terraform-registry/terraform-openstack-landing-zone
terraform-registry/terraform-openstack-landing-zone
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
ba402ca0af
terraform-openstack-landing.../main.tf
Bertrand Lanson 796fbebbfa
Some checks failed
development / Check commit compliance (push) Successful in 5s
Details
pull-requests-open / Check commit compliance (pull_request) Successful in 5s
Details
pull-requests-open / Check pre-commit status (pull_request) Successful in 22s
Details
pull-requests-open / Run E2E tofu tests (pull_request) Successful in 2m55s
Details
build-deploy / Bump version and create changelog with commitizen (push) Has been cancelled
Details
fix: correctly tag resources
2024-09-30 19:37:16 +02:00

260 lines
8.9 KiB
HCL
Raw Blame History

terraform {
# version requirements
required_version = ">= 1.0.0"
# providers requirements
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = ">= 1.54"
}
}
}
locals {
resource_prefix = lower(var.project_name)
}
#! data sources
data "openstack_identity_project_v3" "this" {
name = var.project_name
domain_id = var.project_domain
}
#! subnetpools
resource "openstack_networking_subnetpool_v2" "apps" {
count = var.create_application_subnetpool ? 1 : 0
name = "${local.resource_prefix}-application-subnetpool"
is_default = false
ip_version = 4
prefixes = var.application_subnetpool_cidr_blocks
tags = var.project_tags
}
resource "openstack_networking_subnetpool_v2" "database" {
count = var.create_database_subnetpool ? 1 : 0
name = "${local.resource_prefix}-database-subnetpool"
is_default = false
ip_version = 4
prefixes = var.database_subnetpool_cidr_blocks
tags = var.project_tags
}
#! networks & subnets
resource "openstack_networking_network_v2" "frontend" {
count = var.architecture_tiers > 0 ? 1 : 0
name = "${local.resource_prefix}-frontend-network"
dns_domain = var.network_internal_domain_name
description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id
shared = false
admin_state_up = "true"
mtu = 1450
tags = var.project_tags
}
resource "openstack_networking_network_v2" "backend" {
count = var.architecture_tiers > 1 ? 1 : 0
name = "${local.resource_prefix}-backend-network"
dns_domain = var.network_internal_domain_name
description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id
shared = false
admin_state_up = "true"
mtu = 1450
tags = var.project_tags
}
resource "openstack_networking_network_v2" "database" {
count = var.architecture_tiers == 3 ? 1 : 0
name = "${local.resource_prefix}-database-network"
dns_domain = var.network_internal_domain_name
description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id
shared = false
admin_state_up = "true"
mtu = 1450
tags = var.project_tags
}
resource "openstack_networking_subnet_v2" "frontend" {
count = var.architecture_tiers > 0 ? 1 : 0
name = "${local.resource_prefix}-frontend-subnet-${count.index + 1}"
description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id
network_id = openstack_networking_network_v2.frontend[0].id
prefix_length = var.frontend_subnet_prefix_len
ip_version = 4
subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.apps[0].id : var.application_subnetpool_id
dns_nameservers = var.public_nameservers
tags = var.project_tags
}
resource "openstack_networking_subnet_v2" "backend" {
count = var.architecture_tiers > 1 ? 1 : 0
name = "${local.resource_prefix}-backend-subnet-${count.index + 1}"
description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id
network_id = openstack_networking_network_v2.backend[0].id
prefix_length = var.backend_subnet_prefix_len
ip_version = 4
subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.apps[0].id : var.application_subnetpool_id
dns_nameservers = var.public_nameservers
tags = var.project_tags
}
resource "openstack_networking_subnet_v2" "database" {
count = var.architecture_tiers == 3 ? 1 : 0
name = "${local.resource_prefix}-database-subnet-${count.index + 1}"
description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id
network_id = openstack_networking_network_v2.database[0].id
prefix_length = var.database_subnet_prefix_len
ip_version = 4
subnetpool_id = var.create_application_subnetpool ? openstack_networking_subnetpool_v2.database[0].id : var.database_subnetpool_id
