From c0a6b561500ab974239da57491cc13e4b159a79d Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 5 Mar 2024 19:01:26 +0100 Subject: [PATCH] liferay module: manage the timescaledb network. --- .../modules/liferay/liferay-outputs.tf | 15 +++- openstack-tf/modules/liferay/liferay.tf | 75 +++++++++++++++++-- .../modules/liferay/terraform-provider.tf | 9 +++ 3 files changed, 93 insertions(+), 6 deletions(-) diff --git a/openstack-tf/modules/liferay/liferay-outputs.tf b/openstack-tf/modules/liferay/liferay-outputs.tf index a1805ab..c8f8391 100644 --- a/openstack-tf/modules/liferay/liferay-outputs.tf +++ b/openstack-tf/modules/liferay/liferay-outputs.tf @@ -8,4 +8,17 @@ output "liferay_ip_addrs" { output "liferay_recordsets" { value = var.liferay_recordsets -} \ No newline at end of file +} + +output "nfs_port_data" { + value = openstack_compute_interface_attach_v2.nfs_port_to_liferay +} + +output "liferay_nfs_volume_data" { + value = openstack_sharedfilesystem_share_v2.liferay_static +} + +output "liferay_nfs_volume_acls" { + value = openstack_sharedfilesystem_share_access_v2.liferay_nfs_share_access + sensitive = true +} diff --git a/openstack-tf/modules/liferay/liferay.tf b/openstack-tf/modules/liferay/liferay.tf index 8f8156c..7cf0b64 100644 --- a/openstack-tf/modules/liferay/liferay.tf +++ b/openstack-tf/modules/liferay/liferay.tf @@ -52,10 +52,13 @@ resource "openstack_networking_secgroup_rule_v2" "igmp_egress_between_liferay_no # Object storage container # # Creating object bucket to store avatars -resource "openstack_objectstorage_container_v1" "liferay" { - name = "liferay-data" - versioning = true -} +# +# Note: No S3 for the time being +# resource "openstack_objectstorage_container_v1" "liferay" { +# name = "liferay-data" +# versioning = true +# } + # # Server group # @@ -71,7 +74,7 @@ resource "openstack_compute_instance_v2" "liferay" { availability_zone_hints = module.common_variables.availability_zones_names.availability_zone_no_gpu flavor_name = var.liferay_data.vm_flavor key_pair = module.ssh_settings.ssh_key_name - security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, openstack_networking_secgroup_v2.liferay_cluster_traffic.name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers, "restricted_web_service"] + security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, openstack_networking_secgroup_v2.liferay_cluster_traffic.name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers,module.common_variables.security_group_list.nfs_share_no_ingress] scheduler_hints { group = openstack_compute_servergroup_v2.liferay.id } @@ -91,6 +94,7 @@ resource "openstack_compute_instance_v2" "liferay" { network { name = module.common_variables.shared_postgresql_server_data.network_name } + user_data = file("${data.terraform_remote_state.privnet_dns_router.outputs.ubuntu1804_data_file}") # Do not replace the instance when the ssh key changes lifecycle { @@ -115,3 +119,64 @@ resource "openstack_dns_recordset_v2" "cdn_dns_recordset" { locals { cname_target = "main-lb.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name}" } + +# +# Ports in the timescaleDB network +resource "openstack_networking_port_v2" "liferay_timescaledb_port" { + count = var.liferay_data.vm_count + name = format("%s-%02d", var.liferay_data.srv_name, count.index + 1) + network_id = data.terraform_remote_state.timescaledb.outputs.timescaledb_net.id + admin_state_up = "true" + fixed_ip { + subnet_id = data.terraform_remote_state.timescaledb.outputs.timescaledb_subnet.id + } +} + +resource "openstack_compute_interface_attach_v2" "timescaledb_port_to_liferay" { + count = var.liferay_data.vm_count + instance_id = openstack_compute_instance_v2.liferay[count.index].id + port_id = openstack_networking_port_v2.liferay_timescaledb_port[count.index].id +} + +# +# Manila NFS Share +# +# Managers +resource "openstack_networking_port_v2" "liferay_nfs_port" { + count = var.liferay_data.vm_count + name = format("%s-%02d", var.liferay_data.srv_name, count.index + 1) + network_id = data.terraform_remote_state.privnet_dns_router.outputs.storage_nfs_network_id + admin_state_up = "true" + fixed_ip { + subnet_id = data.terraform_remote_state.privnet_dns_router.outputs.storage_nfs_subnet_id + } +} + +resource "openstack_networking_port_secgroup_associate_v2" "liferay_nfs_port_secgroup" { + count = var.liferay_data.vm_count + port_id = openstack_networking_port_v2.liferay_nfs_port[count.index].id + security_group_ids = [data.terraform_remote_state.privnet_dns_router.outputs.nfs_share_no_ingress_secgroup_id] +} + +resource "openstack_compute_interface_attach_v2" "nfs_port_to_liferay" { + count = var.liferay_data.vm_count + instance_id = openstack_compute_instance_v2.liferay[count.index].id + port_id = openstack_networking_port_v2.liferay_nfs_port[count.index].id +} + +# Create a NFS share +resource "openstack_sharedfilesystem_share_v2" "liferay_static" { + name = "liferay_nfs_share" + description = "NFS share for the liferay static data" + share_proto = "NFS" + size = 5 +} + +# Allow access to the NFS share +resource "openstack_sharedfilesystem_share_access_v2" "liferay_nfs_share_access" { + count = var.liferay_data.vm_count + share_id = openstack_sharedfilesystem_share_v2.liferay_static.id + access_type = "ip" + access_to = openstack_compute_interface_attach_v2.nfs_port_to_liferay[count.index].fixed_ip + access_level = "rw" +} diff --git a/openstack-tf/modules/liferay/terraform-provider.tf b/openstack-tf/modules/liferay/terraform-provider.tf index f3678ce..713cb41 100644 --- a/openstack-tf/modules/liferay/terraform-provider.tf +++ b/openstack-tf/modules/liferay/terraform-provider.tf @@ -17,6 +17,15 @@ data "terraform_remote_state" "privnet_dns_router" { } } +data "terraform_remote_state" "timescaledb" { + backend = "local" + + config = { + path = "../timescaledb/terraform.tfstate" + } +} + + # SSH settings module "ssh_settings" { source = "../../modules/ssh-key-ref"