# Define required providers terraform { required_version = ">= 0.14.0" required_providers { openstack = { source = "terraform-provider-openstack/openstack" version = "~> 1.53.0" } } } # Configure the OpenStack Provider provider "openstack" { cloud = "sto4-rut" } resource "openstack_networking_secgroup_v2" "https" { name = "https" description = "Traffic to allow between microk8s hosts" } resource "openstack_networking_secgroup_rule_v2" "https_rule1" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 443 port_range_max = 443 remote_ip_prefix = "0.0.0.0/0" security_group_id = openstack_networking_secgroup_v2.https.id } resource "openstack_networking_secgroup_rule_v2" "https_rule2" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 443 port_range_max = 443 remote_ip_prefix = "::/0" security_group_id = openstack_networking_secgroup_v2.https.id } resource "openstack_networking_secgroup_rule_v2" "https_rule3" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 80 port_range_max = 80 remote_ip_prefix = "0.0.0.0/0" security_group_id = openstack_networking_secgroup_v2.https.id } resource "openstack_networking_secgroup_rule_v2" "https_rule4" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 80 port_range_max = 80 remote_ip_prefix = "::/0" security_group_id = openstack_networking_secgroup_v2.https.id } resource "openstack_networking_secgroup_v2" "jumphosts" { name = "Allow SSH from SUNET jumphosts" description = "Traffic to allow ssh access from jumphosts" } resource "openstack_networking_secgroup_rule_v2" "jumphosts_rule1" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 22 port_range_max = 22 remote_ip_prefix = "130.242.125.68/32" security_group_id = openstack_networking_secgroup_v2.jumphosts.id } resource "openstack_networking_secgroup_rule_v2" "jumphosts_rule2" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 22 port_range_max = 22 remote_ip_prefix = "130.242.121.73/32" security_group_id = openstack_networking_secgroup_v2.jumphosts.id } resource "openstack_networking_secgroup_rule_v2" "jumphosts_rule3" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 22 port_range_max = 22 remote_ip_prefix = "2001:6b0:8:4::68/128" security_group_id = openstack_networking_secgroup_v2.jumphosts.id } resource "openstack_networking_secgroup_rule_v2" "jumphosts_rule4" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 22 port_range_max = 22 remote_ip_prefix = "2001:6b0:7:6::73/128" security_group_id = openstack_networking_secgroup_v2.jumphosts.id } resource "openstack_compute_instance_v2" "monitor-node" { name = "internal-sto4-prod-monitor-1.${var.dns_suffix}" flavor_name = "${var.monitor_instance_type}" key_pair = "thorslund" security_groups = ["https", "Allow SSH from SUNET jumphosts",] block_device { uuid = "5d24aca9-11be-4de1-9770-4a097d68f361" #debian 12 source_type = "image" volume_size = 200 boot_index = 0 destination_type = "volume" delete_on_termination = false } network { name = "public" } scheduler_hints { #We want this server on another host than the controllers. We don't want to loose a controller and the monitoring at the same time. group = openstack_compute_servergroup_v2.controllers.id } } resource "openstack_compute_instance_v2" "satosa-node" { name = "internal-sto4-prod-satosa-1.${var.dns_suffix}" flavor_name = "${var.monitor_instance_type}" key_pair = "thorslund" security_groups = ["https", "Allow SSH from SUNET jumphosts",] block_device { uuid = "5d24aca9-11be-4de1-9770-4a097d68f361" #debian 12 source_type = "image" volume_size = 20 boot_index = 0 destination_type = "volume" delete_on_termination = false } network { name = "public" } scheduler_hints { #We want this server on another host than the controllers. We don't want to loose a controller and the monitoring at the same time. group = openstack_compute_servergroup_v2.controllers.id } }