2024-04-07 15:16:00 +00:00
|
|
|
terraform {
|
|
|
|
# version requirements
|
|
|
|
required_version = ">= 1.0.0"
|
|
|
|
|
|
|
|
# providers requirements
|
|
|
|
required_providers {
|
|
|
|
openstack = {
|
2024-04-07 15:17:20 +00:00
|
|
|
source = "terraform-provider-openstack/openstack"
|
2024-08-19 19:37:18 +00:00
|
|
|
version = ">= 1.54"
|
2024-04-07 15:16:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-09-09 18:45:03 +00:00
|
|
|
locals {
|
|
|
|
resource_prefix = lower(var.project_name)
|
|
|
|
}
|
|
|
|
|
2024-04-07 15:16:00 +00:00
|
|
|
#! data sources
|
|
|
|
data "openstack_identity_project_v3" "this" {
|
|
|
|
name = var.project_name
|
|
|
|
domain_id = var.project_domain
|
|
|
|
}
|
|
|
|
|
|
|
|
#! subnetpools
|
2024-09-09 18:45:03 +00:00
|
|
|
resource "openstack_networking_subnetpool_v2" "apps" {
|
|
|
|
count = var.create_application_subnetpool ? 1 : 0
|
|
|
|
name = "${local.resource_prefix}-application-subnetpool"
|
|
|
|
is_default = false
|
|
|
|
ip_version = 4
|
|
|
|
prefixes = var.application_subnetpool_cidr_blocks
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_subnetpool_v2" "database" {
|
|
|
|
count = var.create_database_subnetpool ? 1 : 0
|
|
|
|
name = "${local.resource_prefix}-database-subnetpool"
|
2024-04-07 15:34:22 +00:00
|
|
|
is_default = false
|
2024-04-07 15:16:00 +00:00
|
|
|
ip_version = 4
|
2024-09-09 18:45:03 +00:00
|
|
|
prefixes = var.database_subnetpool_cidr_blocks
|
2024-04-07 15:16:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#! networks & subnets
|
|
|
|
resource "openstack_networking_network_v2" "frontend" {
|
|
|
|
count = var.architecture_tiers > 0 ? 1 : 0
|
2024-09-09 18:45:03 +00:00
|
|
|
name = "${local.resource_prefix}-frontend-network"
|
2024-09-30 17:33:36 +00:00
|
|
|
dns_domain = var.network_internal_domain_name
|
2024-04-07 15:16:00 +00:00
|
|
|
description = "Terraform managed."
|
|
|
|
tenant_id = data.openstack_identity_project_v3.this.id
|
|
|
|
shared = false
|
|
|
|
admin_state_up = "true"
|
|
|
|
mtu = 1450
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_network_v2" "backend" {
|
|
|
|
count = var.architecture_tiers > 1 ? 1 : 0
|
2024-09-09 18:45:03 +00:00
|
|
|
name = "${local.resource_prefix}-backend-network"
|
2024-09-30 17:33:36 +00:00
|
|
|
dns_domain = var.network_internal_domain_name
|
2024-04-07 15:16:00 +00:00
|
|
|
description = "Terraform managed."
|
|
|
|
tenant_id = data.openstack_identity_project_v3.this.id
|
|
|
|
shared = false
|
|
|
|
admin_state_up = "true"
|
|
|
|
mtu = 1450
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_network_v2" "database" {
|
|
|
|
count = var.architecture_tiers == 3 ? 1 : 0
|
2024-09-09 18:45:03 +00:00
|
|
|
name = "${local.resource_prefix}-database-network"
|
2024-09-30 17:33:36 +00:00
|
|
|
dns_domain = var.network_internal_domain_name
|
2024-04-07 15:16:00 +00:00
|
|
|
description = "Terraform managed."
|
|
|
|
tenant_id = data.openstack_identity_project_v3.this.id
|
|
|
|
shared = false
|
|
|
|
admin_state_up = "true"
|
|
|
|
mtu = 1450
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_subnet_v2" "frontend" {
|
2024-04-13 22:24:12 +00:00
|
|
|
count = var.architecture_tiers > 0 ? 1 : 0
|
2024-09-09 18:45:03 +00:00
|
|
|
name = "${local.resource_prefix}-frontend-subnet-${count.index + 1}"
|
2024-04-13 22:24:12 +00:00
|
|
|
description = "Terraform managed."
