90 lines
2.9 KiB
Terraform
90 lines
2.9 KiB
Terraform
|
resource "openstack_dns_zone_v2" "primary_project_dns_zone" {
|
||
|
|
name = var.dns_zone.zone_name
|
||
|
|
email = var.dns_zone.email
|
||
|
|
description = var.dns_zone.description
|
||
|
|
project_id = var.os_project_data.id
|
||
|
|
ttl = var.dns_zone.ttl
|
||
|
|
type = "PRIMARY"
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "openstack_networking_network_v2" "main-private-network" {
|
||
|
|
name = var.main_private_network.name
|
||
|
|
admin_state_up = "true"
|
||
|
|
external = "false"
|
||
|
|
description = var.main_private_network.description
|
||
|
|
dns_domain = var.dns_zone.zone_name
|
||
|
|
mtu = var.mtu_size
|
||
|
|
port_security_enabled = true
|
||
|
|
shared = false
|
||
|
|
region = var.main_region
|
||
|
|
tenant_id = var.os_project_data.id
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "openstack_networking_subnet_v2" "main-private-subnet" {
|
||
|
|
name = var.main_private_subnet.name
|
||
|
|
description = var.main_private_subnet.description
|
||
|
|
network_id = openstack_networking_network_v2.main-private-network.id
|
||
|
|
cidr = var.main_private_subnet.cidr
|
||
|
|
gateway_ip = var.main_private_subnet.gateway_ip
|
||
|
|
dns_nameservers = var.resolvers_ip
|
||
|
|
ip_version = 4
|
||
|
|
enable_dhcp = true
|
||
|
|
tenant_id = var.os_project_data.id
|
||
|
|
allocation_pool {
|
||
|
|
start = var.main_private_subnet.allocation_start
|
||
|
|
end = var.main_private_subnet.allocation_end
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "openstack_networking_router_v2" "external-router" {
|
||
|
|
name = var.external_router.name
|
||
|
|
description = var.external_router.description
|
||
|
|
external_network_id = var.external_network.id
|
||
|
|
tenant_id = var.os_project_data.id
|
||
|
|
enable_snat = true
|
||
|
|
vendor_options {
|
||
|
|
set_router_gateway_after_create = true
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
# Router interface configuration
|
||
|
|
resource "openstack_networking_router_interface_v2" "private-network-routing" {
|
||
|
|
router_id = openstack_networking_router_v2.external-router.id
|
||
|
|
# router_id = var.external_router.id
|
||
|
|
subnet_id = openstack_networking_subnet_v2.main-private-subnet.id
|
||
|
|
}
|
||
|
|
|
||
|
|
locals {
|
||
|
|
acme_challenge_recordset_name = "_acme-challenge.${var.dns_zone.zone_name}"
|
||
|
|
acme_challenge_delegation = "_acme-challenge.d4science.net."
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "openstack_dns_recordset_v2" "acme_challenge_recordset" {
|
||
|
|
zone_id = openstack_dns_zone_v2.primary_project_dns_zone.id
|
||
|
|
name = local.acme_challenge_recordset_name
|
||
|
|
description = "ACME challenge delegation"
|
||
|
|
ttl = 8600
|
||
|
|
type = "CNAME"
|
||
|
|
records = ["_acme-challenge.d4science.net."]
|
||
|
|
}
|
||
|
|
|
||
|
|
output "main_private_network_id" {
|
||
|
|
description = "Main private network id"
|
||
|
|
value = openstack_networking_network_v2.main-private-network.id
|
||
|
|
}
|
||
|
|
|
||
|
|
output "main_subnet_network_id" {
|
||
|
|
description = "Main subnet network id"
|
||
|
|
value = openstack_networking_subnet_v2.main-private-subnet.id
|
||
|
|
}
|
||
|
|
|
||
|
|
output "dns_zone_id" {
|
||
|
|
description = "Id of the new DNS zone"
|
||
|
|
value = openstack_dns_zone_v2.primary_project_dns_zone.id
|
||
|
|
}
|
||
|
|
|
||
|
|
output "external_gateway_ip" {
|
||
|
|
description = "Public IP address of the external gateway"
|
||
|
|
value = openstack_networking_router_v2.external-router.external_fixed_ip[0].ip_address
|
||
|
|
}
|