Cleanup the production vars and the project setup tasks.

2023-12-11 13:49:45 +01:00 · 2023-12-11 13:49:45 +01:00 · b00237ae03
parent 5acc78ca99
commit b00237ae03
8 changed files with 125 additions and 93 deletions
--- a/openstack-tf/d4s-production/project-setup/10-main-network.tf
+++ b/openstack-tf/d4s-production/project-setup/10-main-network.tf
@ -1,89 +0,0 @@
 resource "openstack_dns_zone_v2" "primary_project_dns_zone" {
  name = var.dns_zone.zone_name
  email       = var.dns_zone.email
  description = var.dns_zone.description
  project_id = var.os_project_data.id
  ttl         = var.dns_zone.ttl
  type        = "PRIMARY"
 }
 resource "openstack_networking_network_v2" "main-private-network" {
  name           = var.main_private_network.name
  admin_state_up = "true"
  external       = "false"
  description = var.main_private_network.description
  dns_domain = var.dns_zone.zone_name
  mtu            = var.mtu_size
  port_security_enabled = true
  shared = false
  region = var.main_region
  tenant_id = var.os_project_data.id
 }
 resource "openstack_networking_subnet_v2" "main-private-subnet" {
  name            = var.main_private_subnet.name
  description = var.main_private_subnet.description
  network_id      = openstack_networking_network_v2.main-private-network.id
  cidr            = var.main_private_subnet.cidr
  gateway_ip      = var.main_private_subnet.gateway_ip
  dns_nameservers = var.resolvers_ip
  ip_version = 4
  enable_dhcp = true
  tenant_id = var.os_project_data.id
  allocation_pool {
    start = var.main_private_subnet.allocation_start
    end   = var.main_private_subnet.allocation_end
  }
 }
 resource "openstack_networking_router_v2" "external-router" {
  name                = var.external_router.name
  description = var.external_router.description
  external_network_id = var.external_network.id
  tenant_id = var.os_project_data.id
  enable_snat = true
  vendor_options {
    set_router_gateway_after_create = true
  }
 }
 # Router interface configuration
 resource "openstack_networking_router_interface_v2" "private-network-routing" {
  router_id = openstack_networking_router_v2.external-router.id
  # router_id = var.external_router.id
  subnet_id = openstack_networking_subnet_v2.main-private-subnet.id
 }
 locals {
  acme_challenge_recordset_name = "_acme-challenge.${var.dns_zone.zone_name}"
  acme_challenge_delegation = "_acme-challenge.d4science.net."
 }
 resource "openstack_dns_recordset_v2" "acme_challenge_recordset" {
  zone_id     = openstack_dns_zone_v2.primary_project_dns_zone.id
  name        = local.acme_challenge_recordset_name
  description = "ACME challenge delegation"
  ttl         = 8600
  type        = "CNAME"
  records     = ["_acme-challenge.d4science.net."]
 }
 output "main_private_network_id" {
  description = "Main private network id"
  value       = openstack_networking_network_v2.main-private-network.id
 }
 output "main_subnet_network_id" {
  description = "Main subnet network id"
  value       = openstack_networking_subnet_v2.main-private-subnet.id
 }
 output "dns_zone_id" {
  description = "Id of the new DNS zone"
  value = openstack_dns_zone_v2.primary_project_dns_zone.id
 }
 output "external_gateway_ip" {
  description = "Public IP address of the external gateway"
  value = openstack_networking_router_v2.external-router.external_fixed_ip[0].ip_address
 }
--- a/openstack-tf/d4s-production/project-setup/setup-provider.tf
+++ b/openstack-tf/d4s-production/project-setup/setup-provider.tf
@ -9,7 +9,12 @@ required_version = ">= 0.14.0"
  }
 }
-provider "openstack" {
+# SSH settings
-#         cloud = "d4s-production"
+module "ssh_settings" {
-        cloud = "ISTI-Cloud"
+  source = "../../modules/ssh-key-ref"
 }
 provider "openstack" {
         cloud = "d4s-production"
 #        cloud = "ISTI-Cloud"
 }
--- a/openstack-tf/d4s-production/project-setup/main_network_dns_zone.tf
+++ b/openstack-tf/d4s-production/project-setup/main_network_dns_zone.tf
@ -0,0 +1 @@
