infrastructure-as-code/openstack-tf/modules/mongodb/mongodb.tf

#
# Server groups for both the masters and the workers
#
resource "openstack_compute_servergroup_v2" "mongodb" {
  name     = "mongodb"
  policies = ["anti-affinity"]
}
#
# Security groups
#
# Rules
# 80 from 0/0
# 9101 from prometheus
# 27017 da: garr-ct1, garr-na, garr-pa1, InfraScience, S2I2S
resource "openstack_networking_secgroup_v2" "mongodb_cluster_traffic" {
        name = "mongodb_cluster_traffic"
        delete_default_rules = "true"
        description = "Traffic between the MongoDB nodes"
}
resource "openstack_networking_secgroup_rule_v2" "access_to_the_mongodb_service_from_the_internal_network" {
        security_group_id = openstack_networking_secgroup_v2.mongodb_cluster_traffic.id
        description = "Access to the MongoDB service"
        direction = "ingress"
        ethertype = "IPv4"
        protocol = "tcp"
        port_range_min = 27017
        port_range_max = 27017
        remote_ip_prefix = var.main_private_subnet.cidr
}
resource "openstack_networking_secgroup_rule_v2" "access_to_the_mongodb_service_from_the_outside" {
        for_each = toset([var.networks_with_d4s_services.infrascience_net,var.networks_with_d4s_services.s2i2s_net,var.networks_with_d4s_services.garr_ct1_net,var.networks_with_d4s_services.garr_pa1_net,var.networks_with_d4s_services.garr_na_net])
        security_group_id = openstack_networking_secgroup_v2.mongodb_cluster_traffic.id
        description = "Access to the MongoDB service"
        direction = "ingress"
        ethertype = "IPv4"
        protocol = "tcp"
        port_range_min = 27017
        port_range_max = 27017
        remote_ip_prefix = each.value
}
resource "openstack_networking_secgroup_rule_v2" "mongodb_plain_http_for_letsencrypt" {
        security_group_id = openstack_networking_secgroup_v2.mongodb_cluster_traffic.id
        description = "Plain HTTP for letsencrypt"
        direction = "ingress"
        ethertype = "IPv4"
        protocol = "tcp"
        port_range_min = 80
        port_range_max = 80
        remote_ip_prefix = "0.0.0.0/0"
}
resource "openstack_networking_secgroup_rule_v2" "mongodb_prometheus_exporter" {
        security_group_id = openstack_networking_secgroup_v2.mongodb_cluster_traffic.id
        description = "Prometheus exporter for MongoDB"
        direction = "ingress"
        ethertype = "IPv4"
        protocol = "tcp"
        port_range_min = 9101
        port_range_max = 9101
        remote_ip_prefix = var.basic_services_ip.prometheus_cidr
}

#
# Mongodb cluster VMs
#
# Instance
resource "openstack_compute_instance_v2" "mongodb_cluster_nodes" {
  count = var.mongodb_cluster_data.count
  name = format("%s-%02d", var.mongodb_cluster_data.name, count.index+2)
  availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu
  flavor_name = var.mongodb_cluster_data.flavor
  key_pair = var.ssh_key_file.name
  security_groups = [var.default_security_group_name,openstack_networking_secgroup_v2.mongodb_cluster_traffic.name]
  scheduler_hints {
    group = openstack_compute_servergroup_v2.mongodb.id
  }
  block_device {
    uuid                  = var.mongodb_cluster_data.image_type_uuid
    source_type           = "image"
    volume_size           = 10
    boot_index            = 0
    destination_type      = "volume"
    delete_on_termination = false
  }

  block_device {
    source_type           = "blank"
    volume_size           = var.mongodb_cluster_data.data_disk_size
    boot_index            = -1
    destination_type      = "volume"
    delete_on_termination = false
  }

  network {
    name = var.main_private_network.name
    fixed_ip_v4 = var.mongodb_ip.*[count.index]
  }
  user_data = "${file("${var.ubuntu2204_data_file}")}"
}

