terraform-registry/terraform-openstack-landing-zone
terraform-registry/terraform-openstack-landing-zone
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat/custom-domain #4

Merged
lanson merged 2 commits from feat/custom-domain into main 2024-09-30 18:19:11 +00:00
Conversation 0 Commits 2 Files Changed 5 +29
5 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -70,6 +70,7 @@ No modules.
| <a name="input_database_subnetpool_id"></a> [database_subnetpool_id](#input_database_subnetpool_id) | The id of the subnetpool to create the databse network from.<br>Since this module can route private subnets to the backbone, it needs to make sure it's not creating overlapping subnets. | `string` | `null` | no | | <a name="input_database_subnetpool_id"></a> [database_subnetpool_id](#input_database_subnetpool_id) | The id of the subnetpool to create the databse network from.<br>Since this module can route private subnets to the backbone, it needs to make sure it's not creating overlapping subnets. | `string` | `null` | no |
| <a name="input_external_network_id"></a> [external_network_id](#input_external_network_id) | The id of the external network to connect the frontend router to. | `string` | `null` | no | | <a name="input_external_network_id"></a> [external_network_id](#input_external_network_id) | The id of the external network to connect the frontend router to. | `string` | `null` | no |
| <a name="input_frontend_subnet_prefix_len"></a> [frontend_subnet_prefix_len](#input_frontend_subnet_prefix_len) | The prefix length of the frontend subnet. Must be between 20 and 32. | `number` | `24` | no | | <a name="input_frontend_subnet_prefix_len"></a> [frontend_subnet_prefix_len](#input_frontend_subnet_prefix_len) | The prefix length of the frontend subnet. Must be between 20 and 32. | `number` | `24` | no |
| <a name="input_network_internal_domain_name"></a> [network_internal_domain_name](#input_network_internal_domain_name) | The domain name to use for dns resolution inside the private networks | `string` | `null` | no |
| <a name="input_project_domain"></a> [project_domain](#input_project_domain) | The domain where this project will be created | `string` | `"default"` | no | | <a name="input_project_domain"></a> [project_domain](#input_project_domain) | The domain where this project will be created | `string` | `"default"` | no |
| <a name="input_project_name"></a> [project_name](#input_project_name) | The name of the project | `string` | n/a | yes | | <a name="input_project_name"></a> [project_name](#input_project_name) | The name of the project | `string` | n/a | yes |
| <a name="input_project_tags"></a> [project_tags](#input_project_tags) | The tags to append to this project | `list(string)` | `[]` | no | | <a name="input_project_tags"></a> [project_tags](#input_project_tags) | The tags to append to this project | `list(string)` | `[]` | no |

