Production environment.
This commit is contained in:
parent
193d7fb34e
commit
7db6897429
GPG Key ID:
147ABE6CEB9E20FF
|
|
@ -2,6 +2,7 @@ resource "openstack_dns_zone_v2" "primary_project_dns_zone" {
|
|||
name = var.dns_zone.zone_name
|
||||
email = var.dns_zone.email
|
||||
description = var.dns_zone.description
|
||||
project_id = var.os_project_data.id
|
||||
ttl = var.dns_zone.ttl
|
||||
type = "PRIMARY"
|
||||
}
|
||||
|
|
@ -16,6 +17,7 @@ resource "openstack_networking_network_v2" "main-private-network" {
|
|||
port_security_enabled = true
|
||||
shared = false
|
||||
region = var.main_region
|
||||
tenant_id = var.os_project_data.id
|
||||
}
|
||||
|
||||
resource "openstack_networking_subnet_v2" "main-private-subnet" {
|
||||
|
|
@ -27,24 +29,42 @@ resource "openstack_networking_subnet_v2" "main-private-subnet" {
|
|||
dns_nameservers = var.resolvers_ip
|
||||
ip_version = 4
|
||||
enable_dhcp = true
|
||||
tenant_id = var.os_project_data.id
|
||||
allocation_pool {
|
||||
start = var.main_private_subnet.allocation_start
|
||||
end = var.main_private_subnet.allocation_end
|
||||
}
|
||||
}
|
||||
|
||||
# Shell command:
|
||||
# openstack --os-cloud d4s-pre router create --description "D4Science Preprod main router" --external-gateway external-network d4s-pre-cloud-external-router
|
||||
# resource "openstack_networking_router_v2" "external-router" {
|
||||
# name = var.external_router.name
|
||||
# description = var.external_router.description
|
||||
# external_network_id = var.external_network.id
|
||||
# enable_snat = true
|
||||
# }
|
||||
resource "openstack_networking_router_v2" "external-router" {
|
||||
name = var.external_router.name
|
||||
description = var.external_router.description
|
||||
external_network_id = var.external_network.id
|
||||
tenant_id = var.os_project_data.id
|
||||
enable_snat = true
|
||||
vendor_options {
|
||||
set_router_gateway_after_create = true
|
||||
}
|
||||
}
|
||||
|
||||
# Router interface configuration
|
||||
resource "openstack_networking_router_interface_v2" "private-network-routing" {
|
||||
# router_id = openstack_networking_router_v2.external-router.id
|
||||
router_id = var.external_router.id
|
||||
router_id = openstack_networking_router_v2.external-router.id
|
||||
# router_id = var.external_router.id
|
||||
subnet_id = openstack_networking_subnet_v2.main-private-subnet.id
|
||||
}
|
||||
|
||||
output "main_private_network_id" {
|
||||
description = "Main private network id"
|
||||
value = openstack_networking_network_v2.main-private-network.id
|
||||
}
|
||||
|
||||
output "dns_zone_id" {
|
||||
description = "Id of the new DNS zone"
|
||||
value = openstack_dns_zone_v2.primary_project_dns_zone.id
|
||||
}
|
||||
|
||||
output "external_gateway_ip" {
|
||||
description = "Public IP address of the external gateway"
|
||||
value = openstack_networking_router_v2.external-router.external_fixed_ip[0].ip_address
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Main load balancer. L4, backed by Octavia
|
||||
resource "openstack_lb_loadbalancer_v2" "main_lb" {
|
||||
vip_network_id = var.main_private_network.id
|
||||
vip_network_id = var.main_private_network_id
|
||||
name = var.octavia_information.main_lb_name
|
||||
description = var.octavia_information.main_lb_description
|
||||
flavor_id = var.octavia_information.octavia_flavor_id
|
||||
|
|
@ -27,7 +27,7 @@ locals {
|
|||
}
|
||||
|
||||
resource "openstack_dns_recordset_v2" "main_lb_dns_recordset" {
|
||||
zone_id = var.dns_zone.id
|
||||
zone_id = var.dns_zone_id
|
||||
name = local.recordset_name
|
||||
description = "Public IP address of the main load balancer"
|
||||
ttl = 8600
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ locals {
|
|||
}
|
||||
|
||||
resource "openstack_dns_recordset_v2" "ssh_jump_proxy_recordset" {
|
||||
zone_id = var.dns_zone.id
|
