infrastructure-as-code/openstack-tf/modules/d4science_infra_setup/octavia.tf

# Main load balancer. L4, backed by Octavia
resource "openstack_lb_loadbalancer_v2" "main_lb" {
        vip_subnet_id = module.common_variables.main_private_subnet_id
        name = module.common_variables.octavia_information.main_lb_name
        description = module.common_variables.octavia_information.main_lb_description
        flavor_id = module.common_variables.octavia_information.octavia_flavor_id
        vip_address = module.common_variables.basic_services_ip.octavia_main
        loadbalancer_provider = "amphora"
}

# Allocate a floating IP
resource "openstack_networking_floatingip_v2" "main_lb_ip" {
        pool = module.common_variables.floating_ip_pools.main_public_ip_pool
        # The DNS association does not work because of a bug in the OpenStack API
        # dns_name = "main-lb"
        # dns_domain = module.common_variables.dns_zone.zone_name
        description = module.common_variables.octavia_information.main_lb_description
}

resource "openstack_networking_floatingip_associate_v2" "main_lb" {
        floating_ip = openstack_networking_floatingip_v2.main_lb_ip.address
        port_id = openstack_lb_loadbalancer_v2.main_lb.vip_port_id
}

locals {
  recordset_name = "${module.common_variables.octavia_information.main_lb_hostname}.${module.common_variables.dns_zone.zone_name}"
}

resource "openstack_dns_recordset_v2" "main_lb_dns_recordset" {
  zone_id     = module.common_variables.dns_zone_id
  name        = local.recordset_name
  description = "Public IP address of the main load balancer"
  ttl         = 8600
  type        = "A"
  records     = [openstack_networking_floatingip_v2.main_lb_ip.address]
}

# Main HAPROXY stats listener
resource "openstack_lb_listener_v2" "main_haproxy_stats_listener" {
        loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id
        protocol = "TCP"
        protocol_port = 8880
        description = "Listener for the stats of the main HAPROXY instances"
        name = "main_haproxy_stats_listener"
        allowed_cidrs = [module.common_variables.ssh_sources.d4s_vpn_1_cidr,module.common_variables.ssh_sources.d4s_vpn_2_cidr,module.common_variables.ssh_sources.s2i2s_vpn_1_cidr,module.common_variables.ssh_sources.s2i2s_vpn_2_cidr]
  
}

resource "openstack_lb_pool_v2" "main_haproxy_stats_pool" {
        listener_id = openstack_lb_listener_v2.main_haproxy_stats_listener.id
        protocol = "TCP"
        lb_method = "LEAST_CONNECTIONS"
        name = "main-haproxy-lb-stats"
        description = "Pool for the stats of the main HAPROXY instances"
        persistence {
                type = "SOURCE_IP"
        }
}

resource "openstack_lb_members_v2" "main_haproxy_stats_pool_members" {
        pool_id = openstack_lb_pool_v2.main_haproxy_stats_pool.id
        member {
          name = "haproxy l7 1"
          address = module.common_variables.basic_services_ip.haproxy_l7_1
          protocol_port = 8880
        }
        member {
          name = "haproxy l7 2"
          address = module.common_variables.basic_services_ip.haproxy_l7_2
          protocol_port = 8880
        }
}

resource "openstack_lb_monitor_v2" "main_haproxy_stats_monitor" {
        pool_id = openstack_lb_pool_v2.main_haproxy_stats_pool.id
        name = "main_haproxy_stats_monitor"
        type = "TCP"
        delay = 20
        timeout = 5
        max_retries = 3
        admin_state_up = true
}

# Main HAPROXY HTTP
resource "openstack_lb_listener_v2" "main_haproxy_http_listener" {
        loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id
        protocol = "TCP"
        protocol_port = 80
        description = "HTTP listener of the main HAPROXY instances"
        name = "main_haproxy_http_listener"
        admin_state_up = true
}

resource "openstack_lb_pool_v2" "main_haproxy_http_pool" {
        listener_id = openstack_lb_listener_v2.main_haproxy_http_listener.id
        protocol = "PROXYV2"
        lb_method = "LEAST_CONNECTIONS"
        name = "main-haproxy-lb-http"
        description = "Pool for the HTTP listener of the main HAPROXY instances"
        persistence {
                type = "SOURCE_IP"
        }
        admin_state_up = true
}

resource "openstack_lb_members_v2" "main_haproxy_http_pool_members" {
        pool_id = openstack_lb_pool_v2.main_haproxy_http_pool.id
        member {
          name = "haproxy l7 1"
          address = module.common_variables.basic_services_ip.haproxy_l7_1
          protocol_port = 80
        }
        member {
          name = "haproxy l7 2"
          address = module.common_variables.basic_services_ip.haproxy_l7_2
          protocol_port = 80
        }
}

resource "openstack_lb_monitor_v2" "main_haproxy_http_monitor" {
        pool_id = openstack_lb_pool_v2.main_haproxy_http_pool.id
        name = "main_haproxy_http_monitor"
        type = "HTTP"
        http_method = "GET"
        url_path = "/_haproxy_health_check"
        expected_codes = "200"
        delay = 20
        timeout = 5
        max_retries = 3
        admin_state_up = true
}

