From eccfb0b2a84572dcdb2a77b5a8b80551d926cf9d Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 2 Nov 2023 19:50:01 +0100 Subject: [PATCH] First bits of terraforming openstack. --- openstack-shell-scripts/project-scripts.sh | 4 +- openstack-tf/common_setups/10-main-network.tf | 42 +++++++++++++++++++ .../external-network-and-resolvers.tf | 18 ++++++-- .../common_variables/terraform-provider.tf | 2 +- .../d4s-dev/project-setup/.terraform.lock.hcl | 24 +++++++++++ .../d4s-dev/project-setup/00-variables.tf | 20 +++++++++ openstack-tf/d4s-dev/project-setup/README.md | 11 +++++ .../external-network-and-resolvers.tf | 1 + .../project-setup/terraform-provider.tf | 1 + .../project-setup/.terraform.lock.hcl | 24 +++++++++++ .../d4s-preprod/project-setup/00-variables.tf | 35 +++++++++++----- .../project-setup/10-main-network.tf | 1 + .../external-network-and-resolvers.tf | 1 + .../project-setup/terraform-provider.tf | 1 + 14 files changed, 169 insertions(+), 16 deletions(-) create mode 100644 openstack-tf/common_setups/10-main-network.tf create mode 100644 openstack-tf/d4s-dev/project-setup/.terraform.lock.hcl create mode 100644 openstack-tf/d4s-dev/project-setup/00-variables.tf create mode 100644 openstack-tf/d4s-dev/project-setup/README.md create mode 120000 openstack-tf/d4s-dev/project-setup/external-network-and-resolvers.tf create mode 120000 openstack-tf/d4s-dev/project-setup/terraform-provider.tf create mode 100644 openstack-tf/d4s-preprod/project-setup/.terraform.lock.hcl create mode 120000 openstack-tf/d4s-preprod/project-setup/10-main-network.tf create mode 120000 openstack-tf/d4s-preprod/project-setup/external-network-and-resolvers.tf create mode 120000 openstack-tf/d4s-preprod/project-setup/terraform-provider.tf diff --git a/openstack-shell-scripts/project-scripts.sh b/openstack-shell-scripts/project-scripts.sh index b231aee..1533bda 100644 --- a/openstack-shell-scripts/project-scripts.sh +++ b/openstack-shell-scripts/project-scripts.sh @@ -3,7 +3,7 @@ # S2I2S openstack --os-cloud ISTI-Cloud zone create --sudo-project-id s2i2s-cloud --email postmaster@isti.cnr.it s2i2s.cloud.isti.cnr.it. openstack --os-cloud ISTI-Cloud network create --project s2i2s-cloud --no-share --mtu 8942 --dns-domain s2i2s.cloud.isti.cnr.it. --provider-network-type vlan --provider-physical-network datacentre --provider-segment 1001 s2i2s-cloud-main -# *** Network, created by the project manager (IMPORTANTE: aggiungere VLAN e ID) +# *** Network, created by the project manager openstack --os-cloud s2i2s subnet create --network s2i2s-cloud-main --dhcp --dns-nameserver 146.48.29.97 --dns-nameserver 146.48.29.98 --dns-nameserver 146.48.29.99 --subnet-range 10.100.100.0/22 --gateway 10.100.100.1 --dns-publish-fixed-ip s2i2s-cloud-sub openstack --os-cloud s2i2s router create --description "S2I2S net main router" --external-gateway external-network s2i2s-cloud-external-router openstack --os-cloud s2i2s router add subnet s2i2s-cloud-external-router s2i2s-cloud-sub @@ -60,7 +60,7 @@ openstack --os-cloud d4s-pre security group rule create \ --description "Allow ICMP" --ingress --protocol icmp \ --remote-ip 0.0.0.0/0 default openstack --os-cloud d4s-pre security group rule create \ - --description "Prometheus node exporter" --ingress --protocol icmp \ + --description "Prometheus node exporter" --ingress --protocol tcp \ --dst-port "9100" \ --remote-ip 10.1.32.0/22 default diff --git