francesco.mangiacrapa
/
infrastructure-as-code
forked from InfraScience/infrastructure-as-code
1
0
Fork 0
Code Pull Requests Activity
infrastructure-as-code/openstack-tf/modules/orientdb/orientdb.tf

380 lines
13 KiB
HCL
Raw Blame History

# Define required providers
# terraform {
# required_version = ">= 0.14.0"
# required_providers {
# openstack = {
# source = "terraform-provider-openstack/openstack"
# version = "~> 1.53.0"
# }
# }
# }
#
# module "common_variables" {
# source = "../../modules/common_variables"
# }
#
# Server group
#
# resource "openstack_compute_servergroup_v2" "orientdb_cluster" {
# name = "orientdb_cluster"
# policies = ["soft-anti-affinity"]
# }
# #
# # Network for the cluster traffic
# #
# resource "openstack_networking_network_v2" "orientdb_network" {
# name = var.orientdb_net.network_name
# admin_state_up = "true"
# external = "false"
# description = var.orientdb_net.network_description
# mtu = module.common_variables.mtu_size_value
# port_security_enabled = true
# shared = false
# region = module.common_variables.main_region_name
# }
# # Subnet
# resource "openstack_networking_subnet_v2" "orientdb_subnet" {
# name = "orientdb-subnet"
# description = "Subnet used by the OrientDB service"
# network_id = openstack_networking_network_v2.orientdb_network.id
# cidr = var.orientdb_net.network_cidr
# dns_nameservers = module.common_variables.resolvers_ip
# ip_version = 4
# enable_dhcp = true
# no_gateway = true
# allocation_pool {
# start = var.orientdb_net.allocation_pool_start
# end = var.orientdb_net.allocation_pool_end
# }
# }
# #
# # Security groups
# #
# # Between OrientDB nodes
# resource "openstack_networking_secgroup_v2" "orientdb_internal_traffic" {
# name = "orientdb_internal_docker_traffic"
# delete_default_rules = "true"
# description = "Traffic between the OrientDB nodes"
# }
# resource "openstack_networking_secgroup_rule_v2" "everything_udp" {
# count = var.orientdb_nodes_count
# security_group_id = openstack_networking_secgroup_v2.orientdb_internal_traffic.id
# description = "UDP traffic between OrientDB nodes"
# direction = "ingress"
# ethertype = "IPv4"
# protocol = "udp"
# remote_ip_prefix = var.orientdb_ip.*[count.index]/32
# }
# resource "openstack_networking_secgroup_rule_v2" "everything_tcp" {
# count = var.orientdb_nodes_count
# security_group_id = openstack_networking_secgroup_v2.orientdb_internal_traffic.id
# description = "TCP traffic between OrientDB nodes"
# direction = "ingress"
# ethertype = "IPv4"
# protocol = "tcp"
# remote_ip_prefix = var.orientdb_ip.*[count.index]/32
# }
# resource "openstack_networking_secgroup_v2" "access_to_orientdb" {
# name = "access_to_orientdb"
# delete_default_rules = "true"
# description = "Clients that talk to the OrientDB service"
# }
# resource "openstack_networking_secgroup_rule_v2" "access_to_orient_udp" {
# security_group_id = openstack_networking_secgroup_v2.access_to_orientdb.id
# description = "UDP traffic"
# direction = "ingress"
# ethertype = "IPv4"
# protocol = "udp"
# remote_ip_prefix = openstack_networking_subnet_v2.orientdb_subnet.cidr
# }
# resource "openstack_networking_secgroup_rule_v2" "access_to_orient_tcp" {
# security_group_id = openstack_networking_secgroup_v2.access_to_orientdb.id
# description = "TCP traffic"
# direction = "ingress"
# ethertype = "IPv4"
# protocol = "tcp"
# remote_ip_prefix = openstack_networking_subnet_v2.orientdb_subnet.cidr
# }
# #
# # OrientDB
# #
# # Instance
# resource "openstack_compute_instance_v2" "orientdb_servers" {
# count = local.orientdb_nodes_count
# name = format("%s-%02d", var.orientdb_data.node_name, count.index+1)
# availability_zone_hints = module.common_variables.availability_zone_no_gpu_name
# flavor_name = var.orientdb_data.node_flavor
# key_pair = module.common_variables.ssh_key_file_config
# security_groups = [openstack_networking_secgroup_v2.default.name,openstack_networking_secgroup_v2.orientdb_internal_traffic.name]
