From 2cb6b39cb3077f8e8bcef4188d2747ee6248ba91 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Mon, 30 Sep 2024 19:33:36 +0200 Subject: [PATCH 1/2] feat: add network_internal_domain_name variable to allow declaring internal dns resolution for networks --- README.md | 1 + main.tf | 3 +++ tests/module/README.md | 1 + tests/module/variables.tf | 6 ++++++ variables.tf | 6 ++++++ 5 files changed, 17 insertions(+) diff --git a/README.md b/README.md index 3181faf..644e8d6 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,7 @@ No modules. | [database_subnetpool_id](#input_database_subnetpool_id) | The id of the subnetpool to create the databse network from.
Since this module can route private subnets to the backbone, it needs to make sure it's not creating overlapping subnets. | `string` | `null` | no | | [external_network_id](#input_external_network_id) | The id of the external network to connect the frontend router to. | `string` | `null` | no | | [frontend_subnet_prefix_len](#input_frontend_subnet_prefix_len) | The prefix length of the frontend subnet. Must be between 20 and 32. | `number` | `24` | no | +| [network_internal_domain_name](#input_network_internal_domain_name) | The domain name to use for dns resolution inside the private networks | `string` | `null` | no | | [project_domain](#input_project_domain) | The domain where this project will be created | `string` | `"default"` | no | | [project_name](#input_project_name) | The name of the project | `string` | n/a | yes | | [project_tags](#input_project_tags) | The tags to append to this project | `list(string)` | `[]` | no | diff --git a/main.tf b/main.tf index aec813d..63f8457 100644 --- a/main.tf +++ b/main.tf @@ -42,6 +42,7 @@ resource "openstack_networking_subnetpool_v2" "database" { resource "openstack_networking_network_v2" "frontend" { count = var.architecture_tiers > 0 ? 1 : 0 name = "${local.resource_prefix}-frontend-network" + dns_domain = var.network_internal_domain_name description = "Terraform managed." tenant_id = data.openstack_identity_project_v3.this.id shared = false @@ -52,6 +53,7 @@ resource "openstack_networking_network_v2" "frontend" { resource "openstack_networking_network_v2" "backend" { count = var.architecture_tiers > 1 ? 1 : 0 name = "${local.resource_prefix}-backend-network" + dns_domain = var.network_internal_domain_name description = "Terraform managed." tenant_id = data.openstack_identity_project_v3.this.id shared = false @@ -62,6 +64,7 @@ resource "openstack_networking_network_v2" "backend" { resource "openstack_networking_network_v2" "database" { count = var.architecture_tiers == 3 ? 1 : 0 name = "${local.resource_prefix}-database-network" + dns_domain = var.network_internal_domain_name description = "Terraform managed." tenant_id = data.openstack_identity_project_v3.this.id shared = false diff --git a/tests/module/README.md b/tests/module/README.md index 39d0f93..8785b30 100644 --- a/tests/module/README.md +++ b/tests/module/README.md @@ -47,6 +47,7 @@ | [database_subnetpool_cidr_blocks](#input_database_subnetpool_cidr_blocks) | The CIDR blocks for the database subnet pool | `list(string)` | 
[
  "192.168.8.0/23"
]
| no | | [database_subnetpool_id](#input_database_subnetpool_id) | The id of the subnetpool to create the databse network from.
Since this module can route private subnets to the backbone, it needs to make sure it's not creating overlapping subnets. | `string` | `null` | no | | [frontend_subnet_prefix_len](#input_frontend_subnet_prefix_len) | The prefix length of the frontend subnet. Must be between 20 and 32. | `number` | `24` | no | +| [network_internal_domain_name](#input_network_internal_domain_name) | The domain name to use for dns resolution inside the private networks | `string` | `null` | no | | [project_domain](#input_project_domain) | The domain where this project will be created | `string` | `"default"` | no | | [project_tags](#input_project_tags) | The tags to append to this project | `list(string)` | `[]` | no | | [public_nameservers](#input_public_nameservers) | A list of public DNS servers to upstreams requests to in your subnets.