 ../../modules/main_private_net_and_dns_zone/main_network_dns_zone.tf
--- a/openstack-tf/d4s-production/project-setup/outputs-production.tf
+++ b/openstack-tf/d4s-production/project-setup/outputs-production.tf
@ -0,0 +1 @@
 ../variables/outputs-production.tf
--- a/openstack-tf/d4s-production/project-setup/production.auto.tfvars
+++ b/openstack-tf/d4s-production/project-setup/production.auto.tfvars
@ -0,0 +1 @@
 ../variables/production.auto.tfvars
--- a/openstack-tf/d4s-production/project-setup/variables-production.tf
+++ b/openstack-tf/d4s-production/project-setup/variables-production.tf
@ -1 +0,0 @@
 ../variables/variables-production.tf
--- a/openstack-tf/d4s-production/variables/outputs-production.tf
+++ b/openstack-tf/d4s-production/variables/outputs-production.tf
@ -0,0 +1,48 @@
 output "os_project_data" {
  value = var.os_project_data
 }
 output "dns_zone" {
  value = var.dns_zone
 }
 output "dns_zone_id" {
  value = var.dns_zone_id
 }
 output "default_security_group_name" {
  value = "default_for_all"
 }
 output "main_private_network" {
  value = var.main_private_network
 }
 output "main_private_network_id" {
  # Set with the correct value after the setup is complete
  value = var.main_private_network_id
 }
 output "main_private_subnet" {
  value = var.main_private_subnet
 }
 output "main_private_subnet_id" {
  value = var.main_private_subnet_id
 }
 output "external_router" {
  value = var.external_router
 }
 output "basic_services_ip" {
  value = var.basic_services_ip
 }
 output "main_haproxy_l7_ip" {
  value = var.main_haproxy_l7_ip
 }
 output "octavia_information" {
   value = var.octavia_information
 }
--- a/openstack-tf/d4s-production/variables/production.auto.tfvars
+++ b/openstack-tf/d4s-production/variables/production.auto.tfvars
@ -0,0 +1,66 @@
 #
 os_project_data = {
    id = "1b45adf388934758b56d0dfdb4bfacf3"
 }
 dns_zone = {
    zone_name   = "cloud.d4science.org."
    email       = "postmaster@isti.cnr.it"
    description = "DNS primary zone for the d4s-production-cloud project"
    ttl         = 8600
 }
 dns_zone_id = "74135b34-1a9c-4c01-8cf0-22450a5660c4"
 default_security_group_name = "default_for_all"
 main_private_network = {
    name        = "d4s-production-cloud-main"
    description = "D4Science Production private network (use this as the main network)"
 }
 main_private_network_id = "020df98d-ae72-452a-b376-3b6dc289acac"
 main_private_subnet = {
    name             = "d4s-production-cloud-main-subnet"
    description      = "D4Science Production main private subnet"
    cidr             = "10.1.40.0/21"
    gateway_ip       = "10.1.40.1"
    allocation_start = "10.1.41.100"
    allocation_end   = "10.1.47.254"
 }
 main_private_subnet_id = "5d7b83ad-e058-4a3a-bfd8-d20ba6d42e1a"
 external_router = {
    name        = "d4s-production-cloud-external-router"
    description = "D4Science Production main router"
    id          = "cc26064a-bb08-4c0b-929f-d0cb39f934a3"
 }
 basic_services_ip = {
    ca                = "10.1.40.4"
    ca_cidr           = "10.1.40.4/32"
    ssh_jump          = "10.1.40.5"
    ssh_jump_cidr     = "10.1.40.5/32"
    prometheus        = "10.1.40.10"
    prometheus_cidr   = "10.1.40.10/32"
    haproxy_l7_1      = "10.1.40.11"
    haproxy_l7_1_cidr = "10.1.40.11/32"
    haproxy_l7_2      = "10.1.40.12"
    haproxy_l7_2_cidr = "10.1.40.12/32"
    octavia_main      = "10.1.40.20"
    octavia_main_cidr = "10.1.40.20/32"
 }
 main_haproxy_l7_ip = ["10.1.40.11", "10.1.40.12"]
 octavia_information = {
    main_lb_name        = "d4s-production-cloud-l4-load-balancer"
    main_lb_description = "Main L4 load balancer for the D4Science production"
    swarm_lb_name       = "d4s-production-cloud-l4-swarm-load-balancer"
    octavia_flavor      = "octavia_amphora-mvcpu-ha"
    octavia_flavor_id   = "394988b5-6603-4a1e-a939-8e177c6681c7"
    main_lb_hostname    = "main-lb"
 }
		`@ -0,0 +1 @@`
							`../../modules/main_private_net_and_dns_zone/main_network_dns_zone.tf`