Start the conversions to modules.

openstack-tf/d4s-dev/project-setup/00-provider-configuration.tf

@@ -0,0 +1,16 @@
+# Define required providers
+terraform {
+required_version = ">= 0.14.0"
+  required_providers {
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = "~> 1.53.0"
+    }
+  }
+}
+
+provider "openstack" {
+         cloud = "d4s-dev"
+#        cloud = "ISTI-Cloud"
+}
+

openstack-tf/d4s-dev/project-setup/00-terraform-provider.tf

@@ -1 +0,0 @@
-../../common_variables/00-terraform-provider.tf

openstack-tf/d4s-dev/project-setup/00-variables.tf

@@ -1 +0,0 @@
-../variables/00-variables.tf

openstack-tf/d4s-dev/project-setup/01-external-network-and-resolvers.tf

@@ -1 +0,0 @@
-../../common_variables/01-external-network-and-resolvers.tf

openstack-tf/d4s-dev/project-setup/10-main-network.tf

@@ -1 +0,0 @@
-../../common_setups/10-main-network.tf

openstack-tf/d4s-dev/project-setup/network-setup.tf

@@ -0,0 +1,4 @@
+module "main-network" {
+  source = "../../modules/main_private_net_and_dns_zone"
+}
+

openstack-tf/d4s-dev/project-setup/setup-provider.tf

@@ -1,5 +0,0 @@
-provider "openstack" {
-#         cloud = "d4s-dev"
-        cloud = "ISTI-Cloud"
-}
-

openstack-tf/d4s-dev/project-setup/terraform.tfstate

@@ -1,8 +1,8 @@
 {
   "version": 4,
   "terraform_version": "1.6.3",
-  "serial": 12,
-  "lineage": "8e064d5b-7e27-7da1-5aa2-330932157309",
+  "serial": 6,
+  "lineage": "194691ec-f344-4bd2-98ae-cbd15e9c9cdf",
   "outputs": {
     "dns_zone_id": {
       "value": "cbae638a-9d99-44aa-946c-0f5ffb7fc488",
@@ -32,7 +32,7 @@
           "schema_version": 0,
           "attributes": {
             "description": "ACME challenge delegation",
-            "disable_status_check": false,
+            "disable_status_check": null,
             "id": "cbae638a-9d99-44aa-946c-0f5ffb7fc488/5e69d2f7-1926-4a74-b0c4-ad675975c144",
             "name": "_acme-challenge.cloud-dev.d4science.org.",
             "project_id": "e8f8ca72f30648a8b389b4e745ac83a9",
@@ -47,10 +47,7 @@
             "zone_id": "cbae638a-9d99-44aa-946c-0f5ffb7fc488"
           },
           "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19",
-          "dependencies": [
-            "openstack_dns_zone_v2.primary_project_dns_zone"
-          ]
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMCJ9"
         }
       ]
     },
@@ -65,7 +62,7 @@
           "attributes": {
             "attributes": {},
             "description": "DNS primary zone for the d4s-dev-cloud project",
-            "disable_status_check": false,
+            "disable_status_check": null,
             "email": "postmaster@isti.cnr.it",
             "id": "cbae638a-9d99-44aa-946c-0f5ffb7fc488",
             "masters": [],
@@ -78,7 +75,7 @@
             "value_specs": null
           },
           "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19"
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMCJ9"
         }
       ]
     },
@@ -118,7 +115,7 @@
             "value_specs": null
           },
           "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0="
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIwIn0="
         }
       ]
     },
@@ -140,12 +137,7 @@
             "timeouts": null
           },
           "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIwIn0=",
-          "dependencies": [
-            "openstack_networking_network_v2.main-private-network",
-            "openstack_networking_router_v2.external-router",
-            "openstack_networking_subnet_v2.main-private-subnet"
-          ]
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIwIn0="
         }
       ]
     },
@@ -180,14 +172,10 @@
             "tenant_id": "e8f8ca72f30648a8b389b4e745ac83a9",
             "timeouts": null,
             "value_specs": null,
-            "vendor_options": [
-              {
-                "set_router_gateway_after_create": true
-              }
-            ]
+            "vendor_options": []
           },
           "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0="
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIwIn0="
         }
       ]
     },
@@ -240,10 +228,7 @@
             "value_specs": null
           },
           "sensitive_attributes": [],
-          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=",
-          "dependencies": [
-            "openstack_networking_network_v2.main-private-network"
-          ]
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIwIn0="
         }
       ]
     }

openstack-tf/d4s-dev/variables/00-variables.tf

@@ -79,7 +79,7 @@ variable "basic_services_ip" {
 
 variable "main_haproxy_l7_ip" {
   type = list(string)
-  default = ["10.1.40.11", "10.1.40.12"]
+  default = ["10.1.28.50", "10.1.30.241"]
   