# scheduler_hints {
# group = openstack_compute_servergroup_v2.orientdb_cluster.id
# }
# block_device {
# uuid = module.ubuntu2204.uuid
# source_type = "image"
# volume_size = 10
# boot_index = 0
# destination_type = "volume"
# delete_on_termination = false
# }
# block_device {
# source_type = "blank"
# volume_size = var.orientdb_data.node_data_disk_size
# boot_index = -1
# destination_type = "volume"
# delete_on_termination = false
# }
# network {
# name = var.main_private_network.name
# }
# network {
# name = var.orientdb_net.network_name
# fixed_ip_v4 = var.orientdb_ip.*[count.index]
# }
# user_data = "${file("${module.common_variables.ubuntu2204_datafile}")}"
# depends_on = [ openstack_networking_subnet_v2.orientdb_subnet ]
# }
# locals {
# orientdb_nodes_count = 3
# }
#
# Not using modules here
#
resource "openstack_compute_servergroup_v2" "orientdb_cluster" {
name = "orientdb_cluster"
policies = ["soft-anti-affinity"]
}
#
# Network for the cluster traffic
#
resource "openstack_networking_network_v2" "orientdb_network" {
name = var.orientdb_net.network_name
admin_state_up = "true"
external = "false"
description = var.orientdb_net.network_description
mtu = var.mtu_size
port_security_enabled = true
shared = false
region = var.main_region
}
# Subnet
resource "openstack_networking_subnet_v2" "orientdb_subnet" {
name = "orientdb-subnet"
description = "Subnet used by the OrientDB service"
network_id = openstack_networking_network_v2.orientdb_network.id
cidr = var.orientdb_net.network_cidr
dns_nameservers = var.resolvers_ip
ip_version = 4
enable_dhcp = true
no_gateway = true
allocation_pool {
start = var.orientdb_net.allocation_pool_start
end = var.orientdb_net.allocation_pool_end
}
}
#
# Network for the OrientDB SE
#
resource "openstack_networking_network_v2" "orientdb_se_network" {
name = var.orientdb_se_net.network_name
admin_state_up = "true"
external = "false"
description = var.orientdb_se_net.network_description
mtu = var.mtu_size
port_security_enabled = true
shared = false
region = var.main_region
}
# Subnet
resource "openstack_networking_subnet_v2" "orientdb_se_subnet" {
name = "orientdb-se-subnet"
description = "Subnet used by the OrientDB for Smart Executor"
network_id = openstack_networking_network_v2.orientdb_se_network.id
cidr = var.orientdb_se_net.network_cidr
dns_nameservers = var.resolvers_ip
ip_version = 4
enable_dhcp = true
no_gateway = true
allocation_pool {
start = var.orientdb_se_net.allocation_pool_start
end = var.orientdb_se_net.allocation_pool_end
}
}
#
# Security groups
#
# Main OrientDB service
# Between OrientDB nodes
resource "openstack_networking_secgroup_v2" "orientdb_internal_traffic" {
name = "orientdb_internal_docker_traffic"
delete_default_rules = "true"
description = "Traffic between the OrientDB nodes"
}
resource "openstack_networking_secgroup_rule_v2" "orientdb_ports" {
count = var.orientdb_nodes_count
security_group_id = openstack_networking_secgroup_v2.orientdb_internal_traffic.id
description = "TCP traffic between OrientDB nodes"
port_range_min = 2424
port_range_max = 2490
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
# remote_ip_prefix = format("%s-%02d", var.orientdb_ip, count.index+1, "/32")
remote_ip_prefix = var.orientdb_cidr.*[count.index]
}
# Access from the clients
resource "openstack_networking_secgroup_v2" "access_to_orientdb" {
name = "access_to_orientdb"
delete_default_rules = "true"
description = "Clients that talk to the OrientDB service"
}
resource "openstack_networking_secgroup_rule_v2" "access_to_orient_from_clients" {
for_each = toset([var.basic_services_ip.ssh_jump_cidr, openstack_networking_subnet_v2.orientdb_subnet.cidr])
security_group_id = openstack_networking_secgroup_v2.access_to_orientdb.id
description = "TCP traffic from the resource registries and the SSH jump server"
port_range_min = 2424
port_range_max = 2490
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
