From 33df04e799809217b2e01479735aa9f295759353 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 19 Dec 2023 14:51:53 +0100 Subject: [PATCH] Ignore the modifications to the VM networks. --- .../modules/d4science_infra_setup/haproxy.tf | 2 +- .../d4science_infra_setup/internal-ca.tf | 2 +- .../modules/d4science_infra_setup/outputs.tf | 127 +++++++- .../d4science_infra_setup/postgresql.tf | 2 +- .../d4science_infra_setup/prometheus.tf | 2 +- .../d4science_infra_setup/ssh-jump-proxy.tf | 2 +- .../d4science_infra_setup/variables.tf | 277 +++++++++++++++++- .../modules/docker_swarm/docker-swarm.tf | 2 +- .../generic_smartgears_service.tf | 2 +- .../instance_with_data_volume.tf | 2 +- .../instance_without_data_volume.tf | 2 +- openstack-tf/modules/liferay/liferay.tf | 2 +- openstack-tf/modules/liferay/outputs.tf | 127 +++++++- openstack-tf/modules/liferay/variables.tf | 277 +++++++++++++++++- openstack-tf/modules/mongodb/mongodb.tf | 4 +- openstack-tf/modules/orientdb/orientdb.tf | 4 +- .../modules/smart-executor/smart-executor.tf | 10 +- .../modules/timescaledb/timescaledb.tf | 2 +- 18 files changed, 824 insertions(+), 24 deletions(-) mode change 120000 => 100644 openstack-tf/modules/d4science_infra_setup/outputs.tf mode change 120000 => 100644 openstack-tf/modules/d4science_infra_setup/variables.tf mode change 120000 => 100644 openstack-tf/modules/liferay/outputs.tf mode change 120000 => 100644 openstack-tf/modules/liferay/variables.tf diff --git a/openstack-tf/modules/d4science_infra_setup/haproxy.tf b/openstack-tf/modules/d4science_infra_setup/haproxy.tf index 7085efb0..09cbfafb 100644 --- a/openstack-tf/modules/d4science_infra_setup/haproxy.tf +++ b/openstack-tf/modules/d4science_infra_setup/haproxy.tf @@ -109,7 +109,7 @@ resource "openstack_compute_instance_v2" "main_haproxy_l7" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } diff --git a/openstack-tf/modules/d4science_infra_setup/internal-ca.tf b/openstack-tf/modules/d4science_infra_setup/internal-ca.tf index f657b26d..298191fe 100644 --- a/openstack-tf/modules/d4science_infra_setup/internal-ca.tf +++ b/openstack-tf/modules/d4science_infra_setup/internal-ca.tf @@ -23,7 +23,7 @@ resource "openstack_compute_instance_v2" "internal_ca" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } diff --git a/openstack-tf/modules/d4science_infra_setup/outputs.tf b/openstack-tf/modules/d4science_infra_setup/outputs.tf deleted file mode 120000 index d953b684..00000000 --- a/openstack-tf/modules/d4science_infra_setup/outputs.tf +++ /dev/null @@ -1 +0,0 @@ -../common_variables/outputs.tf \ No newline at end of file diff --git a/openstack-tf/modules/d4science_infra_setup/outputs.tf b/openstack-tf/modules/d4science_infra_setup/outputs.tf new file mode 100644 index 00000000..285faca0 --- /dev/null +++ b/openstack-tf/modules/d4science_infra_setup/outputs.tf @@ -0,0 +1,126 @@ + +output "main_region" { + value = var.main_region +} + +output "external_network" { + value = var.external_network +} + +output "external_network_id" { + value = var.external_network.id +} + +output "floating_ip_pools" { + value = var.floating_ip_pools + +} + +output "resolvers_ip" { + value = var.resolvers_ip +} + +output "mtu_size" { + value = var.mtu_size +} + +output "availability_zones_names" { + value = var.availability_zones_names +} + +output "availability_zone_no_gpu_name" { + value = var.availability_zones_names.availability_zone_no_gpu +} + +output "availability_zone_with_gpu_name" { + value = var.availability_zones_names.availability_zone_with_gpu +} + +output "ssh_sources" { + value = var.ssh_sources +} + +output "networks_with_d4s_services" { + value = var.networks_with_d4s_services +} + +output "ubuntu_1804" { + value = var.ubuntu_1804 +} + +output "ubuntu_2204" { + value = var.ubuntu_2204 +} + +output "centos_7" { + value = var.centos_7 +} + +output "almalinux_9" { + value = var.almalinux_9 +} + +output "ubuntu1804_data_file" { + value = var.ubuntu1804_data_file +} + +output "ubuntu2204_data_file" { + value = var.ubuntu2204_data_file +} + +output "el7_data_file" { + value = var.el7_data_file +} + +output "ssh_jump_proxy" { + value = var.ssh_jump_proxy +} + +output "internal_ca_data" { + value = var.internal_ca_data +} + +output "prometheus_server_data" { + value = var.prometheus_server_data +} + +output "shared_postgresql_server_data" { + value = var.shared_postgresql_server_data +} + +output "haproxy_l7_data" { + value = var.haproxy_l7_data +} + +output "resource_registry_addresses" { + value = var.resource_registry_addresses +} + +output "smartexecutor_addresses" { + value = var.smartexecutor_addresses +} + +#Added by Francesco +output "policy_list" { + value = var.policy_list +} + +#Added by Francesco +output "flavor_list" { + value = var.flavor_list +} + +#Added by Francesco +output "security_group_list" { + value = var.security_group_list +} + +#Added by Francesco +output "networks_list" { + value = var.networks_list +} + +# output "default_security_group_name" { +# value = var.default_security_group_name +# } + diff --git a/openstack-tf/modules/d4science_infra_setup/postgresql.tf b/openstack-tf/modules/d4science_infra_setup/postgresql.tf index 28052358..a5524f79 100644 --- a/openstack-tf/modules/d4science_infra_setup/postgresql.tf +++ b/openstack-tf/modules/d4science_infra_setup/postgresql.tf @@ -82,7 +82,7 @@ resource "openstack_compute_instance_v2" "shared_postgresql_server" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } diff --git a/openstack-tf/modules/d4science_infra_setup/prometheus.tf b/openstack-tf/modules/d4science_infra_setup/prometheus.tf index bff68fff..84f64c6e 100644 --- a/openstack-tf/modules/d4science_infra_setup/prometheus.tf +++ b/openstack-tf/modules/d4science_infra_setup/prometheus.tf @@ -29,7 +29,7 @@ resource "openstack_compute_instance_v2" "prometheus_server" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } diff --git a/openstack-tf/modules/d4science_infra_setup/ssh-jump-proxy.tf b/openstack-tf/modules/d4science_infra_setup/ssh-jump-proxy.tf index e13c9bd5..a09f6b88 100644 --- a/openstack-tf/modules/d4science_infra_setup/ssh-jump-proxy.tf +++ b/openstack-tf/modules/d4science_infra_setup/ssh-jump-proxy.tf @@ -24,7 +24,7 @@ resource "openstack_compute_instance_v2" "ssh_jump_proxy" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } diff --git a/openstack-tf/modules/d4science_infra_setup/variables.tf b/openstack-tf/modules/d4science_infra_setup/variables.tf deleted file mode 120000 index 619d9672..00000000 --- a/openstack-tf/modules/d4science_infra_setup/variables.tf +++ /dev/null @@ -1 +0,0 @@ -../common_variables/variables.tf \ No newline at end of file diff --git a/openstack-tf/modules/d4science_infra_setup/variables.tf b/openstack-tf/modules/d4science_infra_setup/variables.tf new file mode 100644 index 00000000..2fb96ba8 --- /dev/null +++ b/openstack-tf/modules/d4science_infra_setup/variables.tf @@ -0,0 +1,276 @@ +# Global definitions +variable "main_region" { + type = string + default = "isti_area_pi_1" +} + +variable "external_network" { + type = map(string) + default = { + name = "external-network" + id = "1d2ff137-6ff7-4017-be2b-0d6c4af2353b" + } +} + +variable "floating_ip_pools" { + type = map(string) + default = { + main_public_ip_pool = "external-network" + } +} + +variable "resolvers_ip" { + type = list(string) + default = ["146.48.29.97", "146.48.29.98", "146.48.29.99"] +} + +variable "mtu_size" { + type = number + default = 8942 +} + +variable "availability_zones_names" { + type = map(string) + default = { + availability_zone_no_gpu = "cnr-isti-nova-a" + availability_zone_with_gpu = "cnr-isti-nova-gpu-a" + } +} + +variable "ubuntu_1804" { + type = map(string) + + default = { + name = "Ubuntu-Bionic-18.04" + uuid = "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" + user_data_file = "../../openstack_vm_data_scripts/ubuntu1804.sh" + } +} + +variable "ubuntu_2204" { + type = map(string) + default = { + name = "Ubuntu-Jammy-22.04" + uuid = "54768889-8556-4be4-a2eb-82a4d9b34627" + user_data_file = "../../openstack_vm_data_scripts/ubuntu2204.sh" + } +} + +variable "centos_7" { + type = map(string) + default = { + name = "CentOS-7" + uuid = "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" + } +} + +variable "almalinux_9" { + type = map(string) + default = { + name = "AlmaLinux-9.0-20220718" + uuid = "541650fc-dd19-4f38-bb1d-7333ed9dd688" + } +} + +variable "ubuntu1804_data_file" { + default = "../../openstack_vm_data_scripts/ubuntu1804.sh" +} + +variable "ubuntu2204_data_file" { + default = "../../openstack_vm_data_scripts/ubuntu2204.sh" +} + +variable "el7_data_file" { + default = "../../openstack_vm_data_scripts/el7.sh" +} + +variable "ssh_jump_proxy" { + type = map(string) + default = { + name = "ssh-jump-proxy" + flavor = "m2.small" + } +} + +variable "internal_ca_data" { + type = map(string) + default = { + name = "ca" + flavor = "m1.small" + } +} + +variable "prometheus_server_data" { + type = map(string) + default = { + name = "prometheus" + flavor = "m1.medium" + vol_data_name = "prometheus-data" + vol_data_size = "100" + vol_data_device = "/dev/vdb" + public_grafana_server_cidr = "146.48.122.132/32" + } +} + +variable "shared_postgresql_server_data" { + type = map(string) + default = { + name = "shared-postgresql-server" + flavor = "m1.medium" + vol_data_name = "shared-postgresql-data" + vol_data_size = "100" + vol_data_device = "/dev/vdb" + # vol_backup_name = "" + # vol_backup_size = "" + # vol_backup_device = "" + network_name = "postgresql-srv-net" + network_description = "Network used to communicate with the shared postgresql service" + network_cidr = "192.168.0.0/22" + allocation_pool_start = "192.168.0.100" + allocation_pool_end = "192.168.3.254" + server_ip = "192.168.0.5" + server_cidr = "192.168.0.5/22" + } +} + +variable "haproxy_l7_data" { + type = map(string) + default = { + name = "main-haproxy-l7" + haproxy_1 = "haproxy-l7-1" + haproxy_2 = "haproxy-l7-2" + flavor = "m1.medium" + vm_count = "2" + } +} + +variable "resource_registry_addresses" { + type = map(string) + default = { + } +} + +variable "smartexecutor_addresses" { + type = map(string) + default = { + } +} + +# Added by Francesco +# Create in the path 'modules/ssh-key-ref' the file 'ssh-key-ref-outputs.tf' +# with the following outputs: + +# output "ssh_key_file" { +# value = "~/.ssh/{YOUR_PRIVATE_KEYNAME}" +# sensitive = true +# } + +# output "ssh_key_name" { +# value = "{YOUR_KEYNAME}" +# sensitive = false +# } + +# Then