||||
zone_id = var.dns_zone_id
|
||||
name = local.ssh_recordset_name
|
||||
description = "Public IP address of the SSH Proxy Jump server"
|
||||
ttl = 8600
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ locals {
|
|||
}
|
||||
|
||||
resource "openstack_dns_recordset_v2" "prometheus_server_recordset" {
|
||||
zone_id = var.dns_zone.id
|
||||
zone_id = var.dns_zone_id
|
||||
name = local.prometheus_recordset_name
|
||||
description = "Public IP address of the Prometheus server"
|
||||
ttl = 8600
|
||||
|
|
|
|||
|
|
@ -35,5 +35,16 @@ variable "availability_zones_names" {
|
|||
availability_zone_no_gpu = "cnr-isti-nova-a"
|
||||
availability_zone_with_gpu = "cnr-isti-nova-gpu-a"
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
variable "ssh_sources" {
|
||||
type = map(string)
|
||||
default = {
|
||||
s2i2s_vpn_1_cidr = "146.48.28.10/32"
|
||||
s2i2s_vpn_2_cidr = "146.48.28.11/32"
|
||||
d4s_vpn_1_cidr = "146.48.122.27/32"
|
||||
d4s_vpn_2_cidr = "146.48.122.49/32"
|
||||
shell_d4s_cidr = "146.48.122.95/32"
|
||||
infrascience_net_cidr = "146.48.122.0/23"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -87,6 +87,9 @@ variable "shared_postgresql_server_data" {
|
|||
vol_data_name = "shared-postgresql-data"
|
||||
vol_data_size = "100"
|
||||
vol_data_device = "/dev/vdb"
|
||||
# vol_backup_name = ""
|
||||
# vol_backup_size = ""
|
||||
# vol_backup_device = ""
|
||||
network_name = "postgresql-srv-net"
|
||||
network_description = "Network used to communicate with the shared postgresql service"
|
||||
network_cidr = "192.168.0.0/22"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
provider "openstack" {
|
||||
cloud = "d4s-pre"
|
||||
}
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
provider "openstack" {
|
||||
cloud = "d4s-pre"
|
||||
}
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/terraform-provider-openstack/openstack" {
|
||||
version = "1.53.0"
|
||||
constraints = "~> 1.53.0"
|
||||
hashes = [
|
||||
"h1:ZSJPqrlaHQ3sj7wyJuPSG+NblFZbAA6Y0d3GjSJf3o8=",
|
||||
"zh:09da7ca98ffd3de7b9ce36c4c13446212a6e763ba1162be71b50f95d453cb68e",
|
||||
"zh:14041bcbb87312411d88612056ed185650bfd01284b8ea0761ce8105a331708e",
|
||||
"zh:35bf4c788fdbc17c8e40ebc7b33c7de4b45a2fa2efaa657b10f0e3bd37c9627f",
|
||||
"zh:46ede8ef4cfa12d654c538afc1e1ec34a1f3e8eb4e986ee23dceae398b7176a6",
|
||||
"zh:59675734990dab1e8d87997853ea75e8104bba730b3f5a7146ac735540c9d6bf",
|
||||
"zh:6de52428849806498670e827b54810be7510a2a79449602c1aede4235a0ec036",
|
||||
"zh:78b2a20601272afceffac8f8ca78a6b647b84196c0dd8dc710fae297f6be15a4",
|
||||
"zh:7c41ed3a4fac09677e676ecf9f9edd1e38eef449e656cb01a848d2c799c6de8f",
|
||||
"zh:852800228f4118a4aa6cfaa4468b851247cbed6f037fd204f08de69eb1edc149",
|
||||
"zh:86d618e7f9a07d978b8bc4b190be350a00de64ec535f9c8f5dfe133542a55483",
|
||||
"zh:963a9e72b66d8bcf43de9b14a674ae3ca3719ce2f829217f7a65b66fc3773397",
|
||||
"zh:a8e72ab67795071bda61f99a6de3d2d40122fb51971768fd75e1324abe874ced",
|
||||
"zh:ce1890cf3af17d569af3bc7673cec0a8f78e6f5d701767593f3d29c551f44848",
|
||||
"zh:e6f1b96eb684f527a47f71923f268c86a36d7894751b31ee9e726d7502a639cd",
|
||||
]
|
||||
}
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_variables/00-terraform-provider.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../variables/00-variables.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_variables/01-external-network-and-resolvers.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_variables/05-projects-and-users-vars.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_setups/15-security-groups.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_setups/16-ssh-keys.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_setups/20-octavia.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_setups/25-ssh-jump-proxy.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_setups/30-internal-ca.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_setups/35-prometheus.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_setups/40-postgresql.tf