|
|
|
|
tenant_id = data.openstack_identity_project_v3.this.id
|
|
|
|
network_id = openstack_networking_network_v2.frontend[0].id
|
|
|
|
prefix_length = var.frontend_subnet_prefix_len
|
|
|
|
ip_version = 4
|
2024-09-09 18:45:03 +00:00
|
|
|
subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.apps[0].id : var.application_subnetpool_id
|
2024-04-13 22:24:12 +00:00
|
|
|
dns_nameservers = var.public_nameservers
|
2024-04-07 15:16:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_subnet_v2" "backend" {
|
2024-04-13 22:24:12 +00:00
|
|
|
count = var.architecture_tiers > 1 ? 1 : 0
|
2024-09-09 18:45:03 +00:00
|
|
|
name = "${local.resource_prefix}-backend-subnet-${count.index + 1}"
|
2024-04-13 22:24:12 +00:00
|
|
|
description = "Terraform managed."
|
|
|
|
tenant_id = data.openstack_identity_project_v3.this.id
|
|
|
|
network_id = openstack_networking_network_v2.backend[0].id
|
|
|
|
prefix_length = var.backend_subnet_prefix_len
|
|
|
|
ip_version = 4
|
2024-09-09 18:45:03 +00:00
|
|
|
subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.apps[0].id : var.application_subnetpool_id
|
2024-04-13 22:24:12 +00:00
|
|
|
dns_nameservers = var.public_nameservers
|
2024-04-07 15:16:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_subnet_v2" "database" {
|
2024-04-13 22:24:12 +00:00
|
|
|
count = var.architecture_tiers == 3 ? 1 : 0
|
2024-09-09 18:45:03 +00:00
|
|
|
name = "${local.resource_prefix}-database-subnet-${count.index + 1}"
|
2024-04-13 22:24:12 +00:00
|
|
|
description = "Terraform managed."
|
|
|
|
tenant_id = data.openstack_identity_project_v3.this.id
|
|
|
|
network_id = openstack_networking_network_v2.database[0].id
|
|
|
|
prefix_length = var.database_subnet_prefix_len
|
|
|
|
ip_version = 4
|
2024-09-09 18:45:03 +00:00
|
|
|
subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.database[0].id : var.database_subnetpool_id
|
2024-04-13 22:24:12 +00:00
|
|
|
dns_nameservers = var.public_nameservers
|
2024-04-07 15:16:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#! router
|
|
|
|
resource "openstack_networking_router_v2" "this" {
|
|
|
|
count = var.architecture_tiers > 0 ? 1 : 0
|
2024-09-09 18:45:03 +00:00
|
|
|
name = "${local.resource_prefix}-main-${count.index + 1}"
|
2024-04-07 15:16:00 +00:00
|
|
|
description = "Terraform managed."
|
|
|
|
tenant_id = data.openstack_identity_project_v3.this.id
|
|
|
|
external_network_id = var.attach_to_external ? var.external_network_id : null
|
|
|
|
admin_state_up = true
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_router_interface_v2" "frontend" {
|
|
|
|
count = var.architecture_tiers > 0 ? 1 : 0
|
|
|
|
router_id = openstack_networking_router_v2.this[0].id
|
|
|
|
subnet_id = openstack_networking_subnet_v2.frontend[0].id
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_router_interface_v2" "backend" {
|
|
|
|
count = var.architecture_tiers > 1 ? 1 : 0
|
|
|
|
router_id = openstack_networking_router_v2.this[0].id
|
|
|
|
subnet_id = openstack_networking_subnet_v2.backend[0].id
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_router_interface_v2" "database" {
|
|
|
|
count = var.architecture_tiers == 3 ? 1 : 0
|
|
|
|
router_id = openstack_networking_router_v2.this[0].id
|
|
|
|
subnet_id = openstack_networking_subnet_v2.database[0].id
|
|
|
|
}
|
|
|
|
|
|
|
|
#! security groups
|
|
|
|
resource "openstack_networking_secgroup_v2" "frontend" {
|
|
|
|
count = (
|
|
|
|
var.architecture_tiers > 0 &&
|
|
|
|
var.create_default_secgroups
|
|
|
|
) ? 1 : 0
|
|
|
|
|
2024-09-09 18:45:03 +00:00
|
|
|
name = "${local.resource_prefix}-frontend-secgroup"
|
2024-04-07 15:16:00 +00:00
|
|
|
description = "Terraform managed."