you can use above outputs in your 'file.tf' (if it contains the soft link to variables.tf) as: +# module.ssh_settings.ssh_key_file +# module.ssh_settings.ssh_key_name + +# e.g. +# +# resource "openstack_compute_instance_v2" "geoserver" { +# key_pair = module.ssh_settings.ssh_key_name + +# Added by Francesco +variable "flavor_list" { + type = map(string) + default = { + c1_small = "c1.small" #RAM 2 - VCPUs 2 + c1_medium = "c1.medium" #RAM 4 - VCPUs 4 + c1_large = "c1.large" #RAM 8 - VCPUs 8 + c2_large = "c2.large" #RAM 16 -VCPUs 16 + m1_medium = "m1.medium" #RAM 4 - VCPUs 2 + m1_large = "m1.large" #RAM 8 - VCPUs 4 + m1_xlarge = "m1.xlarge" #RAM 16 - VCPUs 8 + m1_xxl = "m1.xxl" #RAM 32 - VCPUS 16 + m2_small = "m2.small" #RAM 8 - VCPUs 2 + m2_medium = "m2.medium" #RAM 16 - VCPUs 4 + m2_large = "m2.large" #RAM 32 - VCPUs 8 + m3_large = "m3.large" #RAM 64 - VCPUs 16 + } +} + +# Added by Francesco +variable "security_group_list" { + type = map(string) + default = { + postgreSQL = "PostgreSQL service" + acaland = "acaland's dev machine" + haproxy = "traffic_from_main_lb_to_haproxy_l7" + access_to_orientdb = "access_to_orientdb" + dataminer-publish = "dataminer-publish" + docker_swarm_NFS = "Docker Swarm NFS" + public_HTTPS = "Public HTTPS" + orientdb_internal_docker_traffic = "orientdb_internal_docker_traffic" + limited_SSH_access = "Limited SSH access" + debugging_from_jump_node = "debugging_from_jump_node" + access_to_the_timescaledb_service = "access_to_the_timescaledb_service" + docker_swarm = "Docker Swarm" + http_and_https_from_the_load_balancers = "traffic_from_the_main_load_balancers" + limited_HTTPS_access = "restricted_web_service" + mongo = "mongo" + limited_SSH_access = "Limited SSH access" + default = "default" + cassandra = "Cassandra" + access_to_orientdb_se = "access_to_orientdb_se" + } +} + +# Added by Francesco +variable "policy_list" { + type = map(string) + default = { + soft_anti_affinity = "soft-anti-affinity" + anti_affinity = "anti-affinity" + affinity = "affinity" + soft_affinity = "soft-affinity" + } +} + +variable "networks_list" { + type = map(string) + default = { + shared_postgresql = "postgresql-srv-net" + swarm = "swarm-nfs-net" + timescaledb = "timescaledb-net" + orientdb = "orientdb-net" + orientdb_se = "orientdb-se-net" + } +} + +variable "ssh_sources" { + type = map(string) + default = { + s2i2s_vpn_1_cidr = "146.48.28.10/32" + s2i2s_vpn_2_cidr = "146.48.28.11/32" + d4s_vpn_1_cidr = "146.48.122.27/32" + d4s_vpn_2_cidr = "146.48.122.49/32" + shell_d4s_cidr = "146.48.122.95/32" + infrascience_net_cidr = "146.48.122.0/23" + } +} + +variable "networks_with_d4s_services" { + type = map(string) + default = { + "isti_net" = "146.48.80.0/21" + "s2i2s_net" = "146.48.28.0/22" + "infrascience_net" = "146.48.122.0/23" + "garr_ct1_net" = "90.147.166.0/23" + "garr_pa1_net" = "90.147.188.0/23" + "garr_na_net" = "90.147.152.0/24" + } +} + +# variable "default_security_group_name" { +# default = "default_for_all" +# } + diff --git a/openstack-tf/modules/docker_swarm/docker-swarm.tf b/openstack-tf/modules/docker_swarm/docker-swarm.tf index 2836c4b2..3b1939fd 100644 --- a/openstack-tf/modules/docker_swarm/docker-swarm.tf +++ b/openstack-tf/modules/docker_swarm/docker-swarm.tf @@ -132,7 +132,7 @@ resource "openstack_compute_instance_v2" "docker_swarm_managers" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } diff --git a/openstack-tf/modules/generic_smartgears_service/generic_smartgears_service.tf