# Main HAPROXY HTTPS
resource "openstack_lb_listener_v2" "main_haproxy_https_listener" {
        loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id
        protocol = "TCP"
        protocol_port = 443
        description = "HTTPS listener of the main HAPROXY instances"
        name = "main_haproxy_https_listener"
        admin_state_up = true
}

resource "openstack_lb_pool_v2" "main_haproxy_https_pool" {
        listener_id = openstack_lb_listener_v2.main_haproxy_https_listener.id
        protocol = "PROXYV2"
        lb_method = "LEAST_CONNECTIONS"
        name = "main-haproxy-lb-https"
        description = "Pool for the HTTPS listener of the main HAPROXY instances"
        persistence {
                type = "SOURCE_IP"
        }
        admin_state_up = true
}

resource "openstack_lb_members_v2" "main_haproxy_https_pool_members" {
        pool_id = openstack_lb_pool_v2.main_haproxy_https_pool.id
        member {
          name = "haproxy l7 1"
          address = module.common_variables.basic_services_ip.haproxy_l7_1
          protocol_port = 443
        }
        member {
          name = "haproxy l7 2"
          address = module.common_variables.basic_services_ip.haproxy_l7_2
          protocol_port = 443
        }
}

resource "openstack_lb_monitor_v2" "main_haproxy_https_monitor" {
        pool_id = openstack_lb_pool_v2.main_haproxy_https_pool.id
        name = "main_haproxy_https_monitor"
        type = "HTTPS"
        http_method = "GET"
        url_path = "/_haproxy_health_check"
        expected_codes = "200"
        delay = 20
        timeout = 5
        max_retries = 3
        admin_state_up = true
}

output "main_loadbalancer_ip" {
  description = "Main Load balancer IP address"
  value       = openstack_lb_loadbalancer_v2.main_lb.vip_address
}
Some refactoring. And another attempt at modules. 2023-11-29 18:01:34 +01:00			`# Main load balancer. L4, backed by Octavia`
			`resource "openstack_lb_loadbalancer_v2" "main_lb" {`
			`vip_subnet_id = module.common_variables.main_private_subnet_id`
			`name = module.common_variables.octavia_information.main_lb_name`
			`description = module.common_variables.octavia_information.main_lb_description`
			`flavor_id = module.common_variables.octavia_information.octavia_flavor_id`
			`vip_address = module.common_variables.basic_services_ip.octavia_main`
			`loadbalancer_provider = "amphora"`
			`}`

			`# Allocate a floating IP`
			`resource "openstack_networking_floatingip_v2" "main_lb_ip" {`
			`pool = module.common_variables.floating_ip_pools.main_public_ip_pool`
			`# The DNS association does not work because of a bug in the OpenStack API`
			`# dns_name = "main-lb"`
			`# dns_domain = module.common_variables.dns_zone.zone_name`
			`description = module.common_variables.octavia_information.main_lb_description`
			`}`

			`resource "openstack_networking_floatingip_associate_v2" "main_lb" {`
			`floating_ip = openstack_networking_floatingip_v2.main_lb_ip.address`
			`port_id = openstack_lb_loadbalancer_v2.main_lb.vip_port_id`
			`}`

			`locals {`
			`recordset_name = "${module.common_variables.octavia_information.main_lb_hostname}.${module.common_variables.dns_zone.zone_name}"`
			`}`

			`resource "openstack_dns_recordset_v2" "main_lb_dns_recordset" {`
			`zone_id = module.common_variables.dns_zone_id`
			`name = local.recordset_name`
			`description = "Public IP address of the main load balancer"`
			`ttl = 8600`
			`type = "A"`
			`records = [openstack_networking_floatingip_v2.main_lb_ip.address]`
			`}`

			`# Main HAPROXY stats listener`
			`resource "openstack_lb_listener_v2" "main_haproxy_stats_listener" {`
			`loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id`
			`protocol = "TCP"`
			`protocol_port = 8880`
			`description = "Listener for the stats of the main HAPROXY instances"`
			`name = "main_haproxy_stats_listener"`
			`allowed_cidrs = [module.common_variables.ssh_sources.d4s_vpn_1_cidr,module.common_variables.ssh_sources.d4s_vpn_2_cidr,module.common_variables.ssh_sources.s2i2s_vpn_1_cidr,module.common_variables.ssh_sources.s2i2s_vpn_2_cidr]`

			`}`

			`resource "openstack_lb_pool_v2" "main_haproxy_stats_pool" {`
			`listener_id = openstack_lb_listener_v2.main_haproxy_stats_listener.id`
			`protocol = "TCP"`
			`lb_method = "LEAST_CONNECTIONS"`
			`name = "main-haproxy-lb-stats"`
			`description = "Pool for the stats of the main HAPROXY instances"`
			`persistence {`
			`type = "SOURCE_IP"`
			`}`
			`}`