|
|
|
|
tenant_id = data.openstack_identity_project_v3.this.id
|
|
|
|
delete_default_rules = true
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_secgroup_rule_v2" "frontend_egress" {
|
|
|
|
count = (
|
|
|
|
var.architecture_tiers > 0 &&
|
|
|
|
var.create_default_secgroups
|
|
|
|
) ? 1 : 0
|
|
|
|
|
|
|
|
direction = "egress"
|
|
|
|
ethertype = "IPv4"
|
|
|
|
remote_ip_prefix = "0.0.0.0/0"
|
|
|
|
security_group_id = openstack_networking_secgroup_v2.frontend[0].id
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_secgroup_rule_v2" "frontend_ingress" {
|
|
|
|
count = (
|
|
|
|
var.architecture_tiers > 0 &&
|
|
|
|
var.create_default_secgroups
|
|
|
|
) ? 1 : 0
|
|
|
|
|
|
|
|
direction = "ingress"
|
|
|
|
ethertype = "IPv4"
|
|
|
|
remote_ip_prefix = "0.0.0.0/0"
|
|
|
|
security_group_id = openstack_networking_secgroup_v2.frontend[0].id
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_secgroup_v2" "backend" {
|
|
|
|
count = (
|
|
|
|
var.architecture_tiers > 1 &&
|
|
|
|
var.create_default_secgroups
|
|
|
|
) ? 1 : 0
|
2024-09-09 18:45:03 +00:00
|
|
|
name = "${local.resource_prefix}-backend-secgroup"
|
2024-04-07 15:16:00 +00:00
|
|
|
description = "Terraform managed."
|
|
|
|
tenant_id = data.openstack_identity_project_v3.this.id
|
|
|
|
delete_default_rules = true
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_secgroup_rule_v2" "backend_egress" {
|
|
|
|
count = (
|
|
|
|
var.architecture_tiers > 1 &&
|
|
|
|
var.create_default_secgroups
|
|
|
|
) ? 1 : 0
|
|
|
|
|
|
|
|
direction = "egress"
|
|
|
|
ethertype = "IPv4"
|
|
|
|
remote_ip_prefix = "0.0.0.0/0"
|
|
|
|
security_group_id = openstack_networking_secgroup_v2.backend[0].id
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_secgroup_rule_v2" "backend_ingress" {
|
|
|
|
count = (
|
|
|
|
var.architecture_tiers > 1 &&
|
|
|
|
var.create_default_secgroups
|
|
|
|
) ? 1 : 0
|
|
|
|
|
|
|
|
direction = "ingress"
|
|
|
|
ethertype = "IPv4"
|
|
|
|
remote_group_id = openstack_networking_secgroup_v2.frontend[0].id
|
|
|
|
security_group_id = openstack_networking_secgroup_v2.backend[0].id
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_secgroup_v2" "database" {
|
|
|
|
count = (
|
|
|
|
var.architecture_tiers == 3 &&
|
|
|
|
var.create_default_secgroups
|
|
|
|
) ? length(local.db_secgroups) : 0
|
2024-09-09 18:45:03 +00:00
|
|
|
name = "${local.resource_prefix}-database-${local.db_secgroups[count.index].type}-secgroup"
|
2024-04-07 15:16:00 +00:00
|
|
|
description = "Terraform managed."
|
|
|
|
tenant_id = data.openstack_identity_project_v3.this.id
|
|
|
|
delete_default_rules = true
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_secgroup_rule_v2" "database_egress" {
|
|
|
|
count = (
|
|
|
|
var.architecture_tiers == 3 &&
|
|
|
|
var.create_default_secgroups
|
|
|
|
) ? length(local.db_secgroups) : 0
|
|
|
|
|
|
|
|
direction = "egress"
|
|
|
|
ethertype = "IPv4"
|
|
|
|
remote_ip_prefix = "0.0.0.0/0"
|
|
|
|
security_group_id = openstack_networking_secgroup_v2.database[count.index].id
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "openstack_networking_secgroup_rule_v2" "database_ingress" {
|
|
|
|
count = (
|
|
|
|
var.architecture_tiers == 3 &&
|
|
|
|
var.create_default_secgroups
|
|
|
|
) ? length(local.db_secgroups) : 0
|
|
|
|
|
|
|
|
direction = "ingress"
|
|
|
|
ethertype = "IPv4"
|
|
|
|
protocol = "tcp"
|
|
|
|
port_range_min = local.db_secgroups[count.index].ingress_port
|
|
|
|
port_range_max = local.db_secgroups[count.index].ingress_port
|
|
|
|
remote_group_id = openstack_networking_secgroup_v2.backend[0].id
|
|
|
|
security_group_id = openstack_networking_secgroup_v2.database[count.index].id
|
|
|
|
}
|