From 8656d8bcc66689b846ad34a1915b469047fc4bc7 Mon Sep 17 00:00:00 2001
From: Mikael Frykholm <mifr@sunet.se>
Date: Tue, 30 Apr 2024 11:43:25 +0200
Subject: [PATCH] Setup a satosa for auth. misnamed secgroup.

---
 main.tf | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index e5a0dd8..fcc1ce0 100644
--- a/main.tf
+++ b/main.tf
@@ -14,7 +14,7 @@ provider "openstack" {
   cloud = "sto4-rut"
 }
 resource "openstack_networking_secgroup_v2" "https" {
-  name        = "microk8s"
+  name        = "https"
   description = "Traffic to allow between microk8s hosts"
 }
 resource "openstack_networking_secgroup_rule_v2" "https_rule1" {
@@ -75,4 +75,27 @@ resource "openstack_compute_instance_v2" "monitor-node" {
       #We want this server on another host than the controllers. We don't want to loose a controller and the monitoring at the same time. 
       group = openstack_compute_servergroup_v2.controllers.id 
   }
-}
\ No newline at end of file
+}
+resource "openstack_compute_instance_v2" "satosa-node" {
+  name            = "internal-sto4-test-satosa-1.${var.dns_suffix}"
+  flavor_name     = "${var.monitor_instance_type}"
+  key_pair        = "mifr-yubi"
+  security_groups = ["https", "Allow SSH from SUNET jumphosts",]
+  
+
+  block_device {
+    uuid                  = "5d24aca9-11be-4de1-9770-4a097d68f361" #debian 12
+    source_type           = "image"
+    volume_size           = 20
+    boot_index            = 0
+    destination_type      = "volume"
+    delete_on_termination = false
+  }
+  network {
+    name = "public"
+  }
+    scheduler_hints {
+      #We want this server on another host than the controllers. We don't want to loose a controller and the monitoring at the same time. 
+      group = openstack_compute_servergroup_v2.controllers.id 
+  }
+}