15
main.tf
View File

@ -28,6 +28,7 @@ resource "openstack_networking_subnetpool_v2" "apps" {
is_default = false is_default = false
ip_version = 4 ip_version = 4
prefixes = var.application_subnetpool_cidr_blocks prefixes = var.application_subnetpool_cidr_blocks
tags = var.project_tags
} }
resource "openstack_networking_subnetpool_v2" "database" { resource "openstack_networking_subnetpool_v2" "database" {
@ -36,37 +37,44 @@ resource "openstack_networking_subnetpool_v2" "database" {
is_default = false is_default = false
ip_version = 4 ip_version = 4
prefixes = var.database_subnetpool_cidr_blocks prefixes = var.database_subnetpool_cidr_blocks
tags = var.project_tags
} }
#! networks & subnets #! networks & subnets
resource "openstack_networking_network_v2" "frontend" { resource "openstack_networking_network_v2" "frontend" {
count = var.architecture_tiers > 0 ? 1 : 0 count = var.architecture_tiers > 0 ? 1 : 0
name = "${local.resource_prefix}-frontend-network" name = "${local.resource_prefix}-frontend-network"
dns_domain = var.network_internal_domain_name
description = "Terraform managed." description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id tenant_id = data.openstack_identity_project_v3.this.id
shared = false shared = false
admin_state_up = "true" admin_state_up = "true"
mtu = 1450 mtu = 1450
tags = var.project_tags
} }
resource "openstack_networking_network_v2" "backend" { resource "openstack_networking_network_v2" "backend" {
count = var.architecture_tiers > 1 ? 1 : 0 count = var.architecture_tiers > 1 ? 1 : 0
name = "${local.resource_prefix}-backend-network" name = "${local.resource_prefix}-backend-network"
dns_domain = var.network_internal_domain_name
description = "Terraform managed." description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id tenant_id = data.openstack_identity_project_v3.this.id
shared = false shared = false
admin_state_up = "true" admin_state_up = "true"
mtu = 1450 mtu = 1450
tags = var.project_tags
} }
resource "openstack_networking_network_v2" "database" { resource "openstack_networking_network_v2" "database" {
count = var.architecture_tiers == 3 ? 1 : 0 count = var.architecture_tiers == 3 ? 1 : 0
name = "${local.resource_prefix}-database-network" name = "${local.resource_prefix}-database-network"
dns_domain = var.network_internal_domain_name
description = "Terraform managed." description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id tenant_id = data.openstack_identity_project_v3.this.id
shared = false shared = false
admin_state_up = "true" admin_state_up = "true"
mtu = 1450 mtu = 1450
tags = var.project_tags
} }
resource "openstack_networking_subnet_v2" "frontend" { resource "openstack_networking_subnet_v2" "frontend" {
@ -79,6 +87,7 @@ resource "openstack_networking_subnet_v2" "frontend" {
ip_version = 4 ip_version = 4
subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.apps[0].id : var.application_subnetpool_id subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.apps[0].id : var.application_subnetpool_id
dns_nameservers = var.public_nameservers dns_nameservers = var.public_nameservers
tags = var.project_tags
} }
resource "openstack_networking_subnet_v2" "backend" { resource "openstack_networking_subnet_v2" "backend" {
@ -91,6 +100,7 @@ resource "openstack_networking_subnet_v2" "backend" {
ip_version = 4 ip_version = 4
subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.apps[0].id : var.application_subnetpool_id subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.apps[0].id : var.application_subnetpool_id
dns_nameservers = var.public_nameservers dns_nameservers = var.public_nameservers
tags = var.project_tags
} }
resource "openstack_networking_subnet_v2" "database" { resource "openstack_networking_subnet_v2" "database" {
@ -103,6 +113,7 @@ resource "openstack_networking_subnet_v2" "database" {
ip_version = 4 ip_version = 4
subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.database[0].id : var.database_subnetpool_id subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.database[0].id : var.database_subnetpool_id
dns_nameservers = var.public_nameservers dns_nameservers = var.public_nameservers
tags = var.project_tags
} }
#! router #! router
@ -113,6 +124,7 @@ resource "openstack_networking_router_v2" "this" {
tenant_id = data.openstack_identity_project_v3.this.id tenant_id = data.openstack_identity_project_v3.this.id
external_network_id = var.attach_to_external ? var.external_network_id : null external_network_id = var.attach_to_external ? var.external_network_id : null
admin_state_up = true admin_state_up = true
tags = var.project_tags
} }
resource "openstack_networking_router_interface_v2" "frontend" { resource "openstack_networking_router_interface_v2" "frontend" {
@ -144,6 +156,7 @@ resource "openstack_networking_secgroup_v2" "frontend" {
description = "Terraform managed." description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id tenant_id = data.openstack_identity_project_v3.this.id
delete_default_rules = true delete_default_rules = true
tags = var.project_tags
} }
resource "openstack_networking_secgroup_rule_v2" "frontend_egress" { resource "openstack_networking_secgroup_rule_v2" "frontend_egress" {
@ -179,6 +192,7 @@ resource "openstack_networking_secgroup_v2" "backend" {
description = "Terraform managed." description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id tenant_id = data.openstack_identity_project_v3.this.id
delete_default_rules = true delete_default_rules = true
tags = var.project_tags
} }
resource "openstack_networking_secgroup_rule_v2" "backend_egress" { resource "openstack_networking_secgroup_rule_v2" "backend_egress" {
@ -214,6 +228,7 @@ resource "openstack_networking_secgroup_v2" "database" {
description = "Terraform managed." description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id tenant_id = data.openstack_identity_project_v3.this.id
delete_default_rules = true delete_default_rules = true
tags = var.project_tags
} }
resource "openstack_networking_secgroup_rule_v2" "database_egress" { resource "openstack_networking_secgroup_rule_v2" "database_egress" {

1
tests/module/README.md
View File

@ -47,6 +47,7 @@
| <a name="input_database_subnetpool_cidr_blocks"></a> [database_subnetpool_cidr_blocks](#input_database_subnetpool_cidr_blocks) | The CIDR blocks for the database subnet pool | `list(string)` | <pre>[<br> "192.168.8.0/23"<br>]</pre> | no | | <a name="input_database_subnetpool_cidr_blocks"></a> [database_subnetpool_cidr_blocks](#input_database_subnetpool_cidr_blocks) | The CIDR blocks for the database subnet pool | `list(string)` | <pre>[<br> "192.168.8.0/23"<br>]</pre> | no |
| <a name="input_database_subnetpool_id"></a> [database_subnetpool_id](#input_database_subnetpool_id) | The id of the subnetpool to create the databse network from.<br>Since this module can route private subnets to the backbone, it needs to make sure it's not creating overlapping subnets. | `string` | `null` | no | | <a name="input_database_subnetpool_id"></a> [database_subnetpool_id](#input_database_subnetpool_id) | The id of the subnetpool to create the databse network from.<br>Since this module can route private subnets to the backbone, it needs to make sure it's not creating overlapping subnets. | `string` | `null` | no |
| <a name="input_frontend_subnet_prefix_len"></a> [frontend_subnet_prefix_len](#input_frontend_subnet_prefix_len) | The prefix length of the frontend subnet. Must be between 20 and 32. | `number` | `24` | no | | <a name="input_frontend_subnet_prefix_len"></a> [frontend_subnet_prefix_len](#input_frontend_subnet_prefix_len) | The prefix length of the frontend subnet. Must be between 20 and 32. | `number` | `24` | no |
| <a name="input_network_internal_domain_name"></a> [network_internal_domain_name](#input_network_internal_domain_name) | The domain name to use for dns resolution inside the private networks | `string` | `null` | no |
| <a name="input_project_domain"></a> [project_domain](#input_project_domain) | The domain where this project will be created | `string` | `"default"` | no | | <a name="input_project_domain"></a> [project_domain](#input_project_domain) | The domain where this project will be created | `string` | `"default"` | no |
| <a name="input_project_tags"></a> [project_tags](#input_project_tags) | The tags to append to this project | `list(string)` | `[]` | no | | <a name="input_project_tags"></a> [project_tags](#input_project_tags) | The tags to append to this project | `list(string)` | `[]` | no |
| <a name="input_public_nameservers"></a> [public_nameservers](#input_public_nameservers) | A list of public DNS servers to upstreams requests to in your subnets.<br>This is not necessary if your openstack deployment already has configured default upstreams for neutron. | `list(string)` | `[]` | no | | <a name="input_public_nameservers"></a> [public_nameservers](#input_public_nameservers) | A list of public DNS servers to upstreams requests to in your subnets.<br>This is not necessary if your openstack deployment already has configured default upstreams for neutron. | `list(string)` | `[]` | no |

6
tests/module/variables.tf
View File

@ -70,6 +70,12 @@ variable "database_subnetpool_cidr_blocks" {
} }
#! networking variables #! networking variables
variable "network_internal_domain_name" {
type = string
description = "The domain name to use for dns resolution inside the private networks"
default = null
}
variable "frontend_subnet_prefix_len" { variable "frontend_subnet_prefix_len" {
type = number type = number
description = "The prefix length of the frontend subnet. Must be between 20 and 32." description = "The prefix length of the frontend subnet. Must be between 20 and 32."

6
variables.tf
View File

@ -79,6 +79,12 @@ variable "database_subnetpool_cidr_blocks" {
} }
#! networking variables #! networking variables
variable "network_internal_domain_name" {
type = string
description = "The domain name to use for dns resolution inside the private networks"
default = null
}
variable "frontend_subnet_prefix_len" { variable "frontend_subnet_prefix_len" {
type = number type = number
description = "The prefix length of the frontend subnet. Must be between 20 and 32." description = "The prefix length of the frontend subnet. Must be between 20 and 32."