a/openstack-tf/common_setups/10-main-network.tf b/openstack-tf/common_setups/10-main-network.tf new file mode 100644 index 0000000..a3f630a --- /dev/null +++ b/openstack-tf/common_setups/10-main-network.tf @@ -0,0 +1,42 @@ +resource "openstack_networking_network_v2" "main-private-network" { + name = var.main_private_network["name"] + admin_state_up = "true" + external = "false" + description = var.main_private_network.description + dns_domain = var.dns-zone + mtu = var.mtu_size + port_security_enabled = true + shared = false + region = var.main_region +} + +resource "openstack_networking_subnet_v2" "main-private-subnet" { + name = var.main_private_subnet.name + description = var.main_private_subnet.description + network_id = openstack_networking_network_v2.main-private-network.id + cidr = var.main_private_subnet.cidr + gateway_ip = var.main_private_subnet.gateway_ip + dns_nameservers = var.resolvers_ip + ip_version = 4 + enable_dhcp = true + allocation_pool { + start = var.main_private_subnet.allocation_start + end = var.main_private_subnet.allocation_end + } +} + +# Shell command: +# openstack --os-cloud d4s-pre router create --description "D4Science Preprod main router" --external-gateway external-network d4s-pre-cloud-external-router +# resource "openstack_networking_router_v2" "external-router" { +# name = var.external_router.name +# description = var.external_router.description +# external_network_id = var.external_network.id +# enable_snat = true +# } + +# Router interface configuration +resource "openstack_networking_router_interface_v2" "private-network-routing" { + # router_id = openstack_networking_router_v2.external-router.id + router_id = var.external_router.id + subnet_id = openstack_networking_subnet_v2.main-private-subnet.id +} diff --git a/openstack-tf/common_variables/external-network-and-resolvers.tf b/openstack-tf/common_variables/external-network-and-resolvers.tf index 8c06fcd..680ec98 100644 --- a/openstack-tf/common_variables/external-network-and-resolvers.tf +++ b/openstack-tf/common_variables/external-network-and-resolvers.tf @@ -1,7 +1,15 @@ -#### NEUTRON +# Global definitions +variable "main_region" { + type = string + default = "isti_area_pi_1" +} + variable "external_network" { - type = string - default = "external-network" + type = map(string) + default = { + name = "external-network" + id = "1d2ff137-6ff7-4017-be2b-0d6c4af2353b" + } } variable "resolvers_ip" { @@ -9,3 +17,7 @@ variable "resolvers_ip" { default = ["146.48.29.97", "146.48.29.98", "146.48.29.99"] } +variable "mtu_size" { + type = number + default = 8942 +} diff --git a/openstack-tf/common_variables/terraform-provider.tf b/openstack-tf/common_variables/terraform-provider.tf index 1f2928e..4f9ce28 100644 --- a/openstack-tf/common_variables/terraform-provider.tf +++ b/openstack-tf/common_variables/terraform-provider.tf @@ -4,7 +4,7 @@ required_version = ">= 0.14.0" required_providers { openstack = { source = "terraform-provider-openstack/openstack" - version = "~> 1.51.1" + version = "~> 1.53.0" } } } diff --git a/openstack-tf/d4s-dev/project-setup/.terraform.lock.hcl b/openstack-tf/d4s-dev/project-setup/.terraform.lock.hcl new file mode 100644 index 0000000..46d2bb6 --- /dev/null +++ b/openstack-tf/d4s-dev/project-setup/.terraform.lock.hcl @@ -0,0 +1,24 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/terraform-provider-openstack/openstack" { + version = "1.53.0" + constraints = "~> 1.53.0" + hashes = [ + "h1:ZSJPqrlaHQ3sj7wyJuPSG+NblFZbAA6Y0d3GjSJf3o8=", + "zh:09da7ca98ffd3de7b9ce36c4c13446212a6e763ba1162be71b50f95d453cb68e", + "zh:14041bcbb87312411d88612056ed185650bfd01284b8ea0761ce8105a331708e", + "zh:35bf4c788fdbc17c8e40ebc7b33c7de4b45a2fa2efaa657b10f0e3bd37c9627f", + "zh:46ede8ef4cfa12d654c538afc1e1ec34a1f3e8eb4e986ee23dceae398b7176a6", + "zh:59675734990dab1e8d87997853ea75e8104bba730b3f5a7146ac735540c9d6bf", + "zh:6de52428849806498670e827b54810be7510a2a79449602c1aede4235a0ec036", + "zh:78b2a20601272afceffac8f8ca78a6b647b84196c0dd8dc710fae297f6be15a4", + "zh:7c41ed3a4fac09677e676ecf9f9edd1e38eef449e656cb01a848d2c799c6de8f", + "zh:852800228f4118a4aa6cfaa4468b851247cbed6f037fd204f08de69eb1edc149", + "zh:86d618e7f9a07d978b8bc4b190be350a00de64ec535f9c8f5dfe133542a55483", + "zh:963a9e72b66d8bcf43de9b14a674ae3ca3719ce2f829217f7a65b66fc3773397", + "zh:a8e72ab67795071bda61f99a6de3d2d40122fb51971768fd75e1324abe874ced", + "zh:ce1890cf3af17d569af3bc7673cec0a8f78e6f5d701767593f3d29c551f44848", + "zh:e6f1b96eb684f527a47f71923f268c86a36d7894751b31ee9e726d7502a639cd", + ] +} diff --git a/openstack-tf/d4s-dev/project-setup/00-variables.tf b/openstack-tf/d4s-dev/project-setup/00-variables.tf new file mode 100644 index 0000000..31f5538 --- /dev/null +++ b/openstack-tf/d4s-dev/project-setup/00-variables.tf @@ -0,0 +1,20 @@ + +# Configure the OpenStack Provider +provider "openstack" { + cloud = "d4s-dev" +} + +variable "dns-zone" { + type = string + default = "cloud-dev.d4science.org." +} + +variable "main_private_network" { + type = string + default = "d4s-dev-cloud-main" +} + +variable "mtu_size" { + type = number + default = 8942 +} diff --git a/openstack-tf/d4s-dev/project-setup/README.md b/openstack-tf/d4s-dev/project-setup/README.md new file mode 100644 index 0000000..bd2247c --- /dev/null +++ b/openstack-tf/d4s-dev/project-setup/README.md @@ -0,0 +1,11 @@ +# How to obtain the "generated" data + +terraformer can obtain the resources of a region. On OpenStack it is limited to the compute, block storage and networks resources. + +The command is + +```shell-session +terraformer import openstack --resources="*" --regions isti_area_pi_1 +``` + +and it requires the load of the shell application credentials, it does not understand the `clouds.yaml` ones. diff --git a/openstack-tf/d4s-dev/project-setup/external-network-and-resolvers.tf b/openstack-tf/d4s-dev/project-setup/external-network-and-resolvers.tf new file mode 120000 index 0000000..5ac2513 --- /dev/null +++ b/openstack-tf/d4s-dev/project-setup/external-network-and-resolvers.tf @@ -0,0 +1 @@ +../../common_variables/external-network-and-resolvers.tf \ No newline at end of file diff --git a/openstack-tf/d4s-dev/project-setup/terraform-provider.tf b/openstack-tf/d4s-dev/project-setup/terraform-provider.tf new file mode 120000 index 0000000..2b01ab6 --- /dev/null +++ b/openstack-tf/d4s-dev/project-setup/terraform-provider.tf @@ -0,0 +1 @@ +../../common_variables/terraform-provider.