + "no_gateway": true, + "prefix_length": null, + "region": "isti_area_pi_1", + "service_types": [], + "subnetpool_id": "", + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null, + "value_specs": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "openstack_networking_network_v2.shared_postgresql_net" + ] + } + ] + } + ], + "check_results": null +} diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/variables.tf b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/variables.tf new file mode 120000 index 00000000..be9f7878 --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure-no-modules/variables.tf @@ -0,0 +1 @@ +../../modules/common_variables/variables.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/00-terraform-provider.tf b/openstack-tf/d4s-preprod/basic-infrastructure/00-terraform-provider.tf deleted file mode 120000 index c094d201..00000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure/00-terraform-provider.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_variables/00-terraform-provider.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/00-variables.tf b/openstack-tf/d4s-preprod/basic-infrastructure/00-variables.tf deleted file mode 120000 index df2af105..00000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure/00-variables.tf +++ /dev/null @@ -1 +0,0 @@ -../variables/00-variables.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/01-external-network-and-resolvers.tf b/openstack-tf/d4s-preprod/basic-infrastructure/01-external-network-and-resolvers.tf deleted file mode 120000 index c53c78ad..00000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure/01-external-network-and-resolvers.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_variables/01-external-network-and-resolvers.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/05-projects-and-users-vars.tf b/openstack-tf/d4s-preprod/basic-infrastructure/05-projects-and-users-vars.tf deleted file mode 120000 index 22fce1fb..00000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure/05-projects-and-users-vars.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_variables/05-projects-and-users-vars.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/main.tf b/openstack-tf/d4s-preprod/basic-infrastructure/main.tf new file mode 100644 index 00000000..73d478bb --- /dev/null +++ b/openstack-tf/d4s-preprod/basic-infrastructure/main.tf @@ -0,0 +1,22 @@ +# Define required providers +terraform { +required_version = ">= 0.14.0" + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } + } +} + +data "terraform_remote_state" "privnet_dns_router" { + backend = "local" + + config = { + path = "../project-setup/terraform.tfstate" + } +} + +module "d4science_infra_setup" { + source = "../../modules/d4science_infra_setup" +} diff --git a/openstack-tf/d4s-preprod/basic-infrastructure/terraform.tfstate b/openstack-tf/d4s-preprod/basic-infrastructure/terraform.tfstate index 8b3c82c4..9c842013 100644 --- a/openstack-tf/d4s-preprod/basic-infrastructure/terraform.tfstate +++ b/openstack-tf/d4s-preprod/basic-infrastructure/terraform.tfstate @@ -1,15 +1,232 @@ { "version": 4, - "terraform_version": "1.6.3", - "serial": 196, + "terraform_version": "1.6.4", + "serial": 213, "lineage": "6a53b692-c1a8-ed53-bc6c-b7fb5e017eb8", "outputs": { + "almalinux9_img": { + "value": { + "name": "AlmaLinux-9.0-20220718", + "uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688" + }, + "type": [ + "map", + "string" + ] + }, + "availability_zone_no_gpu_name": { + "value": "cnr-isti-nova-a", + "type": "string" + }, + "availability_zone_with_gpu_name": { + "value": "cnr-isti-nova-gpu-a", + "type": "string" + }, + "centos7_img": { + "value": { + "name": "CentOS-7", + "uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" + }, + "type": [ + "map", + "string" + ] + }, + "el7_datafile": { + "value": "../../openstack_vm_data_scripts/el7.sh", + "type": "string" + }, + "external_network_id": { + "value": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "type": "string" + }, + "external_network_name": { + "value": "external-network", + "type": "string" + }, "main_loadbalancer_ip": { "value": "10.1.32.20", "type": "string" + }, + "main_region_name": { + "value": "isti_area_pi_1", + "type": "string" + }, + "mtu_size_value": { + "value": 8942, + "type": "number" + }, + "resolvers_ip": { + "value": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "type": [ + "list", + "string" + ] + }, + "ssh_sources_list": { + "value": { + "d4s_vpn_1_cidr": "146.48.122.27/32", + "d4s_vpn_2_cidr": "146.48.122.49/32", + "infrascience_net_cidr": "146.48.122.0/23", + "s2i2s_vpn_1_cidr": "146.48.28.10/32", + "s2i2s_vpn_2_cidr": "146.48.28.11/32", + "shell_d4s_cidr": "146.48.122.95/32" + }, + "type": [ + "map", + "string" + ] + }, + "ubuntu1804_datafile": { + "value": "../../openstack_vm_data_scripts/ubuntu1804.sh", + "type": "string" + }, + "ubuntu1804_img": { + "value": { + "name": "Ubuntu-Bionic-18.04", + "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" + }, + "type": [ + "map", + "string" + ] + }, + "ubuntu2204_datafile": { + "value": "../../openstack_vm_data_scripts/ubuntu2204.sh", + "type": "string" + }, + "ubuntu2204_img": { + "value": { + "name": "Ubuntu-Jammy-22.04", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" + }, + "type": [ + "map", + "string" + ] } }, "resources": [ + { + "mode": "data", + "type": "terraform_remote_state", + "name": "privnet_dns_router", + "provider": "provider[\"terraform.io/builtin/terraform\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "backend": "local", + "config": { + "value": { + "path": "../project-setup/terraform.tfstate" + }, + "type": [ + "object", + { + "path": "string" + } + ] + }, + "defaults": null, + "outputs": { + "value": { + "almalinux9_img": { + "name": "AlmaLinux-9.0-20220718", + "uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688" + }, + "availability_zone_no_gpu_name": "cnr-isti-nova-a", + "availability_zone_with_gpu_name": "cnr-isti-nova-gpu-a", + "centos7_img": { + "name": "CentOS-7", + "uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" + }, + "dns_zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c", + "el7_datafile": "../../openstack_vm_data_scripts/el7.sh", + "external_gateway_ip": "146.48.30.241", + "external_network_id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "external_network_name": "external-network", + "main_private_network_id": "23fd8a99-d551-4ada-8d3a-9859542ebb8c", + "main_region_name": "isti_area_pi_1", + "main_subnet_network_id": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04", + "mtu_size_value": 8942, + "resolvers_ip": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "ssh_sources_list": { + "d4s_vpn_1_cidr": "146.48.122.27/32", + "d4s_vpn_2_cidr": "146.48.122.49/32", + "infrascience_net_cidr": "146.48.122.0/23", + "s2i2s_vpn_1_cidr": "146.48.28.10/32", + "s2i2s_vpn_2_cidr": "146.48.28.11/32", + "shell_d4s_cidr": "146.48.122.95/32" + }, + "ubuntu1804_datafile": "../../openstack_vm_data_scripts/ubuntu1804.sh", + "ubuntu1804_img": { + "name": "Ubuntu-Bionic-18.04", + "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" + }, + "ubuntu2204_datafile": "../../openstack_vm_data_scripts/ubuntu2204.sh", + "ubuntu2204_img": { + "name": "Ubuntu-Jammy-22.04", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" + } + }, + "type": [ + "object", + { + "almalinux9_img": [ + "map", + "string" + ], + "availability_zone_no_gpu_name": "string", + "availability_zone_with_gpu_name": "string", + "centos7_img": [ + "map", + "string" + ], + "dns_zone_id": "string", + "el7_datafile": "string", + "external_gateway_ip": "string", + "external_network_id": "string", + "external_network_name": "string", + "main_private_network_id": "string", + "main_region_name": "string", + "main_subnet_network_id": "string", + "mtu_size_value": "number", + "resolvers_ip": [ + "list", + "string" + ], + "ssh_sources_list": [ + "map", + "string" + ], + "ubuntu1804_datafile": "string", + "ubuntu1804_img": [ + "map", + "string" + ], + "ubuntu2204_datafile": "string", + "ubuntu2204_img": [ + "map", + "string" + ] + } + ] + }, + "workspace": null + }, + "sensitive_attributes": [] + } + ] + }, { "mode": "managed", "type": "openstack_blockstorage_volume_v3", @@ -109,9 +326,7 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==", "dependencies": [ "openstack_compute_instance_v2.prometheus_server", - "openstack_compute_keypair_v2.initial_ssh_key", "openstack_networking_floatingip_v2.prometheus_server_ip", - "openstack_networking_secgroup_v2.default", "openstack_networking_secgroup_v2.prometheus_access_from_grafana", "openstack_networking_secgroup_v2.restricted_web" ] @@ -139,10 +354,8 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==", "dependencies": [ "openstack_compute_instance_v2.ssh_jump_proxy", - "openstack_compute_keypair_v2.initial_ssh_key", "openstack_networking_floatingip_v2.ssh_jump_proxy_ip", - "openstack_networking_secgroup_v2.access_to_the_jump_proxy", - "openstack_networking_secgroup_v2.default" + "openstack_networking_secgroup_v2.access_to_the_jump_proxy" ] } ] @@ -219,169 +432,7 @@ "volume": [] }, "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_compute_keypair_v2.initial_ssh_key", - "openstack_networking_secgroup_v2.default" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_compute_instance_v2", - "name": "main_haproxy_l7", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 0, - "attributes": { - "access_ip_v4": "10.1.32.11", - "access_ip_v6": "", - "admin_pass": null, - "all_metadata": {}, - "all_tags": [], - "availability_zone": "cnr-isti-nova-a", - "availability_zone_hints": "cnr-isti-nova-a", - "block_device": [ - { - "boot_index": 0, - "delete_on_termination": false, - "destination_type": "volume", - "device_type": "", - "disk_bus": "", - "guest_format": "", - "multiattach": false, - "source_type": "image", - "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", - "volume_size": 10, - "volume_type": "" - } - ], - "config_drive": null, - "created": "2023-11-05 17:57:42 +0000 UTC", - "flavor_id": "4", - "flavor_name": "m1.medium", - "floating_ip": null, - "force_delete": false, - "id": "2790f97c-f7fb-4154-b93f-a8816406a9c5", - "image_id": "Attempt to boot from volume - no image supplied", - "image_name": null, - "key_pair": "adellam", - "metadata": null, - "name": "main-haproxy-l7-01", - "network": [ - { - "access_network": false, - "fixed_ip_v4": "10.1.32.11", - "fixed_ip_v6": "", - "floating_ip": "", - "mac": "fa:16:3e:7b:31:4d", - "name": "d4s-pre-cloud-main", - "port": "", - "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" - } - ], - "network_mode": null, - "personality": [], - "power_state": "active", - "region": "isti_area_pi_1", - "scheduler_hints": [], - "security_groups": [ - "default_for_all", - "traffic_from_main_lb_to_haproxy_l7" - ], - "stop_before_destroy": false, - "tags": null, - "timeouts": null, - "updated": "2023-11-05 17:58:22 +0000 UTC", - "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", - "vendor_options": [], - "volume": [] - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_compute_keypair_v2.initial_ssh_key", - "openstack_networking_secgroup_v2.default", - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] - }, - { - "index_key": 1, - "schema_version": 0, - "attributes": { - "access_ip_v4": "10.1.32.12", - "access_ip_v6": "", - "admin_pass": null, - "all_metadata": {}, - "all_tags": [], - "availability_zone": "cnr-isti-nova-a", - "availability_zone_hints": "cnr-isti-nova-a", - "block_device": [ - { - "boot_index": 0, - "delete_on_termination": false, - "destination_type": "volume", - "device_type": "", - "disk_bus": "", - "guest_format": "", - "multiattach": false, - "source_type": "image", - "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", - "volume_size": 10, - "volume_type": "" - } - ], - "config_drive": null, - "created": "2023-11-05 17:57:42 +0000 UTC", - "flavor_id": "4", - "flavor_name": "m1.medium", - "floating_ip": null, - "force_delete": false, - "id": "e9a9b341-55d1-46e1-8f26-be7e4b9e5464", - "image_id": "Attempt to boot from volume - no image supplied", - "image_name": null, - "key_pair": "adellam", - "metadata": null, - "name": "main-haproxy-l7-02", - "network": [ - { - "access_network": false, - "fixed_ip_v4": "10.1.32.12", - "fixed_ip_v6": "", - "floating_ip": "", - "mac": "fa:16:3e:9a:04:55", - "name": "d4s-pre-cloud-main", - "port": "", - "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" - } - ], - "network_mode": null, - "personality": [], - "power_state": "active", - "region": "isti_area_pi_1", - "scheduler_hints": [], - "security_groups": [ - "default_for_all", - "traffic_from_main_lb_to_haproxy_l7" - ], - "stop_before_destroy": false, - "tags": null, - "timeouts": null, - "updated": "2023-11-05 17:58:19 +0000 UTC", - "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", - "vendor_options": [], - "volume": [] - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_compute_keypair_v2.initial_ssh_key", - "openstack_networking_secgroup_v2.default", - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19" } ] }, @@ -461,8 +512,6 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "openstack_compute_keypair_v2.initial_ssh_key", - "openstack_networking_secgroup_v2.default", "openstack_networking_secgroup_v2.prometheus_access_from_grafana", "openstack_networking_secgroup_v2.restricted_web" ] @@ -554,8 +603,6 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "openstack_compute_keypair_v2.initial_ssh_key", - "openstack_networking_secgroup_v2.default", "openstack_networking_secgroup_v2.shared_postgresql_access" ] } @@ -636,29 +683,32 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "openstack_compute_keypair_v2.initial_ssh_key", - "openstack_networking_secgroup_v2.access_to_the_jump_proxy", - "openstack_networking_secgroup_v2.default" + "openstack_networking_secgroup_v2.access_to_the_jump_proxy" ] } ] }, { "mode": "managed", - "type": "openstack_compute_keypair_v2", - "name": "initial_ssh_key", + "type": "openstack_compute_servergroup_v2", + "name": "main_haproxy_l7", "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", "instances": [ { "schema_version": 0, "attributes": { - "fingerprint": "9f:7b:5a:5f:ff:55:b9:7b:6e:27:63:21:cc:52:11:0c", - "id": "adellam", - "name": "adellam", - "private_key": "", - "public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUd4OiBQr2Ntl3sVQTb9vP9MFL6gcLH5w/DFzaxJB5s adellam@altrove.isti.cnr.it\n", + "id": "796fad91-fa0c-459b-9402-e8ba87aae810", + "members": [], + "name": "main_haproxy_l7", + "policies": [ + "anti-affinity" + ], "region": "isti_area_pi_1", - "user_id": "", + "rules": [ + { + "max_server_per_host": 0 + } + ], "value_specs": null }, "sensitive_attributes": [], @@ -689,8 +739,6 @@ "dependencies": [ "openstack_blockstorage_volume_v3.prometheus_data_vol", "openstack_compute_instance_v2.prometheus_server", - "openstack_compute_keypair_v2.initial_ssh_key", - "openstack_networking_secgroup_v2.default", "openstack_networking_secgroup_v2.prometheus_access_from_grafana", "openstack_networking_secgroup_v2.restricted_web" ] @@ -720,13 +768,40 @@ "dependencies": [ "openstack_blockstorage_volume_v3.shared_postgresql_data_vol", "openstack_compute_instance_v2.shared_postgresql_server", - "openstack_compute_keypair_v2.initial_ssh_key", - "openstack_networking_secgroup_v2.default", "openstack_networking_secgroup_v2.shared_postgresql_access" ] } ] }, + { + "mode": "managed", + "type": "openstack_dns_recordset_v2", + "name": "alertmanager_server_recordset", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Prometheus alertmanager", + "disable_status_check": false, + "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c/949fc061-a783-4b22-8412-29b33263aafd", + "name": "alertmanager.cloud-pre.d4science.org.", + "project_id": "6fdc02e2827b405dad99f34698659742", + "records": [ + "prometheus.cloud-pre.d4science.org." + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "CNAME", + "value_specs": null, + "zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19" + } + ] + }, { "mode": "managed", "type": "openstack_dns_recordset_v2", @@ -956,7 +1031,7 @@ "attributes": { "admin_state_up": true, "availability_zone": "", - "description": "Main L4 load balancer for the D4Science preproduction", + "description": "Main L4 load balancer for the D4Science PRE production", "flavor_id": "394988b5-6603-4a1e-a939-8e177c6681c7", "id": "420fb3bd-a91e-41d2-8189-100a6272bf82", "loadbalancer_provider": "amphora", @@ -1376,7 +1451,7 @@ "attributes": { "address": "146.48.30.235", "all_tags": [], - "description": "Main L4 load balancer for the D4Science preproduction", + "description": "Main L4 load balancer for the D4Science PRE production", "dns_domain": "", "dns_name": "", "fixed_ip": "10.1.32.20", @@ -1867,146 +1942,22 @@ { "mode": "managed", "type": "openstack_networking_secgroup_rule_v2", - "name": "http_from_d4s_vpn_1", + "name": "http_from_everywhere", "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", "instances": [ { "schema_version": 0, "attributes": { - "description": "Allow HTTP from D4Science VPN 1", + "description": "Allow HTTP from everywhere", "direction": "ingress", "ethertype": "IPv4", - "id": "b98f41e5-4e65-4724-8717-b0c02d0ba3b0", + "id": "a05edc91-f960-479d-8527-37c466e20c07", "port_range_max": 80, "port_range_min": 80, "protocol": "tcp", "region": "isti_area_pi_1", "remote_group_id": "", - "remote_ip_prefix": "146.48.122.27/32", - "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "http_from_d4s_vpn_2", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTP from D4Science VPN 2", - "direction": "ingress", - "ethertype": "IPv4", - "id": "d6ccb8eb-2c21-462b-a56a-5b4d3e22bd76", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.122.49/32", - "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "http_from_s2i2s_vpn_1", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTP from S2I2S VPN 1", - "direction": "ingress", - "ethertype": "IPv4", - "id": "07b1d5ce-93dc-4485-b586-2b36aa9197d3", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.28.10/32", - "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "http_from_s2i2s_vpn_2", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTP from S2I2S VPN 2", - "direction": "ingress", - "ethertype": "IPv4", - "id": "52f0a3ab-9379-4ad7-b4be-c32b43bf3ea7", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.28.11/32", - "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "http_from_shell_d4s", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTP from shell.d4science.org", - "direction": "ingress", - "ethertype": "IPv4", - "id": "7628616c-a043-477b-b6a4-dd19c4ed12dd", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.122.95/32", + "remote_ip_prefix": "0.0.0.0/0", "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", "tenant_id": "6fdc02e2827b405dad99f34698659742", "timeouts": null @@ -2912,7 +2863,7 @@ "id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", "name": "traffic_from_main_lb_to_haproxy_l7", "region": "isti_area_pi_1", - "tags": null, + "tags": [], "tenant_id": "6fdc02e2827b405dad99f34698659742", "timeouts": null }, @@ -2980,7 +2931,7 @@ "attributes": { "all_tags": [], "delete_default_rules": true, - "description": "Security group that restricts HTTP and HTTPS sources to the VPN nodes and shell.d4science.org", + "description": "Security group that restricts HTTPS sources to the VPN nodes and shell.d4science.org. HTTP is open to all, because letsencrypt", "id": "52701d3b-e36d-4712-b146-721f8b87c285", "name": "restricted_web_service", "region": "isti_area_pi_1", diff --git a/openstack-tf/d4s-preprod/project-setup/00-terraform-provider.tf b/openstack-tf/d4s-preprod/project-setup/00-terraform-provider.tf deleted file mode 120000 index c094d201..00000000 --- a/openstack-tf/d4s-preprod/project-setup/00-terraform-provider.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_variables/00-terraform-provider.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/project-setup/00-variables.tf b/openstack-tf/d4s-preprod/project-setup/00-variables.tf deleted file mode 120000 index df2af105..00000000 --- a/openstack-tf/d4s-preprod/project-setup/00-variables.tf +++ /dev/null @@ -1 +0,0 @@ -../variables/00-variables.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/project-setup/01-external-network-and-resolvers.tf b/openstack-tf/d4s-preprod/project-setup/01-external-network-and-resolvers.tf deleted file mode 120000 index c53c78ad..00000000 --- a/openstack-tf/d4s-preprod/project-setup/01-external-network-and-resolvers.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_variables/01-external-network-and-resolvers.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/project-setup/10-main-network.tf b/openstack-tf/d4s-preprod/project-setup/10-main-network.tf deleted file mode 120000 index ab1d8c73..00000000 --- a/openstack-tf/d4s-preprod/project-setup/10-main-network.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/10-main-network.