b/openstack-tf/modules/generic_smartgears_service/generic_smartgears_service.tf index b91330a3..9a3ce5a5 100644 --- a/openstack-tf/modules/generic_smartgears_service/generic_smartgears_service.tf +++ b/openstack-tf/modules/generic_smartgears_service/generic_smartgears_service.tf @@ -49,7 +49,7 @@ resource "openstack_compute_instance_v2" "smartgears_service" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } diff --git a/openstack-tf/modules/instance_with_data_volume/instance_with_data_volume.tf b/openstack-tf/modules/instance_with_data_volume/instance_with_data_volume.tf index c2b9cb76..18b01a0e 100644 --- a/openstack-tf/modules/instance_with_data_volume/instance_with_data_volume.tf +++ b/openstack-tf/modules/instance_with_data_volume/instance_with_data_volume.tf @@ -56,7 +56,7 @@ resource "openstack_compute_instance_v2" "instance_with_data_volume" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } } diff --git a/openstack-tf/modules/instance_without_data_volume/instance_without_data_volume.tf b/openstack-tf/modules/instance_without_data_volume/instance_without_data_volume.tf index fd0a324c..76dd031f 100644 --- a/openstack-tf/modules/instance_without_data_volume/instance_without_data_volume.tf +++ b/openstack-tf/modules/instance_without_data_volume/instance_without_data_volume.tf @@ -49,7 +49,7 @@ resource "openstack_compute_instance_v2" "smartgears_service" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } } diff --git a/openstack-tf/modules/liferay/liferay.tf b/openstack-tf/modules/liferay/liferay.tf index ffe52eed..a885c68b 100644 --- a/openstack-tf/modules/liferay/liferay.tf +++ b/openstack-tf/modules/liferay/liferay.tf @@ -61,7 +61,7 @@ resource "openstack_compute_instance_v2" "liferay" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } } diff --git a/openstack-tf/modules/liferay/outputs.tf b/openstack-tf/modules/liferay/outputs.tf deleted file mode 120000 index d953b684..00000000 --- a/openstack-tf/modules/liferay/outputs.tf +++ /dev/null @@ -1 +0,0 @@ -../common_variables/outputs.tf \ No newline at end of file diff --git a/openstack-tf/modules/liferay/outputs.tf b/openstack-tf/modules/liferay/outputs.tf new file mode 100644 index 00000000..285faca0 --- /dev/null +++ b/openstack-tf/modules/liferay/outputs.tf @@ -0,0 +1,126 @@ + +output "main_region" { + value = var.main_region +} + +output "external_network" { + value = var.external_network +} + +output "external_network_id" { + value = var.external_network.id +} + +output "floating_ip_pools" { + value = var.floating_ip_pools + +} + +output "resolvers_ip" { + value = var.resolvers_ip +} + +output "mtu_size" { + value = var.mtu_size +} + +output "availability_zones_names" { + value = var.availability_zones_names +} + +output "availability_zone_no_gpu_name" { + value = var.availability_zones_names.availability_zone_no_gpu +} + +output "availability_zone_with_gpu_name" { + value = var.availability_zones_names.availability_zone_with_gpu +} + +output "ssh_sources" { + value = var.ssh_sources +} + +output "networks_with_d4s_services" { + value = var.networks_with_d4s_services +} + +output "ubuntu_1804" { + value = var.ubuntu_1804 +} + +output "ubuntu_2204" { + value = var.ubuntu_2204 +} + +output "centos_7" { + value = var.centos_7 +} + +output "almalinux_9" { + value = var.almalinux_9 +} + +output "ubuntu1804_data_file" { + value = var.ubuntu1804_data_file +} + +output "ubuntu2204_data_file" { + value = var.ubuntu2204_data_file +} + +output "el7_data_file" { + value = var.el7_data_file +} + +output "ssh_jump_proxy" { + value = var.ssh_jump_proxy +} + +output "internal_ca_data" { + value = var.internal_ca_data +} + +output "prometheus_server_data" { + value = var.prometheus_server_data +} + +output "shared_postgresql_server_data" { + value = var.shared_postgresql_server_data +} + +output "haproxy_l7_data" { + value = var.haproxy_l7_data +} + +output "resource_registry_addresses" { + value = var.resource_registry_addresses +} + +output "smartexecutor_addresses" { + value = var.smartexecutor_addresses +} + +#Added by Francesco +output "policy_list" { + value = var.policy_list +} + +#Added by Francesco +output "flavor_list" { + value = var.flavor_list +} + +#Added by Francesco +output "security_group_list" { + value = var.security_group_list +} + +#Added by Francesco +output "networks_list" { + value = var.networks_list +} + +# output "default_security_group_name" { +# value = var.default_security_group_name +# } + diff --git a/openstack-tf/modules/liferay/variables.tf b/openstack-tf/modules/liferay/variables.tf deleted file mode 120000 index 619d9672..00000000 --- a/openstack-tf/modules/liferay/variables.tf +++ /dev/null @@ -1 +0,0 @@ -../common_variables/variables.tf \ No newline at end of file diff --git a/openstack-tf/modules/liferay/variables.tf b/openstack-tf/modules/liferay/variables.tf new file mode 100644 index 00000000..2fb96ba8 --- /dev/null +++ b/openstack-tf/modules/liferay/variables.tf @@ -0,0 +1,276 @@ +# Global definitions +variable "main_region" { + type = string + default = "isti_area_pi_1" +} + +variable "external_network" { + type = map(string) + default = { + name = "external-network" + id = "1d2ff137-6ff7-4017-be2b-0d6c4af2353b" + } +} + +variable "floating_ip_pools" { + type = map(string) + default = { + main_public_ip_pool = "external-network" + } +} + +variable "resolvers_ip" { + type = list(string) + default = ["146.48.29.97", "146.48.29.98", "146.48.29.99"] +} + +variable "mtu_size" { + type = number + default = 8942 +} + +variable "availability_zones_names" { + type = map(string) + default = { + availability_zone_no_gpu = "cnr-isti-nova-a" + availability_zone_with_gpu = "cnr-isti-nova-gpu-a" + } +} + +variable "ubuntu_1804" { + type = map(string) + + default = { + name = "Ubuntu-Bionic-18.04" + uuid = "7ed6a2cd-2b07-482e-8ce4-f018dff16c89" + user_data_file = "../../openstack_vm_data_scripts/ubuntu1804.sh" + } +} + +variable "ubuntu_2204" { + type = map(string) + default = { + name = "Ubuntu-Jammy-22.04" + uuid = "54768889-8556-4be4-a2eb-82a4d9b34627" + user_data_file = "../../openstack_vm_data_scripts/ubuntu2204.sh" + } +} + +variable "centos_7" { + type = map(string) + default = { + name = "CentOS-7" + uuid = "f0187a99-64f6-462a-ab5f-ef52fe62f2ca" + } +} + +variable "almalinux_9" { + type = map(string) + default = { + name = "AlmaLinux-9.0-20220718" + uuid = "541650fc-dd19-4f38-bb1d-7333ed9dd688" + } +} + +variable "ubuntu1804_data_file" { + default = "../../openstack_vm_data_scripts/ubuntu1804.sh" +} + +variable "ubuntu2204_data_file" { + default = "../../openstack_vm_data_scripts/ubuntu2204.sh" +} + +variable "el7_data_file" { + default = "../../openstack_vm_data_scripts/el7.sh" +} + +variable "ssh_jump_proxy" { + type = map(string) + default = { + name = "ssh-jump-proxy" + flavor = "m2.small" + } +} + +variable "internal_ca_data" { + type = map(string) + default = { + name = "ca" + flavor = "m1.small" + } +} + +variable "prometheus_server_data" { + type = map(string) + default = { + name = "prometheus" + flavor = "m1.medium" + vol_data_name = "prometheus-data" + vol_data_size = "100" + vol_data_device = "/dev/vdb" + public_grafana_server_cidr = "146.48.122.132/32" + } +} + +variable "shared_postgresql_server_data" { + type = map(string) + default = { + name = "shared-postgresql-server" + flavor = "m1.medium" + vol_data_name = "shared-postgresql-data" + vol_data_size = "100" + vol_data_device = "/dev/vdb" + # vol_backup_name = "" + # vol_backup_size = "" + # vol_backup_device = "" + network_name = "postgresql-srv-net" + network_description = "Network used to communicate with the shared postgresql service" + network_cidr = "192.168.0.0/22" + allocation_pool_start = "192.168.0.100" + allocation_pool_end = "192.168.3.254" + server_ip = "192.168.0.5" + server_cidr = "192.168.0.5/22" + } +} + +variable "haproxy_l7_data" { + type = map(string) + default = { + name = "main-haproxy-l7" + haproxy_1 = "haproxy-l7-1" + haproxy_2 = "haproxy-l7-2" + flavor = "m1.medium" + vm_count = "2" + } +} + +variable "resource_registry_addresses" { + type = map(string) + default = { + } +} + +variable "smartexecutor_addresses" { + type = map(string) + default = { + } +} + +# Added by Francesco +# Create in the path 'modules/ssh-key-ref' the file 'ssh-key-ref-outputs.tf' +# with the following outputs: + +# output "ssh_key_file" { +# value = "~/.ssh/{YOUR_PRIVATE_KEYNAME}" +# sensitive = true +# } + +# output "ssh_key_name" { +# value = "{YOUR_KEYNAME}" +# sensitive = false +# } + +# Then you can use above outputs in your 'file.tf' (if it contains the soft link to variables.tf) as: +# module.ssh_settings.ssh_key_file +# module.ssh_settings.ssh_key_name + +# e.g. +# +# resource "openstack_compute_instance_v2" "geoserver" { +# key_pair = module.ssh_settings.ssh_key_name + +# Added by Francesco +variable "flavor_list" { + type = map(string) + default = { + c1_small = "c1.small" #RAM 2 - VCPUs 2 + c1_medium = "c1.medium" #RAM 4 - VCPUs 4 + c1_large = "c1.large" #RAM 8 - VCPUs 8 + c2_large = "c2.large" #RAM 16 -VCPUs 16 + m1_medium = "m1.medium" #RAM 4 - VCPUs 2 + m1_large = "m1.large" #RAM 8 - VCPUs 4 + m1_xlarge = "m1.xlarge" #RAM 16 - VCPUs 8 + m1_xxl = "m1.xxl" #RAM 32 - VCPUS 16 + m2_small = "m2.small" #RAM 8 - VCPUs 2 + m2_medium = "m2.medium" #RAM 16 - VCPUs 4 + m2_large = "m2.large" #RAM 32 - VCPUs 8 + m3_large = "m3.large" #RAM 64 - VCPUs 16 + } +} + +# Added by Francesco +variable "security_group_list" { + type = map(string) + default = { + postgreSQL = "PostgreSQL service" + acaland = "acaland's dev machine" + haproxy = "traffic_from_main_lb_to_haproxy_l7" + access_to_orientdb = "access_to_orientdb" + dataminer-publish = "dataminer-publish" + docker_swarm_NFS = "Docker Swarm NFS" + public_HTTPS = "Public HTTPS" + orientdb_internal_docker_traffic = "orientdb_internal_docker_traffic" + limited_SSH_access = "Limited SSH access" + debugging_from_jump_node = "debugging_from_jump_node" + access_to_the_timescaledb_service = "access_to_the_timescaledb_service" + docker_swarm = "Docker Swarm" + http_and_https_from_the_load_balancers = "traffic_from_the_main_load_balancers" + limited_HTTPS_access = "restricted_web_service" + mongo = "mongo" + limited_SSH_access = "Limited SSH access" + default = "default" + cassandra = "Cassandra" + access_to_orientdb_se = "access_to_orientdb_se" + } +} + +# Added by Francesco +variable "policy_list" { + type = map(string) + default = { + soft_anti_affinity = "soft-anti-affinity" + anti_affinity = "anti-affinity" + affinity = "affinity" + soft_affinity = "soft-affinity" + } +} + +variable "networks_list" { + type = map(string) + default = { + shared_postgresql = "postgresql-srv-net" + swarm = "swarm-nfs-net" + timescaledb = "timescaledb-net" + orientdb = "orientdb-net" + orientdb_se = "orientdb-se-net" + } +} + +variable "ssh_sources" { + type = map(string) + default = { + s2i2s_vpn_1_cidr = "146.48.28.10/32" + s2i2s_vpn_2_cidr = "146.48.28.11/32" + d4s_vpn_1_cidr = "146.48.122.27/32" + d4s_vpn_2_cidr = "146.48.122.49/32" + shell_d4s_cidr = "146.48.122.95/32" + infrascience_net_cidr = "146.48.122.0/23" + } +} + +variable "networks_with_d4s_services" { + type = map(string) + default = { + "isti_net" = "146.48.80.0/21" + "s2i2s_net" = "146.48.28.0/22" + "infrascience_net" = "146.48.122.0/23" + "garr_ct1_net" = "90.147.166.0/23" + "garr_pa1_net" = "90.147.188.0/23" + "garr_na_net" = "90.147.152.0/24" + } +} + +# variable "default_security_group_name" { +# default = "default_for_all" +# } + diff --git a/openstack-tf/modules/mongodb/mongodb.tf b/openstack-tf/modules/mongodb/mongodb.tf index 4f8ef8e2..904f4da5 100644 --- a/openstack-tf/modules/mongodb/mongodb.tf +++ b/openstack-tf/modules/mongodb/mongodb.tf @@ -100,7 +100,7 @@ resource "openstack_compute_instance_v2" "mongodb_cluster_nodes" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } } @@ -170,7 +170,7 @@ resource "openstack_compute_instance_v2" "mongodb_vol_node" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } } diff --git a/openstack-tf/modules/orientdb/orientdb.tf b/openstack-tf/modules/orientdb/orientdb.tf index 0f2ab569..59d2ed04 100644 --- a/openstack-tf/modules/orientdb/orientdb.tf +++ b/openstack-tf/modules/orientdb/orientdb.tf @@ -192,7 +192,7 @@ resource "openstack_compute_instance_v2" "orientdb_servers" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } } @@ -237,7 +237,7 @@ resource "openstack_compute_instance_v2" "orientdb_se_server" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } } diff --git a/openstack-tf/modules/smart-executor/smart-executor.tf b/openstack-tf/modules/smart-executor/smart-executor.tf index d40fb603..1aa3e696 100644 --- a/openstack-tf/modules/smart-executor/smart-executor.tf +++ b/openstack-tf/modules/smart-executor/smart-executor.tf @@ -31,7 +31,7 @@ resource "openstack_compute_instance_v2" "accounting_dashboard_harvester" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } } @@ -63,7 +63,7 @@ resource "openstack_compute_instance_v2" "resource_checker" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } } @@ -95,7 +95,7 @@ resource "openstack_compute_instance_v2" "social_data_indexer" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } } @@ -127,7 +127,7 @@ resource "openstack_compute_instance_v2" "accounting_insert_storage" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } } @@ -159,7 +159,7 @@ resource "openstack_compute_instance_v2" "accounting_aggregator" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } } diff --git a/openstack-tf/modules/timescaledb/timescaledb.tf b/openstack-tf/modules/timescaledb/timescaledb.tf index 178b0387..a1a9ea91 100644 --- a/openstack-tf/modules/timescaledb/timescaledb.tf +++ b/openstack-tf/modules/timescaledb/timescaledb.tf @@ -96,7 +96,7 @@ resource "openstack_compute_instance_v2" "timescaledb_server" { ignore_changes = [ # Ignore changes to tags, e.g. because a management agent # updates these based on some ruleset managed elsewhere. - key_pair, user_data + key_pair, user_data, network ] } }