This is not necessary if your openstack deployment already has configured default upstreams for neutron. | `list(string)` | `[]` | no | diff --git a/tests/module/variables.tf b/tests/module/variables.tf index 89032c6..1a1c878 100644 --- a/tests/module/variables.tf +++ b/tests/module/variables.tf @@ -70,6 +70,12 @@ variable "database_subnetpool_cidr_blocks" { } #! networking variables +variable "network_internal_domain_name" { + type = string + description = "The domain name to use for dns resolution inside the private networks" + default = null +} + variable "frontend_subnet_prefix_len" { type = number description = "The prefix length of the frontend subnet. Must be between 20 and 32." diff --git a/variables.tf b/variables.tf index 648d06b..2fdf404 100644 --- a/variables.tf +++ b/variables.tf @@ -79,6 +79,12 @@ variable "database_subnetpool_cidr_blocks" { } #! networking variables +variable "network_internal_domain_name" { + type = string + description = "The domain name to use for dns resolution inside the private networks" + default = null +} + variable "frontend_subnet_prefix_len" { type = number description = "The prefix length of the frontend subnet. Must be between 20 and 32." -- 2.45.2 From 796fbebbfa8df7b9d7d513ae905943ba4ed0ad9d Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Mon, 30 Sep 2024 19:37:16 +0200 Subject: [PATCH 2/2] fix: correctly tag resources --- main.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/main.tf b/main.tf index 63f8457..8011391 100644 --- a/main.tf +++ b/main.tf @@ -28,6 +28,7 @@ resource "openstack_networking_subnetpool_v2" "apps" { is_default = false ip_version = 4 prefixes = var.application_subnetpool_cidr_blocks + tags = var.project_tags } resource "openstack_networking_subnetpool_v2" "database" { @@ -36,6 +37,7 @@ resource "openstack_networking_subnetpool_v2" "database" { is_default = false ip_version = 4 prefixes = var.database_subnetpool_cidr_blocks + tags = var.project_tags } #! networks & subnets @@ -48,6 +50,7 @@ resource "openstack_networking_network_v2" "frontend" { shared = false admin_state_up = "true" mtu = 1450 + tags = var.project_tags } resource "openstack_networking_network_v2" "backend" { @@ -59,6 +62,7 @@ resource "openstack_networking_network_v2" "backend" { shared = false admin_state_up = "true" mtu = 1450 + tags = var.project_tags } resource "openstack_networking_network_v2" "database" { @@ -70,6 +74,7 @@ resource "openstack_networking_network_v2" "database" { shared = false admin_state_up = "true" mtu = 1450 + tags = var.project_tags } resource "openstack_networking_subnet_v2" "frontend" { @@ -82,6 +87,7 @@ resource "openstack_networking_subnet_v2" "frontend" { ip_version = 4 subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.apps[0].id : var.application_subnetpool_id dns_nameservers = var.public_nameservers + tags = var.project_tags } resource "openstack_networking_subnet_v2" "backend" { @@ -94,6 +100,7 @@ resource "openstack_networking_subnet_v2" "backend" { ip_version = 4 subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.apps[0].id : var.application_subnetpool_id dns_nameservers = var.public_nameservers + tags = var.project_tags } resource "openstack_networking_subnet_v2" "database" { @@ -106,6 +113,7 @@ resource "openstack_networking_subnet_v2" "database" { ip_version = 4 subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.database[0].id : var.database_subnetpool_id dns_nameservers = var.public_nameservers + tags = var.project_tags } #! router @@ -116,6 +124,7 @@ resource "openstack_networking_router_v2" "this" { tenant_id = data.openstack_identity_project_v3.this.id external_network_id = var.attach_to_external ? var.external_network_id : null admin_state_up = true + tags = var.project_tags } resource "openstack_networking_router_interface_v2" "frontend" { @@ -147,6 +156,7 @@ resource "openstack_networking_secgroup_v2" "frontend" { description = "Terraform managed." tenant_id = data.openstack_identity_project_v3.this.id delete_default_rules = true + tags = var.project_tags } resource "openstack_networking_secgroup_rule_v2" "frontend_egress" { @@ -182,6 +192,7 @@ resource "openstack_networking_secgroup_v2" "backend" { description = "Terraform managed." tenant_id = data.openstack_identity_project_v3.this.id delete_default_rules = true + tags = var.project_tags } resource "openstack_networking_secgroup_rule_v2" "backend_egress" { @@ -217,6 +228,7 @@ resource "openstack_networking_secgroup_v2" "database" { description = "Terraform managed." tenant_id = data.openstack_identity_project_v3.this.id delete_default_rules = true + tags = var.project_tags } resource "openstack_networking_secgroup_rule_v2" "database_egress" { -- 2.45.2