Terraform module to deploy a completely customizable OpenStack network architecture in a given project.
https://ednz.fr
Bertrand Lanson
796fbebbfa
Some checks failed
development / Check commit compliance (push) Successful in 5s
pull-requests-open / Check commit compliance (pull_request) Successful in 5s
pull-requests-open / Check pre-commit status (pull_request) Successful in 22s
pull-requests-open / Run E2E tofu tests (pull_request) Successful in 2m55s
build-deploy / Bump version and create changelog with commitizen (push) Has been cancelled
|
||
---|---|---|
.gitea/workflows | ||
tests | ||
.cz.toml | ||
.gitignore | ||
.pre-commit-config.yaml | ||
.terraform.lock.hcl | ||
CHANGELOG.md | ||
LICENSE | ||
main.tf | ||
outputs.tf | ||
README.md | ||
renovate.json | ||
variables.tf |
terraform-openstack-landing-zone
Terraform/OpenTofu module to deploy a completely customizable OpenStack network architecture.
Requirements
Name | Version |
---|---|
terraform | >= 1.0.0 |
openstack | >= 1.54 |
Providers
Name | Version |
---|---|
openstack | >= 1.54 |
Modules
No modules.
Resources
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
application_subnetpool_cidr_blocks | The CIDR blocks for the application subnet pool | list(string) |
[ |
no |
application_subnetpool_id | The id of the subnetpool to create the public (first 2 tier) networks from. Since this module can route private subnets to the backbone, it needs to make sure it's not creating overlapping subnets. |
string |
null |
no |
architecture_tiers | The type of architecture. Can be either 0, 1, 2 or 3. Tier 0 will not create any subnets or networks. Tier 1 will only create a single frontend subnet. Tier 2 will create a frontend and backend subnet. Tier 3 will create a frontend, backend and database subnet. |
number |
1 |
no |
attach_to_external | Whether to attach the router to an external network. This will add a gateway interface to the router, and possibly consume a public IP address which might be billed by your cloud provider. |
bool |
false |
no |
backend_subnet_prefix_len | The prefix length of the backend subnet. Must be between 20 and 32. | number |
24 |
no |
create_application_subnetpool | Whether the module should create an application subnet pool for this project, or use an existing one. | bool |
true |
no |
create_database_subnetpool | Whether the module should create a database subnet pool for this project, or use an existing one. | bool |
true |
no |
create_default_secgroups | Whether to create default security groups or not. Depending on your choice of architecture tiering, will create security groups so that each tier can connect to the one below. Security groups for the database tier will be created for mariadb, postgresql and redis. A default security group allowing ssh connection will also be created. |
bool |
false |
no |
database_secgroup_strict | Defines whether the security groups for the database network should be strict. In strict mode, egress is only allowed to the backend network. |
bool |
false |
no |
database_subnet_prefix_len | The prefix length of the database subnet. Must be between 24 and 32. | number |
24 |
no |
database_subnetpool_cidr_blocks | The CIDR blocks for the database subnet pool | list(string) |
[ |
no |
database_subnetpool_id | The id of the subnetpool to create the databse network from. Since this module can route private subnets to the backbone, it needs to make sure it's not creating overlapping subnets. |
string |
null |
no |
external_network_id | The id of the external network to connect the frontend router to. | string |
null |
no |
frontend_subnet_prefix_len | The prefix length of the frontend subnet. Must be between 20 and 32. | number |
24 |
no |
network_internal_domain_name | The domain name to use for dns resolution inside the private networks | string |
null |
no |
project_domain | The domain where this project will be created | string |
"default" |
no |
project_name | The name of the project | string |
n/a | yes |
project_tags | The tags to append to this project | list(string) |
[] |
no |
public_nameservers | A list of public DNS servers to upstreams requests to in your subnets. This is not necessary if your openstack deployment already has configured default upstreams for neutron. |
list(string) |
[] |
no |
Outputs
Name | Description |
---|---|
apps_subnetpool | The application subnetpool object (as a list), if created |
backend_network | The backend network object (as a list), if created |
backend_secgroups | The backend security group objects (as a list), if created |
backend_subnet | The backend subnet object (as a list), if created |
database_network | The database network object (as a list), if created |
database_secgroups | The database security group objects (as a list), if created |
database_subnet | The database subnet object (as a list), if created |
database_subnetpool | The database subnetpool object (as a list), if created |
frontend_network | The frontend network object (as a list), if created |
frontend_secgroups | The frontend security group objects (as a list), if created |
frontend_subnet | The frontend subnet object (as a list), if created |
router | The entire router object (as a list), if created |