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/project-setup/main.tf b/openstack-tf/d4s-preprod/project-setup/main.tf new file mode 100644 index 00000000..8866e047 --- /dev/null +++ b/openstack-tf/d4s-preprod/project-setup/main.tf @@ -0,0 +1,18 @@ +# Define required providers +terraform { +required_version = ">= 0.14.0" + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } + } +} + +# module "variables" { +# source = "../variables" +# } + +# module "main_private_net_and_dns_zone" { +# source = "../../modules/main_private_net_and_dns_zone" +# } diff --git a/openstack-tf/d4s-preprod/project-setup/main_network_dns_zone.tf b/openstack-tf/d4s-preprod/project-setup/main_network_dns_zone.tf new file mode 120000 index 00000000..c3aec67d --- /dev/null +++ b/openstack-tf/d4s-preprod/project-setup/main_network_dns_zone.tf @@ -0,0 +1 @@ +../../modules/main_private_net_and_dns_zone/main_network_dns_zone.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/project-setup/outputs.tf b/openstack-tf/d4s-preprod/project-setup/outputs.tf new file mode 120000 index 00000000..5c8e7fba --- /dev/null +++ b/openstack-tf/d4s-preprod/project-setup/outputs.tf @@ -0,0 +1 @@ +../../modules/common_variables/outputs.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/project-setup/preprod.auto.tfvars b/openstack-tf/d4s-preprod/project-setup/preprod.auto.tfvars new file mode 120000 index 00000000..5f628cbf --- /dev/null +++ b/openstack-tf/d4s-preprod/project-setup/preprod.auto.tfvars @@ -0,0 +1 @@ +../variables/preprod.auto.tfvars \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/project-setup/terraform.tfstate b/openstack-tf/d4s-preprod/project-setup/terraform.tfstate index c67471c2..5225ec51 100644 --- a/openstack-tf/d4s-preprod/project-setup/terraform.tfstate +++ b/openstack-tf/d4s-preprod/project-setup/terraform.tfstate @@ -1,10 +1,160 @@ { "version": 4, - "terraform_version": "1.6.3", - "serial": 28, + "terraform_version": "1.6.4", + "serial": 32, "lineage": "6d43430c-e6aa-d370-b6d5-22f2281117df", - "outputs": {}, + "outputs": { + "almalinux9_img": { + "value": { + "name": "AlmaLinux-9.0-20220718", + "uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688" + }, + "type": [ + "map", + "string" + ] + }, + "availability_zone_no_gpu_name": { + "value": "cnr-isti-nova-a", + "type": "string" + }, + "availability_zone_with_gpu_name": { + "value": "cnr-isti-nova-gpu-a", + "type": "string" + }, + "centos7_img": { + "value": { + "name": "CentOS-7", + "uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" + }, + "type": [ + "map", + "string" + ] + }, + "dns_zone_id": { + "value": "c1a4b4bc-f167-4387-855d-38f0f99ca05c", + "type": "string" + }, + "el7_datafile": { + "value": "../../openstack_vm_data_scripts/el7.sh", + "type": "string" + }, + "external_gateway_ip": { + "value": "146.48.30.241", + "type": "string" + }, + "external_network_id": { + "value": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "type": "string" + }, + "external_network_name": { + "value": "external-network", + "type": "string" + }, + "main_private_network_id": { + "value": "23fd8a99-d551-4ada-8d3a-9859542ebb8c", + "type": "string" + }, + "main_region_name": { + "value": "isti_area_pi_1", + "type": "string" + }, + "main_subnet_network_id": { + "value": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04", + "type": "string" + }, + "mtu_size_value": { + "value": 8942, + "type": "number" + }, + "resolvers_ip": { + "value": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "type": [ + "list", + "string" + ] + }, + "ssh_sources_list": { + "value": { + "d4s_vpn_1_cidr": "146.48.122.27/32", + "d4s_vpn_2_cidr": "146.48.122.49/32", + "infrascience_net_cidr": "146.48.122.0/23", + "s2i2s_vpn_1_cidr": "146.48.28.10/32", + "s2i2s_vpn_2_cidr": "146.48.28.11/32", + "shell_d4s_cidr": "146.48.122.95/32" + }, + "type": [ + "map", + "string" + ] + }, + "ubuntu1804_datafile": { + "value": "../../openstack_vm_data_scripts/ubuntu1804.sh", + "type": "string" + }, + "ubuntu1804_img": { + "value": { + "name": "Ubuntu-Bionic-18.04", + "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" + }, + "type": [ + "map", + "string" + ] + }, + "ubuntu2204_datafile": { + "value": "../../openstack_vm_data_scripts/ubuntu2204.sh", + "type": "string" + }, + "ubuntu2204_img": { + "value": { + "name": "Ubuntu-Jammy-22.04", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" + }, + "type": [ + "map", + "string" + ] + } + }, "resources": [ + { + "mode": "managed", + "type": "openstack_dns_recordset_v2", + "name": "acme_challenge_recordset", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "ACME challenge delegation", + "disable_status_check": false, + "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c/ab6a354d-a3f3-4f74-a49c-72d7d1866cff", + "name": "_acme-challenge.cloud-pre.d4science.org.", + "project_id": "6fdc02e2827b405dad99f34698659742", + "records": [ + "_acme-challenge.d4science.net." + ], + "region": "isti_area_pi_1", + "timeouts": null, + "ttl": 8600, + "type": "CNAME", + "value_specs": null, + "zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "openstack_dns_zone_v2.primary_project_dns_zone" + ] + } + ] + }, { "mode": "managed", "type": "openstack_dns_zone_v2", @@ -14,12 +164,12 @@ { "schema_version": 0, "attributes": { - "attributes": null, + "attributes": {}, "description": "DNS primary zone for the d4s-pre-cloud project", "disable_status_check": false, "email": "postmaster@isti.cnr.it", "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c", - "masters": null, + "masters": [], "name": "cloud-pre.d4science.org.", "project_id": "6fdc02e2827b405dad99f34698659742", "region": "isti_area_pi_1", @@ -88,11 +238,54 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", "dependencies": [ "openstack_networking_network_v2.main-private-network", + "openstack_networking_router_v2.external-router", "openstack_networking_subnet_v2.main-private-subnet" ] } ] }, + { + "mode": "managed", + "type": "openstack_networking_router_v2", + "name": "external-router", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "admin_state_up": true, + "all_tags": [], + "availability_zone_hints": [], + "description": "D4Science Preprod main router", + "distributed": false, + "enable_snat": true, + "external_fixed_ip": [ + { + "ip_address": "146.48.30.241", + "subnet_id": "57f87509-4016-46fb-b8c3-25fca7f72ccb" + } + ], + "external_gateway": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "external_network_id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "external_subnet_ids": null, + "id": "cc26064a-bb08-4c0b-929f-d0cb39f934a3", + "name": "d4s-pre-cloud-external-router", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null, + "value_specs": null, + "vendor_options": [ + { + "set_router_gateway_after_create": true + } + ] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" + } + ] + }, { "mode": "managed", "type": "openstack_networking_subnet_v2", diff --git a/openstack-tf/d4s-preprod/project-setup/variables.tf b/openstack-tf/d4s-preprod/project-setup/variables.tf new file mode 120000 index 00000000..be9f7878 --- /dev/null +++ b/openstack-tf/d4s-preprod/project-setup/variables.tf @@ -0,0 +1 @@ +../../modules/common_variables/variables.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/ssh-keys-management/.terraform.lock.hcl b/openstack-tf/d4s-preprod/ssh-keys-management/.terraform.lock.hcl new file mode 100644 index 00000000..46d2bb65 --- /dev/null +++ b/openstack-tf/d4s-preprod/ssh-keys-management/.terraform.lock.hcl @@ -0,0 +1,24 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/terraform-provider-openstack/openstack" { + version = "1.53.0" + constraints = "~> 1.53.0" + hashes = [ + "h1:ZSJPqrlaHQ3sj7wyJuPSG+NblFZbAA6Y0d3GjSJf3o8=", + "zh:09da7ca98ffd3de7b9ce36c4c13446212a6e763ba1162be71b50f95d453cb68e", + "zh:14041bcbb87312411d88612056ed185650bfd01284b8ea0761ce8105a331708e", + "zh:35bf4c788fdbc17c8e40ebc7b33c7de4b45a2fa2efaa657b10f0e3bd37c9627f", + "zh:46ede8ef4cfa12d654c538afc1e1ec34a1f3e8eb4e986ee23dceae398b7176a6", + "zh:59675734990dab1e8d87997853ea75e8104bba730b3f5a7146ac735540c9d6bf", + "zh:6de52428849806498670e827b54810be7510a2a79449602c1aede4235a0ec036", + "zh:78b2a20601272afceffac8f8ca78a6b647b84196c0dd8dc710fae297f6be15a4", + "zh:7c41ed3a4fac09677e676ecf9f9edd1e38eef449e656cb01a848d2c799c6de8f", + "zh:852800228f4118a4aa6cfaa4468b851247cbed6f037fd204f08de69eb1edc149", + "zh:86d618e7f9a07d978b8bc4b190be350a00de64ec535f9c8f5dfe133542a55483", + "zh:963a9e72b66d8bcf43de9b14a674ae3ca3719ce2f829217f7a65b66fc3773397", + "zh:a8e72ab67795071bda61f99a6de3d2d40122fb51971768fd75e1324abe874ced", + "zh:ce1890cf3af17d569af3bc7673cec0a8f78e6f5d701767593f3d29c551f44848", + "zh:e6f1b96eb684f527a47f71923f268c86a36d7894751b31ee9e726d7502a639cd", + ] +} diff --git a/openstack-tf/d4s-preprod/ssh-keys-management/00-terraform-provider.tf b/openstack-tf/d4s-preprod/ssh-keys-management/00-terraform-provider.tf deleted file mode 120000 index c094d201..00000000 --- a/openstack-tf/d4s-preprod/ssh-keys-management/00-terraform-provider.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_variables/00-terraform-provider.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/ssh-keys-management/05-projects-and-users-vars.tf b/openstack-tf/d4s-preprod/ssh-keys-management/05-projects-and-users-vars.tf deleted file mode 120000 index 22fce1fb..00000000 --- a/openstack-tf/d4s-preprod/ssh-keys-management/05-projects-and-users-vars.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_variables/05-projects-and-users-vars.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/ssh-keys-management/main.tf b/openstack-tf/d4s-preprod/ssh-keys-management/main.tf new file mode 100644 index 00000000..f57fcdd3 --- /dev/null +++ b/openstack-tf/d4s-preprod/ssh-keys-management/main.tf @@ -0,0 +1,30 @@ +# Define required providers +terraform { +required_version = ">= 0.14.0" + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } + } +} + +data "terraform_remote_state" "privnet_dns_router" { + backend = "local" + + config = { + path = "../project-setup/terraform.tfstate" + } +} + +module "common_variables" { + source = "../../modules/common_variables" +} + +module "variables" { + source = "../variables" +} + +module "ssh_keys" { + source = "../../modules/ssh_keys" +} diff --git a/openstack-tf/d4s-preprod/ssh-keys-management/provider.tf b/openstack-tf/d4s-preprod/ssh-keys-management/provider.tf new file mode 100644 index 00000000..b23015cc --- /dev/null +++ b/openstack-tf/d4s-preprod/ssh-keys-management/provider.tf @@ -0,0 +1,3 @@ +provider "openstack" { + cloud = "d4s-pre" +} diff --git a/openstack-tf/d4s-preprod/ssh-keys-management/ssh-keys.tf b/openstack-tf/d4s-preprod/ssh-keys-management/ssh-keys.tf deleted file mode 120000 index b6adaff9..00000000 --- a/openstack-tf/d4s-preprod/ssh-keys-management/ssh-keys.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/ssh-keys.