 }
 

openstack-tf/d4s-production/project-setup/10-main-network.tf

@@ -1 +0,0 @@
-../../common_setups/10-main-network.tf

openstack-tf/d4s-production/project-setup/10-main-network.tf

@@ -0,0 +1,89 @@
+resource "openstack_dns_zone_v2" "primary_project_dns_zone" {
+  name = var.dns_zone.zone_name
+  email       = var.dns_zone.email
+  description = var.dns_zone.description
+  project_id = var.os_project_data.id
+  ttl         = var.dns_zone.ttl
+  type        = "PRIMARY"
+}
+
+resource "openstack_networking_network_v2" "main-private-network" {
+  name           = var.main_private_network.name
+  admin_state_up = "true"
+  external       = "false"
+  description = var.main_private_network.description
+  dns_domain = var.dns_zone.zone_name
+  mtu            = var.mtu_size
+  port_security_enabled = true
+  shared = false
+  region = var.main_region
+  tenant_id = var.os_project_data.id
+}
+
+resource "openstack_networking_subnet_v2" "main-private-subnet" {
+  name            = var.main_private_subnet.name
+  description = var.main_private_subnet.description
+  network_id      = openstack_networking_network_v2.main-private-network.id
+  cidr            = var.main_private_subnet.cidr
+  gateway_ip      = var.main_private_subnet.gateway_ip
+  dns_nameservers = var.resolvers_ip
+  ip_version = 4
+  enable_dhcp = true
+  tenant_id = var.os_project_data.id
+  allocation_pool {
+    start = var.main_private_subnet.allocation_start
+    end   = var.main_private_subnet.allocation_end
+  }
+}
+
+resource "openstack_networking_router_v2" "external-router" {
+  name                = var.external_router.name
+  description = var.external_router.description
+  external_network_id = var.external_network.id
+  tenant_id = var.os_project_data.id
+  enable_snat = true
+  vendor_options {
+    set_router_gateway_after_create = true
+  }
+}
+
+# Router interface configuration
+resource "openstack_networking_router_interface_v2" "private-network-routing" {
+  router_id = openstack_networking_router_v2.external-router.id
+  # router_id = var.external_router.id
+  subnet_id = openstack_networking_subnet_v2.main-private-subnet.id
+}
+
+locals {
+  acme_challenge_recordset_name = "_acme-challenge.${var.dns_zone.zone_name}"
+  acme_challenge_delegation = "_acme-challenge.d4science.net."
+}
+
+resource "openstack_dns_recordset_v2" "acme_challenge_recordset" {
+  zone_id     = openstack_dns_zone_v2.primary_project_dns_zone.id
+  name        = local.acme_challenge_recordset_name
+  description = "ACME challenge delegation"
+  ttl         = 8600
+  type        = "CNAME"
+  records     = ["_acme-challenge.d4science.net."]
+}
+
+output "main_private_network_id" {
+  description = "Main private network id"
+  value       = openstack_networking_network_v2.main-private-network.id
+}
+
+output "main_subnet_network_id" {
+  description = "Main subnet network id"
+  value       = openstack_networking_subnet_v2.main-private-subnet.id
+}
+
+output "dns_zone_id" {
+  description = "Id of the new DNS zone"
+  value = openstack_dns_zone_v2.primary_project_dns_zone.id
+}
+
+output "external_gateway_ip" {
+  description = "Public IP address of the external gateway"
+  value = openstack_networking_router_v2.external-router.external_fixed_ip[0].ip_address
+}

openstack-tf/d4s-production/ssh-keys-management/ssh-keys.tf

@@ -1 +1 @@
-../../common_setups/ssh-keys.tf
+../../modules/ssh_keys/ssh-keys.tf

openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf

@@ -1,3 +1,13 @@
+# Define required providers
+terraform {
+required_version = ">= 0.14.0"
+  required_providers {
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = "~> 1.53.0"
+    }
+  }
+}
 resource "openstack_dns_zone_v2" "primary_project_dns_zone" {
   name = var.dns_zone.zone_name
   email       = var.dns_zone.email

openstack-tf/modules/main_private_net_and_dns_zone/variables-external-network-and-resolvers.tf