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# Block device for the backup partition
|
||||
resource "openstack_blockstorage_volume_v3" "shared_postgresql_backup_vol" {
|
||||
name = var.shared_postgresql_server_data.vol_backup_name
|
||||
size = var.shared_postgresql_server_data.vol_backup_size
|
||||
}
|
||||
|
||||
resource "openstack_compute_volume_attach_v2" "shared_postgresql_backup_attach_vol" {
|
||||
instance_id = openstack_compute_instance_v2.shared_postgresql_server.id
|
||||
volume_id = openstack_blockstorage_volume_v3.shared_postgresql_backup_vol.id
|
||||
device = var.shared_postgresql_server_data.vol_backup_device
|
||||
}
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_setups/45-haproxy.tf
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
# Main services
|
||||
|
||||
* Load balancer as a service (openstack), L4.
|
||||
|
||||
> * Main Octavia load balancer
|
||||
> * Swarm Octavia load balancer
|
||||
|
||||
* Two VMs as HAPROXY L7 instances for the main services. The dataminers will be also served by this load balancer.
|
||||
* A shell server, with floating IP address, that will be used as a proxy to reach all the other VMs.
|
||||
* A internal CA service.
|
||||
* A Prometheus instance.
|
||||
* A PostgreSQL server instance, with a dedicated network
|
||||
* A Docker Swarm cluster with a NFS service on a dedicated network
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
provider "openstack" {
|
||||
cloud = "d4s-production"
|
||||
}
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/terraform-provider-openstack/openstack" {
|
||||
version = "1.53.0"
|
||||
constraints = "~> 1.53.0"
|
||||
hashes = [
|
||||
"h1:ZSJPqrlaHQ3sj7wyJuPSG+NblFZbAA6Y0d3GjSJf3o8=",
|
||||
"zh:09da7ca98ffd3de7b9ce36c4c13446212a6e763ba1162be71b50f95d453cb68e",
|
||||
"zh:14041bcbb87312411d88612056ed185650bfd01284b8ea0761ce8105a331708e",
|
||||
"zh:35bf4c788fdbc17c8e40ebc7b33c7de4b45a2fa2efaa657b10f0e3bd37c9627f",
|
||||
"zh:46ede8ef4cfa12d654c538afc1e1ec34a1f3e8eb4e986ee23dceae398b7176a6",
|
||||
"zh:59675734990dab1e8d87997853ea75e8104bba730b3f5a7146ac735540c9d6bf",
|
||||
"zh:6de52428849806498670e827b54810be7510a2a79449602c1aede4235a0ec036",
|
||||
"zh:78b2a20601272afceffac8f8ca78a6b647b84196c0dd8dc710fae297f6be15a4",
|
||||
"zh:7c41ed3a4fac09677e676ecf9f9edd1e38eef449e656cb01a848d2c799c6de8f",
|
||||
"zh:852800228f4118a4aa6cfaa4468b851247cbed6f037fd204f08de69eb1edc149",
|
||||
"zh:86d618e7f9a07d978b8bc4b190be350a00de64ec535f9c8f5dfe133542a55483",
|
||||
"zh:963a9e72b66d8bcf43de9b14a674ae3ca3719ce2f829217f7a65b66fc3773397",
|
||||
"zh:a8e72ab67795071bda61f99a6de3d2d40122fb51971768fd75e1324abe874ced",
|
||||
"zh:ce1890cf3af17d569af3bc7673cec0a8f78e6f5d701767593f3d29c551f44848",
|
||||
"zh:e6f1b96eb684f527a47f71923f268c86a36d7894751b31ee9e726d7502a639cd",
|
||||
]
|
||||
}
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_variables/00-terraform-provider.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../variables/00-variables.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_variables/01-external-network-and-resolvers.tf
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../common_setups/10-main-network.tf
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
provider "openstack" {
|
||||
# cloud = "d4s-production"
|
||||
cloud = "ISTI-Cloud"
|
||||
}
|
||||
|
|
@ -0,0 +1,97 @@
|
|||
# Configure the OpenStack Provider
|
||||
variable "os_project_data" {
|
||||
type = map(string)
|
||||
default = {
|
||||
id = "1b45adf388934758b56d0dfdb4bfacf3"
|
||||
}
|
||||
}
|
||||
|
||||
variable "dns_zone" {
|
||||
type = map(string)
|
||||
default = {
|
||||
zone_name = "cloud.d4science.org."
