Terraform module to deploy a completely customizable OpenStack network architecture in a given project. https://ednz.fr
Go to file
Bertrand Lanson 796fbebbfa
Some checks failed
development / Check commit compliance (push) Successful in 5s
pull-requests-open / Check commit compliance (pull_request) Successful in 5s
pull-requests-open / Check pre-commit status (pull_request) Successful in 22s
pull-requests-open / Run E2E tofu tests (pull_request) Successful in 2m55s
build-deploy / Bump version and create changelog with commitizen (push) Has been cancelled
fix: correctly tag resources
2024-09-30 19:37:16 +02:00
.gitea/workflows ci: fix credentials for tofu test stage 2024-09-10 18:55:49 +02:00
tests feat: add network_internal_domain_name variable to allow declaring internal dns resolution for networks 2024-09-30 19:33:36 +02:00
.cz.toml feat: add tests to module 2024-09-09 20:45:03 +02:00
.gitignore feat: add tests to module 2024-09-09 20:45:03 +02:00
.pre-commit-config.yaml ci: install dependencies for pre-commit hooks 2024-09-08 14:44:01 +02:00
.terraform.lock.hcl feat: add tests to module 2024-09-09 20:45:03 +02:00
CHANGELOG.md bump: version 0.0.0 → 0.1.0 2024-09-10 17:20:10 +00:00
LICENSE feat: add versioning requirements, and automatic documentation pipeline 2024-09-08 13:16:37 +02:00
main.tf fix: correctly tag resources 2024-09-30 19:37:16 +02:00
outputs.tf feat: add tests to module 2024-09-09 20:45:03 +02:00
README.md feat: add network_internal_domain_name variable to allow declaring internal dns resolution for networks 2024-09-30 19:33:36 +02:00
renovate.json Ci: add renovate.json [skip-ci] 2024-09-10 17:24:33 +00:00
variables.tf feat: add network_internal_domain_name variable to allow declaring internal dns resolution for networks 2024-09-30 19:33:36 +02:00

terraform-openstack-landing-zone

Terraform/OpenTofu module to deploy a completely customizable OpenStack network architecture.

Terraform Badge OpenTofu Badge OpenStack Badge

Requirements

Name Version
terraform >= 1.0.0
openstack >= 1.54

Providers

Name Version
openstack >= 1.54

Modules

No modules.

Resources

Name Type
openstack_networking_network_v2.backend resource
openstack_networking_network_v2.database resource
openstack_networking_network_v2.frontend resource
openstack_networking_router_interface_v2.backend resource
openstack_networking_router_interface_v2.database resource
openstack_networking_router_interface_v2.frontend resource
openstack_networking_router_v2.this resource
openstack_networking_secgroup_rule_v2.backend_egress resource
openstack_networking_secgroup_rule_v2.backend_ingress resource
openstack_networking_secgroup_rule_v2.database_egress resource
openstack_networking_secgroup_rule_v2.database_ingress resource
openstack_networking_secgroup_rule_v2.frontend_egress resource
openstack_networking_secgroup_rule_v2.frontend_ingress resource
openstack_networking_secgroup_v2.backend resource
openstack_networking_secgroup_v2.database resource
openstack_networking_secgroup_v2.frontend resource
openstack_networking_subnet_v2.backend resource
openstack_networking_subnet_v2.database resource
openstack_networking_subnet_v2.frontend resource
openstack_networking_subnetpool_v2.apps resource
openstack_networking_subnetpool_v2.database resource
openstack_identity_project_v3.this data source

Inputs

Name Description Type Default Required
application_subnetpool_cidr_blocks The CIDR blocks for the application subnet pool list(string)
[
"192.168.0.0/21"
]
no
application_subnetpool_id The id of the subnetpool to create the public (first 2 tier) networks from.
Since this module can route private subnets to the backbone, it needs to make sure it's not creating overlapping subnets.
string null no
architecture_tiers The type of architecture.
Can be either 0, 1, 2 or 3.
Tier 0 will not create any subnets or networks.
Tier 1 will only create a single frontend subnet.
Tier 2 will create a frontend and backend subnet.
Tier 3 will create a frontend, backend and database subnet.
number 1 no
attach_to_external Whether to attach the router to an external network.
This will add a gateway interface to the router, and possibly consume a public IP address which might be billed by your cloud provider.
bool false no
backend_subnet_prefix_len The prefix length of the backend subnet. Must be between 20 and 32. number 24 no
create_application_subnetpool Whether the module should create an application subnet pool for this project, or use an existing one. bool true no
create_database_subnetpool Whether the module should create a database subnet pool for this project, or use an existing one. bool true no
create_default_secgroups Whether to create default security groups or not.
Depending on your choice of architecture tiering, will create security groups so that each tier can connect to the one below.
Security groups for the database tier will be created for mariadb, postgresql and redis.
A default security group allowing ssh connection will also be created.
bool false no
database_secgroup_strict Defines whether the security groups for the database network should be strict.
In strict mode, egress is only allowed to the backend network.
bool false no
database_subnet_prefix_len The prefix length of the database subnet. Must be between 24 and 32. number 24 no
database_subnetpool_cidr_blocks The CIDR blocks for the database subnet pool list(string)
[
"192.168.8.0/23"
]
no
database_subnetpool_id The id of the subnetpool to create the databse network from.
Since this module can route private subnets to the backbone, it needs to make sure it's not creating overlapping subnets.
string null no
external_network_id The id of the external network to connect the frontend router to. string null no
frontend_subnet_prefix_len The prefix length of the frontend subnet. Must be between 20 and 32. number 24 no
network_internal_domain_name The domain name to use for dns resolution inside the private networks string null no
project_domain The domain where this project will be created string "default" no
project_name The name of the project string n/a yes
project_tags The tags to append to this project list(string) [] no
public_nameservers A list of public DNS servers to upstreams requests to in your subnets.
This is not necessary if your openstack deployment already has configured default upstreams for neutron.
list(string) [] no

Outputs

Name Description
apps_subnetpool The application subnetpool object (as a list), if created
backend_network The backend network object (as a list), if created
backend_secgroups The backend security group objects (as a list), if created
backend_subnet The backend subnet object (as a list), if created
database_network The database network object (as a list), if created
database_secgroups The database security group objects (as a list), if created
database_subnet The database subnet object (as a list), if created
database_subnetpool The database subnetpool object (as a list), if created
frontend_network The frontend network object (as a list), if created
frontend_secgroups The frontend security group objects (as a list), if created
frontend_subnet The frontend subnet object (as a list), if created
router The entire router object (as a list), if created