@@ -0,0 +1,50 @@
+# Global definitions
+variable "main_region" {
+  type = string
+  default = "isti_area_pi_1"
+}
+
+variable "external_network" {
+  type    = map(string)
+  default = {
+    name = "external-network"
+    id = "1d2ff137-6ff7-4017-be2b-0d6c4af2353b"
+    }
+}
+
+variable "floating_ip_pools" {
+  type = map(string)
+  default = {
+    main_public_ip_pool = "external-network"
+  }
+}
+
+variable "resolvers_ip" {
+  type    = list(string)
+  default = ["146.48.29.97", "146.48.29.98", "146.48.29.99"]
+}
+
+variable "mtu_size" {
+  type = number
+  default = 8942
+}
+
+variable "availability_zones_names" {
+  type = map(string)
+  default = {
+    availability_zone_no_gpu = "cnr-isti-nova-a"
+    availability_zone_with_gpu = "cnr-isti-nova-gpu-a"
+  }
+}
+
+variable "ssh_sources" {
+  type = map(string)
+  default = {
+    s2i2s_vpn_1_cidr = "146.48.28.10/32"
+    s2i2s_vpn_2_cidr = "146.48.28.11/32"
+    d4s_vpn_1_cidr = "146.48.122.27/32"
+    d4s_vpn_2_cidr = "146.48.122.49/32"
+    shell_d4s_cidr = "146.48.122.95/32"
+    infrascience_net_cidr = "146.48.122.0/23"
+  }
+}

openstack-tf/modules/main_private_net_and_dns_zone/variables.tf

@@ -0,0 +1,95 @@
+variable "os_project_data" {
+  type = map(string)
+  default = {
+    id = "e8f8ca72f30648a8b389b4e745ac83a9"
+  }
+}
+
+variable "dns_zone" {
+  type    = map(string)
+  default = {
+    zone_name = "cloud-dev.d4science.org."
+    email = "postmaster@isti.cnr.it"
+    description = "DNS primary zone for the d4s-dev-cloud project"
+    ttl = 8600
+    }
+}
+
+variable "dns_zone_id" {
+  # Set with the correct value after the setup is complete
+  default = ""
+}
+
+variable "main_private_network" {
+  type = map(string)
+  default = {
+    name = "d4s-dev-cloud-main"
+    description = "D4Science DEV private network (use this as the main network)"
+    }
+}
+
+variable "main_private_network_id" {
+  # Set with the correct value after the setup is complete
+  default = ""
+}
+
+variable "main_private_subnet" {
+  type = map(string)
+  default = {
+    name = "d4s-dev-cloud-sub"
+    description = "D4Science DEV main private subnet"
+    cidr = "10.1.28.0/22"
+    gateway_ip = "10.1.28.1"
+    allocation_start = "10.1.28.30"
+    allocation_end = "10.1.31.254"
+    }
+}
+
+variable "main_private_subnet_id" {
+  # Set with the correct value after the setup is complete
+  default = ""
+}
+
+variable "external_router" {
+  type = map(string)
+  default = {
+    name = "d4s-dev-cloud-external-router"
+    description = "D4Science DEV main router"
+    id = "2ae28c5f-036b-45db-bc9f-5bab8fa3e914"
+    }
+}
+
+variable "basic_services_ip" {
+  type = map(string)
+  default = {
+    ca = "10.1.29.247"
+    ca_cidr = "10.1.29.247/32"
+    ssh_jump = "10.1.29.164"
+    ssh_jump_cidr = "10.1.29.164/32"
+    prometheus = "10.1.30.129"
+    prometheus_cidr = "10.1.30.129/32"
+    haproxy_l7_1 = "10.1.28.50"
+    haproxy_l7_1_cidr = "10.1.28.50/32"
+    haproxy_l7_2 = "10.1.30.241"
+    haproxy_l7_2_cidr = "10.1.30.241/32"
+    octavia_main = "10.1.28.227"
+    octavia_main_cidr = "10.1.28.227/32"
+  }
+}
+
+variable "main_haproxy_l7_ip" {
+  type = list(string)
+  default = ["10.1.28.50", "10.1.30.241"]
+  
+}
+
+variable "octavia_information" {
+  type = map(string)
+  default = {
+    main_lb_name = "lb-dev-l4"
+    main_lb_description = "Main L4 load balancer for the D4Science DEV"
+    octavia_flavor = "octavia_amphora-mvcpu-ha"
+    octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7"
+    main_lb_hostname = "main-lb"
+  }
+}