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/ssh-keys-management/terraform.tfstate b/openstack-tf/d4s-preprod/ssh-keys-management/terraform.tfstate new file mode 100644 index 00000000..0fa73ae8 --- /dev/null +++ b/openstack-tf/d4s-preprod/ssh-keys-management/terraform.tfstate @@ -0,0 +1,157 @@ +{ + "version": 4, + "terraform_version": "1.6.4", + "serial": 1, + "lineage": "48e9b647-6c03-4b28-7033-9e1d40b3795d", + "outputs": {}, + "resources": [ + { + "mode": "data", + "type": "terraform_remote_state", + "name": "privnet_dns_router", + "provider": "provider[\"terraform.io/builtin/terraform\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "backend": "local", + "config": { + "value": { + "path": "../project-setup/terraform.tfstate" + }, + "type": [ + "object", + { + "path": "string" + } + ] + }, + "defaults": null, + "outputs": { + "value": { + "almalinux9_img": { + "name": "AlmaLinux-9.0-20220718", + "uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688" + }, + "availability_zone_no_gpu_name": "cnr-isti-nova-a", + "availability_zone_with_gpu_name": "cnr-isti-nova-gpu-a", + "centos7_img": { + "name": "CentOS-7", + "uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" + }, + "dns_zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c", + "el7_datafile": "../../openstack_vm_data_scripts/el7.sh", + "external_gateway_ip": "146.48.30.241", + "external_network_id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", + "external_network_name": "external-network", + "main_private_network_id": "23fd8a99-d551-4ada-8d3a-9859542ebb8c", + "main_region_name": "isti_area_pi_1", + "main_subnet_network_id": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04", + "mtu_size_value": 8942, + "resolvers_ip": [ + "146.48.29.97", + "146.48.29.98", + "146.48.29.99" + ], + "ssh_sources_list": { + "d4s_vpn_1_cidr": "146.48.122.27/32", + "d4s_vpn_2_cidr": "146.48.122.49/32", + "infrascience_net_cidr": "146.48.122.0/23", + "s2i2s_vpn_1_cidr": "146.48.28.10/32", + "s2i2s_vpn_2_cidr": "146.48.28.11/32", + "shell_d4s_cidr": "146.48.122.95/32" + }, + "ubuntu1804_datafile": "../../openstack_vm_data_scripts/ubuntu1804.sh", + "ubuntu1804_img": { + "name": "Ubuntu-Bionic-18.04", + "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" + }, + "ubuntu2204_datafile": "../../openstack_vm_data_scripts/ubuntu2204.sh", + "ubuntu2204_img": { + "name": "Ubuntu-Jammy-22.04", + "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" + } + }, + "type": [ + "object", + { + "almalinux9_img": [ + "map", + "string" + ], + "availability_zone_no_gpu_name": "string", + "availability_zone_with_gpu_name": "string", + "centos7_img": [ + "map", + "string" + ], + "dns_zone_id": "string", + "el7_datafile": "string", + "external_gateway_ip": "string", + "external_network_id": "string", + "external_network_name": "string", + "main_private_network_id": "string", + "main_region_name": "string", + "main_subnet_network_id": "string", + "mtu_size_value": "number", + "resolvers_ip": [ + "list", + "string" + ], + "ssh_sources_list": [ + "map", + "string" + ], + "ubuntu1804_datafile": "string", + "ubuntu1804_img": [ + "map", + "string" + ], + "ubuntu2204_datafile": "string", + "ubuntu2204_img": [ + "map", + "string" + ] + } + ] + }, + "workspace": null + }, + "sensitive_attributes": [] + } + ] + }, + { + "module": "module.ssh_keys", + "mode": "managed", + "type": "openstack_compute_keypair_v2", + "name": "initial_ssh_key", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fingerprint": "9f:7b:5a:5f:ff:55:b9:7b:6e:27:63:21:cc:52:11:0c", + "id": "adellam", + "name": "adellam", + "private_key": "", + "public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUd4OiBQr2Ntl3sVQTb9vP9MFL6gcLH5w/DFzaxJB5s adellam@altrove.isti.cnr.it\n", + "region": "isti_area_pi_1", + "user_id": "", + "value_specs": null + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "public_key" + } + ] + ], + "private": "bnVsbA==" + } + ] + } + ], + "check_results": null +} diff --git a/openstack-tf/d4s-preprod/variables/outputs-preprod.tf b/openstack-tf/d4s-preprod/variables/outputs-preprod.tf new file mode 100644 index 00000000..db2715e4 --- /dev/null +++ b/openstack-tf/d4s-preprod/variables/outputs-preprod.tf @@ -0,0 +1,7 @@ +output "os_project_data" { + value = var.os_project_data +} + +output "main_haproxy_l7_ip" { + value = var.main_haproxy_l7_ip +} diff --git a/openstack-tf/d4s-preprod/variables/preprod.auto.tfvars b/openstack-tf/d4s-preprod/variables/preprod.auto.tfvars new file mode 100644 index 00000000..2ea5954d --- /dev/null +++ b/openstack-tf/d4s-preprod/variables/preprod.auto.tfvars @@ -0,0 +1,93 @@ +default_security_group_name = "default_for_all" + +# Provided in the output of the project setup +main_private_network_id = "23fd8a99-d551-4ada-8d3a-9859542ebb8c" +main_private_subnet_id = "cd77a2fd-4a36-4254-b1d0-70b3874c6d04" +dns_zone_id = "c1a4b4bc-f167-4387-855d-38f0f99ca05c" + +octavia_information = { + main_lb_name = "d4s-pre-cloud-l4-load-balancer" + main_lb_description = "Main L4 load balancer for the D4Science PRE production" + swarm_lb_name = "d4s-pre-cloud-l4-swarm-load-balancer" + octavia_flavor = "octavia_amphora-mvcpu-ha" + octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7" + main_lb_hostname = "main-lb" + # The following aren't available when the module runs so we have to get them with the command + # openstack --os-cloud d4s-pre port list -f value | grep octavia-lb-vrrp + # This means that the execution will fail + octavia_vrrp_ip_1 = "10.1.34.232/32" + octavia_vrrp_ip_2 = "10.1.33.229/32" +} + +os_project_data = { + id = "6fdc02e2827b405dad99f34698659742" +} + +dns_zone = { + zone_name = "cloud-pre.d4science.org." + email = "postmaster@isti.cnr.it" + description = "DNS primary zone for the d4s-pre-cloud project" + ttl = 8600 + id = "c1a4b4bc-f167-4387-855d-38f0f99ca05c" +} + +main_private_network = { + name = "d4s-pre-cloud-main" + description = "D4Science Preprod private network (use this as the main network)" +} + +main_private_subnet = { + name = "d4s-pre-cloud-main-subnet" + description = "D4Science Preprod main private subnet" + cidr = "10.1.32.0/22" + gateway_ip = "10.1.32.1" + allocation_start = "10.1.32.100" + allocation_end = "10.1.35.254" +} + +external_router = { + name = "d4s-pre-cloud-external-router" + description = "D4Science Preprod main router" + id = "cc26064a-bb08-4c0b-929f-d0cb39f934a3" +} + +basic_services_ip = { + ca = "10.1.32.4" + ca_cidr = "10.1.32.4/32" + ssh_jump = "10.1.32.5" + ssh_jump_cidr = "10.1.32.5/32" + prometheus = "10.1.32.10" + prometheus_cidr = "10.1.32.10/32" + haproxy_l7_1 = "10.1.32.11" + haproxy_l7_1_cidr = "10.1.32.11/32" + haproxy_l7_2 = "10.1.32.12" + haproxy_l7_2_cidr = "10.1.32.12/32" + octavia_main = "10.1.32.20" + octavia_main_cidr = "10.1.32.20/32" +} + +main_haproxy_l7_ip = ["10.1.32.11", "10.1.32.12"] + +# docker_swarm_data = { +# mgr_name = "swarm-mgr" +# mgr1_ip = "10.1.32.31" +# mgr1_cidr = "10.1.32.31/32" +# mgr2_ip = "10.1.32.32" +# mgr2_cidr = "10.1.32.32/32" +# mgr3_ip = "10.1.32.33" +# mgr3_cidr = "10.1.32.33/32" +# mgr_count = 3 +# mgr_flavor = "m1.large" +# mgr_data_disk_size = 100 +# worker_name = "swarm-worker" +# worker_count = 3 +# worker_flavor = "m1.large" +# worker_data_disk_size = 200 +# nfs_server_name = "swarm-nfs-server" +# nfs_server_flavor = "m1.medium" +# nfs_server_data_disk_name = "Swarm NFS server data Disk" +# nfs_server_data_disk_size = 100 +# nfs_server_data_disk_device = "/dev/vdb" +# } + +# swarm_managers_ip = ["10.1.32.31", "10.1.32.32", "10.1.32.33"] diff --git a/openstack-tf/d4s-preprod/variables/00-variables.tf b/openstack-tf/d4s-preprod/variables/variables-preprod.tf similarity index 79% rename from openstack-tf/d4s-preprod/variables/00-variables.tf rename to openstack-tf/d4s-preprod/variables/variables-preprod.tf index 2dfa6e11..8323a486 100644 --- a/openstack-tf/d4s-preprod/variables/00-variables.tf +++ b/openstack-tf/d4s-preprod/variables/variables-preprod.tf @@ -1,6 +1,8 @@ -# Configure the OpenStack Provider -provider "openstack" { - cloud = "d4s-pre" +variable "os_project_data" { + type = map(string) + default = { + id = "6fdc02e2827b405dad99f34698659742" + } } variable "dns_zone" { @@ -14,15 +16,28 @@ variable "dns_zone" { } } +variable "dns_zone_id" { + # Set with the correct value after the setup is complete + default = "74135b34-1a9c-4c01-8cf0-22450a5660c4" +} + +variable "default_security_group_name" { + default = "default_for_all" +} + variable "main_private_network" { type = map(string) default = { name = "d4s-pre-cloud-main" description = "D4Science Preprod private network (use this as the main network)" - id = "23fd8a99-d551-4ada-8d3a-9859542ebb8c" } } +variable "main_private_network_id" { + # Set with the correct value after the setup is complete + default = "23fd8a99-d551-4ada-8d3a-9859542ebb8c" +} + variable "main_private_subnet" { type = map(string) default = { @@ -35,6 +50,11 @@ variable "main_private_subnet" { } } +variable "main_private_subnet_id" { + # Set with the correct value after the setup is complete + default = "cd77a2fd-4a36-4254-b1d0-70b3874c6d04" +} + variable "external_router" { type = map(string) default = { @@ -67,17 +87,6 @@ variable "main_haproxy_l7_ip" { default = ["10.1.32.11", "10.1.32.12"] } -variable "ssh_sources" { - type = map(string) - default = { - s2i2s_vpn_1_cidr = "146.48.28.10/32" - s2i2s_vpn_2_cidr = "146.48.28.11/32" - d4s_vpn_1_cidr = "146.48.122.27/32" - d4s_vpn_2_cidr = "146.48.122.49/32" - shell_d4s_cidr = "146.48.122.95/32" - infrascience_net_cidr = "146.48.122.0/23" - } -} variable "octavia_information" { type = map(string) diff --git a/openstack-tf/d4s-production/variables/variables-production.tf b/openstack-tf/d4s-production/variables/variables-production.tf index 5d0b2d1d..4b9e3e24 100644 --- a/openstack-tf/d4s-production/variables/variables-production.tf +++ b/openstack-tf/d4s-production/variables/variables-production.tf @@ -1,4 +1,3 @@ -# Configure the OpenStack Provider variable "os_project_data" { type = map(string) default = { diff --git a/openstack-tf/modules/common_variables/outputs.tf b/openstack-tf/modules/common_variables/outputs.tf index d1a85b7f..3814d5a3 100644 --- a/openstack-tf/modules/common_variables/outputs.tf +++ b/openstack-tf/modules/common_variables/outputs.tf @@ -1,24 +1,33 @@ -output "mtu_size_value" { - value = var.mtu_size -} - -output "main_region_name" { +output "main_region" { value = var.main_region } -output "resolvers_ip" { - value = var.resolvers_ip -} - -output "external_network_name" { - value = var.external_network.name +output "external_network" { + value = var.external_network } output "external_network_id" { value = var.external_network.id } +output "floating_ip_pools" { + value = var.floating_ip_pools + +} + +output "resolvers_ip" { + value = var.resolvers_ip +} + +output "mtu_size" { + value = var.mtu_size +} + +output "availability_zones_names" { + value = var.availability_zones_names +} + output "availability_zone_no_gpu_name" { value = var.availability_zones_names.availability_zone_no_gpu } @@ -27,39 +36,127 @@ output "availability_zone_with_gpu_name" { value = var.availability_zones_names.availability_zone_with_gpu } -output "ssh_sources_list" { +output "ssh_sources" { value = var.ssh_sources } -output "ssh_key_file_config" { - value = var.ssh_key_file +output "networks_with_d4s_services" { + value = var.networks_with_d4s_services } -output "ubuntu1804_img" { +# output "dns_zone" { +# value = { +# zone_name = var.dns_zone.zone_name +# email = var.dns_zone.email +# description = var.dns_zone.description +# ttl = var.dns_zone.ttl +# id = var.dns_zone.id +# } +# } + +output "dns_zone" { + value = var.dns_zone +} +output "dns_zone_id" { + value = var.dns_zone_id +} + +output "main_private_network" { + value = { + name = var.main_private_network.name + description = var.main_private_network.description + } +} + +output "main_private_network_id" { + value = var.main_private_network_id +} + +output "main_private_subnet" { + value = var.main_private_subnet +} + +output "main_private_subnet_id" { + value = var.main_private_subnet_id +} + +output "external_router" { + value = var.external_router +} + +output "ubuntu_1804" { value = var.ubuntu_1804 } -output "ubuntu2204_img" { +output "ubuntu_2204" { value = var.ubuntu_2204 } -output "centos7_img" { +output "centos_7" { value = var.centos_7 } -output "almalinux9_img" { +output "almalinux_9" { value = var.almalinux_9 } -output "ubuntu1804_datafile" { +output "ubuntu1804_data_file" { value = var.ubuntu1804_data_file } -output "ubuntu2204_datafile" { +output "ubuntu2204_data_file" { value = var.ubuntu2204_data_file } -output "el7_datafile" { +output "el7_data_file" { value = var.el7_data_file } +output "ssh_jump_proxy" { + value = var.ssh_jump_proxy +} + +output "internal_ca_data" { + value = var.internal_ca_data +} + +output "prometheus_server_data" { + value = var.prometheus_server_data +} + +output "shared_postgresql_server_data" { + value = var.shared_postgresql_server_data +} + +output "haproxy_l7_data" { + value = var.haproxy_l7_data +} + +output "resource_registry_addresses" { + value = var.resource_registry_addresses +} + +output "smartexecutor_addresses" { + value = var.smartexecutor_addresses +} + +output "os_project_data" { + value = var.os_project_data +} + +output "default_security_group_name" { + value = var.default_security_group_name +} + +output "basic_services_ip" { + value = var.basic_services_ip +} + +output "main_haproxy_l7_ip" { + value = var.main_haproxy_l7_ip +} + +output "octavia_information" { + value = var.octavia_information +} + diff --git a/openstack-tf/modules/common_variables/variables.tf b/openstack-tf/modules/common_variables/variables.tf index 42aea9ad..3de9db16 100644 --- a/openstack-tf/modules/common_variables/variables.tf +++ b/openstack-tf/modules/common_variables/variables.tf @@ -61,6 +61,61 @@ variable "networks_with_d4s_services" { } } +variable "dns_zone" { + type = map(string) + default = { + zone_name = "" + email = "postmaster@isti.cnr.it" + description = "" + ttl = 8600 + id = "" + } +} + +variable "dns_zone_id" { + # Set with the correct value after the setup is complete + default = "" +} + +variable "main_private_network" { + type = map(string) + default = { + name = "" + description = "" + } +} + +variable "main_private_network_id" { + # Set with the correct value after the setup is complete + default = "" +} + +variable "main_private_subnet" { + type = map(string) + default = { + name = "" + description = "" + cidr = "" + gateway_ip = "" + allocation_start = "" + allocation_end = "" + } +} + +variable "main_private_subnet_id" { + # Set with the correct value after the setup is complete + default = "" +} + +variable "external_router" { + type = map(string) + default = { + name = "" + description = "" + id = "" + } +} + variable "ubuntu_1804" { type = map(string) @@ -178,6 +233,57 @@ variable "smartexecutor_addresses" { } } +variable "os_project_data" { + type = map(string) + default = { + id = "" + } +} + +variable "default_security_group_name" { + default = "default_for_all" +} + +variable "basic_services_ip" { + type = map(string) + default = { + ca = "" + ca_cidr = "" + ssh_jump = "" + ssh_jump_cidr = "" + prometheus = "" + prometheus_cidr = "" + haproxy_l7_1 = "" + haproxy_l7_1_cidr = "" + haproxy_l7_2 = "" + haproxy_l7_2_cidr = "" + octavia_main = "" + octavia_main_cidr = "" + } +} + +variable "main_haproxy_l7_ip" { + type = list(string) + default = [] + +} + +variable "octavia_information" { + type = map(string) + default = { + main_lb_name = "" + main_lb_description = "" + swarm_lb_name = "" + octavia_flavor = "" + octavia_flavor_id = "" + main_lb_hostname = "" + # The following aren't available when the module runs so we have to get them with the command + # openstack --os-cloud d4s-pre port list -f value | grep octavia-lb-vrrp + # This means that the execution will fail + octavia_vrrp_ip_1 = "" + octavia_vrrp_ip_2 = "" + } +} # Added by Francesco # Create in the path 'modules/ssh-key-ref' the file 'ssh-key-ref-outputs.tf' diff --git a/openstack-tf/modules/d4science_infra_setup/haproxy.tf b/openstack-tf/modules/d4science_infra_setup/haproxy.tf new file mode 100644 index 00000000..a9610c50 --- /dev/null +++ b/openstack-tf/modules/d4science_infra_setup/haproxy.tf @@ -0,0 +1,138 @@ +# +# HAPROXY L7 behind the main Octavia balancer +# +# FIXME: terraform does not return the Octavia VRRP addresses, so we have to find them before creating the security group that allows the traffic between octavia and the haproxy instances +# +# openstack --os-cloud d4s-pre port list -f value | grep octavia-lb-vrrp +# 5cc2354e-4465-4a1d-8390-c214e208c6de octavia-lb-vrrp-72392023-a774-4b58-a025-c1e99c5d152a fa:16:3e:62:24:2c [{'subnet_id': 'cd77a2fd-4a36-4254-b1d0-70b3874c6d04', 'ip_address': '10.1.34.232'}] ACTIVE +# 8aa4e97f-723d-4a2a-b79f-912fa7651653 octavia-lb-vrrp-fbfcf712-0ceb-4a38-82da-0c9ebef5dff3 fa:16:3e:79:62:a5 [{'subnet_id': 'cd77a2fd-4a36-4254-b1d0-70b3874c6d04', 'ip_address': '10.1.33.229'}] ACTIVE +# +# Server group +# +resource "openstack_compute_servergroup_v2" "main_haproxy_l7" { + name = "main_haproxy_l7" + policies = ["anti-affinity"] +} +# Security group +resource "openstack_networking_secgroup_v2" "main_lb_to_haproxy_l7" { + name = "traffic_from_main_lb_to_haproxy_l7" + delete_default_rules = "true" + description = "Traffic coming the main L4 lb directed to the haproxy l7 servers" +} + +resource "openstack_networking_secgroup_rule_v2" "haproxy_l7_1_peer" { + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Peer traffic from haproxy l7 1 to l7 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 10000 + port_range_max = 10000 + remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_1_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "haproxy_l7_2_peer" { + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Peer traffic from haproxy l7 2 to l7 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 10000 + port_range_max = 10000 + remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_2_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "lb3_1_haproxy_l7_80" { + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Traffic from the first main lb instance to HAPROXY l7 1 port 80" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = module.common_variables.octavia_information.octavia_vrrp_ip_1 +} + +resource "openstack_networking_secgroup_rule_v2" "lb3_1_haproxy_l7_443" { + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Traffic from the first main lb instance to HAPROXY l7 1 port 443" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = module.common_variables.octavia_information.octavia_vrrp_ip_1 +} + +resource "openstack_networking_secgroup_rule_v2" "lb3_1_haproxy_l7_8080" { + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Traffic from the first main lb instance to HAPROXY l7 1 port 8080" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8080 + remote_ip_prefix = module.common_variables.octavia_information.octavia_vrrp_ip_1 +} + +resource "openstack_networking_secgroup_rule_v2" "lb3_2_haproxy_l7_80" { + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Traffic from the first main lb instance to HAPROXY l7 2 port 80" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = module.common_variables.octavia_information.octavia_vrrp_ip_2 +} + +resource "openstack_networking_secgroup_rule_v2" "lb3_2_haproxy_l7_443" { + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Traffic from the first main lb instance to HAPROXY l7 2 port 443" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = module.common_variables.octavia_information.octavia_vrrp_ip_2 +} + +resource "openstack_networking_secgroup_rule_v2" "lb3_2_haproxy_l7_8080" { + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Traffic from the first main lb instance to HAPROXY l7 2 port 8080" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8080 + remote_ip_prefix = module.common_variables.octavia_information.octavia_vrrp_ip_2 +} + + +# Instance +resource "openstack_compute_instance_v2" "main_haproxy_l7" { + count = module.common_variables.haproxy_l7_data.vm_count + name = format("%s-%02d", module.common_variables.haproxy_l7_data.name, count.index+1) + availability_zone_hints = module.common_variables.availability_zones_names.availability_zone_no_gpu + flavor_name = module.common_variables.haproxy_l7_data.flavor + key_pair = module.ssh_settings.ssh_key_name + security_groups = [module.common_variables.default_security_group_name,openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.name] + scheduler_hints { + group = openstack_compute_servergroup_v2.main_haproxy_l7.id + } + block_device { + uuid = module.common_variables.ubuntu_2204.uuid + source_type = "image" + volume_size = 10 + boot_index = 0 + destination_type = "volume" + delete_on_termination = false + } + + network { + name = module.common_variables.main_private_network.name + fixed_ip_v4 = module.common_variables.main_haproxy_l7_ip.