Added list of security groups and updated the geoserver.tf

This commit is contained in:
Francesco Mangiacrapa 2023-11-24 09:51:04 +01:00
parent 031c011bf6
commit a96af024a0
2 changed files with 72 additions and 46 deletions

View File

@ -7,13 +7,13 @@ variable "os_project_data" {
} }
variable "dns_zone" { variable "dns_zone" {
type = map(string) type = map(string)
default = { default = {
zone_name = "cloud-dev.d4science.org." zone_name = "cloud-dev.d4science.org."
email = "postmaster@isti.cnr.it" email = "postmaster@isti.cnr.it"
description = "DNS primary zone for the d4s-dev-cloud project" description = "DNS primary zone for the d4s-dev-cloud project"
ttl = 8600 ttl = 8600
} }
} }
variable "dns_zone_id" { variable "dns_zone_id" {
@ -28,62 +28,62 @@ variable "default_security_group_name" {
variable "main_private_network" { variable "main_private_network" {
type = map(string) type = map(string)
default = { default = {
name = "d4s-dev-cloud-main" name = "d4s-dev-cloud-main"
description = "D4Science DEV private network (use this as the main network)" description = "D4Science DEV private network (use this as the main network)"
} }
} }
variable "main_private_subnet" { variable "main_private_subnet" {
type = map(string) type = map(string)
default = { default = {
name = "d4s-dev-cloud-sub" name = "d4s-dev-cloud-sub"
description = "D4Science DEV main private subnet" description = "D4Science DEV main private subnet"
cidr = "10.1.28.0/22" cidr = "10.1.28.0/22"
gateway_ip = "10.1.28.1" gateway_ip = "10.1.28.1"
allocation_start = "10.1.28.30" allocation_start = "10.1.28.30"
allocation_end = "10.1.31.254" allocation_end = "10.1.31.254"
} }
} }
variable "external_router" { variable "external_router" {
type = map(string) type = map(string)
default = { default = {
name = "d4s-dev-cloud-external-router" name = "d4s-dev-cloud-external-router"
description = "D4Science DEV main router" description = "D4Science DEV main router"
id = "2ae28c5f-036b-45db-bc9f-5bab8fa3e914" id = "2ae28c5f-036b-45db-bc9f-5bab8fa3e914"
} }
} }
variable "main_haproxy_l7_ip" { variable "main_haproxy_l7_ip" {
type = list(string) type = list(string)
default = ["10.1.28.50", "10.1.30.241"] default = ["10.1.28.50", "10.1.30.241"]
} }
variable "octavia_information" { variable "octavia_information" {
type = map(string) type = map(string)
default = { default = {
main_lb_name = "lb-dev-l4" main_lb_name = "lb-dev-l4"
main_lb_description = "Main L4 load balancer for the D4Science DEV" main_lb_description = "Main L4 load balancer for the D4Science DEV"
octavia_flavor = "octavia_amphora-mvcpu-ha" octavia_flavor = "octavia_amphora-mvcpu-ha"
octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7" octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7"
main_lb_hostname = "main-lb" main_lb_hostname = "main-lb"
} }
} }
variable "basic_services_ip" { variable "basic_services_ip" {
type = map(string) type = map(string)
default = { default = {
ca = "10.1.29.247" ca = "10.1.29.247"
ca_cidr = "10.1.29.247/32" ca_cidr = "10.1.29.247/32"
ssh_jump = "10.1.29.164" ssh_jump = "10.1.29.164"
ssh_jump_cidr = "10.1.29.164/32" ssh_jump_cidr = "10.1.29.164/32"
prometheus = "10.1.30.129" prometheus = "10.1.30.129"
prometheus_cidr = "10.1.30.129/32" prometheus_cidr = "10.1.30.129/32"
haproxy_l7_1 = "10.1.28.50" haproxy_l7_1 = "10.1.28.50"
haproxy_l7_1_cidr = "10.1.28.50/32" haproxy_l7_1_cidr = "10.1.28.50/32"
haproxy_l7_2 = "10.1.30.241" haproxy_l7_2 = "10.1.30.241"
haproxy_l7_2_cidr = "10.1.30.241/32" haproxy_l7_2_cidr = "10.1.30.241/32"