			`resource "openstack_lb_members_v2" "main_haproxy_stats_pool_members" {`
			`pool_id = openstack_lb_pool_v2.main_haproxy_stats_pool.id`
			`member {`
			`name = "haproxy l7 1"`
			`address = module.common_variables.basic_services_ip.haproxy_l7_1`
			`protocol_port = 8880`
			`}`
			`member {`
			`name = "haproxy l7 2"`
			`address = module.common_variables.basic_services_ip.haproxy_l7_2`
			`protocol_port = 8880`
			`}`
			`}`

			`resource "openstack_lb_monitor_v2" "main_haproxy_stats_monitor" {`
			`pool_id = openstack_lb_pool_v2.main_haproxy_stats_pool.id`
			`name = "main_haproxy_stats_monitor"`
			`type = "TCP"`
			`delay = 20`
			`timeout = 5`
			`max_retries = 3`
			`admin_state_up = true`
			`}`

			`# Main HAPROXY HTTP`
			`resource "openstack_lb_listener_v2" "main_haproxy_http_listener" {`
			`loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id`
			`protocol = "TCP"`
			`protocol_port = 80`
			`description = "HTTP listener of the main HAPROXY instances"`
			`name = "main_haproxy_http_listener"`
			`admin_state_up = true`
			`}`

			`resource "openstack_lb_pool_v2" "main_haproxy_http_pool" {`
			`listener_id = openstack_lb_listener_v2.main_haproxy_http_listener.id`
			`protocol = "PROXYV2"`
			`lb_method = "LEAST_CONNECTIONS"`
			`name = "main-haproxy-lb-http"`
			`description = "Pool for the HTTP listener of the main HAPROXY instances"`
			`persistence {`
			`type = "SOURCE_IP"`
			`}`
			`admin_state_up = true`
			`}`

			`resource "openstack_lb_members_v2" "main_haproxy_http_pool_members" {`
			`pool_id = openstack_lb_pool_v2.main_haproxy_http_pool.id`
			`member {`
			`name = "haproxy l7 1"`
			`address = module.common_variables.basic_services_ip.haproxy_l7_1`
			`protocol_port = 80`
			`}`
			`member {`
			`name = "haproxy l7 2"`
			`address = module.common_variables.basic_services_ip.haproxy_l7_2`
			`protocol_port = 80`
			`}`
			`}`

			`resource "openstack_lb_monitor_v2" "main_haproxy_http_monitor" {`
			`pool_id = openstack_lb_pool_v2.main_haproxy_http_pool.id`
			`name = "main_haproxy_http_monitor"`
			`type = "HTTP"`
			`http_method = "GET"`
			`url_path = "/_haproxy_health_check"`
			`expected_codes = "200"`
			`delay = 20`
			`timeout = 5`
			`max_retries = 3`
			`admin_state_up = true`
			`}`

			`# Main HAPROXY HTTPS`
			`resource "openstack_lb_listener_v2" "main_haproxy_https_listener" {`
			`loadbalancer_id = openstack_lb_loadbalancer_v2.main_lb.id`
			`protocol = "TCP"`
			`protocol_port = 443`
			`description = "HTTPS listener of the main HAPROXY instances"`
			`name = "main_haproxy_https_listener"`
			`admin_state_up = true`
			`}`

			`resource "openstack_lb_pool_v2" "main_haproxy_https_pool" {`
			`listener_id = openstack_lb_listener_v2.main_haproxy_https_listener.id`
			`protocol = "PROXYV2"`
			`lb_method = "LEAST_CONNECTIONS"`
			`name = "main-haproxy-lb-https"`
			`description = "Pool for the HTTPS listener of the main HAPROXY instances"`
			`persistence {`
			`type = "SOURCE_IP"`
			`}`
			`admin_state_up = true`
			`}`

			`resource "openstack_lb_members_v2" "main_haproxy_https_pool_members" {`
			`pool_id = openstack_lb_pool_v2.main_haproxy_https_pool.id`
			`member {`
			`name = "haproxy l7 1"`
			`address = module.common_variables.basic_services_ip.haproxy_l7_1`
			`protocol_port = 443`
			`}`
			`member {`
			`name = "haproxy l7 2"`
			`address = module.common_variables.basic_services_ip.haproxy_l7_2`
			`protocol_port = 443`
			`}`
			`}`

			`resource "openstack_lb_monitor_v2" "main_haproxy_https_monitor" {`
			`pool_id = openstack_lb_pool_v2.main_haproxy_https_pool.id`
			`name = "main_haproxy_https_monitor"`
			`type = "HTTPS"`
			`http_method = "GET"`
			`url_path = "/_haproxy_health_check"`
			`expected_codes = "200"`
			`delay = 20`
			`timeout = 5`
			`max_retries = 3`
			`admin_state_up = true`
			`}`

			`output "main_loadbalancer_ip" {`
			`description = "Main Load balancer IP address"`
			`value = openstack_lb_loadbalancer_v2.main_lb.vip_address`
			`}`