infrastructure-as-code/openstack-tf/modules/d4science_infra_setup/postgresql.tf

97 lines
3.7 KiB
Terraform
Raw Normal View History

# PostgreSQL shared server
# Network
resource "openstack_networking_network_v2" "shared_postgresql_net" {
2023-11-30 19:48:49 +01:00
name = var.shared_postgresql_server_data.network_name
admin_state_up = "true"
external = "false"
description = var.shared_postgresql_server_data.network_description
dns_domain = var.dns_zone.zone_name
mtu = var.mtu_size
port_security_enabled = true
2023-11-30 19:48:49 +01:00
shared = false
region = var.main_region
}
# Subnet
resource "openstack_networking_subnet_v2" "shared_postgresql_subnet" {
name = "shared-postgresql-subnet"
2023-11-30 19:48:49 +01:00
description = "subnet used to connect to the shared PostgreSQL service"
network_id = openstack_networking_network_v2.shared_postgresql_net.id
2023-11-30 19:48:49 +01:00
cidr = var.shared_postgresql_server_data.network_cidr
dns_nameservers = var.resolvers_ip
ip_version = 4
enable_dhcp = true
no_gateway = true
allocation_pool {
2023-11-30 19:48:49 +01:00
start = var.shared_postgresql_server_data.allocation_pool_start
end = var.shared_postgresql_server_data.allocation_pool_end
}
}
# Security group
resource "openstack_networking_secgroup_v2" "shared_postgresql_access" {
2023-11-30 19:48:49 +01:00
name = "access_to_the_shared_postgresql_service"
delete_default_rules = "true"
description = "Access the shared PostgreSQL service using the dedicated network"
}
resource "openstack_networking_secgroup_rule_v2" "shared_postgresql_access_from_dedicated_subnet" {
2023-11-30 19:48:49 +01:00
security_group_id = openstack_networking_secgroup_v2.shared_postgresql_access.id
description = "Allow connections to port 5432 from the 192.168.2.0/22 network"
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 5432
port_range_max = 5432
remote_ip_prefix = var.shared_postgresql_server_data.network_cidr
}
# Block device
resource "openstack_blockstorage_volume_v3" "shared_postgresql_data_vol" {
2023-11-30 19:48:49 +01:00
name = var.shared_postgresql_server_data.vol_data_name
size = var.shared_postgresql_server_data.vol_data_size
}
# Instance
resource "openstack_compute_instance_v2" "shared_postgresql_server" {
2023-11-30 19:48:49 +01:00
name = var.shared_postgresql_server_data.name
availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu
flavor_name = var.shared_postgresql_server_data.flavor
key_pair = module.ssh_settings.ssh_key_name
security_groups = [var.default_security_group_name, openstack_networking_secgroup_v2.shared_postgresql_access.name]
block_device {
2023-11-30 19:48:49 +01:00
uuid = var.ubuntu_2204.uuid
source_type = "image"
volume_size = 10
boot_index = 0
destination_type = "volume"
delete_on_termination = false
}
network {
2023-11-30 19:48:49 +01:00
name = var.main_private_network.name
}
network {
2023-11-30 19:48:49 +01:00
name = var.shared_postgresql_server_data.network_name
fixed_ip_v4 = var.shared_postgresql_server_data.server_ip
}
2023-11-30 19:48:49 +01:00
user_data = file("${var.ubuntu2204_data_file}")
# Do not replace the instance when the ssh key changes
lifecycle {
ignore_changes = [
# Ignore changes to tags, e.g. because a management agent
# updates these based on some ruleset managed elsewhere.
key_pair, user_data, network
]
}
}
resource "openstack_compute_volume_attach_v2" "shared_postgresql_data_attach_vol" {
instance_id = openstack_compute_instance_v2.shared_postgresql_server.id
volume_id = openstack_blockstorage_volume_v3.shared_postgresql_data_vol.id
2023-11-30 19:48:49 +01:00
device = var.shared_postgresql_server_data.vol_data_device
depends_on = [openstack_compute_instance_v2.shared_postgresql_server]
}