octavia_main = "10.1.28.227" octavia_main = "10.1.28.227"
octavia_main_cidr = "10.1.28.227/32" octavia_main_cidr = "10.1.28.227/32"
} }
} }
@ -91,29 +91,55 @@ variable "basic_services_ip" {
variable "orientdb_net" { variable "orientdb_net" {
type = map(string) type = map(string)
default = { default = {
network_name = "orientdb-net" network_name = "orientdb-net"
network_description = "Network used by the OrientDB cluster and to access the service" network_description = "Network used by the OrientDB cluster and to access the service"
network_cidr = "192.168.10.0/24" network_cidr = "192.168.10.0/24"
allocation_pool_start = "192.168.10.11" allocation_pool_start = "192.168.10.11"
allocation_pool_end = "192.168.10.254" allocation_pool_end = "192.168.10.254"
} }
} }
variable "orientdb_se_net" { variable "orientdb_se_net" {
type = map(string) type = map(string)
default = { default = {
network_name = "orientdb-se-net" network_name = "orientdb-se-net"
network_description = "Network used by the OrientDB for Smart Executor" network_description = "Network used by the OrientDB for Smart Executor"
network_cidr = "192.168.12.0/24" network_cidr = "192.168.12.0/24"
allocation_pool_start = "192.168.12.11" allocation_pool_start = "192.168.12.11"
allocation_pool_end = "192.168.12.254" allocation_pool_end = "192.168.12.254"
} }
} }
variable "orientdb_se_secgroup" { variable "orientdb_se_secgroup" {
default = "access_to_orientdb_se" default = "access_to_orientdb_se"
} }
variable "postgresql_secgroup" { variable "postgresql_secgroup" {
default = "PostgreSQL service" default = "PostgreSQL service"
}
#Added by Francesco
variable "security_group_list" {
type = map(string)
default = {
postgreSQL = "PostgreSQL service"
acaland = "acaland's dev machine"
haproxy = "HAPROXY L7"
access_to_orientdb = "access_to_orientdb"
dataminer-publish = "dataminer-publish"
docker_swarm_NFS = "Docker Swarm NFS"
public_HTTPS = "Public HTTPS"
haproxy = "HAPROXY L7"
orientdb_internal_docker_traffic = "orientdb_internal_docker_traffic"
limited_SSH_access = "Limited SSH access"
access_to_the_timescaledb_service = "access_to_the_timescaledb_service"
docker_swarm = "Docker Swarm"
http_and_https_from_the_load_balancers = "http and https from the load balancers"
limited_HTTPS_access = "Limited HTTPS access"
mongo = "mongo"
limited_SSH_access = "Limited SSH access"
default = "default"
cassandra = "Cassandra"
access_to_orientdb_se = "access_to_orientdb_se"
}
} }

View File

@ -1,4 +1,4 @@
#Geoserver attached volume - used for 'geoserver_data' # Geoserver attached volume - used for 'geoserver_data'
resource "openstack_blockstorage_volume_v3" "geoserver_data_vol" { resource "openstack_blockstorage_volume_v3" "geoserver_data_vol" {
name = var.geoserver_basic_data.vol_data_name name = var.geoserver_basic_data.vol_data_name
size = var.geoserver_basic_data.vol_data_size size = var.geoserver_basic_data.vol_data_size
@ -10,7 +10,7 @@ resource "openstack_compute_instance_v2" "geoserver" {
availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu
flavor_name = var.geoserver_basic.flavor flavor_name = var.geoserver_basic.flavor
key_pair = var.ssh_key_file.name key_pair = var.ssh_key_file.name
security_groups = [var.default_security_group_name] security_groups = [var.security_group_list.default, var.security_group_list.http_and_https_from_the_load_balancers]
block_device { block_device {
uuid = var.ubuntu_1804.uuid uuid = var.ubuntu_1804.uuid
source_type = "image" source_type = "image"