*[count.index] + } + + user_data = "${file("${module.common_variables.ubuntu2204_data_file}")}" +} diff --git a/openstack-tf/modules/d4science_infra_setup/internal-ca.tf b/openstack-tf/modules/d4science_infra_setup/internal-ca.tf new file mode 100644 index 00000000..3008f61e --- /dev/null +++ b/openstack-tf/modules/d4science_infra_setup/internal-ca.tf @@ -0,0 +1,21 @@ +resource "openstack_compute_instance_v2" "internal_ca" { + name = module.common_variables.internal_ca_data.name + availability_zone_hints = module.common_variables.availability_zones_names.availability_zone_no_gpu + flavor_name = module.common_variables.internal_ca_data.flavor + key_pair = module.ssh_settings.ssh_key_name + security_groups = [module.common_variables.default_security_group_name] + block_device { + uuid = module.common_variables.ubuntu_2204.uuid + source_type = "image" + volume_size = 10 + boot_index = 0 + destination_type = "volume" + delete_on_termination = false + } + + network { + name = module.common_variables.main_private_network.name + fixed_ip_v4 = module.common_variables.basic_services_ip.ca + } + user_data = "${file("${module.common_variables.ubuntu2204_data_file}")}" +} diff --git a/openstack-tf/modules/d4science_infra_setup/octavia.tf b/openstack-tf/modules/d4science_infra_setup/octavia.tf new file mode 100644 index 00000000..95c9ce21 --- /dev/null +++ b/openstack-tf/modules/d4science_infra_setup/octavia.tf @@ -0,0 +1,186 @@ +# Main load balancer. L4, backed by Octavia +resource "openstack_lb_loadbalancer_v2" "main_lb" { + vip_subnet_id = module.common_variables.main_private_subnet_id + name = module.common_variables.octavia_information.main_lb_name + description = module.common_variables.octavia_information.main_lb_description + flavor_id = module.common_variables.octavia_information.octavia_flavor_id + vip_address = module.common_variables.basic_services_ip.octavia_main + loadbalancer_provider = "amphora" +} + +# Allocate a floating IP +resource "openstack_networking_floatingip_v2" "main_lb_ip" { + pool = module.common_variables.floating_ip_pools.main_public_ip_pool + # The DNS association does not work because of a bug in the OpenStack API + # dns_name = "main-lb" + # dns_domain = module.common_variables.dns_zone.zone_name + description = module.common_variables.octavia_information.main_lb_description +} + +resource "openstack_networking_floatingip_associate_v2" "main_lb" { + floating_ip = openstack_networking_floatingip_v2.main_lb_ip.address + port_id = openstack_lb_loadbalancer_v2.main_lb.vip_port_id +} + +locals { + recordset_name = "${module.common_variables.octavia_information.main_lb_hostname}.${module.common_variables.dns_zone.zone_name}" +} + +resource "openstack_dns_recordset_v2" "main_lb_dns_recordset" { + zone_id = module.common_variables.dns_zone_id + name = local.recordset_name + description = "Public IP address of the main load balancer" + ttl = 8600 + type = "A" + records = [openstack_networking_floatingip_v2.main_lb_ip.address] +} + +# Main HAPROXY stats listener +resource "openstack_lb_listener_v2" "main_haproxy_stats_listener" { + loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id + protocol = "TCP" + protocol_port = 8880 + description = "Listener for the stats of the main HAPROXY instances" + name = "main_haproxy_stats_listener" + allowed_cidrs = [module.common_variables.ssh_sources.d4s_vpn_1_cidr,module.common_variables.ssh_sources.d4s_vpn_2_cidr,module.common_variables.ssh_sources.s2i2s_vpn_1_cidr,module.common_variables.ssh_sources.s2i2s_vpn_2_cidr] + +} + +resource "openstack_lb_pool_v2" "main_haproxy_stats_pool" { + listener_id = openstack_lb_listener_v2.main_haproxy_stats_listener.id + protocol = "TCP" + lb_method = "LEAST_CONNECTIONS" + name = "main-haproxy-lb-stats" + description = "Pool for the stats of the main HAPROXY instances" + persistence { + type = "SOURCE_IP" + } +} + +resource "openstack_lb_members_v2" "main_haproxy_stats_pool_members" { + pool_id = openstack_lb_pool_v2.main_haproxy_stats_pool.id + member { + name = "haproxy l7 1" + address = module.common_variables.basic_services_ip.haproxy_l7_1 + protocol_port = 8880 + } + member { + name = "haproxy l7 2" + address = module.common_variables.basic_services_ip.haproxy_l7_2 + protocol_port = 8880 + } +} + +resource "openstack_lb_monitor_v2" "main_haproxy_stats_monitor" { + pool_id = openstack_lb_pool_v2.main_haproxy_stats_pool.id + name = "main_haproxy_stats_monitor" + type = "TCP" + delay = 20 + timeout = 5 + max_retries = 3 + admin_state_up = true +} + +# Main HAPROXY HTTP +resource "openstack_lb_listener_v2" "main_haproxy_http_listener" { + loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id + protocol = "TCP" + protocol_port = 80 + description = "HTTP listener of the main HAPROXY instances" + name = "main_haproxy_http_listener" + admin_state_up = true +} + +resource "openstack_lb_pool_v2" "main_haproxy_http_pool" { + listener_id = openstack_lb_listener_v2.main_haproxy_http_listener.id + protocol = "PROXYV2" + lb_method = "LEAST_CONNECTIONS" + name = "main-haproxy-lb-http" + description = "Pool for the HTTP listener of the main HAPROXY instances" + persistence { + type = "SOURCE_IP" + } + admin_state_up = true +} + +resource "openstack_lb_members_v2" "main_haproxy_http_pool_members" { + pool_id = openstack_lb_pool_v2.main_haproxy_http_pool.id + member { + name = "haproxy l7 1" + address = module.common_variables.basic_services_ip.haproxy_l7_1 + protocol_port = 80 + } + member { + name = "haproxy l7 2" + address = module.common_variables.basic_services_ip.haproxy_l7_2 + protocol_port = 80 + } +} + +resource "openstack_lb_monitor_v2" "main_haproxy_http_monitor" { + pool_id = openstack_lb_pool_v2.main_haproxy_http_pool.id + name = "main_haproxy_http_monitor" + type = "HTTP" + http_method = "GET" + url_path = "/_haproxy_health_check" + expected_codes = "200" + delay = 20 + timeout = 5 + max_retries = 3 + admin_state_up = true +} + +# Main HAPROXY HTTPS +resource "openstack_lb_listener_v2" "main_haproxy_https_listener" { + loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id + protocol = "TCP" + protocol_port = 443 + description = "HTTPS listener of the main HAPROXY instances" + name = "main_haproxy_https_listener" + admin_state_up = true +} + +resource "openstack_lb_pool_v2" "main_haproxy_https_pool" { + listener_id = openstack_lb_listener_v2.main_haproxy_https_listener.id + protocol = "PROXYV2" + lb_method = "LEAST_CONNECTIONS" + name = "main-haproxy-lb-https" + description = "Pool for the HTTPS listener of the main HAPROXY instances" + persistence { + type = "SOURCE_IP" + } + admin_state_up = true +} + +resource "openstack_lb_members_v2" "main_haproxy_https_pool_members" { + pool_id = openstack_lb_pool_v2.main_haproxy_https_pool.id + member { + name = "haproxy l7 1" + address = module.common_variables.basic_services_ip.haproxy_l7_1 + protocol_port = 443 + } + member { + name = "haproxy l7 2" + address = module.common_variables.basic_services_ip.haproxy_l7_2 + protocol_port = 443 + } +} + +resource "openstack_lb_monitor_v2" "main_haproxy_https_monitor" { + pool_id = openstack_lb_pool_v2.main_haproxy_https_pool.id + name = "main_haproxy_https_monitor" + type = "HTTPS" + http_method = "GET" + url_path = "/_haproxy_health_check" + expected_codes = "200" + delay = 20 + timeout = 5 + max_retries = 3 + admin_state_up = true +} + +output "main_loadbalancer_ip" { + description = "Main Load balancer IP address" + value = openstack_lb_loadbalancer_v2.main_lb.vip_address +} + diff --git a/openstack-tf/modules/d4science_infra_setup/postgresql.tf b/openstack-tf/modules/d4science_infra_setup/postgresql.tf new file mode 100644 index 00000000..5cade7a2 --- /dev/null +++ b/openstack-tf/modules/d4science_infra_setup/postgresql.tf @@ -0,0 +1,87 @@ +# PostgreSQL shared server +# Network +resource "openstack_networking_network_v2" "shared_postgresql_net" { + name = module.common_variables.shared_postgresql_server_data.network_name + admin_state_up = "true" + external = "false" + description = module.common_variables.shared_postgresql_server_data.network_description + dns_domain = module.common_variables.dns_zone.zone_name + mtu = module.common_variables.mtu_size + port_security_enabled = true + shared = false + region = module.common_variables.main_region +} + +# Subnet +resource "openstack_networking_subnet_v2" "shared_postgresql_subnet" { + name = "shared-postgresql-subnet" + description = "subnet used to connect to the shared PostgreSQL service" + network_id = openstack_networking_network_v2.shared_postgresql_net.id + cidr = module.common_variables.shared_postgresql_server_data.network_cidr + dns_nameservers = module.common_variables.resolvers_ip + ip_version = 4 + enable_dhcp = true + no_gateway = true + allocation_pool { + start = module.common_variables.shared_postgresql_server_data.allocation_pool_start + end = module.common_variables.shared_postgresql_server_data.allocation_pool_end + } +} + +# Security group +resource "openstack_networking_secgroup_v2" "shared_postgresql_access" { + name = "access_to_the_shared_postgresql_service" + delete_default_rules = "true" + description = "Access the shared PostgreSQL service using the dedicated network" +} + +resource "openstack_networking_secgroup_rule_v2" "shared_postgresql_access_from_dedicated_subnet" { + security_group_id = openstack_networking_secgroup_v2.shared_postgresql_access.id + description = "Allow connections to port 5432 from the 192.168.2.0/22 network" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 5432 + port_range_max = 5432 + remote_ip_prefix = module.common_variables.shared_postgresql_server_data.network_cidr +} + +# Block device +resource "openstack_blockstorage_volume_v3" "shared_postgresql_data_vol" { + name = module.common_variables.shared_postgresql_server_data.vol_data_name + size = module.common_variables.shared_postgresql_server_data.vol_data_size +} + +# Instance +resource "openstack_compute_instance_v2" "shared_postgresql_server" { + name = module.common_variables.shared_postgresql_server_data.name + availability_zone_hints = module.common_variables.availability_zones_names.availability_zone_no_gpu + flavor_name = module.common_variables.shared_postgresql_server_data.flavor + key_pair = module.ssh_settings.ssh_key_name + security_groups = [module.common_variables.default_security_group_name,openstack_networking_secgroup_v2.shared_postgresql_access.name] + block_device { + uuid = module.common_variables.ubuntu_2204.uuid + source_type = "image" + volume_size = 10 + boot_index = 0 + destination_type = "volume" + delete_on_termination = false + } + + network { + name = module.common_variables.main_private_network.name + } + network { + name = module.common_variables.shared_postgresql_server_data.network_name + fixed_ip_v4 = module.common_variables.shared_postgresql_server_data.server_ip + } + + user_data = "${file("${module.common_variables.ubuntu2204_data_file}")}" +} + +resource "openstack_compute_volume_attach_v2" "shared_postgresql_data_attach_vol" { + instance_id = openstack_compute_instance_v2.shared_postgresql_server.id + volume_id = openstack_blockstorage_volume_v3.shared_postgresql_data_vol.id + device = module.common_variables.shared_postgresql_server_data.vol_data_device + depends_on = [openstack_compute_instance_v2.shared_postgresql_server] +} diff --git a/openstack-tf/modules/d4science_infra_setup/prometheus.tf b/openstack-tf/modules/d4science_infra_setup/prometheus.tf new file mode 100644 index 00000000..60ac2e9e --- /dev/null +++ b/openstack-tf/modules/d4science_infra_setup/prometheus.tf @@ -0,0 +1,68 @@ +# Promertheus server. A floating IP is required +resource "openstack_blockstorage_volume_v3" "prometheus_data_vol" { + name = module.common_variables.prometheus_server_data.vol_data_name + size = module.common_variables.prometheus_server_data.vol_data_size +} + +resource "openstack_compute_instance_v2" "prometheus_server" { + name = module.common_variables.prometheus_server_data.name + availability_zone_hints = module.common_variables.availability_zones_names.availability_zone_no_gpu + flavor_name = module.common_variables.prometheus_server_data.flavor + key_pair = module.ssh_settings.ssh_key_name + security_groups = [module.common_variables.default_security_group_name,openstack_networking_secgroup_v2.restricted_web.name,openstack_networking_secgroup_v2.prometheus_access_from_grafana.name] + block_device { + uuid = module.common_variables.ubuntu_2204.uuid + source_type = "image" + volume_size = 10 + boot_index = 0 + destination_type = "volume" + delete_on_termination = false + } + + network { + name = module.common_variables.main_private_network.name + fixed_ip_v4 = module.common_variables.basic_services_ip.prometheus + } + user_data = "${file("${module.common_variables.ubuntu2204_data_file}")}" +} + +resource "openstack_compute_volume_attach_v2" "prometheus_data_attach_vol" { + instance_id = openstack_compute_instance_v2.prometheus_server.id + volume_id = openstack_blockstorage_volume_v3.prometheus_data_vol.id + device = module.common_variables.prometheus_server_data.vol_data_device +} + +# Floating IP and DNS record +resource "openstack_networking_floatingip_v2" "prometheus_server_ip" { + pool = module.common_variables.floating_ip_pools.main_public_ip_pool + # The DNS association does not work because of a bug in the OpenStack API + description = "Prometheus server" +} + +resource "openstack_compute_floatingip_associate_v2" "prometheus_server" { + floating_ip = openstack_networking_floatingip_v2.prometheus_server_ip.address + instance_id = openstack_compute_instance_v2.prometheus_server.id +} + +locals { + prometheus_recordset_name = "${module.common_variables.prometheus_server_data.name}.${module.common_variables.dns_zone.zone_name}" + alertmanager_recordset_name = "alertmanager.${module.common_variables.dns_zone.zone_name}" +} + +resource "openstack_dns_recordset_v2" "prometheus_server_recordset" { + zone_id = module.common_variables.dns_zone_id + name = local.prometheus_recordset_name + description = "Public IP address of the Prometheus server" + ttl = 8600 + type = "A" + records = [openstack_networking_floatingip_v2.prometheus_server_ip.address] +} + +resource "openstack_dns_recordset_v2" "alertmanager_server_recordset" { + zone_id = module.common_variables.dns_zone_id + name = local.alertmanager_recordset_name + description = "Prometheus alertmanager" + ttl = 8600 + type = "CNAME" + records = [local.prometheus_recordset_name] +} diff --git a/openstack-tf/modules/d4science_infra_setup/security-groups.tf b/openstack-tf/modules/d4science_infra_setup/security-groups.tf new file mode 100644 index 00000000..f596f4d9 --- /dev/null +++ b/openstack-tf/modules/d4science_infra_setup/security-groups.tf @@ -0,0 +1,373 @@ +# +# This is the security group that should be added to every instance +resource "openstack_networking_secgroup_v2" "default" { + name = module.common_variables.default_security_group_name + delete_default_rules = "true" + description = "Default security group with rules for ssh access via jump proxy, prometheus scraping" +} + +resource "openstack_networking_secgroup_rule_v2" "egress-ipv4" { + security_group_id = openstack_networking_secgroup_v2.default.id + direction = "egress" + ethertype = "IPv4" +} + +resource "openstack_networking_secgroup_rule_v2" "ingress-icmp" { + security_group_id = openstack_networking_secgroup_v2.default.id + description = "Allow ICMP from remote" + direction = "ingress" + ethertype = "IPv4" + remote_ip_prefix = "0.0.0.0/0" + protocol = "icmp" +} + +resource "openstack_networking_secgroup_rule_v2" "ssh-jump-proxy" { + security_group_id = openstack_networking_secgroup_v2.default.id + description = "SSH traffic from the jump proxy" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = module.common_variables.basic_services_ip.ssh_jump_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "prometheus-node" { + security_group_id = openstack_networking_secgroup_v2.default.id + description = "Prometheus access to the node exporter" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9100 + port_range_max = 9100 + remote_ip_prefix = module.common_variables.basic_services_ip.prometheus_cidr +} + +# +# SSH access to the jump proxy. Used by the jump proxy VM only +resource "openstack_networking_secgroup_v2" "access_to_the_jump_proxy" { + name = "ssh_access_to_the_jump_node" + delete_default_rules = "true" + description = "Security group that allows SSH access to the jump node from a limited set of sources" +} + +resource "openstack_networking_secgroup_rule_v2" "ssh-s2i2s-vpn-1" { + security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id + description = "SSH traffic from S2I2S VPN 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = module.common_variables.ssh_sources.s2i2s_vpn_1_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "ssh-s2i2s-vpn-2" { + security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id + description = "SSH traffic from S2I2S VPN 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = module.common_variables.ssh_sources.s2i2s_vpn_2_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "ssh-d4s-vpn-1" { + security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id + description = "SSH traffic from D4Science VPN 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = module.common_variables.ssh_sources.d4s_vpn_1_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "ssh-d4s-vpn-2" { + security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id + description = "SSH traffic from D4Science VPN 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = module.common_variables.ssh_sources.d4s_vpn_2_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "ssh-shell-d4s" { + security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id + description = "SSH traffic from shell.d4science.org" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = module.common_variables.ssh_sources.shell_d4s_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "ssh-infrascience-net" { + security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id + description = "SSH traffic from the InfraScience network" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = module.common_variables.ssh_sources.infrascience_net_cidr +} + +# Debug via tunnel from the jump proxy node +resource "openstack_networking_secgroup_v2" "debugging" { + name = "debugging_from_jump_node" + delete_default_rules = "true" + description = "Security group that allows web app debugging via tunnel from the ssh jump node" +} + +resource "openstack_networking_secgroup_rule_v2" "shell_8100" { + security_group_id = openstack_networking_secgroup_v2.debugging.id + description = "Tomcat debug on port 8100 from the shell jump proxy" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8100 + port_range_max = 8100 + remote_ip_prefix = module.common_variables.basic_services_ip.ssh_jump_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "shell_80" { + security_group_id = openstack_networking_secgroup_v2.debugging.id + description = "http debug port 80 from the shell jump proxy" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = module.common_variables.basic_services_ip.ssh_jump_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "shell_443" { + security_group_id = openstack_networking_secgroup_v2.debugging.id + description = "https debug port 443 from the shell jump proxy" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = module.common_variables.basic_services_ip.ssh_jump_cidr +} + +# Traffic from the main HAPROXY load balancers +# Use on the web services that are exposed through the main HAPROXY +resource "openstack_networking_secgroup_v2" "traffic_from_main_haproxy" { + name = "traffic_from_the_main_load_balancers" + delete_default_rules = "true" + description = "Allow traffic from the main L7 HAPROXY load balancers" +} + +resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-1-80" { + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTP traffic from HAPROXY L7 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_1_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-2-80" { + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTP traffic from HAPROXY L7 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_2_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-1-443" { + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTPS traffic from HAPROXY L7 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_1_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-2-443" { + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTPS traffic from HAPROXY L7 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_2_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-1-8080" { + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTP traffic from HAPROXY L7 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8080 + remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_1_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-2-8080" { + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTP traffic from HAPROXY L7 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8080 + remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_2_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-1-8888" { + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTP traffic from HAPROXY L7 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8888 + port_range_max = 8888 + remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_1_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-2-8888" { + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTP traffic from HAPROXY L7 