dns_nameservers = var.public_nameservers
tags = var.project_tags
}
#! router
resource "openstack_networking_router_v2" "this" {
count = var.architecture_tiers > 0 ? 1 : 0
name = "${local.resource_prefix}-main-${count.index + 1}"
description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id
external_network_id = var.attach_to_external ? var.external_network_id : null
admin_state_up = true
tags = var.project_tags
}
resource "openstack_networking_router_interface_v2" "frontend" {
count = var.architecture_tiers > 0 ? 1 : 0
router_id = openstack_networking_router_v2.this[0].id
subnet_id = openstack_networking_subnet_v2.frontend[0].id
}
resource "openstack_networking_router_interface_v2" "backend" {
count = var.architecture_tiers > 1 ? 1 : 0
router_id = openstack_networking_router_v2.this[0].id
subnet_id = openstack_networking_subnet_v2.backend[0].id
}
resource "openstack_networking_router_interface_v2" "database" {
count = var.architecture_tiers == 3 ? 1 : 0
router_id = openstack_networking_router_v2.this[0].id
subnet_id = openstack_networking_subnet_v2.database[0].id
}
#! security groups
resource "openstack_networking_secgroup_v2" "frontend" {
count = (
var.architecture_tiers > 0 &&
var.create_default_secgroups
) ? 1 : 0
name = "${local.resource_prefix}-frontend-secgroup"
description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id
delete_default_rules = true
tags = var.project_tags
}
resource "openstack_networking_secgroup_rule_v2" "frontend_egress" {
count = (
var.architecture_tiers > 0 &&
var.create_default_secgroups
) ? 1 : 0
direction = "egress"
ethertype = "IPv4"
remote_ip_prefix = "0.0.0.0/0"
security_group_id = openstack_networking_secgroup_v2.frontend[0].id
}
resource "openstack_networking_secgroup_rule_v2" "frontend_ingress" {
count = (
var.architecture_tiers > 0 &&
var.create_default_secgroups
) ? 1 : 0
direction = "ingress"
ethertype = "IPv4"
remote_ip_prefix = "0.0.0.0/0"
security_group_id = openstack_networking_secgroup_v2.frontend[0].id
}
resource "openstack_networking_secgroup_v2" "backend" {
count = (
var.architecture_tiers > 1 &&
var.create_default_secgroups
) ? 1 : 0
name = "${local.resource_prefix}-backend-secgroup"
description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id
delete_default_rules = true
tags = var.project_tags
}
resource "openstack_networking_secgroup_rule_v2" "backend_egress" {
count = (
var.architecture_tiers > 1 &&
var.create_default_secgroups
) ? 1 : 0
direction = "egress"
ethertype = "IPv4"
remote_ip_prefix = "0.0.0.0/0"
security_group_id = openstack_networking_secgroup_v2.backend[0].id
}
resource "openstack_networking_secgroup_rule_v2" "backend_ingress" {
count = (
var.architecture_tiers > 1 &&
var.create_default_secgroups
) ? 1 : 0
direction = "ingress"
ethertype = "IPv4"
remote_group_id = openstack_networking_secgroup_v2.frontend[0].id
security_group_id = openstack_networking_secgroup_v2.backend[0].id
}
resource "openstack_networking_secgroup_v2" "database" {
count = (
var.architecture_tiers == 3 &&
var.create_default_secgroups
) ? length(local.db_secgroups) : 0
name = "${local.resource_prefix}-database-${local.db_secgroups[count.index].type}-secgroup"
description = "Terraform managed."
tenant_id = data.openstack_identity_project_v3.this.id
delete_default_rules = true
tags = var.project_tags
}
resource "openstack_networking_secgroup_rule_v2" "database_egress" {
count = (
var.architecture_tiers == 3 &&
var.create_default_secgroups
) ? length(local.db_secgroups) : 0
direction = "egress"
ethertype = "IPv4"
remote_ip_prefix = "0.0.0.0/0"
security_group_id = openstack_networking_secgroup_v2.database[count.index].id
}
resource "openstack_networking_secgroup_rule_v2" "database_ingress" {
count = (
var.architecture_tiers == 3 &&
var.create_default_secgroups
) ? length(local.db_secgroups) : 0
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = local.db_secgroups[count.index].ingress_port
port_range_max = local.db_secgroups[count.index].ingress_port
remote_group_id = openstack_networking_secgroup_v2.backend[0].id
security_group_id = openstack_networking_secgroup_v2.database[count.index].id
}
Reference in New Issue View Git Blame Copy Permalink