infrastructure-as-code/openstack-tf/modules/mongodb/mongodb.tf

202 lines
7.7 KiB
Terraform
Raw Normal View History

#
# Server groups for both the masters and the workers
#
resource "openstack_compute_servergroup_v2" "mongodb" {
name = "mongodb"
policies = ["anti-affinity"]
}
#
# Security groups
#
# Rules
# 80 from 0/0
# 9101 from prometheus
# 27017 da: garr-ct1, garr-na, garr-pa1, InfraScience, S2I2S
resource "openstack_networking_secgroup_v2" "mongodb_cluster_traffic" {
name = "mongodb_cluster_traffic"
delete_default_rules = "true"
description = "Traffic between the MongoDB nodes"
}
resource "openstack_networking_secgroup_rule_v2" "access_to_the_mongodb_service_from_the_internal_network" {
security_group_id = openstack_networking_secgroup_v2.mongodb_cluster_traffic.id
description = "Access to the MongoDB service"
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 27017
port_range_max = 27017
remote_ip_prefix = var.main_private_subnet.cidr
}
resource "openstack_networking_secgroup_rule_v2" "access_to_the_mongodb_service_from_the_outside" {
for_each = toset([var.networks_with_d4s_services.infrascience_net, var.networks_with_d4s_services.s2i2s_net, var.networks_with_d4s_services.garr_ct1_net, var.networks_with_d4s_services.garr_pa1_net, var.networks_with_d4s_services.garr_na_net])
security_group_id = openstack_networking_secgroup_v2.mongodb_cluster_traffic.id
description = "Access to the MongoDB service"
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 27017
port_range_max = 27017
remote_ip_prefix = each.value
}
resource "openstack_networking_secgroup_rule_v2" "mongodb_plain_http_for_letsencrypt" {
security_group_id = openstack_networking_secgroup_v2.mongodb_cluster_traffic.id
description = "Plain HTTP for letsencrypt"
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 80
port_range_max = 80
remote_ip_prefix = "0.0.0.0/0"
}
resource "openstack_networking_secgroup_rule_v2" "mongodb_prometheus_exporter" {
security_group_id = openstack_networking_secgroup_v2.mongodb_cluster_traffic.id
description = "Prometheus exporter for MongoDB"
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 9101
port_range_max = 9101
remote_ip_prefix = var.basic_services_ip.prometheus_cidr
}
#
# Mongodb cluster VMs
#
# Instance
resource "openstack_compute_instance_v2" "mongodb_cluster_nodes" {
count = var.mongodb_cluster_data.count
name = format("%s-%02d", var.mongodb_cluster_data.name, count.index + 2)
availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu
flavor_name = var.mongodb_cluster_data.flavor
key_pair = var.ssh_key_file.name
security_groups = [var.default_security_group_name, openstack_networking_secgroup_v2.mongodb_cluster_traffic.name]
scheduler_hints {
group = openstack_compute_servergroup_v2.mongodb.id
}
block_device {
uuid = var.mongodb_cluster_data.image_type_uuid
source_type = "image"
volume_size = 10
boot_index = 0
destination_type = "volume"
delete_on_termination = false
}
block_device {
source_type = "blank"
volume_size = var.mongodb_cluster_data.data_disk_size
boot_index = -1
destination_type = "volume"
delete_on_termination = false
}
network {
name = var.main_private_network.name
fixed_ip_v4 = var.mongodb_ip.* [count.index]
}
user_data = file("${var.ubuntu2204_data_file}")
# Do not replace the instance when the ssh key changes
lifecycle {
ignore_changes = [
# Ignore changes to tags, e.g. because a management agent
# updates these based on some ruleset managed elsewhere.
key_pair, user_data, network
]
}
}
# Allocate a floating IP
resource "openstack_networking_floatingip_v2" "mongodb_cluster_floating_ip" {
count = var.mongodb_cluster_data.count
pool = var.floating_ip_pools.main_public_ip_pool
# The DNS association does not work because of a bug in the OpenStack API
# dns_name = "main-lb"
# dns_domain = var.dns_zone.zone_name
description = format("MongoDB cluster node %s-%02d", var.mongodb_cluster_data.name, count.index + 2)
}
resource "openstack_compute_floatingip_associate_v2" "mongodb_cluster_ip" {
count = var.mongodb_cluster_data.count
floating_ip = element(openstack_networking_floatingip_v2.mongodb_cluster_floating_ip.*.address, count.index)
instance_id = element(openstack_compute_instance_v2.mongodb_cluster_nodes.*.id, count.index)
depends_on = [openstack_networking_floatingip_v2.mongodb_cluster_floating_ip]
}
resource "openstack_dns_recordset_v2" "mongodb_cluster_dns_recordsets" {
count = var.mongodb_cluster_data.count
zone_id = var.dns_zone_id
name = join(".", [element(openstack_compute_instance_v2.mongodb_cluster_nodes.*.name, count.index), var.dns_zone.zone_name])
description = "Mongodb public hostnames"
ttl = 8600
type = "A"
records = [element(openstack_networking_floatingip_v2.mongodb_cluster_floating_ip.*.address, count.index)]
depends_on = [openstack_networking_floatingip_v2.mongodb_cluster_floating_ip]
}
#
# MongoDB vol node
#
# Instance
resource "openstack_compute_instance_v2" "mongodb_vol_node" {
name = "mongodb-vol"
availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu
flavor_name = var.mongodb_vol_data.flavor
key_pair = var.ssh_key_file.name
security_groups = [var.default_security_group_name, openstack_networking_secgroup_v2.mongodb_cluster_traffic.name]
block_device {
uuid = var.mongodb_vol_data.image_type_uuid
source_type = "image"
volume_size = 10
boot_index = 0
destination_type = "volume"
delete_on_termination = false
}
block_device {
source_type = "blank"
volume_size = var.mongodb_vol_data.data_disk_size
boot_index = -1
destination_type = "volume"
delete_on_termination = false
}
network {
name = var.main_private_network.name
fixed_ip_v4 = var.mongodb_vol_ip
}
user_data = file("${var.ubuntu2204_data_file}")
# Do not replace the instance when the ssh key changes
lifecycle {
ignore_changes = [
# Ignore changes to tags, e.g. because a management agent
# updates these based on some ruleset managed elsewhere.
key_pair, user_data, network
]
}
}
# Allocate a floating IP
resource "openstack_networking_floatingip_v2" "mongodb_vol_floating_ip" {
pool = var.floating_ip_pools.main_public_ip_pool
# The DNS association does not work because of a bug in the OpenStack API
# dns_name = "main-lb"
# dns_domain = var.dns_zone.zone_name
description = "MongoDB Volatile"
}
resource "openstack_compute_floatingip_associate_v2" "mongodb_vol_public_ip" {
floating_ip = openstack_networking_floatingip_v2.mongodb_vol_floating_ip.address
instance_id = openstack_compute_instance_v2.mongodb_vol_node.id
depends_on = [openstack_networking_floatingip_v2.mongodb_vol_floating_ip]
}
resource "openstack_dns_recordset_v2" "mongodb_vol_dns_recordsets" {
zone_id = var.dns_zone_id
name = join(".", [openstack_compute_instance_v2.mongodb_vol_node.name], [var.dns_zone.zone_name])
description = "Mongodb Volatile public hostnames"
ttl = 8600
type = "A"
records = [openstack_networking_floatingip_v2.mongodb_vol_floating_ip.address]
depends_on = [openstack_networking_floatingip_v2.mongodb_vol_floating_ip]
}