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/project-setup/.terraform.lock.hcl b/openstack-tf/d4s-preprod/project-setup/.terraform.lock.hcl new file mode 100644 index 0000000..46d2bb6 --- /dev/null +++ b/openstack-tf/d4s-preprod/project-setup/.terraform.lock.hcl @@ -0,0 +1,24 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/terraform-provider-openstack/openstack" { + version = "1.53.0" + constraints = "~> 1.53.0" + hashes = [ + "h1:ZSJPqrlaHQ3sj7wyJuPSG+NblFZbAA6Y0d3GjSJf3o8=", + "zh:09da7ca98ffd3de7b9ce36c4c13446212a6e763ba1162be71b50f95d453cb68e", + "zh:14041bcbb87312411d88612056ed185650bfd01284b8ea0761ce8105a331708e", + "zh:35bf4c788fdbc17c8e40ebc7b33c7de4b45a2fa2efaa657b10f0e3bd37c9627f", + "zh:46ede8ef4cfa12d654c538afc1e1ec34a1f3e8eb4e986ee23dceae398b7176a6", + "zh:59675734990dab1e8d87997853ea75e8104bba730b3f5a7146ac735540c9d6bf", + "zh:6de52428849806498670e827b54810be7510a2a79449602c1aede4235a0ec036", + "zh:78b2a20601272afceffac8f8ca78a6b647b84196c0dd8dc710fae297f6be15a4", + "zh:7c41ed3a4fac09677e676ecf9f9edd1e38eef449e656cb01a848d2c799c6de8f", + "zh:852800228f4118a4aa6cfaa4468b851247cbed6f037fd204f08de69eb1edc149", + "zh:86d618e7f9a07d978b8bc4b190be350a00de64ec535f9c8f5dfe133542a55483", + "zh:963a9e72b66d8bcf43de9b14a674ae3ca3719ce2f829217f7a65b66fc3773397", + "zh:a8e72ab67795071bda61f99a6de3d2d40122fb51971768fd75e1324abe874ced", + "zh:ce1890cf3af17d569af3bc7673cec0a8f78e6f5d701767593f3d29c551f44848", + "zh:e6f1b96eb684f527a47f71923f268c86a36d7894751b31ee9e726d7502a639cd", + ] +} diff --git a/openstack-tf/d4s-preprod/project-setup/00-variables.tf b/openstack-tf/d4s-preprod/project-setup/00-variables.tf index 1b6b4b0..94ba2cc 100644 --- a/openstack-tf/d4s-preprod/project-setup/00-variables.tf +++ b/openstack-tf/d4s-preprod/project-setup/00-variables.tf @@ -9,16 +9,31 @@ variable "dns-zone" { default = "cloud-pre.d4science.org." } -#### VM parameters -variable "flavor_http" { - type = string - default = "t2.medium" -} - -variable "network_http" { +variable "main_private_network" { type = map(string) default = { - subnet_name = "subnet-http" - cidr = "192.168.1.0/24" - } + name = "d4s-pre-cloud-main" + description = "D4Science Preprod private network (use this as the main network)" + } +} + +variable "main_private_subnet" { + type = map(string) + default = { + name = "d4s-pre-cloud-main-subnet" + description = "D4Science Preprod main private subnet" + cidr = "10.1.32.0/22" + gateway_ip = "10.1.32.1" + allocation_start = "10.1.32.100" + allocation_end = "10.1.35.254" + } +} + +variable "external_router" { + type = map(string) + default = { + name = "d4s-pre-cloud-external-router" + description = "D4Science Preprod main router" + id = "cc26064a-bb08-4c0b-929f-d0cb39f934a3" + } } diff --git a/openstack-tf/d4s-preprod/project-setup/10-main-network.tf b/openstack-tf/d4s-preprod/project-setup/10-main-network.tf new file mode 120000 index 0000000..ab1d8c7 --- /dev/null +++ b/openstack-tf/d4s-preprod/project-setup/10-main-network.tf @@ -0,0 +1 @@ +../../common_setups/10-main-network.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/project-setup/external-network-and-resolvers.tf b/openstack-tf/d4s-preprod/project-setup/external-network-and-resolvers.tf new file mode 120000 index 0000000..5ac2513 --- /dev/null +++ b/openstack-tf/d4s-preprod/project-setup/external-network-and-resolvers.tf @@ -0,0 +1 @@ +../../common_variables/external-network-and-resolvers.tf \ No newline at end of file diff --git a/openstack-tf/d4s-preprod/project-setup/terraform-provider.tf b/openstack-tf/d4s-preprod/project-setup/terraform-provider.tf new file mode 120000 index 0000000..2b01ab6 --- /dev/null +++ b/openstack-tf/d4s-preprod/project-setup/terraform-provider.tf @@ -0,0 +1 @@ +../../common_variables/terraform-provider.tf \ No newline at end of file