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8888 + port_range_max = 8888 + remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_2_cidr +} + +# Security group that exposes web services directly. A floating IP is required. +resource "openstack_networking_secgroup_v2" "public_web" { + name = "public_web_service" + delete_default_rules = "true" + description = "Security group that allows HTTPS and HTTP from everywhere, for the services that are not behind any load balancer" +} + +resource "openstack_networking_secgroup_rule_v2" "public_http" { + security_group_id = openstack_networking_secgroup_v2.public_web.id + description = "Allow HTTP from everywhere" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = "0.0.0.0/0" +} + +resource "openstack_networking_secgroup_rule_v2" "public_https" { + security_group_id = openstack_networking_secgroup_v2.public_web.id + description = "Allow HTTPS from everywhere" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = "0.0.0.0/0" +} + +# HTTP and HTTPS access through the VPN nodes. Floating IP is required +resource "openstack_networking_secgroup_v2" "restricted_web" { + name = "restricted_web_service" + delete_default_rules = "true" + description = "Security group that restricts HTTPS sources to the VPN nodes and shell.d4science.org. HTTP is open to all, because letsencrypt" +} + +resource "openstack_networking_secgroup_rule_v2" "http_from_everywhere" { + security_group_id = openstack_networking_secgroup_v2.restricted_web.id + description = "Allow HTTP from everywhere" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = "0.0.0.0/0" +} + +resource "openstack_networking_secgroup_rule_v2" "https_from_d4s_vpn_1" { + security_group_id = openstack_networking_secgroup_v2.restricted_web.id + description = "Allow HTTPS from D4Science VPN 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = module.common_variables.ssh_sources.d4s_vpn_1_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "https_from_d4s_vpn_2" { + security_group_id = openstack_networking_secgroup_v2.restricted_web.id + description = "Allow HTTPS from D4Science VPN 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = module.common_variables.ssh_sources.d4s_vpn_2_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "https_from_s2i2s_vpn_1" { + security_group_id = openstack_networking_secgroup_v2.restricted_web.id + description = "Allow HTTPS from S2I2S VPN 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = module.common_variables.ssh_sources.s2i2s_vpn_1_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "https_from_s2i2s_vpn_2" { + security_group_id = openstack_networking_secgroup_v2.restricted_web.id + description = "Allow HTTPS from S2I2S VPN 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = module.common_variables.ssh_sources.s2i2s_vpn_2_cidr +} + +resource "openstack_networking_secgroup_rule_v2" "https_from_shell_d4s" { + security_group_id = openstack_networking_secgroup_v2.restricted_web.id + description = "Allow HTTPS from shell.d4science.org" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = module.common_variables.ssh_sources.shell_d4s_cidr +} + +resource "openstack_networking_secgroup_v2" "prometheus_access_from_grafana" { + name = "prometheus_access_from_grafana" + delete_default_rules = "true" + description = "The public grafana server must be able to get data from Prometheus" +} + +resource "openstack_networking_secgroup_rule_v2" "grafana_d4s" { + security_group_id = openstack_networking_secgroup_v2.prometheus_access_from_grafana.id + description = "Allow HTTPS from grafana.d4science.org" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = module.common_variables.prometheus_server_data.public_grafana_server_cidr +} diff --git a/openstack-tf/modules/d4science_infra_setup/ssh-jump-proxy.tf b/openstack-tf/modules/d4science_infra_setup/ssh-jump-proxy.tf new file mode 100644 index 00000000..db80be35 --- /dev/null +++ b/openstack-tf/modules/d4science_infra_setup/ssh-jump-proxy.tf @@ -0,0 +1,47 @@ +# VM used as jump proxy. A floating IP is required +resource "openstack_compute_instance_v2" "ssh_jump_proxy" { + name = module.common_variables.ssh_jump_proxy.name + availability_zone_hints = module.common_variables.availability_zones_names.availability_zone_no_gpu + flavor_name = module.common_variables.ssh_jump_proxy.flavor + key_pair = module.ssh_settings.ssh_key_name + security_groups = [module.common_variables.default_security_group_name,openstack_networking_secgroup_v2.access_to_the_jump_proxy.name] + block_device { + uuid = module.common_variables.ubuntu_2204.uuid + source_type = "image" + volume_size = 30 + boot_index = 0 + destination_type = "volume" + delete_on_termination = false + } + + network { + name = module.common_variables.main_private_network.name + fixed_ip_v4 = module.common_variables.basic_services_ip.ssh_jump + } + user_data = "${file("${module.common_variables.ubuntu2204_data_file}")}" +} + +# Floating IP and DNS record +resource "openstack_networking_floatingip_v2" "ssh_jump_proxy_ip" { + pool = module.common_variables.floating_ip_pools.main_public_ip_pool + # The DNS association does not work because of a bug in the OpenStack API + description = "SSH Proxy Jump Server" +} + +resource "openstack_compute_floatingip_associate_v2" "ssh_jump_proxy" { + floating_ip = openstack_networking_floatingip_v2.ssh_jump_proxy_ip.address + instance_id = openstack_compute_instance_v2.ssh_jump_proxy.id +} + +locals { + ssh_recordset_name = "${module.common_variables.ssh_jump_proxy.name}.${module.common_variables.dns_zone.zone_name}" +} + +resource "openstack_dns_recordset_v2" "ssh_jump_proxy_recordset" { + zone_id = module.common_variables.dns_zone_id + name = local.ssh_recordset_name + description = "Public IP address of the SSH Proxy Jump server" + ttl = 8600 + type = "A" + records = [openstack_networking_floatingip_v2.ssh_jump_proxy_ip.address] +} diff --git a/openstack-tf/modules/d4science_infra_setup/terraform-provider.tf b/openstack-tf/modules/d4science_infra_setup/terraform-provider.tf new file mode 100644 index 00000000..5c3eb1d8 --- /dev/null +++ b/openstack-tf/modules/d4science_infra_setup/terraform-provider.tf @@ -0,0 +1,27 @@ +# Define required providers +terraform { +required_version = ">= 0.14.0" + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } + } +} + +data "terraform_remote_state" "privnet_dns_router" { + backend = "local" + + config = { + path = "../project-setup/terraform.tfstate" + } +} + +module "common_variables" { + source = "../../modules/common_variables" +} + +module "ssh_settings" { + source = "../../modules/ssh-key-ref" +} + diff --git a/openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf b/openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf index 2f8b3860..808c97d7 100644 --- a/openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf +++ b/openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf @@ -1,13 +1,3 @@ -# Define required providers -terraform { -required_version = ">= 0.14.0" - required_providers { - openstack = { - source = "terraform-provider-openstack/openstack" - version = "~> 1.53.0" - } - } -} resource "openstack_dns_zone_v2" "primary_project_dns_zone" { name = var.dns_zone.zone_name email = var.dns_zone.email @@ -52,7 +42,7 @@ resource "openstack_networking_router_v2" "external-router" { external_network_id = var.external_network.id tenant_id = var.os_project_data.id enable_snat = true - vendor_options { + vendor_options { set_router_gateway_after_create = true } } @@ -78,22 +68,3 @@ resource "openstack_dns_recordset_v2" "acme_challenge_recordset" { records = ["_acme-challenge.d4science.net."] } -output "main_private_network_id" { - description = "Main private network id" - value = openstack_networking_network_v2.main-private-network.id -} - -output "main_subnet_network_id" { - description = "Main subnet network id" - value = openstack_networking_subnet_v2.main-private-subnet.id -} - -output "dns_zone_id" { - description = "Id of the new DNS zone" - value = openstack_dns_zone_v2.primary_project_dns_zone.id -} - -output "external_gateway_ip" { - description = "Public IP address of the external gateway" - value = openstack_networking_router_v2.external-router.external_fixed_ip[0].ip_address -} diff --git a/openstack-tf/modules/main_private_net_and_dns_zone/variables.tf b/openstack-tf/modules/main_private_net_and_dns_zone/variables.tf deleted file mode 100644 index 587fb45e..00000000 --- a/openstack-tf/modules/main_private_net_and_dns_zone/variables.tf +++ /dev/null @@ -1,65 +0,0 @@ -# Define required providers -terraform { -required_version = ">= 0.14.0" - required_providers { - openstack = { - source = "terraform-provider-openstack/openstack" - version = "~> 1.53.0" - } - } -} - -# Global definitions -variable "main_region" { - type = string - default = "isti_area_pi_1" -} - -variable "external_network" { - type = map(string) - default = { - name = "external-network" - id = "1d2ff137-6ff7-4017-be2b-0d6c4af2353b" - } -} - -variable "floating_ip_pools" { - type = map(string) - default = { - main_public_ip_pool = "external-network" - } -} - -variable "resolvers_ip" { - type = list(string) - default = ["146.48.29.97", "146.48.29.98", "146.48.29.99"] -} - -variable "mtu_size" { - type = number - default = 8942 -} - -variable "availability_zones_names" { - type = map(string) - default = { - availability_zone_no_gpu = "cnr-isti-nova-a" - availability_zone_with_gpu = "cnr-isti-nova-gpu-a" - } -} - -variable "ssh_sources" { - type = map(string) - default = { - s2i2s_vpn_1_cidr = "146.48.28.10/32" - s2i2s_vpn_2_cidr = "146.48.28.11/32" - d4s_vpn_1_cidr = "146.48.122.27/32" - d4s_vpn_2_cidr = "146.48.122.49/32" - shell_d4s_cidr = "146.48.122.95/32" - infrascience_net_cidr = "146.48.122.0/23" - } -} - -output "mtu_size" { - value = var.mtu_size -} diff --git a/openstack-tf/modules/ssh_keys/ssh-keys.tf b/openstack-tf/modules/ssh_keys/ssh-keys.tf index dca6c183..ec43a1d0 100644 --- a/openstack-tf/modules/ssh_keys/ssh-keys.tf +++ b/openstack-tf/modules/ssh_keys/ssh-keys.tf @@ -1,4 +1,19 @@ -resource "openstack_compute_keypair_v2" "initial_ssh_key" { - name = var.ssh_key_file.name - public_key = file("${var.ssh_key_file.file}.pub") +# Define required providers +terraform { +required_version = ">= 0.14.0" + required_providers { + openstack = { + source = "terraform-provider-openstack/openstack" + version = "~> 1.53.0" + } + } +} + +module "ssh_settings" { + source = "../../modules/ssh-key-ref" +} + +resource "openstack_compute_keypair_v2" "initial_ssh_key" { + name = module.ssh_settings.ssh_key_name + public_key = file("${module.ssh_settings.ssh_key_file}.pub") }