remote_ip_prefix = each.value
}
resource "openstack_networking_secgroup_rule_v2" "access_to_orient_from_haproxy" {
for_each = toset( [var.basic_services_ip.haproxy_l7_1_cidr, var.basic_services_ip.haproxy_l7_2_cidr])
security_group_id = openstack_networking_secgroup_v2.access_to_orientdb.id
description = "TCP traffic from the load balancers"
port_range_min = 2424
port_range_max = 2424
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
remote_ip_prefix = each.value
}
# OrientDB for the Smart Executor nodes
# Access from the clients
resource "openstack_networking_secgroup_v2" "access_to_orientdb_se" {
name = "access_to_orientdb_se"
delete_default_rules = "true"
description = "Clients that talk to the OrientDB service"
}
resource "openstack_networking_secgroup_rule_v2" "access_to_orient_se_from_clients" {
for_each = toset([var.basic_services_ip.ssh_jump_cidr, openstack_networking_subnet_v2.orientdb_se_subnet.cidr])
security_group_id = openstack_networking_secgroup_v2.access_to_orientdb_se.id
description = "TCP traffic from the resource registries and the SSH jump server"
port_range_min = 2424
port_range_max = 2490
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
remote_ip_prefix = each.value
}
resource "openstack_networking_secgroup_rule_v2" "access_to_orient_se_from_haproxy" {
for_each = toset( [var.basic_services_ip.haproxy_l7_1_cidr, var.basic_services_ip.haproxy_l7_2_cidr])
security_group_id = openstack_networking_secgroup_v2.access_to_orientdb_se.id
description = "TCP traffic from the load balancers"
port_range_min = 2424
port_range_max = 2424
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
remote_ip_prefix = each.value
}
#
# OrientDB main cluster
#
# Instances used by the resource registry
resource "openstack_compute_instance_v2" "orientdb_servers" {
count = local.orientdb_nodes_count
name = format("%s-%02d", var.orientdb_data.node_name, count.index+1)
availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu
flavor_name = var.orientdb_node_flavor
key_pair = var.ssh_key_file.name
security_groups = [var.default_security_group_name,openstack_networking_secgroup_v2.orientdb_internal_traffic.name,openstack_networking_secgroup_v2.access_to_orientdb.name]
scheduler_hints {
group = openstack_compute_servergroup_v2.orientdb_cluster.id
}
block_device {
uuid = var.ubuntu_2204.uuid
source_type = "image"
volume_size = 10
boot_index = 0
destination_type = "volume"
delete_on_termination = false
}
block_device {
source_type = "blank"
volume_size = var.orientdb_data.node_data_disk_size
boot_index = -1
destination_type = "volume"
delete_on_termination = false
}
network {
name = var.main_private_network.name
}
network {
name = var.orientdb_net.network_name
fixed_ip_v4 = var.orientdb_ip.*[count.index]
}
user_data = "${file("${var.ubuntu2204_data_file}")}"
depends_on = [ openstack_networking_subnet_v2.orientdb_subnet ]
}
# Instance used by the smart executors
resource "openstack_compute_instance_v2" "orientdb_se_server" {
name = "orientdb-se"
availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu
flavor_name = var.orientdb_se_node_flavor
key_pair = var.ssh_key_file.name
security_groups = [var.default_security_group_name,openstack_networking_secgroup_v2.access_to_orientdb_se.name]
block_device {
uuid = var.ubuntu_2204.uuid
source_type = "image"
volume_size = 10
boot_index = 0
destination_type = "volume"
delete_on_termination = false
}
block_device {
source_type = "blank"
volume_size = var.orientdb_data.node_data_disk_size
boot_index = -1
destination_type = "volume"
delete_on_termination = false
}
network {
name = var.main_private_network.name
}
network {
name = var.orientdb_se_net.network_name
fixed_ip_v4 = var.orientdb_se_ip
}
user_data = "${file("${var.ubuntu2204_data_file}")}"
depends_on = [ openstack_networking_subnet_v2.orientdb_se_subnet ]
}
locals {
orientdb_nodes_count = var.orientdb_nodes_count
}
View Git Blame Copy Permalink