|
||||
email = "postmaster@isti.cnr.it"
|
||||
description = "DNS primary zone for the d4s-production-cloud project"
|
||||
ttl = 8600
|
||||
}
|
||||
}
|
||||
|
||||
variable "dns_zone_id" {
|
||||
# Set with the correct value after the setup is complete
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "main_private_network" {
|
||||
type = map(string)
|
||||
default = {
|
||||
name = "d4s-production-cloud-main"
|
||||
description = "D4Science Production private network (use this as the main network)"
|
||||
}
|
||||
}
|
||||
|
||||
variable "main_private_network_id" {
|
||||
# Set with the correct value after the setup is complete
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "main_private_subnet" {
|
||||
type = map(string)
|
||||
default = {
|
||||
name = "d4s-production-cloud-main-subnet"
|
||||
description = "D4Science Production main private subnet"
|
||||
cidr = "10.1.40.0/21"
|
||||
gateway_ip = "10.1.40.1"
|
||||
allocation_start = "10.1.41.100"
|
||||
allocation_end = "10.1.47.254"
|
||||
}
|
||||
}
|
||||
|
||||
variable "external_router" {
|
||||
type = map(string)
|
||||
default = {
|
||||
name = "d4s-production-cloud-external-router"
|
||||
description = "D4Science Production main router"
|
||||
id = "cc26064a-bb08-4c0b-929f-d0cb39f934a3"
|
||||
}
|
||||
}
|
||||
|
||||
variable "basic_services_ip" {
|
||||
type = map(string)
|
||||
default = {
|
||||
ca = "10.1.40.4"
|
||||
ca_cidr = "10.1.40.4/32"
|
||||
ssh_jump = "10.1.40.5"
|
||||
ssh_jump_cidr = "10.1.40.5/32"
|
||||
prometheus = "10.1.40.10"
|
||||
prometheus_cidr = "10.1.40.10/32"
|
||||
haproxy_l7_1 = "10.1.40.11"
|
||||
haproxy_l7_1_cidr = "10.1.40.11/32"
|
||||
haproxy_l7_2 = "10.1.40.12"
|
||||
haproxy_l7_2_cidr = "10.1.40.12/32"
|
||||
octavia_main = "10.1.40.20"
|
||||
octavia_main_cidr = "10.1.40.20/32"
|
||||
}
|
||||
}
|
||||
|
||||
variable "main_haproxy_l7_ip" {
|
||||
type = list(string)
|
||||
default = ["10.1.40.11", "10.1.40.12"]
|
||||
|
||||
}
|
||||
|
||||
variable "octavia_information" {
|
||||
type = map(string)
|
||||
default = {
|
||||
main_lb_name = "d4s-production-cloud-l4-load-balancer"
|
||||
main_lb_description = "Main L4 load balancer for the D4Science production"
|
||||
swarm_lb_name = "d4s-production-cloud-l4-swarm-load-balancer"
|
||||
octavia_flavor = "octavia_amphora-mvcpu-ha"
|
||||
octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7"
|
||||
main_lb_hostname = "main-lb"
|
||||
# The following aren't available when the module runs so we have to get them with the command
|
||||
# openstack --os-cloud d4s-pre port list -f value | grep octavia-lb-vrrp
|
||||
# This means that the execution will fail
|
||||
octavia_vrrp_ip_1 = "10.1.41.232"
|
||||
octavia_vrrp_ip_2 = "10.1.42.229"
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue