From dc6f15bedf66ca0ecb0a78a908673f507e60f2f4 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 30 Nov 2023 19:48:49 +0100 Subject: [PATCH] Cleanup: prepare for modules. --- openstack-tf/common_setups/35-prometheus.tf | 22 +- .../basic-infrastructure}/.terraform.lock.hcl | 0 .../15-security-groups.tf | 1 - .../basic-infrastructure/20-octavia.tf | 1 - .../basic-infrastructure/25-ssh-jump-proxy.tf | 1 - .../basic-infrastructure/30-internal-ca.tf | 1 - .../basic-infrastructure/35-prometheus.tf | 1 - .../basic-infrastructure/40-postgresql.tf | 1 - .../basic-infrastructure/45-haproxy.tf | 1 - .../d4s-dev/basic-infrastructure/DO-NOT-USE | 0 .../basic-infrastructure/docker-swarm.tf | 1 - .../d4s-dev/basic-infrastructure/main.tf | 11 +- .../basic-infrastructure/swarm-variables.tf | 1 - .../basic-infrastructure/variables-dev.tf | 1 - .../d4s-dev/basic-infrastructure/variables.tf | 1 - openstack-tf/d4s-dev/project-setup/DO-NOT-USE | 0 openstack-tf/d4s-dev/project-setup/main.tf | 1 + .../README.md | 11 - .../basic-infrastructure-modularized/main.tf | 22 - .../provider.tf | 3 - .../terraform.tfstate | 3053 ----------------- .../15-security-groups.tf | 1 - .../basic-infrastructure/20-octavia.tf | 1 - .../basic-infrastructure/25-ssh-jump-proxy.tf | 1 - .../basic-infrastructure/30-internal-ca.tf | 1 - .../basic-infrastructure/35-prometheus.tf | 1 - .../basic-infrastructure/40-postgresql.tf | 1 - .../41-postgresql-backup-vol.tf | 4 +- .../basic-infrastructure/45-haproxy.tf | 1 - .../basic-infrastructure/haproxy.tf | 1 + .../basic-infrastructure/internal-ca.tf | 1 + .../basic-infrastructure/octavia.tf | 1 + .../basic-infrastructure/postgresql.tf | 1 + ...roduction-basic-infrastructure.auto.tfvars | 94 +- .../production-swarm.auto.tfvars | 26 +- .../basic-infrastructure/prometheus.tf | 1 + .../basic-infrastructure/provider.tf | 4 +- .../basic-infrastructure/security-groups.tf | 1 + .../basic-infrastructure/ssh-jump-proxy.tf | 1 + .../variables/variables-production.tf | 64 +- .../modules/common_variables/variables.tf | 68 +- .../modules/d4science_infra_setup/haproxy.tf | 154 +- .../d4science_infra_setup/internal-ca.tf | 18 +- .../modules/d4science_infra_setup/octavia.tf | 240 +- .../modules/d4science_infra_setup/outputs.tf | 1 + .../d4science_infra_setup/postgresql.tf | 82 +- .../d4science_infra_setup/prometheus.tf | 38 +- .../d4science_infra_setup/security-groups.tf | 508 +-- .../d4science_infra_setup/ssh-jump-proxy.tf | 28 +- .../terraform-provider.tf | 12 +- .../d4science_infra_setup/variables.tf | 1 + .../modules/docker_swarm/docker-swarm.tf | 488 +-- .../modules/docker_swarm/swarm-variables.tf | 72 +- 53 files changed, 976 insertions(+), 4074 deletions(-) rename openstack-tf/{d4s-preprod/basic-infrastructure-modularized => d4s-dev/basic-infrastructure}/.terraform.lock.hcl (100%) delete mode 120000 openstack-tf/d4s-dev/basic-infrastructure/15-security-groups.tf delete mode 120000 openstack-tf/d4s-dev/basic-infrastructure/20-octavia.tf delete mode 120000 openstack-tf/d4s-dev/basic-infrastructure/25-ssh-jump-proxy.tf delete mode 120000 openstack-tf/d4s-dev/basic-infrastructure/30-internal-ca.tf delete mode 120000 openstack-tf/d4s-dev/basic-infrastructure/35-prometheus.tf delete mode 120000 openstack-tf/d4s-dev/basic-infrastructure/40-postgresql.tf delete mode 120000 openstack-tf/d4s-dev/basic-infrastructure/45-haproxy.tf create mode 100644 openstack-tf/d4s-dev/basic-infrastructure/DO-NOT-USE delete mode 120000 openstack-tf/d4s-dev/basic-infrastructure/docker-swarm.tf delete mode 120000 openstack-tf/d4s-dev/basic-infrastructure/swarm-variables.tf delete mode 120000 openstack-tf/d4s-dev/basic-infrastructure/variables-dev.tf delete mode 120000 openstack-tf/d4s-dev/basic-infrastructure/variables.tf create mode 100644 openstack-tf/d4s-dev/project-setup/DO-NOT-USE delete mode 100644 openstack-tf/d4s-preprod/basic-infrastructure-modularized/README.md delete mode 100644 openstack-tf/d4s-preprod/basic-infrastructure-modularized/main.tf delete mode 100644 openstack-tf/d4s-preprod/basic-infrastructure-modularized/provider.tf delete mode 100644 openstack-tf/d4s-preprod/basic-infrastructure-modularized/terraform.tfstate delete mode 120000 openstack-tf/d4s-production/basic-infrastructure/15-security-groups.tf delete mode 120000 openstack-tf/d4s-production/basic-infrastructure/20-octavia.tf delete mode 120000 openstack-tf/d4s-production/basic-infrastructure/25-ssh-jump-proxy.tf delete mode 120000 openstack-tf/d4s-production/basic-infrastructure/30-internal-ca.tf delete mode 120000 openstack-tf/d4s-production/basic-infrastructure/35-prometheus.tf delete mode 120000 openstack-tf/d4s-production/basic-infrastructure/40-postgresql.tf delete mode 120000 openstack-tf/d4s-production/basic-infrastructure/45-haproxy.tf create mode 120000 openstack-tf/d4s-production/basic-infrastructure/haproxy.tf create mode 120000 openstack-tf/d4s-production/basic-infrastructure/internal-ca.tf create mode 120000 openstack-tf/d4s-production/basic-infrastructure/octavia.tf create mode 120000 openstack-tf/d4s-production/basic-infrastructure/postgresql.tf create mode 120000 openstack-tf/d4s-production/basic-infrastructure/prometheus.tf create mode 120000 openstack-tf/d4s-production/basic-infrastructure/security-groups.tf create mode 120000 openstack-tf/d4s-production/basic-infrastructure/ssh-jump-proxy.tf create mode 120000 openstack-tf/modules/d4science_infra_setup/outputs.tf create mode 120000 openstack-tf/modules/d4science_infra_setup/variables.tf diff --git a/openstack-tf/common_setups/35-prometheus.tf b/openstack-tf/common_setups/35-prometheus.tf index 62c7d08..b745e81 100644 --- a/openstack-tf/common_setups/35-prometheus.tf +++ b/openstack-tf/common_setups/35-prometheus.tf @@ -5,11 +5,11 @@ resource "openstack_blockstorage_volume_v3" "prometheus_data_vol" { } resource "openstack_compute_instance_v2" "prometheus_server" { - name = var.prometheus_server_data.name + name = var.prometheus_server_data.name availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu - flavor_name = var.prometheus_server_data.flavor - key_pair = module.ssh_settings.ssh_key_name - security_groups = [var.default_security_group_name,openstack_networking_secgroup_v2.restricted_web.name,openstack_networking_secgroup_v2.prometheus_access_from_grafana.name] + flavor_name = var.prometheus_server_data.flavor + key_pair = module.ssh_settings.ssh_key_name + security_groups = [var.default_security_group_name, openstack_networking_secgroup_v2.restricted_web.name, openstack_networking_secgroup_v2.prometheus_access_from_grafana.name] block_device { uuid = var.ubuntu_2204.uuid source_type = "image" @@ -20,23 +20,23 @@ resource "openstack_compute_instance_v2" "prometheus_server" { } network { - name = var.main_private_network.name + name = var.main_private_network.name fixed_ip_v4 = var.basic_services_ip.prometheus } - user_data = "${file("${var.ubuntu2204_data_file}")}" + user_data = file("${var.ubuntu2204_data_file}") } resource "openstack_compute_volume_attach_v2" "prometheus_data_attach_vol" { instance_id = openstack_compute_instance_v2.prometheus_server.id volume_id = openstack_blockstorage_volume_v3.prometheus_data_vol.id - device = var.prometheus_server_data.vol_data_device + device = var.prometheus_server_data.vol_data_device } # Floating IP and DNS record resource "openstack_networking_floatingip_v2" "prometheus_server_ip" { - pool = var.floating_ip_pools.main_public_ip_pool - # The DNS association does not work because of a bug in the OpenStack API - description = "Prometheus server" + pool = var.floating_ip_pools.main_public_ip_pool + # The DNS association does not work because of a bug in the OpenStack API + description = "Prometheus server" } resource "openstack_compute_floatingip_associate_v2" "prometheus_server" { @@ -45,7 +45,7 @@ resource "openstack_compute_floatingip_associate_v2" "prometheus_server" { } locals { - prometheus_recordset_name = "${var.prometheus_server_data.name}.${var.dns_zone.zone_name}" + prometheus_recordset_name = "${var.prometheus_server_data.name}.${var.dns_zone.zone_name}" alertmanager_recordset_name = "alertmanager.${var.dns_zone.zone_name}" } diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-modularized/.terraform.lock.hcl b/openstack-tf/d4s-dev/basic-infrastructure/.terraform.lock.hcl similarity index 100% rename from openstack-tf/d4s-preprod/basic-infrastructure-modularized/.terraform.lock.hcl rename to openstack-tf/d4s-dev/basic-infrastructure/.terraform.lock.hcl diff --git a/openstack-tf/d4s-dev/basic-infrastructure/15-security-groups.tf b/openstack-tf/d4s-dev/basic-infrastructure/15-security-groups.tf deleted file mode 120000 index aad5041..0000000 --- a/openstack-tf/d4s-dev/basic-infrastructure/15-security-groups.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/15-security-groups.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/basic-infrastructure/20-octavia.tf b/openstack-tf/d4s-dev/basic-infrastructure/20-octavia.tf deleted file mode 120000 index a104722..0000000 --- a/openstack-tf/d4s-dev/basic-infrastructure/20-octavia.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/20-octavia.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/basic-infrastructure/25-ssh-jump-proxy.tf b/openstack-tf/d4s-dev/basic-infrastructure/25-ssh-jump-proxy.tf deleted file mode 120000 index 46b1d6c..0000000 --- a/openstack-tf/d4s-dev/basic-infrastructure/25-ssh-jump-proxy.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/25-ssh-jump-proxy.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/basic-infrastructure/30-internal-ca.tf b/openstack-tf/d4s-dev/basic-infrastructure/30-internal-ca.tf deleted file mode 120000 index ac62be5..0000000 --- a/openstack-tf/d4s-dev/basic-infrastructure/30-internal-ca.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/30-internal-ca.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/basic-infrastructure/35-prometheus.tf b/openstack-tf/d4s-dev/basic-infrastructure/35-prometheus.tf deleted file mode 120000 index 31f4592..0000000 --- a/openstack-tf/d4s-dev/basic-infrastructure/35-prometheus.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/35-prometheus.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/basic-infrastructure/40-postgresql.tf b/openstack-tf/d4s-dev/basic-infrastructure/40-postgresql.tf deleted file mode 120000 index 968cc5a..0000000 --- a/openstack-tf/d4s-dev/basic-infrastructure/40-postgresql.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/40-postgresql.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/basic-infrastructure/45-haproxy.tf b/openstack-tf/d4s-dev/basic-infrastructure/45-haproxy.tf deleted file mode 120000 index e3b6c11..0000000 --- a/openstack-tf/d4s-dev/basic-infrastructure/45-haproxy.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/45-haproxy.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/basic-infrastructure/DO-NOT-USE b/openstack-tf/d4s-dev/basic-infrastructure/DO-NOT-USE new file mode 100644 index 0000000..e69de29 diff --git a/openstack-tf/d4s-dev/basic-infrastructure/docker-swarm.tf b/openstack-tf/d4s-dev/basic-infrastructure/docker-swarm.tf deleted file mode 120000 index afb0c71..0000000 --- a/openstack-tf/d4s-dev/basic-infrastructure/docker-swarm.tf +++ /dev/null @@ -1 +0,0 @@ -../../modules/docker_swarm/docker-swarm.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/basic-infrastructure/main.tf b/openstack-tf/d4s-dev/basic-infrastructure/main.tf index 840de8b..cc26f60 100644 --- a/openstack-tf/d4s-dev/basic-infrastructure/main.tf +++ b/openstack-tf/d4s-dev/basic-infrastructure/main.tf @@ -1,3 +1,5 @@ +echo "Do not use" + # Define required providers terraform { required_version = ">= 0.14.0" @@ -17,10 +19,7 @@ data "terraform_remote_state" "privnet_dns_router" { } } -# module "variables" { -# source = "../variables" -# } +module "d4science_infra_setup" { + source = "../../modules/d4science_infra_setup" +} -# module "basic_setup" { -# source = "../../modules/basic_setup" -# } diff --git a/openstack-tf/d4s-dev/basic-infrastructure/swarm-variables.tf b/openstack-tf/d4s-dev/basic-infrastructure/swarm-variables.tf deleted file mode 120000 index 77642fe..0000000 --- a/openstack-tf/d4s-dev/basic-infrastructure/swarm-variables.tf +++ /dev/null @@ -1 +0,0 @@ -../../modules/docker_swarm/swarm-variables.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/basic-infrastructure/variables-dev.tf b/openstack-tf/d4s-dev/basic-infrastructure/variables-dev.tf deleted file mode 120000 index fde4869..0000000 --- a/openstack-tf/d4s-dev/basic-infrastructure/variables-dev.tf +++ /dev/null @@ -1 +0,0 @@ -../variables/variables-dev.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/basic-infrastructure/variables.tf b/openstack-tf/d4s-dev/basic-infrastructure/variables.tf deleted file mode 120000 index be9f787..0000000 --- a/openstack-tf/d4s-dev/basic-infrastructure/variables.tf +++ /dev/null @@ -1 +0,0 @@ -../../modules/common_variables/variables.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/project-setup/DO-NOT-USE b/openstack-tf/d4s-dev/project-setup/DO-NOT-USE new file mode 100644 index 0000000..e69de29 diff --git a/openstack-tf/d4s-dev/project-setup/main.tf b/openstack-tf/d4s-dev/project-setup/main.tf index 301b3c9..9bcb2ab 100644 --- a/openstack-tf/d4s-dev/project-setup/main.tf +++ b/openstack-tf/d4s-dev/project-setup/main.tf @@ -1,3 +1,4 @@ +echo "Do not use." # Define required providers terraform { required_version = ">= 0.14.0" diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-modularized/README.md b/openstack-tf/d4s-preprod/basic-infrastructure-modularized/README.md deleted file mode 100644 index 01a121d..0000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure-modularized/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# Main services - -* Load balancer as a service (openstack), L4. - -> * Main HAPROXY load balancer - -* Two VMs as HAPROXY L7 instances for the main services. The dataminers will be also served by this load balancer. -* A shell server, with floating IP address, that will be used as a proxy to reach all the other VMs. -* A internal CA service. -* A Prometheus instance. -* A PostgreSQL server instance, with a dedicated network diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-modularized/main.tf b/openstack-tf/d4s-preprod/basic-infrastructure-modularized/main.tf deleted file mode 100644 index 73d478b..0000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure-modularized/main.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Define required providers -terraform { -required_version = ">= 0.14.0" - required_providers { - openstack = { - source = "terraform-provider-openstack/openstack" - version = "~> 1.53.0" - } - } -} - -data "terraform_remote_state" "privnet_dns_router" { - backend = "local" - - config = { - path = "../project-setup/terraform.tfstate" - } -} - -module "d4science_infra_setup" { - source = "../../modules/d4science_infra_setup" -} diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-modularized/provider.tf b/openstack-tf/d4s-preprod/basic-infrastructure-modularized/provider.tf deleted file mode 100644 index b23015c..0000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure-modularized/provider.tf +++ /dev/null @@ -1,3 +0,0 @@ -provider "openstack" { - cloud = "d4s-pre" -} diff --git a/openstack-tf/d4s-preprod/basic-infrastructure-modularized/terraform.tfstate b/openstack-tf/d4s-preprod/basic-infrastructure-modularized/terraform.tfstate deleted file mode 100644 index 9c84201..0000000 --- a/openstack-tf/d4s-preprod/basic-infrastructure-modularized/terraform.tfstate +++ /dev/null @@ -1,3053 +0,0 @@ -{ - "version": 4, - "terraform_version": "1.6.4", - "serial": 213, - "lineage": "6a53b692-c1a8-ed53-bc6c-b7fb5e017eb8", - "outputs": { - "almalinux9_img": { - "value": { - "name": "AlmaLinux-9.0-20220718", - "uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688" - }, - "type": [ - "map", - "string" - ] - }, - "availability_zone_no_gpu_name": { - "value": "cnr-isti-nova-a", - "type": "string" - }, - "availability_zone_with_gpu_name": { - "value": "cnr-isti-nova-gpu-a", - "type": "string" - }, - "centos7_img": { - "value": { - "name": "CentOS-7", - "uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" - }, - "type": [ - "map", - "string" - ] - }, - "el7_datafile": { - "value": "../../openstack_vm_data_scripts/el7.sh", - "type": "string" - }, - "external_network_id": { - "value": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", - "type": "string" - }, - "external_network_name": { - "value": "external-network", - "type": "string" - }, - "main_loadbalancer_ip": { - "value": "10.1.32.20", - "type": "string" - }, - "main_region_name": { - "value": "isti_area_pi_1", - "type": "string" - }, - "mtu_size_value": { - "value": 8942, - "type": "number" - }, - "resolvers_ip": { - "value": [ - "146.48.29.97", - "146.48.29.98", - "146.48.29.99" - ], - "type": [ - "list", - "string" - ] - }, - "ssh_sources_list": { - "value": { - "d4s_vpn_1_cidr": "146.48.122.27/32", - "d4s_vpn_2_cidr": "146.48.122.49/32", - "infrascience_net_cidr": "146.48.122.0/23", - "s2i2s_vpn_1_cidr": "146.48.28.10/32", - "s2i2s_vpn_2_cidr": "146.48.28.11/32", - "shell_d4s_cidr": "146.48.122.95/32" - }, - "type": [ - "map", - "string" - ] - }, - "ubuntu1804_datafile": { - "value": "../../openstack_vm_data_scripts/ubuntu1804.sh", - "type": "string" - }, - "ubuntu1804_img": { - "value": { - "name": "Ubuntu-Bionic-18.04", - "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" - }, - "type": [ - "map", - "string" - ] - }, - "ubuntu2204_datafile": { - "value": "../../openstack_vm_data_scripts/ubuntu2204.sh", - "type": "string" - }, - "ubuntu2204_img": { - "value": { - "name": "Ubuntu-Jammy-22.04", - "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" - }, - "type": [ - "map", - "string" - ] - } - }, - "resources": [ - { - "mode": "data", - "type": "terraform_remote_state", - "name": "privnet_dns_router", - "provider": "provider[\"terraform.io/builtin/terraform\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "backend": "local", - "config": { - "value": { - "path": "../project-setup/terraform.tfstate" - }, - "type": [ - "object", - { - "path": "string" - } - ] - }, - "defaults": null, - "outputs": { - "value": { - "almalinux9_img": { - "name": "AlmaLinux-9.0-20220718", - "uuid": "541650fc-dd19-4f38-bb1d-7333ed9dd688" - }, - "availability_zone_no_gpu_name": "cnr-isti-nova-a", - "availability_zone_with_gpu_name": "cnr-isti-nova-gpu-a", - "centos7_img": { - "name": "CentOS-7", - "uuid": "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" - }, - "dns_zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c", - "el7_datafile": "../../openstack_vm_data_scripts/el7.sh", - "external_gateway_ip": "146.48.30.241", - "external_network_id": "1d2ff137-6ff7-4017-be2b-0d6c4af2353b", - "external_network_name": "external-network", - "main_private_network_id": "23fd8a99-d551-4ada-8d3a-9859542ebb8c", - "main_region_name": "isti_area_pi_1", - "main_subnet_network_id": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04", - "mtu_size_value": 8942, - "resolvers_ip": [ - "146.48.29.97", - "146.48.29.98", - "146.48.29.99" - ], - "ssh_sources_list": { - "d4s_vpn_1_cidr": "146.48.122.27/32", - "d4s_vpn_2_cidr": "146.48.122.49/32", - "infrascience_net_cidr": "146.48.122.0/23", - "s2i2s_vpn_1_cidr": "146.48.28.10/32", - "s2i2s_vpn_2_cidr": "146.48.28.11/32", - "shell_d4s_cidr": "146.48.122.95/32" - }, - "ubuntu1804_datafile": "../../openstack_vm_data_scripts/ubuntu1804.sh", - "ubuntu1804_img": { - "name": "Ubuntu-Bionic-18.04", - "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" - }, - "ubuntu2204_datafile": "../../openstack_vm_data_scripts/ubuntu2204.sh", - "ubuntu2204_img": { - "name": "Ubuntu-Jammy-22.04", - "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627" - } - }, - "type": [ - "object", - { - "almalinux9_img": [ - "map", - "string" - ], - "availability_zone_no_gpu_name": "string", - "availability_zone_with_gpu_name": "string", - "centos7_img": [ - "map", - "string" - ], - "dns_zone_id": "string", - "el7_datafile": "string", - "external_gateway_ip": "string", - "external_network_id": "string", - "external_network_name": "string", - "main_private_network_id": "string", - "main_region_name": "string", - "main_subnet_network_id": "string", - "mtu_size_value": "number", - "resolvers_ip": [ - "list", - "string" - ], - "ssh_sources_list": [ - "map", - "string" - ], - "ubuntu1804_datafile": "string", - "ubuntu1804_img": [ - "map", - "string" - ], - "ubuntu2204_datafile": "string", - "ubuntu2204_img": [ - "map", - "string" - ] - } - ] - }, - "workspace": null - }, - "sensitive_attributes": [] - } - ] - }, - { - "mode": "managed", - "type": "openstack_blockstorage_volume_v3", - "name": "prometheus_data_vol", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "attachment": [ - { - "device": "/dev/vdb", - "id": "82e89633-3a48-4ede-9acf-41145f88f5a7", - "instance_id": "3759635e-239f-4026-a668-450b58a8eaac" - } - ], - "availability_zone": "nova", - "consistency_group_id": null, - "description": "", - "enable_online_resize": null, - "id": "82e89633-3a48-4ede-9acf-41145f88f5a7", - "image_id": null, - "metadata": {}, - "multiattach": null, - "name": "prometheus-data", - "region": "isti_area_pi_1", - "scheduler_hints": [], - "size": 100, - "snapshot_id": "", - "source_replica": null, - "source_vol_id": "", - "timeouts": null, - "volume_type": "cephUnencrypted" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "openstack_blockstorage_volume_v3", - "name": "shared_postgresql_data_vol", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "attachment": [ - { - "device": "/dev/vdb", - "id": "1b6dcdbc-c293-438f-a017-291f63bfce18", - "instance_id": "9ede65c7-70ca-4698-8551-754aa4f6fa1e" - } - ], - "availability_zone": "nova", - "consistency_group_id": null, - "description": "", - "enable_online_resize": null, - "id": "1b6dcdbc-c293-438f-a017-291f63bfce18", - "image_id": null, - "metadata": {}, - "multiattach": null, - "name": "shared-postgresql-data", - "region": "isti_area_pi_1", - "scheduler_hints": [], - "size": 100, - "snapshot_id": "", - "source_replica": null, - "source_vol_id": "", - "timeouts": null, - "volume_type": "cephUnencrypted" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "openstack_compute_floatingip_associate_v2", - "name": "prometheus_server", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "fixed_ip": "", - "floating_ip": "146.48.29.203", - "id": "146.48.29.203/3759635e-239f-4026-a668-450b58a8eaac/", - "instance_id": "3759635e-239f-4026-a668-450b58a8eaac", - "region": "isti_area_pi_1", - "timeouts": null, - "wait_until_associated": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_compute_instance_v2.prometheus_server", - "openstack_networking_floatingip_v2.prometheus_server_ip", - "openstack_networking_secgroup_v2.prometheus_access_from_grafana", - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_compute_floatingip_associate_v2", - "name": "ssh_jump_proxy", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "fixed_ip": "", - "floating_ip": "146.48.30.140", - "id": "146.48.30.140/a9698890-cab3-4566-8539-198c05cbe456/", - "instance_id": "a9698890-cab3-4566-8539-198c05cbe456", - "region": "isti_area_pi_1", - "timeouts": null, - "wait_until_associated": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_compute_instance_v2.ssh_jump_proxy", - "openstack_networking_floatingip_v2.ssh_jump_proxy_ip", - "openstack_networking_secgroup_v2.access_to_the_jump_proxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_compute_instance_v2", - "name": "internal_ca", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "access_ip_v4": "10.1.32.4", - "access_ip_v6": "", - "admin_pass": null, - "all_metadata": {}, - "all_tags": [], - "availability_zone": "cnr-isti-nova-a", - "availability_zone_hints": "cnr-isti-nova-a", - "block_device": [ - { - "boot_index": 0, - "delete_on_termination": false, - "destination_type": "volume", - "device_type": "", - "disk_bus": "", - "guest_format": "", - "multiattach": false, - "source_type": "image", - "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", - "volume_size": 10, - "volume_type": "" - } - ], - "config_drive": null, - "created": "2023-11-05 13:37:35 +0000 UTC", - "flavor_id": "2", - "flavor_name": "m1.small", - "floating_ip": null, - "force_delete": false, - "id": "b353a0f2-7c52-4eb7-a714-b91775acc2a5", - "image_id": "Attempt to boot from volume - no image supplied", - "image_name": null, - "key_pair": "adellam", - "metadata": null, - "name": "ca", - "network": [ - { - "access_network": false, - "fixed_ip_v4": "10.1.32.4", - "fixed_ip_v6": "", - "floating_ip": "", - "mac": "fa:16:3e:db:f0:02", - "name": "d4s-pre-cloud-main", - "port": "", - "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" - } - ], - "network_mode": null, - "personality": [], - "power_state": "active", - "region": "isti_area_pi_1", - "scheduler_hints": [], - "security_groups": [ - "default_for_all" - ], - "stop_before_destroy": false, - "tags": [], - "timeouts": null, - "updated": "2023-11-05 13:38:26 +0000 UTC", - "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", - "vendor_options": [], - "volume": [] - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19" - } - ] - }, - { - "mode": "managed", - "type": "openstack_compute_instance_v2", - "name": "prometheus_server", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "access_ip_v4": "10.1.32.10", - "access_ip_v6": "", - "admin_pass": null, - "all_metadata": {}, - "all_tags": [], - "availability_zone": "cnr-isti-nova-a", - "availability_zone_hints": "cnr-isti-nova-a", - "block_device": [ - { - "boot_index": 0, - "delete_on_termination": false, - "destination_type": "volume", - "device_type": "", - "disk_bus": "", - "guest_format": "", - "multiattach": false, - "source_type": "image", - "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", - "volume_size": 10, - "volume_type": "" - } - ], - "config_drive": null, - "created": "2023-11-05 13:37:35 +0000 UTC", - "flavor_id": "4", - "flavor_name": "m1.medium", - "floating_ip": null, - "force_delete": false, - "id": "3759635e-239f-4026-a668-450b58a8eaac", - "image_id": "Attempt to boot from volume - no image supplied", - "image_name": null, - "key_pair": "adellam", - "metadata": null, - "name": "prometheus", - "network": [ - { - "access_network": false, - "fixed_ip_v4": "10.1.32.10", - "fixed_ip_v6": "", - "floating_ip": "", - "mac": "fa:16:3e:18:c6:58", - "name": "d4s-pre-cloud-main", - "port": "", - "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" - } - ], - "network_mode": null, - "personality": [], - "power_state": "active", - "region": "isti_area_pi_1", - "scheduler_hints": [], - "security_groups": [ - "default_for_all", - "prometheus_access_from_grafana", - "restricted_web_service" - ], - "stop_before_destroy": false, - "tags": [], - "timeouts": null, - "updated": "2023-11-05 14:24:55 +0000 UTC", - "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", - "vendor_options": [], - "volume": [] - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_networking_secgroup_v2.prometheus_access_from_grafana", - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_compute_instance_v2", - "name": "shared_postgresql_server", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "access_ip_v4": "10.1.34.99", - "access_ip_v6": "", - "admin_pass": null, - "all_metadata": {}, - "all_tags": [], - "availability_zone": "cnr-isti-nova-a", - "availability_zone_hints": "cnr-isti-nova-a", - "block_device": [ - { - "boot_index": 0, - "delete_on_termination": false, - "destination_type": "volume", - "device_type": "", - "disk_bus": "", - "guest_format": "", - "multiattach": false, - "source_type": "image", - "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", - "volume_size": 10, - "volume_type": "" - } - ], - "config_drive": null, - "created": "2023-11-05 14:54:15 +0000 UTC", - "flavor_id": "4", - "flavor_name": "m1.medium", - "floating_ip": null, - "force_delete": false, - "id": "9ede65c7-70ca-4698-8551-754aa4f6fa1e", - "image_id": "Attempt to boot from volume - no image supplied", - "image_name": null, - "key_pair": "adellam", - "metadata": null, - "name": "shared-postgresql-server", - "network": [ - { - "access_network": false, - "fixed_ip_v4": "10.1.34.99", - "fixed_ip_v6": "", - "floating_ip": "", - "mac": "fa:16:3e:cd:83:b4", - "name": "d4s-pre-cloud-main", - "port": "", - "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" - }, - { - "access_network": false, - "fixed_ip_v4": "192.168.0.5", - "fixed_ip_v6": "", - "floating_ip": "", - "mac": "fa:16:3e:a1:1e:ba", - "name": "postgresql-srv-net", - "port": "", - "uuid": "e25395f4-f1aa-4819-b5a5-36d25ee5af54" - } - ], - "network_mode": null, - "personality": [], - "power_state": "active", - "region": "isti_area_pi_1", - "scheduler_hints": [], - "security_groups": [ - "access_to_the_shared_postgresql_service", - "default_for_all" - ], - "stop_before_destroy": false, - "tags": [], - "timeouts": null, - "updated": "2023-11-05 14:54:48 +0000 UTC", - "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", - "vendor_options": [], - "volume": [] - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_networking_secgroup_v2.shared_postgresql_access" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_compute_instance_v2", - "name": "ssh_jump_proxy", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "access_ip_v4": "10.1.32.5", - "access_ip_v6": "", - "admin_pass": null, - "all_metadata": {}, - "all_tags": [], - "availability_zone": "cnr-isti-nova-a", - "availability_zone_hints": "cnr-isti-nova-a", - "block_device": [ - { - "boot_index": 0, - "delete_on_termination": false, - "destination_type": "volume", - "device_type": "", - "disk_bus": "", - "guest_format": "", - "multiattach": false, - "source_type": "image", - "uuid": "54768889-8556-4be4-a2eb-82a4d9b34627", - "volume_size": 30, - "volume_type": "" - } - ], - "config_drive": null, - "created": "2023-11-05 13:37:34 +0000 UTC", - "flavor_id": "10", - "flavor_name": "m2.small", - "floating_ip": null, - "force_delete": false, - "id": "a9698890-cab3-4566-8539-198c05cbe456", - "image_id": "Attempt to boot from volume - no image supplied", - "image_name": null, - "key_pair": "adellam", - "metadata": null, - "name": "ssh-jump-proxy", - "network": [ - { - "access_network": false, - "fixed_ip_v4": "10.1.32.5", - "fixed_ip_v6": "", - "floating_ip": "", - "mac": "fa:16:3e:52:d0:e8", - "name": "d4s-pre-cloud-main", - "port": "", - "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" - } - ], - "network_mode": null, - "personality": [], - "power_state": "active", - "region": "isti_area_pi_1", - "scheduler_hints": [], - "security_groups": [ - "default_for_all", - "ssh_access_to_the_jump_node" - ], - "stop_before_destroy": false, - "tags": [], - "timeouts": null, - "updated": "2023-11-05 13:38:23 +0000 UTC", - "user_data": "bb83b25fd1219aa1b850ece9be8d7b0f31714608", - "vendor_options": [], - "volume": [] - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_networking_secgroup_v2.access_to_the_jump_proxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_compute_servergroup_v2", - "name": "main_haproxy_l7", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "796fad91-fa0c-459b-9402-e8ba87aae810", - "members": [], - "name": "main_haproxy_l7", - "policies": [ - "anti-affinity" - ], - "region": "isti_area_pi_1", - "rules": [ - { - "max_server_per_host": 0 - } - ], - "value_specs": null - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - } - ] - }, - { - "mode": "managed", - "type": "openstack_compute_volume_attach_v2", - "name": "prometheus_data_attach_vol", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "device": "/dev/vdb", - "id": "3759635e-239f-4026-a668-450b58a8eaac/82e89633-3a48-4ede-9acf-41145f88f5a7", - "instance_id": "3759635e-239f-4026-a668-450b58a8eaac", - "multiattach": null, - "region": "isti_area_pi_1", - "timeouts": null, - "vendor_options": [], - "volume_id": "82e89633-3a48-4ede-9acf-41145f88f5a7" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", - "dependencies": [ - "openstack_blockstorage_volume_v3.prometheus_data_vol", - "openstack_compute_instance_v2.prometheus_server", - "openstack_networking_secgroup_v2.prometheus_access_from_grafana", - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_compute_volume_attach_v2", - "name": "shared_postgresql_data_attach_vol", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "device": "/dev/vdb", - "id": "9ede65c7-70ca-4698-8551-754aa4f6fa1e/1b6dcdbc-c293-438f-a017-291f63bfce18", - "instance_id": "9ede65c7-70ca-4698-8551-754aa4f6fa1e", - "multiattach": null, - "region": "isti_area_pi_1", - "timeouts": null, - "vendor_options": [], - "volume_id": "1b6dcdbc-c293-438f-a017-291f63bfce18" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", - "dependencies": [ - "openstack_blockstorage_volume_v3.shared_postgresql_data_vol", - "openstack_compute_instance_v2.shared_postgresql_server", - "openstack_networking_secgroup_v2.shared_postgresql_access" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_dns_recordset_v2", - "name": "alertmanager_server_recordset", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Prometheus alertmanager", - "disable_status_check": false, - "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c/949fc061-a783-4b22-8412-29b33263aafd", - "name": "alertmanager.cloud-pre.d4science.org.", - "project_id": "6fdc02e2827b405dad99f34698659742", - "records": [ - "prometheus.cloud-pre.d4science.org." - ], - "region": "isti_area_pi_1", - "timeouts": null, - "ttl": 8600, - "type": "CNAME", - "value_specs": null, - "zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19" - } - ] - }, - { - "mode": "managed", - "type": "openstack_dns_recordset_v2", - "name": "main_lb_dns_recordset", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Public IP address of the main load balancer", - "disable_status_check": false, - "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c/e308b8b3-e408-45a9-b4e6-7879dacf010c", - "name": "main-lb.cloud-pre.d4science.org.", - "project_id": "6fdc02e2827b405dad99f34698659742", - "records": [ - "146.48.30.235" - ], - "region": "isti_area_pi_1", - "timeouts": null, - "ttl": 8600, - "type": "A", - "value_specs": null, - "zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_networking_floatingip_v2.main_lb_ip" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_dns_recordset_v2", - "name": "prometheus_server_recordset", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Public IP address of the Prometheus server", - "disable_status_check": false, - "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c/e7f40c87-1dd1-491d-84a5-5f5206642024", - "name": "prometheus.cloud-pre.d4science.org.", - "project_id": "6fdc02e2827b405dad99f34698659742", - "records": [ - "146.48.29.203" - ], - "region": "isti_area_pi_1", - "timeouts": null, - "ttl": 8600, - "type": "A", - "value_specs": null, - "zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_networking_floatingip_v2.prometheus_server_ip" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_dns_recordset_v2", - "name": "ssh_jump_proxy_recordset", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Public IP address of the SSH Proxy Jump server", - "disable_status_check": false, - "id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c/af3483f0-aab1-4661-8a2d-b7ee1eb30961", - "name": "ssh-jump-proxy.cloud-pre.d4science.org.", - "project_id": "6fdc02e2827b405dad99f34698659742", - "records": [ - "146.48.30.140" - ], - "region": "isti_area_pi_1", - "timeouts": null, - "ttl": 8600, - "type": "A", - "value_specs": null, - "zone_id": "c1a4b4bc-f167-4387-855d-38f0f99ca05c" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_networking_floatingip_v2.ssh_jump_proxy_ip" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_listener_v2", - "name": "main_haproxy_http_listener", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "admin_state_up": true, - "allowed_cidrs": [], - "connection_limit": -1, - "default_pool_id": "ea4e23f4-3655-43b2-acce-a5ef0919b4f8", - "default_tls_container_ref": "", - "description": "HTTP listener of the main HAPROXY instances", - "id": "3901f110-7c96-4317-926b-37260ea4afa4", - "insert_headers": {}, - "loadbalancer_id": "420fb3bd-a91e-41d2-8189-100a6272bf82", - "name": "main_haproxy_http_listener", - "protocol": "TCP", - "protocol_port": 80, - "region": "isti_area_pi_1", - "sni_container_refs": [], - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeout_client_data": 50000, - "timeout_member_connect": 5000, - "timeout_member_data": 50000, - "timeout_tcp_inspect": 0, - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_lb_loadbalancer_v2.main_lb" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_listener_v2", - "name": "main_haproxy_https_listener", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "admin_state_up": true, - "allowed_cidrs": [], - "connection_limit": -1, - "default_pool_id": "f92a755d-257b-48e5-bb8c-b871ce88070a", - "default_tls_container_ref": "", - "description": "HTTPS listener of the main HAPROXY instances", - "id": "c4ea6eb4-5fb0-43ed-8e09-d06f22dd03be", - "insert_headers": {}, - "loadbalancer_id": "420fb3bd-a91e-41d2-8189-100a6272bf82", - "name": "main_haproxy_https_listener", - "protocol": "TCP", - "protocol_port": 443, - "region": "isti_area_pi_1", - "sni_container_refs": [], - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeout_client_data": 50000, - "timeout_member_connect": 5000, - "timeout_member_data": 50000, - "timeout_tcp_inspect": 0, - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_lb_loadbalancer_v2.main_lb" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_listener_v2", - "name": "main_haproxy_stats_listener", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "admin_state_up": true, - "allowed_cidrs": [ - "146.48.122.27/32", - "146.48.122.49/32", - "146.48.28.10/32", - "146.48.28.11/32" - ], - "connection_limit": -1, - "default_pool_id": "ab1a2ff1-638e-4308-bc01-5c673454aea2", - "default_tls_container_ref": "", - "description": "Listener for the stats of the main HAPROXY instances", - "id": "3470d39d-bdac-4b58-8a83-c659b653235d", - "insert_headers": {}, - "loadbalancer_id": "420fb3bd-a91e-41d2-8189-100a6272bf82", - "name": "main_haproxy_stats_listener", - "protocol": "TCP", - "protocol_port": 8880, - "region": "isti_area_pi_1", - "sni_container_refs": [], - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeout_client_data": 50000, - "timeout_member_connect": 5000, - "timeout_member_data": 50000, - "timeout_tcp_inspect": 0, - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_lb_loadbalancer_v2.main_lb" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_loadbalancer_v2", - "name": "main_lb", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "admin_state_up": true, - "availability_zone": "", - "description": "Main L4 load balancer for the D4Science PRE production", - "flavor_id": "394988b5-6603-4a1e-a939-8e177c6681c7", - "id": "420fb3bd-a91e-41d2-8189-100a6272bf82", - "loadbalancer_provider": "amphora", - "name": "d4s-pre-cloud-l4-load-balancer", - "region": "isti_area_pi_1", - "security_group_ids": [ - "8e3b170f-9076-440d-bc99-874f4d8c5cbb" - ], - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null, - "vip_address": "10.1.32.20", - "vip_network_id": "23fd8a99-d551-4ada-8d3a-9859542ebb8c", - "vip_port_id": "2ed727c8-709a-48ed-9ef6-3357769f4f8e", - "vip_subnet_id": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19" - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_members_v2", - "name": "main_haproxy_http_pool_members", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "ea4e23f4-3655-43b2-acce-a5ef0919b4f8", - "member": [ - { - "address": "10.1.32.11", - "admin_state_up": true, - "backup": false, - "id": "202c94c0-e071-4314-af8e-86a68ede56d4", - "monitor_address": "", - "monitor_port": 0, - "name": "haproxy l7 1", - "protocol_port": 80, - "subnet_id": "", - "weight": 1 - }, - { - "address": "10.1.32.12", - "admin_state_up": true, - "backup": false, - "id": "f5c7c9a1-ffa0-463b-8979-82f33898cf6a", - "monitor_address": "", - "monitor_port": 0, - "name": "haproxy l7 2", - "protocol_port": 80, - "subnet_id": "", - "weight": 1 - } - ], - "pool_id": "ea4e23f4-3655-43b2-acce-a5ef0919b4f8", - "region": "isti_area_pi_1", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_lb_listener_v2.main_haproxy_http_listener", - "openstack_lb_loadbalancer_v2.main_lb", - "openstack_lb_pool_v2.main_haproxy_http_pool" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_members_v2", - "name": "main_haproxy_https_pool_members", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "f92a755d-257b-48e5-bb8c-b871ce88070a", - "member": [ - { - "address": "10.1.32.11", - "admin_state_up": true, - "backup": false, - "id": "ffaa8e06-ae81-4539-a38a-d43e42c501dc", - "monitor_address": "", - "monitor_port": 0, - "name": "haproxy l7 1", - "protocol_port": 443, - "subnet_id": "", - "weight": 1 - }, - { - "address": "10.1.32.12", - "admin_state_up": true, - "backup": false, - "id": "2966ef3c-c308-4671-8ea7-0d79d5405e4b", - "monitor_address": "", - "monitor_port": 0, - "name": "haproxy l7 2", - "protocol_port": 443, - "subnet_id": "", - "weight": 1 - } - ], - "pool_id": "f92a755d-257b-48e5-bb8c-b871ce88070a", - "region": "isti_area_pi_1", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_lb_listener_v2.main_haproxy_https_listener", - "openstack_lb_loadbalancer_v2.main_lb", - "openstack_lb_pool_v2.main_haproxy_https_pool" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_members_v2", - "name": "main_haproxy_stats_pool_members", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "ab1a2ff1-638e-4308-bc01-5c673454aea2", - "member": [ - { - "address": "10.1.32.11", - "admin_state_up": true, - "backup": false, - "id": "4b0f6c55-908b-49c4-b1ee-85d54aad08f5", - "monitor_address": "", - "monitor_port": 0, - "name": "haproxy l7 1", - "protocol_port": 8880, - "subnet_id": "", - "weight": 1 - }, - { - "address": "10.1.32.12", - "admin_state_up": true, - "backup": false, - "id": "b1b1d56d-3876-42c9-bd6c-51aac81779cc", - "monitor_address": "", - "monitor_port": 0, - "name": "haproxy l7 2", - "protocol_port": 8880, - "subnet_id": "", - "weight": 1 - } - ], - "pool_id": "ab1a2ff1-638e-4308-bc01-5c673454aea2", - "region": "isti_area_pi_1", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_lb_listener_v2.main_haproxy_stats_listener", - "openstack_lb_loadbalancer_v2.main_lb", - "openstack_lb_pool_v2.main_haproxy_stats_pool" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_monitor_v2", - "name": "main_haproxy_http_monitor", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "admin_state_up": true, - "delay": 20, - "expected_codes": "200", - "http_method": "GET", - "id": "00982aaf-c899-44a0-b605-aad45c69ac83", - "max_retries": 3, - "max_retries_down": 3, - "name": "main_haproxy_http_monitor", - "pool_id": "ea4e23f4-3655-43b2-acce-a5ef0919b4f8", - "region": "isti_area_pi_1", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeout": 5, - "timeouts": null, - "type": "HTTP", - "url_path": "/_haproxy_health_check" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_lb_listener_v2.main_haproxy_http_listener", - "openstack_lb_loadbalancer_v2.main_lb", - "openstack_lb_pool_v2.main_haproxy_http_pool" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_monitor_v2", - "name": "main_haproxy_https_monitor", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "admin_state_up": true, - "delay": 20, - "expected_codes": "200", - "http_method": "GET", - "id": "db5e5413-705f-47b0-808d-c65fe7ce1718", - "max_retries": 3, - "max_retries_down": 3, - "name": "main_haproxy_https_monitor", - "pool_id": "f92a755d-257b-48e5-bb8c-b871ce88070a", - "region": "isti_area_pi_1", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeout": 5, - "timeouts": null, - "type": "HTTPS", - "url_path": "/_haproxy_health_check" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_lb_listener_v2.main_haproxy_https_listener", - "openstack_lb_loadbalancer_v2.main_lb", - "openstack_lb_pool_v2.main_haproxy_https_pool" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_monitor_v2", - "name": "main_haproxy_stats_monitor", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "admin_state_up": true, - "delay": 20, - "expected_codes": "", - "http_method": "", - "id": "28b45879-c2dc-4aac-8384-f45a8f2406dd", - "max_retries": 3, - "max_retries_down": 3, - "name": "main_haproxy_stats_monitor", - "pool_id": "ab1a2ff1-638e-4308-bc01-5c673454aea2", - "region": "isti_area_pi_1", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeout": 5, - "timeouts": null, - "type": "TCP", - "url_path": "" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_lb_listener_v2.main_haproxy_stats_listener", - "openstack_lb_loadbalancer_v2.main_lb", - "openstack_lb_pool_v2.main_haproxy_stats_pool" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_pool_v2", - "name": "main_haproxy_http_pool", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "admin_state_up": true, - "description": "Pool for the HTTP listener of the main HAPROXY instances", - "id": "ea4e23f4-3655-43b2-acce-a5ef0919b4f8", - "lb_method": "LEAST_CONNECTIONS", - "listener_id": "3901f110-7c96-4317-926b-37260ea4afa4", - "loadbalancer_id": null, - "name": "main-haproxy-lb-http", - "persistence": [ - { - "cookie_name": "", - "type": "SOURCE_IP" - } - ], - "protocol": "PROXYV2", - "region": "isti_area_pi_1", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_lb_listener_v2.main_haproxy_http_listener", - "openstack_lb_loadbalancer_v2.main_lb" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_pool_v2", - "name": "main_haproxy_https_pool", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "admin_state_up": true, - "description": "Pool for the HTTPS listener of the main HAPROXY instances", - "id": "f92a755d-257b-48e5-bb8c-b871ce88070a", - "lb_method": "LEAST_CONNECTIONS", - "listener_id": "c4ea6eb4-5fb0-43ed-8e09-d06f22dd03be", - "loadbalancer_id": null, - "name": "main-haproxy-lb-https", - "persistence": [ - { - "cookie_name": "", - "type": "SOURCE_IP" - } - ], - "protocol": "PROXYV2", - "region": "isti_area_pi_1", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_lb_listener_v2.main_haproxy_https_listener", - "openstack_lb_loadbalancer_v2.main_lb" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_lb_pool_v2", - "name": "main_haproxy_stats_pool", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "admin_state_up": true, - "description": "Pool for the stats of the main HAPROXY instances", - "id": "ab1a2ff1-638e-4308-bc01-5c673454aea2", - "lb_method": "LEAST_CONNECTIONS", - "listener_id": "3470d39d-bdac-4b58-8a83-c659b653235d", - "loadbalancer_id": null, - "name": "main-haproxy-lb-stats", - "persistence": [ - { - "cookie_name": "", - "type": "SOURCE_IP" - } - ], - "protocol": "TCP", - "region": "isti_area_pi_1", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", - "dependencies": [ - "openstack_lb_listener_v2.main_haproxy_stats_listener", - "openstack_lb_loadbalancer_v2.main_lb" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_floatingip_associate_v2", - "name": "main_lb", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "fixed_ip": "10.1.32.20", - "floating_ip": "146.48.30.235", - "id": "03f574a8-2868-4cbb-ab1f-0332ce2e89ee", - "port_id": "2ed727c8-709a-48ed-9ef6-3357769f4f8e", - "region": "isti_area_pi_1" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "openstack_lb_loadbalancer_v2.main_lb", - "openstack_networking_floatingip_v2.main_lb_ip" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_floatingip_v2", - "name": "main_lb_ip", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "address": "146.48.30.235", - "all_tags": [], - "description": "Main L4 load balancer for the D4Science PRE production", - "dns_domain": "", - "dns_name": "", - "fixed_ip": "10.1.32.20", - "id": "03f574a8-2868-4cbb-ab1f-0332ce2e89ee", - "pool": "external-network", - "port_id": "2ed727c8-709a-48ed-9ef6-3357769f4f8e", - "region": "isti_area_pi_1", - "subnet_id": null, - "subnet_ids": null, - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null, - "value_specs": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_floatingip_v2", - "name": "prometheus_server_ip", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "address": "146.48.29.203", - "all_tags": [], - "description": "Prometheus server", - "dns_domain": "", - "dns_name": "", - "fixed_ip": "10.1.32.10", - "id": "8abc5e0e-d1b6-4858-a74f-cace3cd1c10c", - "pool": "external-network", - "port_id": "b1c4b95e-29ab-4835-893d-fdc899b9b400", - "region": "isti_area_pi_1", - "subnet_id": null, - "subnet_ids": null, - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null, - "value_specs": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_floatingip_v2", - "name": "ssh_jump_proxy_ip", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "address": "146.48.30.140", - "all_tags": [], - "description": "SSH Proxy Jump Server", - "dns_domain": "", - "dns_name": "", - "fixed_ip": "10.1.32.5", - "id": "0a5f6054-836b-40fb-9bc5-97fa4ede5a62", - "pool": "external-network", - "port_id": "a29a4446-3320-431b-81b8-73c253817b3f", - "region": "isti_area_pi_1", - "subnet_id": null, - "subnet_ids": null, - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null, - "value_specs": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_network_v2", - "name": "shared_postgresql_net", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "admin_state_up": true, - "all_tags": [], - "availability_zone_hints": [], - "description": "Network used to communicate with the shared postgresql service", - "dns_domain": "cloud-pre.d4science.org.", - "external": false, - "id": "e25395f4-f1aa-4819-b5a5-36d25ee5af54", - "mtu": 8942, - "name": "postgresql-srv-net", - "port_security_enabled": true, - "qos_policy_id": "", - "region": "isti_area_pi_1", - "segments": [], - "shared": false, - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null, - "transparent_vlan": false, - "value_specs": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "egress-ipv4", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "", - "direction": "egress", - "ethertype": "IPv4", - "id": "a9c0d805-ba04-403d-85b7-e5f9a4787c67", - "port_range_max": 0, - "port_range_min": 0, - "protocol": "", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "", - "security_group_id": "6a12a6b1-6bd5-4c68-b41d-1f5f88915971", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.default" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "grafana_d4s", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTPS from grafana.d4science.org", - "direction": "ingress", - "ethertype": "IPv4", - "id": "b4335816-fd94-4107-9cdd-e97fd5f8dab5", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.122.132/32", - "security_group_id": "1a3161d4-00b1-411e-a3a6-5d3f1ec06483", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.prometheus_access_from_grafana" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "haproxy-l7-1-443", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "HTTPS traffic from HAPROXY L7 1", - "direction": "ingress", - "ethertype": "IPv4", - "id": "8d6d97a3-6238-4087-a02a-f4add0220d69", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.11/32", - "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.traffic_from_main_haproxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "haproxy-l7-1-80", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "HTTP traffic from HAPROXY L7 1", - "direction": "ingress", - "ethertype": "IPv4", - "id": "f7bec0a2-bbde-45f5-befe-5bdbe429cdf1", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.11/32", - "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.traffic_from_main_haproxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "haproxy-l7-1-8080", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "HTTP traffic from HAPROXY L7 1", - "direction": "ingress", - "ethertype": "IPv4", - "id": "5f129d0f-9a1e-43c7-a5ca-14093e2afa86", - "port_range_max": 8080, - "port_range_min": 8080, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.11/32", - "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.traffic_from_main_haproxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "haproxy-l7-1-8888", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "HTTP traffic from HAPROXY L7 1", - "direction": "ingress", - "ethertype": "IPv4", - "id": "ce312014-7558-47c9-9d89-0cd809f3b3ac", - "port_range_max": 8888, - "port_range_min": 8888, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.11/32", - "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.traffic_from_main_haproxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "haproxy-l7-2-443", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "HTTPS traffic from HAPROXY L7 2", - "direction": "ingress", - "ethertype": "IPv4", - "id": "0bd2c833-4d25-4213-9839-57ffeba300e6", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.12/32", - "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.traffic_from_main_haproxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "haproxy-l7-2-80", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "HTTP traffic from HAPROXY L7 2", - "direction": "ingress", - "ethertype": "IPv4", - "id": "d836453d-2d66-4c47-af52-2e5329761fb2", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.12/32", - "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.traffic_from_main_haproxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "haproxy-l7-2-8080", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "HTTP traffic from HAPROXY L7 2", - "direction": "ingress", - "ethertype": "IPv4", - "id": "5941483c-9349-4a61-95f2-8002419b9cbf", - "port_range_max": 8080, - "port_range_min": 8080, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.12/32", - "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.traffic_from_main_haproxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "haproxy-l7-2-8888", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "HTTP traffic from HAPROXY L7 2", - "direction": "ingress", - "ethertype": "IPv4", - "id": "2b65e9f5-1a4d-4a69-8072-1a9b87d08ffb", - "port_range_max": 8888, - "port_range_min": 8888, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.12/32", - "security_group_id": "ce000350-813c-4209-9568-dd27d99bf94e", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.traffic_from_main_haproxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "haproxy_l7_1_peer", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Peer traffic from haproxy l7 1 to l7 2", - "direction": "ingress", - "ethertype": "IPv4", - "id": "c175b759-8009-4c29-8e1f-6065f78d10b4", - "port_range_max": 10000, - "port_range_min": 10000, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.11/32", - "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "haproxy_l7_2_peer", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Peer traffic from haproxy l7 2 to l7 1", - "direction": "ingress", - "ethertype": "IPv4", - "id": "2b14a58e-f7de-42c8-b1df-7d180a739f4e", - "port_range_max": 10000, - "port_range_min": 10000, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.12/32", - "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "http_from_everywhere", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTP from everywhere", - "direction": "ingress", - "ethertype": "IPv4", - "id": "a05edc91-f960-479d-8527-37c466e20c07", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "0.0.0.0/0", - "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "https_from_d4s_vpn_1", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTPS from D4Science VPN 1", - "direction": "ingress", - "ethertype": "IPv4", - "id": "16f6eb5d-6075-4cd7-98a3-b07d7579d34e", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.122.27/32", - "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "https_from_d4s_vpn_2", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTPS from D4Science VPN 2", - "direction": "ingress", - "ethertype": "IPv4", - "id": "1e18c815-a595-494e-8006-619f5e74343f", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.122.49/32", - "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "https_from_s2i2s_vpn_1", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTPS from S2I2S VPN 1", - "direction": "ingress", - "ethertype": "IPv4", - "id": "84a331ea-58ab-4c5b-9d8c-206c14af44a7", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.28.10/32", - "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "https_from_s2i2s_vpn_2", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTPS from S2I2S VPN 2", - "direction": "ingress", - "ethertype": "IPv4", - "id": "79960c08-1f7e-4a91-8454-84452ad65d21", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.28.11/32", - "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "https_from_shell_d4s", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTPS from shell.d4science.org", - "direction": "ingress", - "ethertype": "IPv4", - "id": "09a086d3-692d-4c34-a935-b4d9b363ca5f", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.122.95/32", - "security_group_id": "52701d3b-e36d-4712-b146-721f8b87c285", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.restricted_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "ingress-icmp", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow ICMP from remote", - "direction": "ingress", - "ethertype": "IPv4", - "id": "8f57aad8-19d5-4f9e-b24b-8c6a9a864eda", - "port_range_max": 0, - "port_range_min": 0, - "protocol": "icmp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "0.0.0.0/0", - "security_group_id": "6a12a6b1-6bd5-4c68-b41d-1f5f88915971", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.default" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "lb3_1_haproxy_l7_443", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Traffic from the first main lb instance to HAPROXY l7 1 port 443", - "direction": "ingress", - "ethertype": "IPv4", - "id": "496c0553-fd80-43be-8958-08c5c5333116", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.34.232/32", - "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "lb3_1_haproxy_l7_80", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Traffic from the first main lb instance to HAPROXY l7 1 port 80", - "direction": "ingress", - "ethertype": "IPv4", - "id": "e0474d9d-2842-49f3-ae34-281ce1f80e32", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.34.232/32", - "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "lb3_1_haproxy_l7_8080", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Traffic from the first main lb instance to HAPROXY l7 1 port 8080", - "direction": "ingress", - "ethertype": "IPv4", - "id": "6c96d29f-05d7-4ac9-9a92-b58f492a9425", - "port_range_max": 8080, - "port_range_min": 8080, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.34.232/32", - "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "lb3_2_haproxy_l7_443", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Traffic from the first main lb instance to HAPROXY l7 2 port 443", - "direction": "ingress", - "ethertype": "IPv4", - "id": "3e08d7ac-098c-4f51-bbee-87f1ce9cf9b3", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.33.229/32", - "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "lb3_2_haproxy_l7_80", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Traffic from the first main lb instance to HAPROXY l7 2 port 80", - "direction": "ingress", - "ethertype": "IPv4", - "id": "c402f80c-734e-4394-80f0-817ea57af7b8", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.33.229/32", - "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "lb3_2_haproxy_l7_8080", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Traffic from the first main lb instance to HAPROXY l7 2 port 8080", - "direction": "ingress", - "ethertype": "IPv4", - "id": "2ddde65e-718c-44c5-829d-9318745bf8a3", - "port_range_max": 8080, - "port_range_min": 8080, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.33.229/32", - "security_group_id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.main_lb_to_haproxy_l7" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "prometheus-node", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Prometheus access to the node exporter", - "direction": "ingress", - "ethertype": "IPv4", - "id": "248b6e42-a91e-45b8-b768-d805a5e48f6e", - "port_range_max": 9100, - "port_range_min": 9100, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.10/32", - "security_group_id": "6a12a6b1-6bd5-4c68-b41d-1f5f88915971", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.default" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "public_http", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTP from everywhere", - "direction": "ingress", - "ethertype": "IPv4", - "id": "451e920f-b130-412e-82a2-6f907781a534", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "0.0.0.0/0", - "security_group_id": "003ecc82-445b-4e19-aea6-217dbd8c8deb", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.public_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "public_https", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow HTTPS from everywhere", - "direction": "ingress", - "ethertype": "IPv4", - "id": "36c80115-0fef-48c0-bcd8-3f7c1e9b17d6", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "0.0.0.0/0", - "security_group_id": "003ecc82-445b-4e19-aea6-217dbd8c8deb", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.public_web" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "shared_postgresql_access_from_dedicated_subnet", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Allow connections to port 5432 from the 192.168.2.0/22 network", - "direction": "ingress", - "ethertype": "IPv4", - "id": "fe4eeca3-ec34-4fd1-8cae-89b077ff9f27", - "port_range_max": 5432, - "port_range_min": 5432, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "192.168.0.0/22", - "security_group_id": "3c14aba5-7ab0-4662-bc03-c1fa889f5be5", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.shared_postgresql_access" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "shell_443", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "https debug port 443 from the shell jump proxy", - "direction": "ingress", - "ethertype": "IPv4", - "id": "0dd4e586-a547-436a-8c4c-a21c96555a3b", - "port_range_max": 443, - "port_range_min": 443, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.5/32", - "security_group_id": "7e8f53e6-83df-4278-a14f-caaa9c356304", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.debugging" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "shell_80", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "http debug port 80 from the shell jump proxy", - "direction": "ingress", - "ethertype": "IPv4", - "id": "71042c57-5fea-4d60-bd23-72b134f2ec52", - "port_range_max": 80, - "port_range_min": 80, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.5/32", - "security_group_id": "7e8f53e6-83df-4278-a14f-caaa9c356304", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.debugging" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "shell_8100", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "Tomcat debug on port 8100 from the shell jump proxy", - "direction": "ingress", - "ethertype": "IPv4", - "id": "3bde2477-e5ca-4c7c-9b04-b9ec56298119", - "port_range_max": 8100, - "port_range_min": 8100, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.5/32", - "security_group_id": "7e8f53e6-83df-4278-a14f-caaa9c356304", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.debugging" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "ssh-d4s-vpn-1", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "SSH traffic from D4Science VPN 1", - "direction": "ingress", - "ethertype": "IPv4", - "id": "94af5954-7f88-4237-87f3-df23654d19af", - "port_range_max": 22, - "port_range_min": 22, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.122.27/32", - "security_group_id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.access_to_the_jump_proxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "ssh-d4s-vpn-2", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "SSH traffic from D4Science VPN 2", - "direction": "ingress", - "ethertype": "IPv4", - "id": "4da00dbf-db42-418c-a7f9-f7ab5cd0307d", - "port_range_max": 22, - "port_range_min": 22, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.122.49/32", - "security_group_id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.access_to_the_jump_proxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "ssh-infrascience-net", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "SSH traffic from the InfraScience network", - "direction": "ingress", - "ethertype": "IPv4", - "id": "b3a54aa7-f9da-4e4e-bd10-5505926ebefd", - "port_range_max": 22, - "port_range_min": 22, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.122.0/23", - "security_group_id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.access_to_the_jump_proxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "ssh-jump-proxy", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "SSH traffic from the jump proxy", - "direction": "ingress", - "ethertype": "IPv4", - "id": "de92582a-7f56-4271-8e99-3bed0ca8e64b", - "port_range_max": 22, - "port_range_min": 22, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "10.1.32.5/32", - "security_group_id": "6a12a6b1-6bd5-4c68-b41d-1f5f88915971", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.default" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "ssh-s2i2s-vpn-1", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "SSH traffic from S2I2S VPN 1", - "direction": "ingress", - "ethertype": "IPv4", - "id": "b2ba067e-0a74-4a55-81ea-684146e5fcfa", - "port_range_max": 22, - "port_range_min": 22, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.28.10/32", - "security_group_id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.access_to_the_jump_proxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "ssh-s2i2s-vpn-2", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "SSH traffic from S2I2S VPN 2", - "direction": "ingress", - "ethertype": "IPv4", - "id": "42cfb632-a15a-4bc2-97ae-d935d2736d88", - "port_range_max": 22, - "port_range_min": 22, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.28.11/32", - "security_group_id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.access_to_the_jump_proxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_rule_v2", - "name": "ssh-shell-d4s", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "description": "SSH traffic from shell.d4science.org", - "direction": "ingress", - "ethertype": "IPv4", - "id": "a040fe4a-372f-4aca-ab58-3fc52a34780f", - "port_range_max": 22, - "port_range_min": 22, - "protocol": "tcp", - "region": "isti_area_pi_1", - "remote_group_id": "", - "remote_ip_prefix": "146.48.122.95/32", - "security_group_id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", - "dependencies": [ - "openstack_networking_secgroup_v2.access_to_the_jump_proxy" - ] - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_v2", - "name": "access_to_the_jump_proxy", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "all_tags": [], - "delete_default_rules": true, - "description": "Security group that allows SSH access to the jump node from a limited set of sources", - "id": "1bfb16c6-b602-4ee4-bf3b-0d25213b2c04", - "name": "ssh_access_to_the_jump_node", - "region": "isti_area_pi_1", - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_v2", - "name": "debugging", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "all_tags": [], - "delete_default_rules": true, - "description": "Security group that allows web app debugging via tunnel from the ssh jump node", - "id": "7e8f53e6-83df-4278-a14f-caaa9c356304", - "name": "debugging_from_jump_node", - "region": "isti_area_pi_1", - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_v2", - "name": "default", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "all_tags": [], - "delete_default_rules": true, - "description": "Default security group with rules for ssh access via jump proxy, prometheus scraping", - "id": "6a12a6b1-6bd5-4c68-b41d-1f5f88915971", - "name": "default_for_all", - "region": "isti_area_pi_1", - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_v2", - "name": "main_lb_to_haproxy_l7", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "all_tags": [], - "delete_default_rules": true, - "description": "Traffic coming the main L4 lb directed to the haproxy l7 servers", - "id": "194c32a1-5842-4be7-8c90-c03ebe4e25f0", - "name": "traffic_from_main_lb_to_haproxy_l7", - "region": "isti_area_pi_1", - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_v2", - "name": "prometheus_access_from_grafana", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "all_tags": [], - "delete_default_rules": true, - "description": "The public grafana server must be able to get data from Prometheus", - "id": "1a3161d4-00b1-411e-a3a6-5d3f1ec06483", - "name": "prometheus_access_from_grafana", - "region": "isti_area_pi_1", - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_v2", - "name": "public_web", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "all_tags": [], - "delete_default_rules": true, - "description": "Security group that allows HTTPS and HTTP from everywhere, for the services that are not behind any load balancer", - "id": "003ecc82-445b-4e19-aea6-217dbd8c8deb", - "name": "public_web_service", - "region": "isti_area_pi_1", - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_v2", - "name": "restricted_web", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "all_tags": [], - "delete_default_rules": true, - "description": "Security group that restricts HTTPS sources to the VPN nodes and shell.d4science.org. HTTP is open to all, because letsencrypt", - "id": "52701d3b-e36d-4712-b146-721f8b87c285", - "name": "restricted_web_service", - "region": "isti_area_pi_1", - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_v2", - "name": "shared_postgresql_access", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "all_tags": [], - "delete_default_rules": true, - "description": "Access the shared PostgreSQL service using the dedicated network", - "id": "3c14aba5-7ab0-4662-bc03-c1fa889f5be5", - "name": "access_to_the_shared_postgresql_service", - "region": "isti_area_pi_1", - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_secgroup_v2", - "name": "traffic_from_main_haproxy", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "all_tags": [], - "delete_default_rules": true, - "description": "Allow traffic from the main L7 HAPROXY load balancers", - "id": "ce000350-813c-4209-9568-dd27d99bf94e", - "name": "traffic_from_the_main_load_balancers", - "region": "isti_area_pi_1", - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" - } - ] - }, - { - "mode": "managed", - "type": "openstack_networking_subnet_v2", - "name": "shared_postgresql_subnet", - "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "all_tags": [], - "allocation_pool": [ - { - "end": "192.168.3.254", - "start": "192.168.0.100" - } - ], - "allocation_pools": [ - { - "end": "192.168.3.254", - "start": "192.168.0.100" - } - ], - "cidr": "192.168.0.0/22", - "description": "subnet used to connect to the shared PostgreSQL service", - "dns_nameservers": [ - "146.48.29.97", - "146.48.29.98", - "146.48.29.99" - ], - "enable_dhcp": true, - "gateway_ip": "", - "host_routes": [], - "id": "88f8ea7e-7a48-42a8-840e-00397d90df44", - "ip_version": 4, - "ipv6_address_mode": "", - "ipv6_ra_mode": "", - "name": "shared-postgresql-subnet", - "network_id": "e25395f4-f1aa-4819-b5a5-36d25ee5af54", - "no_gateway": true, - "prefix_length": null, - "region": "isti_area_pi_1", - "service_types": [], - "subnetpool_id": "", - "tags": [], - "tenant_id": "6fdc02e2827b405dad99f34698659742", - "timeouts": null, - "value_specs": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", - "dependencies": [ - "openstack_networking_network_v2.shared_postgresql_net" - ] - } - ] - } - ], - "check_results": null -} diff --git a/openstack-tf/d4s-production/basic-infrastructure/15-security-groups.tf b/openstack-tf/d4s-production/basic-infrastructure/15-security-groups.tf deleted file mode 120000 index aad5041..0000000 --- a/openstack-tf/d4s-production/basic-infrastructure/15-security-groups.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/15-security-groups.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/20-octavia.tf b/openstack-tf/d4s-production/basic-infrastructure/20-octavia.tf deleted file mode 120000 index a104722..0000000 --- a/openstack-tf/d4s-production/basic-infrastructure/20-octavia.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/20-octavia.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/25-ssh-jump-proxy.tf b/openstack-tf/d4s-production/basic-infrastructure/25-ssh-jump-proxy.tf deleted file mode 120000 index 46b1d6c..0000000 --- a/openstack-tf/d4s-production/basic-infrastructure/25-ssh-jump-proxy.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/25-ssh-jump-proxy.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/30-internal-ca.tf b/openstack-tf/d4s-production/basic-infrastructure/30-internal-ca.tf deleted file mode 120000 index ac62be5..0000000 --- a/openstack-tf/d4s-production/basic-infrastructure/30-internal-ca.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/30-internal-ca.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/35-prometheus.tf b/openstack-tf/d4s-production/basic-infrastructure/35-prometheus.tf deleted file mode 120000 index 31f4592..0000000 --- a/openstack-tf/d4s-production/basic-infrastructure/35-prometheus.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/35-prometheus.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/40-postgresql.tf b/openstack-tf/d4s-production/basic-infrastructure/40-postgresql.tf deleted file mode 120000 index 968cc5a..0000000 --- a/openstack-tf/d4s-production/basic-infrastructure/40-postgresql.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/40-postgresql.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/41-postgresql-backup-vol.tf b/openstack-tf/d4s-production/basic-infrastructure/41-postgresql-backup-vol.tf index 03595b2..24d747a 100644 --- a/openstack-tf/d4s-production/basic-infrastructure/41-postgresql-backup-vol.tf +++ b/openstack-tf/d4s-production/basic-infrastructure/41-postgresql-backup-vol.tf @@ -7,6 +7,6 @@ resource "openstack_blockstorage_volume_v3" "shared_postgresql_backup_vol" { resource "openstack_compute_volume_attach_v2" "shared_postgresql_backup_attach_vol" { instance_id = openstack_compute_instance_v2.shared_postgresql_server.id volume_id = openstack_blockstorage_volume_v3.shared_postgresql_backup_vol.id - device = var.shared_postgresql_server_data.vol_backup_device - depends_on = [openstack_compute_instance_v2.shared_postgresql_server] + device = var.shared_postgresql_server_data.vol_backup_device + depends_on = [openstack_compute_instance_v2.shared_postgresql_server] } diff --git a/openstack-tf/d4s-production/basic-infrastructure/45-haproxy.tf b/openstack-tf/d4s-production/basic-infrastructure/45-haproxy.tf deleted file mode 120000 index e3b6c11..0000000 --- a/openstack-tf/d4s-production/basic-infrastructure/45-haproxy.tf +++ /dev/null @@ -1 +0,0 @@ -../../common_setups/45-haproxy.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/haproxy.tf b/openstack-tf/d4s-production/basic-infrastructure/haproxy.tf new file mode 120000 index 0000000..51d2cc3 --- /dev/null +++ b/openstack-tf/d4s-production/basic-infrastructure/haproxy.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/haproxy.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/internal-ca.tf b/openstack-tf/d4s-production/basic-infrastructure/internal-ca.tf new file mode 120000 index 0000000..c613c82 --- /dev/null +++ b/openstack-tf/d4s-production/basic-infrastructure/internal-ca.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/internal-ca.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/octavia.tf b/openstack-tf/d4s-production/basic-infrastructure/octavia.tf new file mode 120000 index 0000000..387afa6 --- /dev/null +++ b/openstack-tf/d4s-production/basic-infrastructure/octavia.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/octavia.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/postgresql.tf b/openstack-tf/d4s-production/basic-infrastructure/postgresql.tf new file mode 120000 index 0000000..fb68d4e --- /dev/null +++ b/openstack-tf/d4s-production/basic-infrastructure/postgresql.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/postgresql.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/production-basic-infrastructure.auto.tfvars b/openstack-tf/d4s-production/basic-infrastructure/production-basic-infrastructure.auto.tfvars index 2b7cbd3..754cb3f 100644 --- a/openstack-tf/d4s-production/basic-infrastructure/production-basic-infrastructure.auto.tfvars +++ b/openstack-tf/d4s-production/basic-infrastructure/production-basic-infrastructure.auto.tfvars @@ -1,62 +1,62 @@ default_security_group_name = "default_for_all" shared_postgresql_server_data = { - name ="shared-postgresql-server" - flavor = "m1.large" - vol_data_name = "shared-postgresql-data" - vol_data_size = "300" - vol_data_device = "/dev/vdb" - vol_backup_name = "shared-postgresql-backup-data" - vol_backup_size = "100" - vol_backup_device = "/dev/vdc" - network_name = "postgresql-srv-net" - network_description = "Network used to communicate with the shared postgresql service" - network_cidr = "192.168.0.0/22" + name = "shared-postgresql-server" + flavor = "m1.large" + vol_data_name = "shared-postgresql-data" + vol_data_size = "300" + vol_data_device = "/dev/vdb" + vol_backup_name = "shared-postgresql-backup-data" + vol_backup_size = "100" + vol_backup_device = "/dev/vdc" + network_name = "postgresql-srv-net" + network_description = "Network used to communicate with the shared postgresql service" + network_cidr = "192.168.0.0/22" allocation_pool_start = "192.168.0.100" - allocation_pool_end = "192.168.3.254" - server_ip = "192.168.0.5" - server_cidr = "192.168.0.5/22" + allocation_pool_end = "192.168.3.254" + server_ip = "192.168.0.5" + server_cidr = "192.168.0.5/22" } # Provided in the output of the project setup main_private_network_id = "020df98d-ae72-452a-b376-3b6dc289acac" -main_private_subnet_id = "5d7b83ad-e058-4a3a-bfd8-d20ba6d42e1a" -dns_zone_id = "74135b34-1a9c-4c01-8cf0-22450a5660c4" +main_private_subnet_id = "5d7b83ad-e058-4a3a-bfd8-d20ba6d42e1a" +dns_zone_id = "74135b34-1a9c-4c01-8cf0-22450a5660c4" octavia_information = { - main_lb_name = "d4s-production-cloud-l4-load-balancer" - main_lb_description = "Main L4 load balancer for the D4Science production" - swarm_lb_name = "d4s-production-cloud-l4-swarm-load-balancer" - octavia_flavor = "octavia_amphora-mvcpu-ha" - octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7" - main_lb_hostname = "main-lb" - # The following aren't available when the module runs so we have to get them with the command - # openstack --os-cloud d4s-pre port list -f value | grep octavia-lb-vrrp - # This means that the execution will fail - octavia_vrrp_ip_1 = "10.1.42.119/32" - octavia_vrrp_ip_2 = "10.1.42.188/32" + main_lb_name = "d4s-production-cloud-l4-load-balancer" + main_lb_description = "Main L4 load balancer for the D4Science production" + swarm_lb_name = "d4s-production-cloud-l4-swarm-load-balancer" + octavia_flavor = "octavia_amphora-mvcpu-ha" + octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7" + main_lb_hostname = "main-lb" + # The following aren't available when the module runs so we have to get them with the command + # openstack --os-cloud d4s-pre port list -f value | grep octavia-lb-vrrp + # This means that the execution will fail + octavia_vrrp_ip_1 = "10.1.42.119/32" + octavia_vrrp_ip_2 = "10.1.42.188/32" } docker_swarm_data = { - mgr_name = "swarm-mgr" - mgr1_ip = "10.1.40.31" - mgr1_cidr = "10.1.40.31/32" - mgr2_ip = "10.1.40.32" - mgr2_cidr = "10.1.40.32/32" - mgr3_ip = "10.1.40.33" - mgr3_cidr = "10.1.40.33/32" - mgr_count = 3 - mgr_flavor = "m1.large" - mgr_data_disk_size = 100 - worker_name = "swarm-worker" - worker_count = 8 - worker_flavor = "m1.xxl" - worker_data_disk_size = 200 - nfs_server_name = "swarm-nfs-server" - nfs_server_flavor = "m1.medium" - nfs_server_data_disk_name = "Swarm NFS server data Disk" - nfs_server_data_disk_size = 200 - nfs_server_data_disk_device = "/dev/vdb" + mgr_name = "swarm-mgr" + mgr1_ip = "10.1.40.31" + mgr1_cidr = "10.1.40.31/32" + mgr2_ip = "10.1.40.32" + mgr2_cidr = "10.1.40.32/32" + mgr3_ip = "10.1.40.33" + mgr3_cidr = "10.1.40.33/32" + mgr_count = 3 + mgr_flavor = "m1.large" + mgr_data_disk_size = 100 + worker_name = "swarm-worker" + worker_count = 8 + worker_flavor = "m1.xxl" + worker_data_disk_size = 200 + nfs_server_name = "swarm-nfs-server" + nfs_server_flavor = "m1.medium" + nfs_server_data_disk_name = "Swarm NFS server data Disk" + nfs_server_data_disk_size = 200 + nfs_server_data_disk_device = "/dev/vdb" } -swarm_managers_ip = ["10.1.40.31", "10.1.40.32", "10.1.40.33"] +swarm_managers_ip = ["10.1.40.31", "10.1.40.32", "10.1.40.33"] diff --git a/openstack-tf/d4s-production/basic-infrastructure/production-swarm.auto.tfvars b/openstack-tf/d4s-production/basic-infrastructure/production-swarm.auto.tfvars index 666db9d..0402787 100644 --- a/openstack-tf/d4s-production/basic-infrastructure/production-swarm.auto.tfvars +++ b/openstack-tf/d4s-production/basic-infrastructure/production-swarm.auto.tfvars @@ -1,15 +1,15 @@ octavia_swarm_data = { - swarm_lb_name = "d4s-production-cloud-swarm-l4" - swarm_lb_description = "L4 balancer that serves the D4Science production Docker Swarm cluster" - swarm_lb_name = "d4s-production-cloud-swarm-l4" - octavia_flavor = "octavia_amphora-mvcpu-ha" - octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7" - swarm_lb_hostname = "swarm-lb" - swarm_octavia_main_ip = "10.1.40.30" - swarm_octavia_main_cidr = "10.1.40.30/32" - # The following aren't available when the module runs so we have to get them with the command - # openstack --os-cloud d4s-pre port list -f value | grep octavia-lb-vrrp - # This means that the execution will fail - octavia_vrrp_ip_1 = "10.1.43.97/32" - octavia_vrrp_ip_2 = "10.1.44.78/32" + swarm_lb_name = "d4s-production-cloud-swarm-l4" + swarm_lb_description = "L4 balancer that serves the D4Science production Docker Swarm cluster" + swarm_lb_name = "d4s-production-cloud-swarm-l4" + octavia_flavor = "octavia_amphora-mvcpu-ha" + octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7" + swarm_lb_hostname = "swarm-lb" + swarm_octavia_main_ip = "10.1.40.30" + swarm_octavia_main_cidr = "10.1.40.30/32" + # The following aren't available when the module runs so we have to get them with the command + # openstack --os-cloud d4s-pre port list -f value | grep octavia-lb-vrrp + # This means that the execution will fail + octavia_vrrp_ip_1 = "10.1.43.97/32" + octavia_vrrp_ip_2 = "10.1.44.78/32" } diff --git a/openstack-tf/d4s-production/basic-infrastructure/prometheus.tf b/openstack-tf/d4s-production/basic-infrastructure/prometheus.tf new file mode 120000 index 0000000..d565196 --- /dev/null +++ b/openstack-tf/d4s-production/basic-infrastructure/prometheus.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/prometheus.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/provider.tf b/openstack-tf/d4s-production/basic-infrastructure/provider.tf index 3d1a6e2..97b68ab 100644 --- a/openstack-tf/d4s-production/basic-infrastructure/provider.tf +++ b/openstack-tf/d4s-production/basic-infrastructure/provider.tf @@ -1,6 +1,6 @@ # Define required providers terraform { -required_version = ">= 0.14.0" + required_version = ">= 0.14.0" required_providers { openstack = { source = "terraform-provider-openstack/openstack" @@ -10,5 +10,5 @@ required_version = ">= 0.14.0" } provider "openstack" { - cloud = "d4s-production" + cloud = "d4s-production" } diff --git a/openstack-tf/d4s-production/basic-infrastructure/security-groups.tf b/openstack-tf/d4s-production/basic-infrastructure/security-groups.tf new file mode 120000 index 0000000..7da1514 --- /dev/null +++ b/openstack-tf/d4s-production/basic-infrastructure/security-groups.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/security-groups.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/basic-infrastructure/ssh-jump-proxy.tf b/openstack-tf/d4s-production/basic-infrastructure/ssh-jump-proxy.tf new file mode 120000 index 0000000..a940c35 --- /dev/null +++ b/openstack-tf/d4s-production/basic-infrastructure/ssh-jump-proxy.tf @@ -0,0 +1 @@ +../../modules/d4science_infra_setup/ssh-jump-proxy.tf \ No newline at end of file diff --git a/openstack-tf/d4s-production/variables/variables-production.tf b/openstack-tf/d4s-production/variables/variables-production.tf index 4b9e3e2..70cc135 100644 --- a/openstack-tf/d4s-production/variables/variables-production.tf +++ b/openstack-tf/d4s-production/variables/variables-production.tf @@ -6,13 +6,13 @@ variable "os_project_data" { } variable "dns_zone" { - type = map(string) + type = map(string) default = { - zone_name = "cloud.d4science.org." - email = "postmaster@isti.cnr.it" + zone_name = "cloud.d4science.org." + email = "postmaster@isti.cnr.it" description = "DNS primary zone for the d4s-production-cloud project" - ttl = 8600 - } + ttl = 8600 + } } variable "dns_zone_id" { @@ -27,9 +27,9 @@ variable "default_security_group_name" { variable "main_private_network" { type = map(string) default = { - name = "d4s-production-cloud-main" + name = "d4s-production-cloud-main" description = "D4Science Production private network (use this as the main network)" - } + } } variable "main_private_network_id" { @@ -40,13 +40,13 @@ variable "main_private_network_id" { variable "main_private_subnet" { type = map(string) default = { - name = "d4s-production-cloud-main-subnet" - description = "D4Science Production main private subnet" - cidr = "10.1.40.0/21" - gateway_ip = "10.1.40.1" + name = "d4s-production-cloud-main-subnet" + description = "D4Science Production main private subnet" + cidr = "10.1.40.0/21" + gateway_ip = "10.1.40.1" allocation_start = "10.1.41.100" - allocation_end = "10.1.47.254" - } + allocation_end = "10.1.47.254" + } } variable "main_private_subnet_id" { @@ -57,45 +57,45 @@ variable "main_private_subnet_id" { variable "external_router" { type = map(string) default = { - name = "d4s-production-cloud-external-router" + name = "d4s-production-cloud-external-router" description = "D4Science Production main router" - id = "cc26064a-bb08-4c0b-929f-d0cb39f934a3" - } + id = "cc26064a-bb08-4c0b-929f-d0cb39f934a3" + } } variable "basic_services_ip" { type = map(string) default = { - ca = "10.1.40.4" - ca_cidr = "10.1.40.4/32" - ssh_jump = "10.1.40.5" - ssh_jump_cidr = "10.1.40.5/32" - prometheus = "10.1.40.10" - prometheus_cidr = "10.1.40.10/32" - haproxy_l7_1 = "10.1.40.11" + ca = "10.1.40.4" + ca_cidr = "10.1.40.4/32" + ssh_jump = "10.1.40.5" + ssh_jump_cidr = "10.1.40.5/32" + prometheus = "10.1.40.10" + prometheus_cidr = "10.1.40.10/32" + haproxy_l7_1 = "10.1.40.11" haproxy_l7_1_cidr = "10.1.40.11/32" - haproxy_l7_2 = "10.1.40.12" + haproxy_l7_2 = "10.1.40.12" haproxy_l7_2_cidr = "10.1.40.12/32" - octavia_main = "10.1.40.20" + octavia_main = "10.1.40.20" octavia_main_cidr = "10.1.40.20/32" } } variable "main_haproxy_l7_ip" { - type = list(string) + type = list(string) default = ["10.1.40.11", "10.1.40.12"] - + } variable "octavia_information" { type = map(string) default = { - main_lb_name = "d4s-production-cloud-l4-load-balancer" + main_lb_name = "d4s-production-cloud-l4-load-balancer" main_lb_description = "Main L4 load balancer for the D4Science production" - swarm_lb_name = "d4s-production-cloud-l4-swarm-load-balancer" - octavia_flavor = "octavia_amphora-mvcpu-ha" - octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7" - main_lb_hostname = "main-lb" + swarm_lb_name = "d4s-production-cloud-l4-swarm-load-balancer" + octavia_flavor = "octavia_amphora-mvcpu-ha" + octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7" + main_lb_hostname = "main-lb" } } diff --git a/openstack-tf/modules/common_variables/variables.tf b/openstack-tf/modules/common_variables/variables.tf index 3de9db1..f8807ee 100644 --- a/openstack-tf/modules/common_variables/variables.tf +++ b/openstack-tf/modules/common_variables/variables.tf @@ -62,14 +62,14 @@ variable "networks_with_d4s_services" { } variable "dns_zone" { - type = map(string) + type = map(string) default = { - zone_name = "" - email = "postmaster@isti.cnr.it" + zone_name = "" + email = "postmaster@isti.cnr.it" description = "" - ttl = 8600 - id = "" - } + ttl = 8600 + id = "" + } } variable "dns_zone_id" { @@ -80,9 +80,9 @@ variable "dns_zone_id" { variable "main_private_network" { type = map(string) default = { - name = "" + name = "" description = "" - } + } } variable "main_private_network_id" { @@ -93,13 +93,13 @@ variable "main_private_network_id" { variable "main_private_subnet" { type = map(string) default = { - name = "" - description = "" - cidr = "" - gateway_ip = "" + name = "" + description = "" + cidr = "" + gateway_ip = "" allocation_start = "" - allocation_end = "" - } + allocation_end = "" + } } variable "main_private_subnet_id" { @@ -110,10 +110,10 @@ variable "main_private_subnet_id" { variable "external_router" { type = map(string) default = { - name = "" + name = "" description = "" - id = "" - } + id = "" + } } variable "ubuntu_1804" { @@ -247,42 +247,42 @@ variable "default_security_group_name" { variable "basic_services_ip" { type = map(string) default = { - ca = "" - ca_cidr = "" - ssh_jump = "" - ssh_jump_cidr = "" - prometheus = "" - prometheus_cidr = "" - haproxy_l7_1 = "" + ca = "" + ca_cidr = "" + ssh_jump = "" + ssh_jump_cidr = "" + prometheus = "" + prometheus_cidr = "" + haproxy_l7_1 = "" haproxy_l7_1_cidr = "" - haproxy_l7_2 = "" + haproxy_l7_2 = "" haproxy_l7_2_cidr = "" - octavia_main = "" + octavia_main = "" octavia_main_cidr = "" } } variable "main_haproxy_l7_ip" { - type = list(string) + type = list(string) default = [] - + } variable "octavia_information" { type = map(string) default = { - main_lb_name = "" + main_lb_name = "" main_lb_description = "" - swarm_lb_name = "" - octavia_flavor = "" - octavia_flavor_id = "" - main_lb_hostname = "" + swarm_lb_name = "" + octavia_flavor = "" + octavia_flavor_id = "" + main_lb_hostname = "" # The following aren't available when the module runs so we have to get them with the command # openstack --os-cloud d4s-pre port list -f value | grep octavia-lb-vrrp # This means that the execution will fail octavia_vrrp_ip_1 = "" octavia_vrrp_ip_2 = "" - } + } } # Added by Francesco diff --git a/openstack-tf/modules/d4science_infra_setup/haproxy.tf b/openstack-tf/modules/d4science_infra_setup/haproxy.tf index a9610c5..86ea25e 100644 --- a/openstack-tf/modules/d4science_infra_setup/haproxy.tf +++ b/openstack-tf/modules/d4science_infra_setup/haproxy.tf @@ -15,113 +15,113 @@ resource "openstack_compute_servergroup_v2" "main_haproxy_l7" { } # Security group resource "openstack_networking_secgroup_v2" "main_lb_to_haproxy_l7" { - name = "traffic_from_main_lb_to_haproxy_l7" - delete_default_rules = "true" - description = "Traffic coming the main L4 lb directed to the haproxy l7 servers" + name = "traffic_from_main_lb_to_haproxy_l7" + delete_default_rules = "true" + description = "Traffic coming the main L4 lb directed to the haproxy l7 servers" } resource "openstack_networking_secgroup_rule_v2" "haproxy_l7_1_peer" { - security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id - description = "Peer traffic from haproxy l7 1 to l7 2" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10000 - port_range_max = 10000 - remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_1_cidr + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Peer traffic from haproxy l7 1 to l7 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 10000 + port_range_max = 10000 + remote_ip_prefix = var.basic_services_ip.haproxy_l7_1_cidr } resource "openstack_networking_secgroup_rule_v2" "haproxy_l7_2_peer" { - security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id - description = "Peer traffic from haproxy l7 2 to l7 1" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10000 - port_range_max = 10000 - remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_2_cidr + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Peer traffic from haproxy l7 2 to l7 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 10000 + port_range_max = 10000 + remote_ip_prefix = var.basic_services_ip.haproxy_l7_2_cidr } resource "openstack_networking_secgroup_rule_v2" "lb3_1_haproxy_l7_80" { - security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id - description = "Traffic from the first main lb instance to HAPROXY l7 1 port 80" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 80 - port_range_max = 80 - remote_ip_prefix = module.common_variables.octavia_information.octavia_vrrp_ip_1 + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Traffic from the first main lb instance to HAPROXY l7 1 port 80" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = var.octavia_information.octavia_vrrp_ip_1 } resource "openstack_networking_secgroup_rule_v2" "lb3_1_haproxy_l7_443" { - security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id - description = "Traffic from the first main lb instance to HAPROXY l7 1 port 443" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = module.common_variables.octavia_information.octavia_vrrp_ip_1 + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Traffic from the first main lb instance to HAPROXY l7 1 port 443" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = var.octavia_information.octavia_vrrp_ip_1 } resource "openstack_networking_secgroup_rule_v2" "lb3_1_haproxy_l7_8080" { - security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id - description = "Traffic from the first main lb instance to HAPROXY l7 1 port 8080" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8080 - port_range_max = 8080 - remote_ip_prefix = module.common_variables.octavia_information.octavia_vrrp_ip_1 + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Traffic from the first main lb instance to HAPROXY l7 1 port 8080" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8080 + remote_ip_prefix = var.octavia_information.octavia_vrrp_ip_1 } resource "openstack_networking_secgroup_rule_v2" "lb3_2_haproxy_l7_80" { - security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id - description = "Traffic from the first main lb instance to HAPROXY l7 2 port 80" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 80 - port_range_max = 80 - remote_ip_prefix = module.common_variables.octavia_information.octavia_vrrp_ip_2 + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Traffic from the first main lb instance to HAPROXY l7 2 port 80" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = var.octavia_information.octavia_vrrp_ip_2 } resource "openstack_networking_secgroup_rule_v2" "lb3_2_haproxy_l7_443" { - security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id - description = "Traffic from the first main lb instance to HAPROXY l7 2 port 443" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = module.common_variables.octavia_information.octavia_vrrp_ip_2 + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Traffic from the first main lb instance to HAPROXY l7 2 port 443" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = var.octavia_information.octavia_vrrp_ip_2 } resource "openstack_networking_secgroup_rule_v2" "lb3_2_haproxy_l7_8080" { - security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id - description = "Traffic from the first main lb instance to HAPROXY l7 2 port 8080" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8080 - port_range_max = 8080 - remote_ip_prefix = module.common_variables.octavia_information.octavia_vrrp_ip_2 + security_group_id = openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.id + description = "Traffic from the first main lb instance to HAPROXY l7 2 port 8080" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8080 + remote_ip_prefix = var.octavia_information.octavia_vrrp_ip_2 } # Instance resource "openstack_compute_instance_v2" "main_haproxy_l7" { - count = module.common_variables.haproxy_l7_data.vm_count - name = format("%s-%02d", module.common_variables.haproxy_l7_data.name, count.index+1) - availability_zone_hints = module.common_variables.availability_zones_names.availability_zone_no_gpu - flavor_name = module.common_variables.haproxy_l7_data.flavor - key_pair = module.ssh_settings.ssh_key_name - security_groups = [module.common_variables.default_security_group_name,openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.name] + count = var.haproxy_l7_data.vm_count + name = format("%s-%02d", var.haproxy_l7_data.name, count.index + 1) + availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu + flavor_name = var.haproxy_l7_data.flavor + key_pair = module.ssh_settings.ssh_key_name + security_groups = [var.default_security_group_name, openstack_networking_secgroup_v2.main_lb_to_haproxy_l7.name] scheduler_hints { group = openstack_compute_servergroup_v2.main_haproxy_l7.id } block_device { - uuid = module.common_variables.ubuntu_2204.uuid + uuid = var.ubuntu_2204.uuid source_type = "image" volume_size = 10 boot_index = 0 @@ -130,9 +130,9 @@ resource "openstack_compute_instance_v2" "main_haproxy_l7" { } network { - name = module.common_variables.main_private_network.name - fixed_ip_v4 = module.common_variables.main_haproxy_l7_ip.*[count.index] + name = var.main_private_network.name + fixed_ip_v4 = var.main_haproxy_l7_ip.* [count.index] } - user_data = "${file("${module.common_variables.ubuntu2204_data_file}")}" + user_data = file("${var.ubuntu2204_data_file}") } diff --git a/openstack-tf/modules/d4science_infra_setup/internal-ca.tf b/openstack-tf/modules/d4science_infra_setup/internal-ca.tf index 3008f61..76c2928 100644 --- a/openstack-tf/modules/d4science_infra_setup/internal-ca.tf +++ b/openstack-tf/modules/d4science_infra_setup/internal-ca.tf @@ -1,11 +1,11 @@ resource "openstack_compute_instance_v2" "internal_ca" { - name = module.common_variables.internal_ca_data.name - availability_zone_hints = module.common_variables.availability_zones_names.availability_zone_no_gpu - flavor_name = module.common_variables.internal_ca_data.flavor - key_pair = module.ssh_settings.ssh_key_name - security_groups = [module.common_variables.default_security_group_name] + name = var.internal_ca_data.name + availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu + flavor_name = var.internal_ca_data.flavor + key_pair = module.ssh_settings.ssh_key_name + security_groups = [var.default_security_group_name] block_device { - uuid = module.common_variables.ubuntu_2204.uuid + uuid = var.ubuntu_2204.uuid source_type = "image" volume_size = 10 boot_index = 0 @@ -14,8 +14,8 @@ resource "openstack_compute_instance_v2" "internal_ca" { } network { - name = module.common_variables.main_private_network.name - fixed_ip_v4 = module.common_variables.basic_services_ip.ca + name = var.main_private_network.name + fixed_ip_v4 = var.basic_services_ip.ca } - user_data = "${file("${module.common_variables.ubuntu2204_data_file}")}" + user_data = file("${var.ubuntu2204_data_file}") } diff --git a/openstack-tf/modules/d4science_infra_setup/octavia.tf b/openstack-tf/modules/d4science_infra_setup/octavia.tf index 95c9ce2..dc9ffb2 100644 --- a/openstack-tf/modules/d4science_infra_setup/octavia.tf +++ b/openstack-tf/modules/d4science_infra_setup/octavia.tf @@ -1,33 +1,33 @@ # Main load balancer. L4, backed by Octavia resource "openstack_lb_loadbalancer_v2" "main_lb" { - vip_subnet_id = module.common_variables.main_private_subnet_id - name = module.common_variables.octavia_information.main_lb_name - description = module.common_variables.octavia_information.main_lb_description - flavor_id = module.common_variables.octavia_information.octavia_flavor_id - vip_address = module.common_variables.basic_services_ip.octavia_main - loadbalancer_provider = "amphora" + vip_subnet_id = var.main_private_subnet_id + name = var.octavia_information.main_lb_name + description = var.octavia_information.main_lb_description + flavor_id = var.octavia_information.octavia_flavor_id + vip_address = var.basic_services_ip.octavia_main + loadbalancer_provider = "amphora" } # Allocate a floating IP resource "openstack_networking_floatingip_v2" "main_lb_ip" { - pool = module.common_variables.floating_ip_pools.main_public_ip_pool - # The DNS association does not work because of a bug in the OpenStack API - # dns_name = "main-lb" - # dns_domain = module.common_variables.dns_zone.zone_name - description = module.common_variables.octavia_information.main_lb_description + pool = var.floating_ip_pools.main_public_ip_pool + # The DNS association does not work because of a bug in the OpenStack API + # dns_name = "main-lb" + # dns_domain = var.dns_zone.zone_name + description = var.octavia_information.main_lb_description } resource "openstack_networking_floatingip_associate_v2" "main_lb" { - floating_ip = openstack_networking_floatingip_v2.main_lb_ip.address - port_id = openstack_lb_loadbalancer_v2.main_lb.vip_port_id + floating_ip = openstack_networking_floatingip_v2.main_lb_ip.address + port_id = openstack_lb_loadbalancer_v2.main_lb.vip_port_id } locals { - recordset_name = "${module.common_variables.octavia_information.main_lb_hostname}.${module.common_variables.dns_zone.zone_name}" + recordset_name = "${var.octavia_information.main_lb_hostname}.${var.dns_zone.zone_name}" } resource "openstack_dns_recordset_v2" "main_lb_dns_recordset" { - zone_id = module.common_variables.dns_zone_id + zone_id = var.dns_zone_id name = local.recordset_name description = "Public IP address of the main load balancer" ttl = 8600 @@ -37,146 +37,146 @@ resource "openstack_dns_recordset_v2" "main_lb_dns_recordset" { # Main HAPROXY stats listener resource "openstack_lb_listener_v2" "main_haproxy_stats_listener" { - loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id - protocol = "TCP" - protocol_port = 8880 - description = "Listener for the stats of the main HAPROXY instances" - name = "main_haproxy_stats_listener" - allowed_cidrs = [module.common_variables.ssh_sources.d4s_vpn_1_cidr,module.common_variables.ssh_sources.d4s_vpn_2_cidr,module.common_variables.ssh_sources.s2i2s_vpn_1_cidr,module.common_variables.ssh_sources.s2i2s_vpn_2_cidr] - + loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id + protocol = "TCP" + protocol_port = 8880 + description = "Listener for the stats of the main HAPROXY instances" + name = "main_haproxy_stats_listener" + allowed_cidrs = [var.ssh_sources.d4s_vpn_1_cidr, var.ssh_sources.d4s_vpn_2_cidr, var.ssh_sources.s2i2s_vpn_1_cidr, var.ssh_sources.s2i2s_vpn_2_cidr] + } resource "openstack_lb_pool_v2" "main_haproxy_stats_pool" { - listener_id = openstack_lb_listener_v2.main_haproxy_stats_listener.id - protocol = "TCP" - lb_method = "LEAST_CONNECTIONS" - name = "main-haproxy-lb-stats" - description = "Pool for the stats of the main HAPROXY instances" - persistence { - type = "SOURCE_IP" - } + listener_id = openstack_lb_listener_v2.main_haproxy_stats_listener.id + protocol = "TCP" + lb_method = "LEAST_CONNECTIONS" + name = "main-haproxy-lb-stats" + description = "Pool for the stats of the main HAPROXY instances" + persistence { + type = "SOURCE_IP" + } } resource "openstack_lb_members_v2" "main_haproxy_stats_pool_members" { - pool_id = openstack_lb_pool_v2.main_haproxy_stats_pool.id - member { - name = "haproxy l7 1" - address = module.common_variables.basic_services_ip.haproxy_l7_1 - protocol_port = 8880 - } - member { - name = "haproxy l7 2" - address = module.common_variables.basic_services_ip.haproxy_l7_2 - protocol_port = 8880 - } + pool_id = openstack_lb_pool_v2.main_haproxy_stats_pool.id + member { + name = "haproxy l7 1" + address = var.basic_services_ip.haproxy_l7_1 + protocol_port = 8880 + } + member { + name = "haproxy l7 2" + address = var.basic_services_ip.haproxy_l7_2 + protocol_port = 8880 + } } resource "openstack_lb_monitor_v2" "main_haproxy_stats_monitor" { - pool_id = openstack_lb_pool_v2.main_haproxy_stats_pool.id - name = "main_haproxy_stats_monitor" - type = "TCP" - delay = 20 - timeout = 5 - max_retries = 3 - admin_state_up = true + pool_id = openstack_lb_pool_v2.main_haproxy_stats_pool.id + name = "main_haproxy_stats_monitor" + type = "TCP" + delay = 20 + timeout = 5 + max_retries = 3 + admin_state_up = true } # Main HAPROXY HTTP resource "openstack_lb_listener_v2" "main_haproxy_http_listener" { - loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id - protocol = "TCP" - protocol_port = 80 - description = "HTTP listener of the main HAPROXY instances" - name = "main_haproxy_http_listener" - admin_state_up = true + loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id + protocol = "TCP" + protocol_port = 80 + description = "HTTP listener of the main HAPROXY instances" + name = "main_haproxy_http_listener" + admin_state_up = true } resource "openstack_lb_pool_v2" "main_haproxy_http_pool" { - listener_id = openstack_lb_listener_v2.main_haproxy_http_listener.id - protocol = "PROXYV2" - lb_method = "LEAST_CONNECTIONS" - name = "main-haproxy-lb-http" - description = "Pool for the HTTP listener of the main HAPROXY instances" - persistence { - type = "SOURCE_IP" - } - admin_state_up = true + listener_id = openstack_lb_listener_v2.main_haproxy_http_listener.id + protocol = "PROXYV2" + lb_method = "LEAST_CONNECTIONS" + name = "main-haproxy-lb-http" + description = "Pool for the HTTP listener of the main HAPROXY instances" + persistence { + type = "SOURCE_IP" + } + admin_state_up = true } resource "openstack_lb_members_v2" "main_haproxy_http_pool_members" { - pool_id = openstack_lb_pool_v2.main_haproxy_http_pool.id - member { - name = "haproxy l7 1" - address = module.common_variables.basic_services_ip.haproxy_l7_1 - protocol_port = 80 - } - member { - name = "haproxy l7 2" - address = module.common_variables.basic_services_ip.haproxy_l7_2 - protocol_port = 80 - } + pool_id = openstack_lb_pool_v2.main_haproxy_http_pool.id + member { + name = "haproxy l7 1" + address = var.basic_services_ip.haproxy_l7_1 + protocol_port = 80 + } + member { + name = "haproxy l7 2" + address = var.basic_services_ip.haproxy_l7_2 + protocol_port = 80 + } } resource "openstack_lb_monitor_v2" "main_haproxy_http_monitor" { - pool_id = openstack_lb_pool_v2.main_haproxy_http_pool.id - name = "main_haproxy_http_monitor" - type = "HTTP" - http_method = "GET" - url_path = "/_haproxy_health_check" - expected_codes = "200" - delay = 20 - timeout = 5 - max_retries = 3 - admin_state_up = true + pool_id = openstack_lb_pool_v2.main_haproxy_http_pool.id + name = "main_haproxy_http_monitor" + type = "HTTP" + http_method = "GET" + url_path = "/_haproxy_health_check" + expected_codes = "200" + delay = 20 + timeout = 5 + max_retries = 3 + admin_state_up = true } # Main HAPROXY HTTPS resource "openstack_lb_listener_v2" "main_haproxy_https_listener" { - loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id - protocol = "TCP" - protocol_port = 443 - description = "HTTPS listener of the main HAPROXY instances" - name = "main_haproxy_https_listener" - admin_state_up = true + loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id + protocol = "TCP" + protocol_port = 443 + description = "HTTPS listener of the main HAPROXY instances" + name = "main_haproxy_https_listener" + admin_state_up = true } resource "openstack_lb_pool_v2" "main_haproxy_https_pool" { - listener_id = openstack_lb_listener_v2.main_haproxy_https_listener.id - protocol = "PROXYV2" - lb_method = "LEAST_CONNECTIONS" - name = "main-haproxy-lb-https" - description = "Pool for the HTTPS listener of the main HAPROXY instances" - persistence { - type = "SOURCE_IP" - } - admin_state_up = true + listener_id = openstack_lb_listener_v2.main_haproxy_https_listener.id + protocol = "PROXYV2" + lb_method = "LEAST_CONNECTIONS" + name = "main-haproxy-lb-https" + description = "Pool for the HTTPS listener of the main HAPROXY instances" + persistence { + type = "SOURCE_IP" + } + admin_state_up = true } resource "openstack_lb_members_v2" "main_haproxy_https_pool_members" { - pool_id = openstack_lb_pool_v2.main_haproxy_https_pool.id - member { - name = "haproxy l7 1" - address = module.common_variables.basic_services_ip.haproxy_l7_1 - protocol_port = 443 - } - member { - name = "haproxy l7 2" - address = module.common_variables.basic_services_ip.haproxy_l7_2 - protocol_port = 443 - } + pool_id = openstack_lb_pool_v2.main_haproxy_https_pool.id + member { + name = "haproxy l7 1" + address = var.basic_services_ip.haproxy_l7_1 + protocol_port = 443 + } + member { + name = "haproxy l7 2" + address = var.basic_services_ip.haproxy_l7_2 + protocol_port = 443 + } } resource "openstack_lb_monitor_v2" "main_haproxy_https_monitor" { - pool_id = openstack_lb_pool_v2.main_haproxy_https_pool.id - name = "main_haproxy_https_monitor" - type = "HTTPS" - http_method = "GET" - url_path = "/_haproxy_health_check" - expected_codes = "200" - delay = 20 - timeout = 5 - max_retries = 3 - admin_state_up = true + pool_id = openstack_lb_pool_v2.main_haproxy_https_pool.id + name = "main_haproxy_https_monitor" + type = "HTTPS" + http_method = "GET" + url_path = "/_haproxy_health_check" + expected_codes = "200" + delay = 20 + timeout = 5 + max_retries = 3 + admin_state_up = true } output "main_loadbalancer_ip" { diff --git a/openstack-tf/modules/d4science_infra_setup/outputs.tf b/openstack-tf/modules/d4science_infra_setup/outputs.tf new file mode 120000 index 0000000..d953b68 --- /dev/null +++ b/openstack-tf/modules/d4science_infra_setup/outputs.tf @@ -0,0 +1 @@ +../common_variables/outputs.tf \ No newline at end of file diff --git a/openstack-tf/modules/d4science_infra_setup/postgresql.tf b/openstack-tf/modules/d4science_infra_setup/postgresql.tf index 5cade7a..60880b9 100644 --- a/openstack-tf/modules/d4science_infra_setup/postgresql.tf +++ b/openstack-tf/modules/d4science_infra_setup/postgresql.tf @@ -1,66 +1,66 @@ # PostgreSQL shared server # Network resource "openstack_networking_network_v2" "shared_postgresql_net" { - name = module.common_variables.shared_postgresql_server_data.network_name - admin_state_up = "true" - external = "false" - description = module.common_variables.shared_postgresql_server_data.network_description - dns_domain = module.common_variables.dns_zone.zone_name - mtu = module.common_variables.mtu_size + name = var.shared_postgresql_server_data.network_name + admin_state_up = "true" + external = "false" + description = var.shared_postgresql_server_data.network_description + dns_domain = var.dns_zone.zone_name + mtu = var.mtu_size port_security_enabled = true - shared = false - region = module.common_variables.main_region + shared = false + region = var.main_region } # Subnet resource "openstack_networking_subnet_v2" "shared_postgresql_subnet" { name = "shared-postgresql-subnet" - description = "subnet used to connect to the shared PostgreSQL service" + description = "subnet used to connect to the shared PostgreSQL service" network_id = openstack_networking_network_v2.shared_postgresql_net.id - cidr = module.common_variables.shared_postgresql_server_data.network_cidr - dns_nameservers = module.common_variables.resolvers_ip - ip_version = 4 - enable_dhcp = true - no_gateway = true + cidr = var.shared_postgresql_server_data.network_cidr + dns_nameservers = var.resolvers_ip + ip_version = 4 + enable_dhcp = true + no_gateway = true allocation_pool { - start = module.common_variables.shared_postgresql_server_data.allocation_pool_start - end = module.common_variables.shared_postgresql_server_data.allocation_pool_end + start = var.shared_postgresql_server_data.allocation_pool_start + end = var.shared_postgresql_server_data.allocation_pool_end } } # Security group resource "openstack_networking_secgroup_v2" "shared_postgresql_access" { - name = "access_to_the_shared_postgresql_service" - delete_default_rules = "true" - description = "Access the shared PostgreSQL service using the dedicated network" + name = "access_to_the_shared_postgresql_service" + delete_default_rules = "true" + description = "Access the shared PostgreSQL service using the dedicated network" } resource "openstack_networking_secgroup_rule_v2" "shared_postgresql_access_from_dedicated_subnet" { - security_group_id = openstack_networking_secgroup_v2.shared_postgresql_access.id - description = "Allow connections to port 5432 from the 192.168.2.0/22 network" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 5432 - port_range_max = 5432 - remote_ip_prefix = module.common_variables.shared_postgresql_server_data.network_cidr + security_group_id = openstack_networking_secgroup_v2.shared_postgresql_access.id + description = "Allow connections to port 5432 from the 192.168.2.0/22 network" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 5432 + port_range_max = 5432 + remote_ip_prefix = var.shared_postgresql_server_data.network_cidr } # Block device resource "openstack_blockstorage_volume_v3" "shared_postgresql_data_vol" { - name = module.common_variables.shared_postgresql_server_data.vol_data_name - size = module.common_variables.shared_postgresql_server_data.vol_data_size + name = var.shared_postgresql_server_data.vol_data_name + size = var.shared_postgresql_server_data.vol_data_size } # Instance resource "openstack_compute_instance_v2" "shared_postgresql_server" { - name = module.common_variables.shared_postgresql_server_data.name - availability_zone_hints = module.common_variables.availability_zones_names.availability_zone_no_gpu - flavor_name = module.common_variables.shared_postgresql_server_data.flavor - key_pair = module.ssh_settings.ssh_key_name - security_groups = [module.common_variables.default_security_group_name,openstack_networking_secgroup_v2.shared_postgresql_access.name] + name = var.shared_postgresql_server_data.name + availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu + flavor_name = var.shared_postgresql_server_data.flavor + key_pair = module.ssh_settings.ssh_key_name + security_groups = [var.default_security_group_name, openstack_networking_secgroup_v2.shared_postgresql_access.name] block_device { - uuid = module.common_variables.ubuntu_2204.uuid + uuid = var.ubuntu_2204.uuid source_type = "image" volume_size = 10 boot_index = 0 @@ -69,19 +69,19 @@ resource "openstack_compute_instance_v2" "shared_postgresql_server" { } network { - name = module.common_variables.main_private_network.name + name = var.main_private_network.name } network { - name = module.common_variables.shared_postgresql_server_data.network_name - fixed_ip_v4 = module.common_variables.shared_postgresql_server_data.server_ip + name = var.shared_postgresql_server_data.network_name + fixed_ip_v4 = var.shared_postgresql_server_data.server_ip } - user_data = "${file("${module.common_variables.ubuntu2204_data_file}")}" + user_data = file("${var.ubuntu2204_data_file}") } resource "openstack_compute_volume_attach_v2" "shared_postgresql_data_attach_vol" { instance_id = openstack_compute_instance_v2.shared_postgresql_server.id volume_id = openstack_blockstorage_volume_v3.shared_postgresql_data_vol.id - device = module.common_variables.shared_postgresql_server_data.vol_data_device - depends_on = [openstack_compute_instance_v2.shared_postgresql_server] + device = var.shared_postgresql_server_data.vol_data_device + depends_on = [openstack_compute_instance_v2.shared_postgresql_server] } diff --git a/openstack-tf/modules/d4science_infra_setup/prometheus.tf b/openstack-tf/modules/d4science_infra_setup/prometheus.tf index 60ac2e9..b745e81 100644 --- a/openstack-tf/modules/d4science_infra_setup/prometheus.tf +++ b/openstack-tf/modules/d4science_infra_setup/prometheus.tf @@ -1,17 +1,17 @@ # Promertheus server. A floating IP is required resource "openstack_blockstorage_volume_v3" "prometheus_data_vol" { - name = module.common_variables.prometheus_server_data.vol_data_name - size = module.common_variables.prometheus_server_data.vol_data_size + name = var.prometheus_server_data.vol_data_name + size = var.prometheus_server_data.vol_data_size } resource "openstack_compute_instance_v2" "prometheus_server" { - name = module.common_variables.prometheus_server_data.name - availability_zone_hints = module.common_variables.availability_zones_names.availability_zone_no_gpu - flavor_name = module.common_variables.prometheus_server_data.flavor - key_pair = module.ssh_settings.ssh_key_name - security_groups = [module.common_variables.default_security_group_name,openstack_networking_secgroup_v2.restricted_web.name,openstack_networking_secgroup_v2.prometheus_access_from_grafana.name] + name = var.prometheus_server_data.name + availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu + flavor_name = var.prometheus_server_data.flavor + key_pair = module.ssh_settings.ssh_key_name + security_groups = [var.default_security_group_name, openstack_networking_secgroup_v2.restricted_web.name, openstack_networking_secgroup_v2.prometheus_access_from_grafana.name] block_device { - uuid = module.common_variables.ubuntu_2204.uuid + uuid = var.ubuntu_2204.uuid source_type = "image" volume_size = 10 boot_index = 0 @@ -20,23 +20,23 @@ resource "openstack_compute_instance_v2" "prometheus_server" { } network { - name = module.common_variables.main_private_network.name - fixed_ip_v4 = module.common_variables.basic_services_ip.prometheus + name = var.main_private_network.name + fixed_ip_v4 = var.basic_services_ip.prometheus } - user_data = "${file("${module.common_variables.ubuntu2204_data_file}")}" + user_data = file("${var.ubuntu2204_data_file}") } resource "openstack_compute_volume_attach_v2" "prometheus_data_attach_vol" { instance_id = openstack_compute_instance_v2.prometheus_server.id volume_id = openstack_blockstorage_volume_v3.prometheus_data_vol.id - device = module.common_variables.prometheus_server_data.vol_data_device + device = var.prometheus_server_data.vol_data_device } # Floating IP and DNS record resource "openstack_networking_floatingip_v2" "prometheus_server_ip" { - pool = module.common_variables.floating_ip_pools.main_public_ip_pool - # The DNS association does not work because of a bug in the OpenStack API - description = "Prometheus server" + pool = var.floating_ip_pools.main_public_ip_pool + # The DNS association does not work because of a bug in the OpenStack API + description = "Prometheus server" } resource "openstack_compute_floatingip_associate_v2" "prometheus_server" { @@ -45,12 +45,12 @@ resource "openstack_compute_floatingip_associate_v2" "prometheus_server" { } locals { - prometheus_recordset_name = "${module.common_variables.prometheus_server_data.name}.${module.common_variables.dns_zone.zone_name}" - alertmanager_recordset_name = "alertmanager.${module.common_variables.dns_zone.zone_name}" + prometheus_recordset_name = "${var.prometheus_server_data.name}.${var.dns_zone.zone_name}" + alertmanager_recordset_name = "alertmanager.${var.dns_zone.zone_name}" } resource "openstack_dns_recordset_v2" "prometheus_server_recordset" { - zone_id = module.common_variables.dns_zone_id + zone_id = var.dns_zone_id name = local.prometheus_recordset_name description = "Public IP address of the Prometheus server" ttl = 8600 @@ -59,7 +59,7 @@ resource "openstack_dns_recordset_v2" "prometheus_server_recordset" { } resource "openstack_dns_recordset_v2" "alertmanager_server_recordset" { - zone_id = module.common_variables.dns_zone_id + zone_id = var.dns_zone_id name = local.alertmanager_recordset_name description = "Prometheus alertmanager" ttl = 8600 diff --git a/openstack-tf/modules/d4science_infra_setup/security-groups.tf b/openstack-tf/modules/d4science_infra_setup/security-groups.tf index f596f4d..9faef40 100644 --- a/openstack-tf/modules/d4science_infra_setup/security-groups.tf +++ b/openstack-tf/modules/d4science_infra_setup/security-groups.tf @@ -1,373 +1,373 @@ # # This is the security group that should be added to every instance resource "openstack_networking_secgroup_v2" "default" { - name = module.common_variables.default_security_group_name - delete_default_rules = "true" - description = "Default security group with rules for ssh access via jump proxy, prometheus scraping" + name = var.default_security_group_name + delete_default_rules = "true" + description = "Default security group with rules for ssh access via jump proxy, prometheus scraping" } resource "openstack_networking_secgroup_rule_v2" "egress-ipv4" { - security_group_id = openstack_networking_secgroup_v2.default.id - direction = "egress" - ethertype = "IPv4" + security_group_id = openstack_networking_secgroup_v2.default.id + direction = "egress" + ethertype = "IPv4" } resource "openstack_networking_secgroup_rule_v2" "ingress-icmp" { - security_group_id = openstack_networking_secgroup_v2.default.id - description = "Allow ICMP from remote" - direction = "ingress" - ethertype = "IPv4" - remote_ip_prefix = "0.0.0.0/0" - protocol = "icmp" + security_group_id = openstack_networking_secgroup_v2.default.id + description = "Allow ICMP from remote" + direction = "ingress" + ethertype = "IPv4" + remote_ip_prefix = "0.0.0.0/0" + protocol = "icmp" } resource "openstack_networking_secgroup_rule_v2" "ssh-jump-proxy" { - security_group_id = openstack_networking_secgroup_v2.default.id - description = "SSH traffic from the jump proxy" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = module.common_variables.basic_services_ip.ssh_jump_cidr + security_group_id = openstack_networking_secgroup_v2.default.id + description = "SSH traffic from the jump proxy" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = var.basic_services_ip.ssh_jump_cidr } resource "openstack_networking_secgroup_rule_v2" "prometheus-node" { - security_group_id = openstack_networking_secgroup_v2.default.id - description = "Prometheus access to the node exporter" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9100 - port_range_max = 9100 - remote_ip_prefix = module.common_variables.basic_services_ip.prometheus_cidr + security_group_id = openstack_networking_secgroup_v2.default.id + description = "Prometheus access to the node exporter" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 9100 + port_range_max = 9100 + remote_ip_prefix = var.basic_services_ip.prometheus_cidr } # # SSH access to the jump proxy. Used by the jump proxy VM only resource "openstack_networking_secgroup_v2" "access_to_the_jump_proxy" { - name = "ssh_access_to_the_jump_node" - delete_default_rules = "true" - description = "Security group that allows SSH access to the jump node from a limited set of sources" + name = "ssh_access_to_the_jump_node" + delete_default_rules = "true" + description = "Security group that allows SSH access to the jump node from a limited set of sources" } resource "openstack_networking_secgroup_rule_v2" "ssh-s2i2s-vpn-1" { - security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id - description = "SSH traffic from S2I2S VPN 1" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = module.common_variables.ssh_sources.s2i2s_vpn_1_cidr + security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id + description = "SSH traffic from S2I2S VPN 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = var.ssh_sources.s2i2s_vpn_1_cidr } resource "openstack_networking_secgroup_rule_v2" "ssh-s2i2s-vpn-2" { - security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id - description = "SSH traffic from S2I2S VPN 2" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = module.common_variables.ssh_sources.s2i2s_vpn_2_cidr + security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id + description = "SSH traffic from S2I2S VPN 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = var.ssh_sources.s2i2s_vpn_2_cidr } resource "openstack_networking_secgroup_rule_v2" "ssh-d4s-vpn-1" { - security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id - description = "SSH traffic from D4Science VPN 1" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = module.common_variables.ssh_sources.d4s_vpn_1_cidr + security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id + description = "SSH traffic from D4Science VPN 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = var.ssh_sources.d4s_vpn_1_cidr } resource "openstack_networking_secgroup_rule_v2" "ssh-d4s-vpn-2" { - security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id - description = "SSH traffic from D4Science VPN 2" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = module.common_variables.ssh_sources.d4s_vpn_2_cidr + security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id + description = "SSH traffic from D4Science VPN 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = var.ssh_sources.d4s_vpn_2_cidr } resource "openstack_networking_secgroup_rule_v2" "ssh-shell-d4s" { - security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id - description = "SSH traffic from shell.d4science.org" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = module.common_variables.ssh_sources.shell_d4s_cidr + security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id + description = "SSH traffic from shell.d4science.org" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = var.ssh_sources.shell_d4s_cidr } resource "openstack_networking_secgroup_rule_v2" "ssh-infrascience-net" { - security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id - description = "SSH traffic from the InfraScience network" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = module.common_variables.ssh_sources.infrascience_net_cidr + security_group_id = openstack_networking_secgroup_v2.access_to_the_jump_proxy.id + description = "SSH traffic from the InfraScience network" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = var.ssh_sources.infrascience_net_cidr } # Debug via tunnel from the jump proxy node resource "openstack_networking_secgroup_v2" "debugging" { - name = "debugging_from_jump_node" - delete_default_rules = "true" - description = "Security group that allows web app debugging via tunnel from the ssh jump node" + name = "debugging_from_jump_node" + delete_default_rules = "true" + description = "Security group that allows web app debugging via tunnel from the ssh jump node" } resource "openstack_networking_secgroup_rule_v2" "shell_8100" { - security_group_id = openstack_networking_secgroup_v2.debugging.id - description = "Tomcat debug on port 8100 from the shell jump proxy" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8100 - port_range_max = 8100 - remote_ip_prefix = module.common_variables.basic_services_ip.ssh_jump_cidr + security_group_id = openstack_networking_secgroup_v2.debugging.id + description = "Tomcat debug on port 8100 from the shell jump proxy" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8100 + port_range_max = 8100 + remote_ip_prefix = var.basic_services_ip.ssh_jump_cidr } resource "openstack_networking_secgroup_rule_v2" "shell_80" { - security_group_id = openstack_networking_secgroup_v2.debugging.id - description = "http debug port 80 from the shell jump proxy" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 80 - port_range_max = 80 - remote_ip_prefix = module.common_variables.basic_services_ip.ssh_jump_cidr + security_group_id = openstack_networking_secgroup_v2.debugging.id + description = "http debug port 80 from the shell jump proxy" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = var.basic_services_ip.ssh_jump_cidr } resource "openstack_networking_secgroup_rule_v2" "shell_443" { - security_group_id = openstack_networking_secgroup_v2.debugging.id - description = "https debug port 443 from the shell jump proxy" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = module.common_variables.basic_services_ip.ssh_jump_cidr + security_group_id = openstack_networking_secgroup_v2.debugging.id + description = "https debug port 443 from the shell jump proxy" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = var.basic_services_ip.ssh_jump_cidr } # Traffic from the main HAPROXY load balancers # Use on the web services that are exposed through the main HAPROXY resource "openstack_networking_secgroup_v2" "traffic_from_main_haproxy" { - name = "traffic_from_the_main_load_balancers" - delete_default_rules = "true" - description = "Allow traffic from the main L7 HAPROXY load balancers" + name = "traffic_from_the_main_load_balancers" + delete_default_rules = "true" + description = "Allow traffic from the main L7 HAPROXY load balancers" } resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-1-80" { - security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id - description = "HTTP traffic from HAPROXY L7 1" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 80 - port_range_max = 80 - remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_1_cidr + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTP traffic from HAPROXY L7 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = var.basic_services_ip.haproxy_l7_1_cidr } resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-2-80" { - security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id - description = "HTTP traffic from HAPROXY L7 2" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 80 - port_range_max = 80 - remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_2_cidr + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTP traffic from HAPROXY L7 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = var.basic_services_ip.haproxy_l7_2_cidr } resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-1-443" { - security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id - description = "HTTPS traffic from HAPROXY L7 1" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_1_cidr + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTPS traffic from HAPROXY L7 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = var.basic_services_ip.haproxy_l7_1_cidr } resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-2-443" { - security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id - description = "HTTPS traffic from HAPROXY L7 2" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_2_cidr + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTPS traffic from HAPROXY L7 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = var.basic_services_ip.haproxy_l7_2_cidr } resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-1-8080" { - security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id - description = "HTTP traffic from HAPROXY L7 1" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8080 - port_range_max = 8080 - remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_1_cidr + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTP traffic from HAPROXY L7 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8080 + remote_ip_prefix = var.basic_services_ip.haproxy_l7_1_cidr } resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-2-8080" { - security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id - description = "HTTP traffic from HAPROXY L7 2" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8080 - port_range_max = 8080 - remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_2_cidr + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTP traffic from HAPROXY L7 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8080 + port_range_max = 8080 + remote_ip_prefix = var.basic_services_ip.haproxy_l7_2_cidr } resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-1-8888" { - security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id - description = "HTTP traffic from HAPROXY L7 1" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8888 - port_range_max = 8888 - remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_1_cidr + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTP traffic from HAPROXY L7 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8888 + port_range_max = 8888 + remote_ip_prefix = var.basic_services_ip.haproxy_l7_1_cidr } resource "openstack_networking_secgroup_rule_v2" "haproxy-l7-2-8888" { - security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id - description = "HTTP traffic from HAPROXY L7 2" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 8888 - port_range_max = 8888 - remote_ip_prefix = module.common_variables.basic_services_ip.haproxy_l7_2_cidr + security_group_id = openstack_networking_secgroup_v2.traffic_from_main_haproxy.id + description = "HTTP traffic from HAPROXY L7 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 8888 + port_range_max = 8888 + remote_ip_prefix = var.basic_services_ip.haproxy_l7_2_cidr } # Security group that exposes web services directly. A floating IP is required. resource "openstack_networking_secgroup_v2" "public_web" { - name = "public_web_service" - delete_default_rules = "true" - description = "Security group that allows HTTPS and HTTP from everywhere, for the services that are not behind any load balancer" + name = "public_web_service" + delete_default_rules = "true" + description = "Security group that allows HTTPS and HTTP from everywhere, for the services that are not behind any load balancer" } resource "openstack_networking_secgroup_rule_v2" "public_http" { - security_group_id = openstack_networking_secgroup_v2.public_web.id - description = "Allow HTTP from everywhere" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 80 - port_range_max = 80 - remote_ip_prefix = "0.0.0.0/0" + security_group_id = openstack_networking_secgroup_v2.public_web.id + description = "Allow HTTP from everywhere" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = "0.0.0.0/0" } resource "openstack_networking_secgroup_rule_v2" "public_https" { - security_group_id = openstack_networking_secgroup_v2.public_web.id - description = "Allow HTTPS from everywhere" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = "0.0.0.0/0" + security_group_id = openstack_networking_secgroup_v2.public_web.id + description = "Allow HTTPS from everywhere" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = "0.0.0.0/0" } # HTTP and HTTPS access through the VPN nodes. Floating IP is required resource "openstack_networking_secgroup_v2" "restricted_web" { - name = "restricted_web_service" - delete_default_rules = "true" - description = "Security group that restricts HTTPS sources to the VPN nodes and shell.d4science.org. HTTP is open to all, because letsencrypt" + name = "restricted_web_service" + delete_default_rules = "true" + description = "Security group that restricts HTTPS sources to the VPN nodes and shell.d4science.org. HTTP is open to all, because letsencrypt" } resource "openstack_networking_secgroup_rule_v2" "http_from_everywhere" { - security_group_id = openstack_networking_secgroup_v2.restricted_web.id - description = "Allow HTTP from everywhere" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 80 - port_range_max = 80 - remote_ip_prefix = "0.0.0.0/0" + security_group_id = openstack_networking_secgroup_v2.restricted_web.id + description = "Allow HTTP from everywhere" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = "0.0.0.0/0" } resource "openstack_networking_secgroup_rule_v2" "https_from_d4s_vpn_1" { - security_group_id = openstack_networking_secgroup_v2.restricted_web.id - description = "Allow HTTPS from D4Science VPN 1" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = module.common_variables.ssh_sources.d4s_vpn_1_cidr + security_group_id = openstack_networking_secgroup_v2.restricted_web.id + description = "Allow HTTPS from D4Science VPN 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = var.ssh_sources.d4s_vpn_1_cidr } resource "openstack_networking_secgroup_rule_v2" "https_from_d4s_vpn_2" { - security_group_id = openstack_networking_secgroup_v2.restricted_web.id - description = "Allow HTTPS from D4Science VPN 2" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = module.common_variables.ssh_sources.d4s_vpn_2_cidr + security_group_id = openstack_networking_secgroup_v2.restricted_web.id + description = "Allow HTTPS from D4Science VPN 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = var.ssh_sources.d4s_vpn_2_cidr } resource "openstack_networking_secgroup_rule_v2" "https_from_s2i2s_vpn_1" { - security_group_id = openstack_networking_secgroup_v2.restricted_web.id - description = "Allow HTTPS from S2I2S VPN 1" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = module.common_variables.ssh_sources.s2i2s_vpn_1_cidr + security_group_id = openstack_networking_secgroup_v2.restricted_web.id + description = "Allow HTTPS from S2I2S VPN 1" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = var.ssh_sources.s2i2s_vpn_1_cidr } resource "openstack_networking_secgroup_rule_v2" "https_from_s2i2s_vpn_2" { - security_group_id = openstack_networking_secgroup_v2.restricted_web.id - description = "Allow HTTPS from S2I2S VPN 2" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = module.common_variables.ssh_sources.s2i2s_vpn_2_cidr + security_group_id = openstack_networking_secgroup_v2.restricted_web.id + description = "Allow HTTPS from S2I2S VPN 2" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = var.ssh_sources.s2i2s_vpn_2_cidr } resource "openstack_networking_secgroup_rule_v2" "https_from_shell_d4s" { - security_group_id = openstack_networking_secgroup_v2.restricted_web.id - description = "Allow HTTPS from shell.d4science.org" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = module.common_variables.ssh_sources.shell_d4s_cidr + security_group_id = openstack_networking_secgroup_v2.restricted_web.id + description = "Allow HTTPS from shell.d4science.org" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = var.ssh_sources.shell_d4s_cidr } resource "openstack_networking_secgroup_v2" "prometheus_access_from_grafana" { - name = "prometheus_access_from_grafana" - delete_default_rules = "true" - description = "The public grafana server must be able to get data from Prometheus" + name = "prometheus_access_from_grafana" + delete_default_rules = "true" + description = "The public grafana server must be able to get data from Prometheus" } resource "openstack_networking_secgroup_rule_v2" "grafana_d4s" { - security_group_id = openstack_networking_secgroup_v2.prometheus_access_from_grafana.id - description = "Allow HTTPS from grafana.d4science.org" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = module.common_variables.prometheus_server_data.public_grafana_server_cidr + security_group_id = openstack_networking_secgroup_v2.prometheus_access_from_grafana.id + description = "Allow HTTPS from grafana.d4science.org" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = var.prometheus_server_data.public_grafana_server_cidr } diff --git a/openstack-tf/modules/d4science_infra_setup/ssh-jump-proxy.tf b/openstack-tf/modules/d4science_infra_setup/ssh-jump-proxy.tf index db80be3..067d7b9 100644 --- a/openstack-tf/modules/d4science_infra_setup/ssh-jump-proxy.tf +++ b/openstack-tf/modules/d4science_infra_setup/ssh-jump-proxy.tf @@ -1,12 +1,12 @@ # VM used as jump proxy. A floating IP is required resource "openstack_compute_instance_v2" "ssh_jump_proxy" { - name = module.common_variables.ssh_jump_proxy.name - availability_zone_hints = module.common_variables.availability_zones_names.availability_zone_no_gpu - flavor_name = module.common_variables.ssh_jump_proxy.flavor - key_pair = module.ssh_settings.ssh_key_name - security_groups = [module.common_variables.default_security_group_name,openstack_networking_secgroup_v2.access_to_the_jump_proxy.name] + name = var.ssh_jump_proxy.name + availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu + flavor_name = var.ssh_jump_proxy.flavor + key_pair = module.ssh_settings.ssh_key_name + security_groups = [var.default_security_group_name, openstack_networking_secgroup_v2.access_to_the_jump_proxy.name] block_device { - uuid = module.common_variables.ubuntu_2204.uuid + uuid = var.ubuntu_2204.uuid source_type = "image" volume_size = 30 boot_index = 0 @@ -15,17 +15,17 @@ resource "openstack_compute_instance_v2" "ssh_jump_proxy" { } network { - name = module.common_variables.main_private_network.name - fixed_ip_v4 = module.common_variables.basic_services_ip.ssh_jump + name = var.main_private_network.name + fixed_ip_v4 = var.basic_services_ip.ssh_jump } - user_data = "${file("${module.common_variables.ubuntu2204_data_file}")}" + user_data = file("${var.ubuntu2204_data_file}") } # Floating IP and DNS record resource "openstack_networking_floatingip_v2" "ssh_jump_proxy_ip" { - pool = module.common_variables.floating_ip_pools.main_public_ip_pool - # The DNS association does not work because of a bug in the OpenStack API - description = "SSH Proxy Jump Server" + pool = var.floating_ip_pools.main_public_ip_pool + # The DNS association does not work because of a bug in the OpenStack API + description = "SSH Proxy Jump Server" } resource "openstack_compute_floatingip_associate_v2" "ssh_jump_proxy" { @@ -34,11 +34,11 @@ resource "openstack_compute_floatingip_associate_v2" "ssh_jump_proxy" { } locals { - ssh_recordset_name = "${module.common_variables.ssh_jump_proxy.name}.${module.common_variables.dns_zone.zone_name}" + ssh_recordset_name = "${var.ssh_jump_proxy.name}.${var.dns_zone.zone_name}" } resource "openstack_dns_recordset_v2" "ssh_jump_proxy_recordset" { - zone_id = module.common_variables.dns_zone_id + zone_id = var.dns_zone_id name = local.ssh_recordset_name description = "Public IP address of the SSH Proxy Jump server" ttl = 8600 diff --git a/openstack-tf/modules/d4science_infra_setup/terraform-provider.tf b/openstack-tf/modules/d4science_infra_setup/terraform-provider.tf index 5c3eb1d..c988083 100644 --- a/openstack-tf/modules/d4science_infra_setup/terraform-provider.tf +++ b/openstack-tf/modules/d4science_infra_setup/terraform-provider.tf @@ -17,11 +17,11 @@ data "terraform_remote_state" "privnet_dns_router" { } } -module "common_variables" { - source = "../../modules/common_variables" -} +# module "common_variables" { +# source = "../../modules/common_variables" +# } -module "ssh_settings" { - source = "../../modules/ssh-key-ref" -} +# module "ssh_settings" { +# source = "../../modules/ssh-key-ref" +# } diff --git a/openstack-tf/modules/d4science_infra_setup/variables.tf b/openstack-tf/modules/d4science_infra_setup/variables.tf new file mode 120000 index 0000000..619d967 --- /dev/null +++ b/openstack-tf/modules/d4science_infra_setup/variables.tf @@ -0,0 +1 @@ +../common_variables/variables.tf \ No newline at end of file diff --git a/openstack-tf/modules/docker_swarm/docker-swarm.tf b/openstack-tf/modules/docker_swarm/docker-swarm.tf index b013eb2..e51df45 100644 --- a/openstack-tf/modules/docker_swarm/docker-swarm.tf +++ b/openstack-tf/modules/docker_swarm/docker-swarm.tf @@ -13,27 +13,27 @@ resource "openstack_compute_servergroup_v2" "swarm_workers" { # Network for the NFS traffic # resource "openstack_networking_network_v2" "swarm_nfs_net" { - name = var.swarm_nfs_private_network.network_name - admin_state_up = "true" - external = "false" - description = var.swarm_nfs_private_network.network_description - dns_domain = var.dns_zone.zone_name - mtu = var.mtu_size + name = var.swarm_nfs_private_network.network_name + admin_state_up = "true" + external = "false" + description = var.swarm_nfs_private_network.network_description + dns_domain = var.dns_zone.zone_name + mtu = var.mtu_size port_security_enabled = true - shared = false - region = var.main_region + shared = false + region = var.main_region } # Subnet resource "openstack_networking_subnet_v2" "swarm_nfs_subnet" { name = "swarm-nfs-net" - description = "Subnet used by the Swarm cluster and the NFS service" + description = "Subnet used by the Swarm cluster and the NFS service" network_id = openstack_networking_network_v2.swarm_nfs_net.id cidr = var.swarm_nfs_private_network.network_cidr dns_nameservers = var.resolvers_ip - ip_version = 4 - enable_dhcp = true - no_gateway = true + ip_version = 4 + enable_dhcp = true + no_gateway = true allocation_pool { start = var.swarm_nfs_private_network.allocation_pool_start end = var.swarm_nfs_private_network.allocation_pool_end @@ -44,46 +44,46 @@ resource "openstack_networking_subnet_v2" "swarm_nfs_subnet" { # Security groups # resource "openstack_networking_secgroup_v2" "swarm_internal_traffic" { - name = "swarm_internal_docker_traffic" - delete_default_rules = "true" - description = "Traffic between the Docker Swarm nodes" + name = "swarm_internal_docker_traffic" + delete_default_rules = "true" + description = "Traffic between the Docker Swarm nodes" } resource "openstack_networking_secgroup_rule_v2" "everything_udp" { - security_group_id = openstack_networking_secgroup_v2.swarm_internal_traffic.id - description = "UDP traffic between Swarm nodes" - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - remote_ip_prefix = var.main_private_subnet.cidr + security_group_id = openstack_networking_secgroup_v2.swarm_internal_traffic.id + description = "UDP traffic between Swarm nodes" + direction = "ingress" + ethertype = "IPv4" + protocol = "udp" + remote_ip_prefix = var.main_private_subnet.cidr } resource "openstack_networking_secgroup_rule_v2" "everything_tcp" { - security_group_id = openstack_networking_secgroup_v2.swarm_internal_traffic.id - description = "TCP traffic between Swarm nodes" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - remote_ip_prefix = var.main_private_subnet.cidr + security_group_id = openstack_networking_secgroup_v2.swarm_internal_traffic.id + description = "TCP traffic between Swarm nodes" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + remote_ip_prefix = var.main_private_subnet.cidr } resource "openstack_networking_secgroup_v2" "swarm_nfs_traffic" { - name = "docker_swarm_nfs" - delete_default_rules = "true" - description = "Traffic between Docker Swarm and the NFS service" + name = "docker_swarm_nfs" + delete_default_rules = "true" + description = "Traffic between Docker Swarm and the NFS service" } resource "openstack_networking_secgroup_rule_v2" "swarm_nfs_udp" { - security_group_id = openstack_networking_secgroup_v2.swarm_nfs_traffic.id - description = "UDP traffic" - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - remote_ip_prefix = var.swarm_nfs_private_network.network_cidr + security_group_id = openstack_networking_secgroup_v2.swarm_nfs_traffic.id + description = "UDP traffic" + direction = "ingress" + ethertype = "IPv4" + protocol = "udp" + remote_ip_prefix = var.swarm_nfs_private_network.network_cidr } resource "openstack_networking_secgroup_rule_v2" "swarm_nfs_tcp" { - security_group_id = openstack_networking_secgroup_v2.swarm_nfs_traffic.id - description = "TCP traffic" - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - remote_ip_prefix = var.swarm_nfs_private_network.network_cidr + security_group_id = openstack_networking_secgroup_v2.swarm_nfs_traffic.id + description = "TCP traffic" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + remote_ip_prefix = var.swarm_nfs_private_network.network_cidr } # @@ -91,12 +91,12 @@ resource "openstack_networking_secgroup_rule_v2" "swarm_nfs_tcp" { # # Instance resource "openstack_compute_instance_v2" "docker_swarm_managers" { - count = var.docker_swarm_data.mgr_count - name = format("%s-%02d", var.docker_swarm_data.mgr_name, count.index+1) + count = var.docker_swarm_data.mgr_count + name = format("%s-%02d", var.docker_swarm_data.mgr_name, count.index + 1) availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu - flavor_name = var.docker_swarm_data.mgr_flavor - key_pair = var.ssh_key_file.name - security_groups = [openstack_networking_secgroup_v2.default.name,openstack_networking_secgroup_v2.swarm_internal_traffic.name] + flavor_name = var.docker_swarm_data.mgr_flavor + key_pair = var.ssh_key_file.name + security_groups = [openstack_networking_secgroup_v2.default.name, openstack_networking_secgroup_v2.swarm_internal_traffic.name] scheduler_hints { group = openstack_compute_servergroup_v2.swarm_masters.id } @@ -118,25 +118,25 @@ resource "openstack_compute_instance_v2" "docker_swarm_managers" { } network { - name = var.main_private_network.name - fixed_ip_v4 = var.swarm_managers_ip.*[count.index] + name = var.main_private_network.name + fixed_ip_v4 = var.swarm_managers_ip.* [count.index] } network { name = var.swarm_nfs_private_network.network_name } - user_data = "${file("${var.ubuntu2204_data_file}")}" - depends_on = [ openstack_networking_subnet_v2.swarm_nfs_subnet ] + user_data = file("${var.ubuntu2204_data_file}") + depends_on = [openstack_networking_subnet_v2.swarm_nfs_subnet] } # Swarm worker nodes resource "openstack_compute_instance_v2" "docker_swarm_workers" { - count = var.docker_swarm_data.worker_count - name = format("%s-%02d", var.docker_swarm_data.worker_name, count.index+1) + count = var.docker_swarm_data.worker_count + name = format("%s-%02d", var.docker_swarm_data.worker_name, count.index + 1) availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu - flavor_name = var.docker_swarm_data.worker_flavor - key_pair = var.ssh_key_file.name - security_groups = [openstack_networking_secgroup_v2.default.name,openstack_networking_secgroup_v2.swarm_internal_traffic.name] + flavor_name = var.docker_swarm_data.worker_flavor + key_pair = var.ssh_key_file.name + security_groups = [openstack_networking_secgroup_v2.default.name, openstack_networking_secgroup_v2.swarm_internal_traffic.name] scheduler_hints { group = openstack_compute_servergroup_v2.swarm_workers.id } @@ -164,8 +164,8 @@ resource "openstack_compute_instance_v2" "docker_swarm_workers" { name = var.swarm_nfs_private_network.network_name } - user_data = "${file("${var.ubuntu2204_data_file}")}" - depends_on = [ openstack_networking_subnet_v2.swarm_nfs_subnet ] + user_data = file("${var.ubuntu2204_data_file}") + depends_on = [openstack_networking_subnet_v2.swarm_nfs_subnet] } # NFS server @@ -177,11 +177,11 @@ resource "openstack_blockstorage_volume_v3" "swarm_nfs_data_vol" { # Instance resource "openstack_compute_instance_v2" "swarm_nfs_server" { - name = var.docker_swarm_data.nfs_server_name + name = var.docker_swarm_data.nfs_server_name availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu - flavor_name = var.docker_swarm_data.nfs_server_flavor - key_pair = var.ssh_key_file.name - security_groups = [openstack_networking_secgroup_v2.default.name,openstack_networking_secgroup_v2.swarm_nfs_traffic.name] + flavor_name = var.docker_swarm_data.nfs_server_flavor + key_pair = var.ssh_key_file.name + security_groups = [openstack_networking_secgroup_v2.default.name, openstack_networking_secgroup_v2.swarm_nfs_traffic.name] block_device { uuid = var.ubuntu_2204.uuid source_type = "image" @@ -195,20 +195,20 @@ resource "openstack_compute_instance_v2" "swarm_nfs_server" { name = var.main_private_network.name } network { - name = var.swarm_nfs_private_network.network_name + name = var.swarm_nfs_private_network.network_name fixed_ip_v4 = var.swarm_nfs_private_network.server_ip } - user_data = "${file("${var.ubuntu2204_data_file}")}" - depends_on = [ openstack_networking_subnet_v2.swarm_nfs_subnet ] + user_data = file("${var.ubuntu2204_data_file}") + depends_on = [openstack_networking_subnet_v2.swarm_nfs_subnet] } # Attach the additional volume resource "openstack_compute_volume_attach_v2" "swarm_nfs_data_attach_vol" { instance_id = openstack_compute_instance_v2.swarm_nfs_server.id volume_id = openstack_blockstorage_volume_v3.swarm_nfs_data_vol.id - device = var.docker_swarm_data.nfs_server_data_disk_device - depends_on = [openstack_compute_instance_v2.swarm_nfs_server] + device = var.docker_swarm_data.nfs_server_data_disk_device + depends_on = [openstack_compute_instance_v2.swarm_nfs_server] } # @@ -216,33 +216,33 @@ resource "openstack_compute_volume_attach_v2" "swarm_nfs_data_attach_vol" { # # Swarm load balancer. L4, backed by Octavia resource "openstack_lb_loadbalancer_v2" "swarm_lb" { - vip_subnet_id = var.main_private_subnet_id - name = var.octavia_swarm_data.swarm_lb_name - description = var.octavia_swarm_data.swarm_lb_description - flavor_id = var.octavia_swarm_data.octavia_flavor_id - vip_address = var.octavia_swarm_data.swarm_octavia_main_ip - loadbalancer_provider = "amphora" + vip_subnet_id = var.main_private_subnet_id + name = var.octavia_swarm_data.swarm_lb_name + description = var.octavia_swarm_data.swarm_lb_description + flavor_id = var.octavia_swarm_data.octavia_flavor_id + vip_address = var.octavia_swarm_data.swarm_octavia_main_ip + loadbalancer_provider = "amphora" } # Allocate a floating IP resource "openstack_networking_floatingip_v2" "swarm_lb_ip" { - pool = var.floating_ip_pools.main_public_ip_pool - # The DNS association does not work because of a bug in the OpenStack API - # dns_name = "main-lb" - # dns_domain = var.dns_zone.zone_name - description = var.octavia_swarm_data.swarm_lb_description + pool = var.floating_ip_pools.main_public_ip_pool + # The DNS association does not work because of a bug in the OpenStack API + # dns_name = "main-lb" + # dns_domain = var.dns_zone.zone_name + description = var.octavia_swarm_data.swarm_lb_description } resource "openstack_networking_floatingip_associate_v2" "swarm_lb" { - floating_ip = openstack_networking_floatingip_v2.swarm_lb_ip.address - port_id = openstack_lb_loadbalancer_v2.swarm_lb.vip_port_id + floating_ip = openstack_networking_floatingip_v2.swarm_lb_ip.address + port_id = openstack_lb_loadbalancer_v2.swarm_lb.vip_port_id } locals { - swarm_recordset_name = "${var.octavia_swarm_data.swarm_lb_hostname}.${var.dns_zone.zone_name}" + swarm_recordset_name = "${var.octavia_swarm_data.swarm_lb_hostname}.${var.dns_zone.zone_name}" portainer_recordset_name = "portainer.${var.dns_zone.zone_name}" - ccp_recordset_name = "ccp.${var.dns_zone.zone_name}" - cdn_recordset_name = "cdn.${var.dns_zone.zone_name}" + ccp_recordset_name = "ccp.${var.dns_zone.zone_name}" + cdn_recordset_name = "cdn.${var.dns_zone.zone_name}" conductor_recordset_name = "conductor.${var.dns_zone.zone_name}" } @@ -293,215 +293,215 @@ resource "openstack_dns_recordset_v2" "conductor_dns_recordset" { # Main HAPROXY stats listener resource "openstack_lb_listener_v2" "swarm_haproxy_stats_listener" { - loadbalancer_id = openstack_lb_loadbalancer_v2.swarm_lb.id - protocol = "TCP" - protocol_port = 8880 - description = "Listener for the stats of the Docker Swarm HAPROXY instances" - name = "swarm_haproxy_stats_listener" - allowed_cidrs = [var.ssh_sources.d4s_vpn_1_cidr,var.ssh_sources.d4s_vpn_2_cidr,var.ssh_sources.s2i2s_vpn_1_cidr,var.ssh_sources.s2i2s_vpn_2_cidr] - + loadbalancer_id = openstack_lb_loadbalancer_v2.swarm_lb.id + protocol = "TCP" + protocol_port = 8880 + description = "Listener for the stats of the Docker Swarm HAPROXY instances" + name = "swarm_haproxy_stats_listener" + allowed_cidrs = [var.ssh_sources.d4s_vpn_1_cidr, var.ssh_sources.d4s_vpn_2_cidr, var.ssh_sources.s2i2s_vpn_1_cidr, var.ssh_sources.s2i2s_vpn_2_cidr] + } resource "openstack_lb_pool_v2" "swarm_haproxy_stats_pool" { - listener_id = openstack_lb_listener_v2.swarm_haproxy_stats_listener.id - protocol = "TCP" - lb_method = "LEAST_CONNECTIONS" - name = "swarm-haproxy-lb-stats" - description = "Pool for the stats of the main HAPROXY instances" - persistence { - type = "SOURCE_IP" - } + listener_id = openstack_lb_listener_v2.swarm_haproxy_stats_listener.id + protocol = "TCP" + lb_method = "LEAST_CONNECTIONS" + name = "swarm-haproxy-lb-stats" + description = "Pool for the stats of the main HAPROXY instances" + persistence { + type = "SOURCE_IP" + } } resource "openstack_lb_members_v2" "swarm_haproxy_stats_pool_members" { - pool_id = openstack_lb_pool_v2.swarm_haproxy_stats_pool.id - member { - name = "swarm mgr haproxy 1" - address = var.docker_swarm_data.mgr1_ip - protocol_port = 8880 - } - member { - name = "swarm mgr haproxy 2" - address = var.docker_swarm_data.mgr2_ip - protocol_port = 8880 - } - member { - name = "swarm mgr haproxy 3" - address = var.docker_swarm_data.mgr3_ip - protocol_port = 8880 - } + pool_id = openstack_lb_pool_v2.swarm_haproxy_stats_pool.id + member { + name = "swarm mgr haproxy 1" + address = var.docker_swarm_data.mgr1_ip + protocol_port = 8880 + } + member { + name = "swarm mgr haproxy 2" + address = var.docker_swarm_data.mgr2_ip + protocol_port = 8880 + } + member { + name = "swarm mgr haproxy 3" + address = var.docker_swarm_data.mgr3_ip + protocol_port = 8880 + } } resource "openstack_lb_monitor_v2" "swarm_haproxy_stats_monitor" { - pool_id = openstack_lb_pool_v2.swarm_haproxy_stats_pool.id - name = "swarm_haproxy_stats_monitor" - type = "TCP" - delay = 20 - timeout = 5 - max_retries = 3 - admin_state_up = true + pool_id = openstack_lb_pool_v2.swarm_haproxy_stats_pool.id + name = "swarm_haproxy_stats_monitor" + type = "TCP" + delay = 20 + timeout = 5 + max_retries = 3 + admin_state_up = true } # HAPROXY HTTP resource "openstack_lb_listener_v2" "swarm_haproxy_http_listener" { - loadbalancer_id = openstack_lb_loadbalancer_v2.swarm_lb.id - protocol = "TCP" - protocol_port = 80 - description = "HTTP listener of the Docker Swarm HAPROXY instances" - name = "swarm_haproxy_http_listener" - admin_state_up = true + loadbalancer_id = openstack_lb_loadbalancer_v2.swarm_lb.id + protocol = "TCP" + protocol_port = 80 + description = "HTTP listener of the Docker Swarm HAPROXY instances" + name = "swarm_haproxy_http_listener" + admin_state_up = true } resource "openstack_lb_pool_v2" "swarm_haproxy_http_pool" { - listener_id = openstack_lb_listener_v2.swarm_haproxy_http_listener.id - protocol = "PROXYV2" - lb_method = "LEAST_CONNECTIONS" - name = "swarm-haproxy-lb-http" - description = "Pool for the HTTP listener of the Docker Swarm HAPROXY instances" - persistence { - type = "SOURCE_IP" - } - admin_state_up = true + listener_id = openstack_lb_listener_v2.swarm_haproxy_http_listener.id + protocol = "PROXYV2" + lb_method = "LEAST_CONNECTIONS" + name = "swarm-haproxy-lb-http" + description = "Pool for the HTTP listener of the Docker Swarm HAPROXY instances" + persistence { + type = "SOURCE_IP" + } + admin_state_up = true } resource "openstack_lb_members_v2" "swarm_haproxy_http_pool_members" { - pool_id = openstack_lb_pool_v2.swarm_haproxy_http_pool.id - member { - name = "swarm mgr haproxy 1" - address = var.docker_swarm_data.mgr1_ip - protocol_port = 80 - } - member { - name = "swarm mgr haproxy 2" - address = var.docker_swarm_data.mgr2_ip - protocol_port = 80 - } - member { - name = "swarm mgr haproxy 3" - address = var.docker_swarm_data.mgr3_ip - protocol_port = 80 - } + pool_id = openstack_lb_pool_v2.swarm_haproxy_http_pool.id + member { + name = "swarm mgr haproxy 1" + address = var.docker_swarm_data.mgr1_ip + protocol_port = 80 + } + member { + name = "swarm mgr haproxy 2" + address = var.docker_swarm_data.mgr2_ip + protocol_port = 80 + } + member { + name = "swarm mgr haproxy 3" + address = var.docker_swarm_data.mgr3_ip + protocol_port = 80 + } } resource "openstack_lb_monitor_v2" "swarm_haproxy_http_monitor" { - pool_id = openstack_lb_pool_v2.swarm_haproxy_http_pool.id - name = "swarm_haproxy_http_monitor" - type = "HTTP" - http_method = "GET" - url_path = "/_haproxy_health_check" - expected_codes = "200" - delay = 20 - timeout = 5 - max_retries = 3 - admin_state_up = true + pool_id = openstack_lb_pool_v2.swarm_haproxy_http_pool.id + name = "swarm_haproxy_http_monitor" + type = "HTTP" + http_method = "GET" + url_path = "/_haproxy_health_check" + expected_codes = "200" + delay = 20 + timeout = 5 + max_retries = 3 + admin_state_up = true } # HAPROXY HTTPS resource "openstack_lb_listener_v2" "swarm_haproxy_https_listener" { - loadbalancer_id = openstack_lb_loadbalancer_v2.swarm_lb.id - protocol = "TCP" - protocol_port = 443 - description = "HTTPS listener of the main HAPROXY instances" - name = "swarm_haproxy_https_listener" - admin_state_up = true + loadbalancer_id = openstack_lb_loadbalancer_v2.swarm_lb.id + protocol = "TCP" + protocol_port = 443 + description = "HTTPS listener of the main HAPROXY instances" + name = "swarm_haproxy_https_listener" + admin_state_up = true } resource "openstack_lb_pool_v2" "swarm_haproxy_https_pool" { - listener_id = openstack_lb_listener_v2.swarm_haproxy_https_listener.id - protocol = "PROXYV2" - lb_method = "LEAST_CONNECTIONS" - name = "swarm-haproxy-lb-https" - description = "Pool for the HTTPS listener of the Docker Swarm HAPROXY instances" - persistence { - type = "SOURCE_IP" - } - admin_state_up = true + listener_id = openstack_lb_listener_v2.swarm_haproxy_https_listener.id + protocol = "PROXYV2" + lb_method = "LEAST_CONNECTIONS" + name = "swarm-haproxy-lb-https" + description = "Pool for the HTTPS listener of the Docker Swarm HAPROXY instances" + persistence { + type = "SOURCE_IP" + } + admin_state_up = true } resource "openstack_lb_members_v2" "swarm_haproxy_https_pool_members" { - pool_id = openstack_lb_pool_v2.swarm_haproxy_https_pool.id - member { - name = "swarm mgr haproxy 1" - address = var.docker_swarm_data.mgr1_ip - protocol_port = 443 - } - member { - name = "swarm mgr haproxy 2" - address = var.docker_swarm_data.mgr2_ip - protocol_port = 443 - } - member { - name = "swarm mgr haproxy 3" - address = var.docker_swarm_data.mgr3_ip - protocol_port = 443 - } + pool_id = openstack_lb_pool_v2.swarm_haproxy_https_pool.id + member { + name = "swarm mgr haproxy 1" + address = var.docker_swarm_data.mgr1_ip + protocol_port = 443 + } + member { + name = "swarm mgr haproxy 2" + address = var.docker_swarm_data.mgr2_ip + protocol_port = 443 + } + member { + name = "swarm mgr haproxy 3" + address = var.docker_swarm_data.mgr3_ip + protocol_port = 443 + } } resource "openstack_lb_monitor_v2" "swarm_haproxy_https_monitor" { - pool_id = openstack_lb_pool_v2.swarm_haproxy_https_pool.id - name = "swarm_haproxy_https_monitor" - type = "HTTPS" - http_method = "GET" - url_path = "/_haproxy_health_check" - expected_codes = "200" - delay = 20 - timeout = 5 - max_retries = 3 - admin_state_up = true + pool_id = openstack_lb_pool_v2.swarm_haproxy_https_pool.id + name = "swarm_haproxy_https_monitor" + type = "HTTPS" + http_method = "GET" + url_path = "/_haproxy_health_check" + expected_codes = "200" + delay = 20 + timeout = 5 + max_retries = 3 + admin_state_up = true } # HAPROXY HTTP on port 8080 resource "openstack_lb_listener_v2" "swarm_haproxy_8080_listener" { - loadbalancer_id = openstack_lb_loadbalancer_v2.swarm_lb.id - protocol = "TCP" - protocol_port = 8080 - description = "HTTP port 8080 listener of the Docker Swarm HAPROXY instances" - name = "swarm_haproxy_8080_listener" - admin_state_up = true + loadbalancer_id = openstack_lb_loadbalancer_v2.swarm_lb.id + protocol = "TCP" + protocol_port = 8080 + description = "HTTP port 8080 listener of the Docker Swarm HAPROXY instances" + name = "swarm_haproxy_8080_listener" + admin_state_up = true } resource "openstack_lb_pool_v2" "swarm_haproxy_8080_pool" { - listener_id = openstack_lb_listener_v2.swarm_haproxy_8080_listener.id - protocol = "PROXYV2" - lb_method = "LEAST_CONNECTIONS" - name = "swarm-haproxy-lb-http-8080" - description = "Pool for the HTTP port 8080 listener of the Docker Swarm HAPROXY instances" - persistence { - type = "SOURCE_IP" - } - admin_state_up = true + listener_id = openstack_lb_listener_v2.swarm_haproxy_8080_listener.id + protocol = "PROXYV2" + lb_method = "LEAST_CONNECTIONS" + name = "swarm-haproxy-lb-http-8080" + description = "Pool for the HTTP port 8080 listener of the Docker Swarm HAPROXY instances" + persistence { + type = "SOURCE_IP" + } + admin_state_up = true } resource "openstack_lb_members_v2" "swarm_haproxy_8080_pool_members" { - pool_id = openstack_lb_pool_v2.swarm_haproxy_8080_pool.id - member { - name = "swarm mgr haproxy 1" - address = var.docker_swarm_data.mgr1_ip - protocol_port = 8080 - } - member { - name = "swarm mgr haproxy 2" - address = var.docker_swarm_data.mgr2_ip - protocol_port = 8080 - } - member { - name = "swarm mgr haproxy 3" - address = var.docker_swarm_data.mgr3_ip - protocol_port = 8080 - } + pool_id = openstack_lb_pool_v2.swarm_haproxy_8080_pool.id + member { + name = "swarm mgr haproxy 1" + address = var.docker_swarm_data.mgr1_ip + protocol_port = 8080 + } + member { + name = "swarm mgr haproxy 2" + address = var.docker_swarm_data.mgr2_ip + protocol_port = 8080 + } + member { + name = "swarm mgr haproxy 3" + address = var.docker_swarm_data.mgr3_ip + protocol_port = 8080 + } } resource "openstack_lb_monitor_v2" "swarm_haproxy_8080_monitor" { - pool_id = openstack_lb_pool_v2.swarm_haproxy_8080_pool.id - name = "swarm_haproxy_8080_monitor" - type = "HTTP" - http_method = "GET" - url_path = "/_haproxy_health_check" - expected_codes = "200" - delay = 20 - timeout = 5 - max_retries = 3 - admin_state_up = true + pool_id = openstack_lb_pool_v2.swarm_haproxy_8080_pool.id + name = "swarm_haproxy_8080_monitor" + type = "HTTP" + http_method = "GET" + url_path = "/_haproxy_health_check" + expected_codes = "200" + delay = 20 + timeout = 5 + max_retries = 3 + admin_state_up = true } output "swarm_loadbalancer_ip" { diff --git a/openstack-tf/modules/docker_swarm/swarm-variables.tf b/openstack-tf/modules/docker_swarm/swarm-variables.tf index 0a45283..6c3538c 100644 --- a/openstack-tf/modules/docker_swarm/swarm-variables.tf +++ b/openstack-tf/modules/docker_swarm/swarm-variables.tf @@ -1,57 +1,57 @@ variable "docker_swarm_data" { type = map(string) default = { - mgr_name = "swarm-mgr" - mgr1_ip = "10.1.40.31" - mgr1_cidr = "10.1.40.31/32" - mgr2_ip = "10.1.40.32" - mgr2_cidr = "10.1.40.32/32" - mgr3_ip = "10.1.40.33" - mgr3_cidr = "10.1.40.33/32" - mgr_count = 3 - mgr_flavor = "m1.large" - mgr_data_disk_size = 100 - worker_name = "swarm-worker" - worker_count = 5 - worker_flavor = "m1.xlarge" - worker_data_disk_size = 100 - nfs_server_name = "swarm-nfs-server" - nfs_server_flavor = "m1.medium" - nfs_server_data_disk_name = "Swarm NFS server data Disk" - nfs_server_data_disk_size = 100 + mgr_name = "swarm-mgr" + mgr1_ip = "10.1.40.31" + mgr1_cidr = "10.1.40.31/32" + mgr2_ip = "10.1.40.32" + mgr2_cidr = "10.1.40.32/32" + mgr3_ip = "10.1.40.33" + mgr3_cidr = "10.1.40.33/32" + mgr_count = 3 + mgr_flavor = "m1.large" + mgr_data_disk_size = 100 + worker_name = "swarm-worker" + worker_count = 5 + worker_flavor = "m1.xlarge" + worker_data_disk_size = 100 + nfs_server_name = "swarm-nfs-server" + nfs_server_flavor = "m1.medium" + nfs_server_data_disk_name = "Swarm NFS server data Disk" + nfs_server_data_disk_size = 100 nfs_server_data_disk_device = "/dev/vdb" } } variable "swarm_managers_ip" { - type = list(string) + type = list(string) default = ["10.1.40.31", "10.1.40.32", "10.1.40.33"] - + } variable "octavia_swarm_data" { type = map(string) default = { - swarm_lb_name = "d4s-production-cloud-swarm-l4" - swarm_lb_description = "L4 balancer that serves the D4Science production Docker Swarm cluster" - swarm_lb_name = "d4s-production-cloud-swarm-l4" - octavia_flavor = "octavia_amphora-mvcpu-ha" - octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7" - swarm_lb_hostname = "swarm-lb" - swarm_octavia_main_ip = "10.1.40.30" + swarm_lb_name = "d4s-production-cloud-swarm-l4" + swarm_lb_description = "L4 balancer that serves the D4Science production Docker Swarm cluster" + swarm_lb_name = "d4s-production-cloud-swarm-l4" + octavia_flavor = "octavia_amphora-mvcpu-ha" + octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7" + swarm_lb_hostname = "swarm-lb" + swarm_octavia_main_ip = "10.1.40.30" swarm_octavia_main_cidr = "10.1.40.30/32" - } + } } variable "swarm_nfs_private_network" { type = map(string) default = { - network_name = "swarm-nfs-net" - network_description = "Network used by the swarm nodes and the NFS service" - network_cidr = "192.168.4.0/23" - allocation_pool_start = "192.168.4.100" - allocation_pool_end = "192.168.5.254" - server_ip = "192.168.4.10" - server_cidr = "192.168.4.5/23" - } + network_name = "swarm-nfs-net" + network_description = "Network used by the swarm nodes and the NFS service" + network_cidr = "192.168.4.0/23" + allocation_pool_start = "192.168.4.100" + allocation_pool_end = "192.168.5.254" + server_ip = "192.168.4.10" + server_cidr = "192.168.4.5/23" + } }