# Allocate a floating IP
resource "openstack_networking_floatingip_v2" "mongodb_cluster_floating_ip" {
  count = var.mongodb_cluster_data.count
  pool = var.floating_ip_pools.main_public_ip_pool
  # The DNS association does not work because of a bug in the OpenStack API
  # dns_name = "main-lb"
  # dns_domain = var.dns_zone.zone_name
  description = format("MongoDB cluster node %s-%02d", var.mongodb_cluster_data.name, count.index+2)
}

resource "openstack_compute_floatingip_associate_v2" "mongodb_cluster_ip" {
  count = var.mongodb_cluster_data.count
  floating_ip = element(openstack_networking_floatingip_v2.mongodb_cluster_floating_ip.*.address, count.index)
  instance_id = element(openstack_compute_instance_v2.mongodb_cluster_nodes.*.id, count.index)
  depends_on = [openstack_networking_floatingip_v2.mongodb_cluster_floating_ip]
}

resource "openstack_dns_recordset_v2" "mongodb_cluster_dns_recordsets" {
  count = var.mongodb_cluster_data.count
  zone_id     = var.dns_zone_id
  name        = join(".", [element(openstack_compute_instance_v2.mongodb_cluster_nodes.*.name, count.index), var.dns_zone.zone_name])
  description = "Mongodb public hostnames"
  ttl         = 8600
  type        = "A"
  records     = [element(openstack_networking_floatingip_v2.mongodb_cluster_floating_ip.*.address, count.index)]
  depends_on = [openstack_networking_floatingip_v2.mongodb_cluster_floating_ip]
}

#
# MongoDB vol node
#
# Instance
resource "openstack_compute_instance_v2" "mongodb_vol_node" {
  name = "mongodb-vol"
  availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu
  flavor_name = var.mongodb_vol_data.flavor
  key_pair = var.ssh_key_file.name
  security_groups = [var.default_security_group_name,openstack_networking_secgroup_v2.mongodb_cluster_traffic.name]
  block_device {
    uuid                  = var.mongodb_vol_data.image_type_uuid
    source_type           = "image"
    volume_size           = 10
    boot_index            = 0
    destination_type      = "volume"
    delete_on_termination = false
  }

  block_device {
    source_type           = "blank"
    volume_size           = var.mongodb_vol_data.data_disk_size
    boot_index            = -1
    destination_type      = "volume"
    delete_on_termination = false
  }

  network {
    name = var.main_private_network.name
    fixed_ip_v4 = var.mongodb_vol_ip
  }
  user_data = "${file("${var.ubuntu2204_data_file}")}"
}

# Allocate a floating IP
resource "openstack_networking_floatingip_v2" "mongodb_vol_floating_ip" {
  pool = var.floating_ip_pools.main_public_ip_pool
  # The DNS association does not work because of a bug in the OpenStack API
  # dns_name = "main-lb"
  # dns_domain = var.dns_zone.zone_name
  description = "MongoDB Volatile"
}

resource "openstack_compute_floatingip_associate_v2" "mongodb_vol_public_ip" {
  floating_ip = openstack_networking_floatingip_v2.mongodb_vol_floating_ip.address
  instance_id = openstack_compute_instance_v2.mongodb_vol_node.id
  depends_on = [openstack_networking_floatingip_v2.mongodb_vol_floating_ip]
}

resource "openstack_dns_recordset_v2" "mongodb_vol_dns_recordsets" {
  zone_id     = var.dns_zone_id
  name        = join(".", [openstack_compute_instance_v2.mongodb_vol_node.name], [var.dns_zone.zone_name])
  description = "Mongodb Volatile public hostnames"
  ttl         = 8600
  type        = "A"
  records     = [openstack_networking_floatingip_v2.mongodb_vol_floating_ip.address]
  depends_on = [openstack_networking_floatingip_v2.mongodb_vol_floating_ip]
}