From 0e866a9462fa023c5d9d419d0c4e66f3bb4a4d70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaros=C5=82aw=20Kalinowski?= Date: Tue, 12 Nov 2024 12:08:50 +0200 Subject: [PATCH] !fixup --- terraform/server.tf | 90 ++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/terraform/server.tf b/terraform/server.tf index e949fa4..f88a8ba 100644 --- a/terraform/server.tf +++ b/terraform/server.tf @@ -42,7 +42,7 @@ terraform { variable "instance_name" { # set with set-name.sh - type = string + type = string default = "hpcs.main" } @@ -52,27 +52,27 @@ locals { "cloud-config.yaml", { kind_dashboard_admin_yaml = base64encode(file("files/admin-user.yaml")), - setup_sha512 = base64encode(sha512(file("files/setup.sh"))), - ed25519_private = indent(4, file("secrets/ssh_host_ed25519_key")), - ed25519_public = file("secrets/ssh_host_ed25519_key.pub"), - hpcs_cluster_yaml = base64encode(file("files/hpcs-cluster.yaml")), - public_keys = setsubtract(split("\n", trim(file("secrets/public_keys"), "\n")), [""] ), - tunnel_keys = setsubtract(split("\n", trim(file("secrets/tunnel_keys"), "\n")), [""] ), - setup_sh = base64encode(file("files/setup.sh")), - }) + setup_sha512 = base64encode(sha512(file("files/setup.sh"))), + ed25519_private = indent(4, file("secrets/ssh_host_ed25519_key")), + ed25519_public = file("secrets/ssh_host_ed25519_key.pub"), + hpcs_cluster_yaml = base64encode(file("files/hpcs-cluster.yaml")), + public_keys = setsubtract(split("\n", trim(file("secrets/public_keys"), "\n")), [""]), + tunnel_keys = setsubtract(split("\n", trim(file("secrets/tunnel_keys"), "\n")), [""]), + setup_sh = base64encode(file("files/setup.sh")), + }) } # The actual VM is defined here resource "openstack_compute_instance_v2" "instance" { - name = "${var.instance_name}" - image_name = "Ubuntu-24.04" + name = var.instance_name + image_name = "Ubuntu-24.04" flavor_name = "standard.small" - user_data = local.cloud_init + user_data = local.cloud_init security_groups = [ openstack_networking_secgroup_v2.security_group.name, ] network { - uuid = "${openstack_networking_network_v2.instance_net.id}" + uuid = openstack_networking_network_v2.instance_net.id } # Pouta API refuses to create the instance unless the subnet is ready to go depends_on = [ @@ -86,13 +86,13 @@ resource "openstack_compute_instance_v2" "instance" { # Network for the VM to be in. It is not allowed in most cases to have # VMs directly in the public network on Pouta resource "openstack_networking_network_v2" "instance_net" { - name = "${var.instance_name}-net" + name = "${var.instance_name}-net" admin_state_up = "true" } # A router to attach the network defined earlier to the public network resource "openstack_networking_router_v2" "router" { - name = "${var.instance_name}-router" + name = "${var.instance_name}-router" admin_state_up = "true" # Magic UUID is the UUID of our public network, somewhat difficult # to refer to it by name here so we are stuck with the magic thing @@ -102,13 +102,13 @@ resource "openstack_networking_router_v2" "router" { # Attachment of the router to the VM subnet resource "openstack_networking_router_interface_v2" "interface" { - router_id = "${openstack_networking_router_v2.router.id}" - subnet_id = "${openstack_networking_subnet_v2.instance_subnet.id}" + router_id = openstack_networking_router_v2.router.id + subnet_id = openstack_networking_subnet_v2.instance_subnet.id } # The floating ip, which will be a public IP used to access the VM resource "openstack_networking_floatingip_v2" "ip" { - pool = "public" + pool = "public" depends_on = [openstack_networking_router_interface_v2.interface] lifecycle { # Protect the public IP @@ -121,14 +121,14 @@ resource "openstack_networking_floatingip_v2" "ip" { # one can redeploy an instance and attach the IP to the new instance # without the need to do anything about the IP object itself. resource "openstack_compute_floatingip_associate_v2" "ip_attach" { - floating_ip = "${openstack_networking_floatingip_v2.ip.address}" - instance_id = "${openstack_compute_instance_v2.instance.id}" + floating_ip = openstack_networking_floatingip_v2.ip.address + instance_id = openstack_compute_instance_v2.instance.id } # Volume to store some data that we want to preserve during re-deployments resource "openstack_blockstorage_volume_v3" "data" { - name = "${var.instance_name}-data" - size = 10 + name = "${var.instance_name}-data" + size = 10 lifecycle { # Do not destroy the volume... ever... prevent_destroy = true @@ -136,8 +136,8 @@ resource "openstack_blockstorage_volume_v3" "data" { } resource "openstack_blockstorage_volume_v3" "docker" { - name = "${var.instance_name}-docker" - size = 20 + name = "${var.instance_name}-docker" + size = 20 lifecycle { # Do not destroy the volume... ever... prevent_destroy = true @@ -147,20 +147,20 @@ resource "openstack_blockstorage_volume_v3" "docker" { # Similarly to the floating ip case, we need an attachment of the volume # defined above resource "openstack_compute_volume_attach_v2" "data" { - instance_id = "${openstack_compute_instance_v2.instance.id}" - volume_id = "${openstack_blockstorage_volume_v3.data.id}" + instance_id = openstack_compute_instance_v2.instance.id + volume_id = openstack_blockstorage_volume_v3.data.id } resource "openstack_compute_volume_attach_v2" "docker" { - instance_id = "${openstack_compute_instance_v2.instance.id}" - volume_id = "${openstack_blockstorage_volume_v3.docker.id}" + instance_id = openstack_compute_instance_v2.instance.id + volume_id = openstack_blockstorage_volume_v3.docker.id } ####################################################################### # Security group and its rules ####################################################################### resource "openstack_networking_secgroup_v2" "security_group" { - name = "${var.instance_name}" + name = var.instance_name } resource "openstack_networking_secgroup_rule_v2" "ssh-in-staff-vpn" { @@ -170,7 +170,7 @@ resource "openstack_networking_secgroup_rule_v2" "ssh-in-staff-vpn" { port_range_min = 22 port_range_max = 22 remote_ip_prefix = "193.166.85.0/24" - security_group_id = "${openstack_networking_secgroup_v2.security_group.id}" + security_group_id = openstack_networking_secgroup_v2.security_group.id } resource "openstack_networking_secgroup_rule_v2" "ssh-in-espoo-office-00" { @@ -180,7 +180,7 @@ resource "openstack_networking_secgroup_rule_v2" "ssh-in-espoo-office-00" { port_range_min = 22 port_range_max = 22 remote_ip_prefix = "193.166.1.0/24" - security_group_id = "${openstack_networking_secgroup_v2.security_group.id}" + security_group_id = openstack_networking_secgroup_v2.security_group.id } resource "openstack_networking_secgroup_rule_v2" "ssh-in-espoo-office-01" { @@ -190,7 +190,7 @@ resource "openstack_networking_secgroup_rule_v2" "ssh-in-espoo-office-01" { port_range_min = 22 port_range_max = 22 remote_ip_prefix = "193.166.2.0/24" - security_group_id = "${openstack_networking_secgroup_v2.security_group.id}" + security_group_id = openstack_networking_secgroup_v2.security_group.id } resource "openstack_networking_secgroup_rule_v2" "ssh-in-espoo-office-02" { @@ -200,7 +200,7 @@ resource "openstack_networking_secgroup_rule_v2" "ssh-in-espoo-office-02" { port_range_min = 22 port_range_max = 22 remote_ip_prefix = "193.166.80.0/23" - security_group_id = "${openstack_networking_secgroup_v2.security_group.id}" + security_group_id = openstack_networking_secgroup_v2.security_group.id } resource "openstack_networking_secgroup_rule_v2" "ssh-in-kajaani-office-00" { @@ -210,7 +210,7 @@ resource "openstack_networking_secgroup_rule_v2" "ssh-in-kajaani-office-00" { port_range_min = 22 port_range_max = 22 remote_ip_prefix = "193.166.86.0/24" - security_group_id = "${openstack_networking_secgroup_v2.security_group.id}" + security_group_id = openstack_networking_secgroup_v2.security_group.id } resource "openstack_networking_secgroup_rule_v2" "ssh-in-pa-vpn-00" { @@ -220,7 +220,7 @@ resource "openstack_networking_secgroup_rule_v2" "ssh-in-pa-vpn-00" { port_range_min = 22 port_range_max = 22 remote_ip_prefix = "193.166.83.0/24" - security_group_id = "${openstack_networking_secgroup_v2.security_group.id}" + security_group_id = openstack_networking_secgroup_v2.security_group.id } resource "openstack_networking_secgroup_rule_v2" "ssh-in-jaroslaw-00" { @@ -230,7 +230,7 @@ resource "openstack_networking_secgroup_rule_v2" "ssh-in-jaroslaw-00" { port_range_min = 22 port_range_max = 22 remote_ip_prefix = "87.94.57.247/24" - security_group_id = "${openstack_networking_secgroup_v2.security_group.id}" + security_group_id = openstack_networking_secgroup_v2.security_group.id } resource "openstack_networking_secgroup_rule_v2" "http-out" { @@ -240,7 +240,7 @@ resource "openstack_networking_secgroup_rule_v2" "http-out" { port_range_min = 80 port_range_max = 80 remote_ip_prefix = "0.0.0.0/0" - security_group_id = "${openstack_networking_secgroup_v2.security_group.id}" + security_group_id = openstack_networking_secgroup_v2.security_group.id } resource "openstack_networking_secgroup_rule_v2" "http-in" { @@ -260,7 +260,7 @@ resource "openstack_networking_secgroup_rule_v2" "https-out" { port_range_min = 443 port_range_max = 443 remote_ip_prefix = "0.0.0.0/0" - security_group_id = "${openstack_networking_secgroup_v2.security_group.id}" + security_group_id = openstack_networking_secgroup_v2.security_group.id } resource "openstack_networking_secgroup_rule_v2" "https-in" { direction = "ingress" @@ -269,7 +269,7 @@ resource "openstack_networking_secgroup_rule_v2" "https-in" { port_range_min = 443 port_range_max = 443 remote_ip_prefix = "0.0.0.0/0" - security_group_id = "${openstack_networking_secgroup_v2.security_group.id}" + security_group_id = openstack_networking_secgroup_v2.security_group.id } resource "openstack_networking_secgroup_rule_v2" "k8s-api-in-pa-vpn" { direction = "ingress" @@ -278,7 +278,7 @@ resource "openstack_networking_secgroup_rule_v2" "k8s-api-in-pa-vpn" { port_range_min = 6444 port_range_max = 6444 remote_ip_prefix = "193.166.83.0/24" - security_group_id = "${openstack_networking_secgroup_v2.security_group.id}" + security_group_id = openstack_networking_secgroup_v2.security_group.id } resource "openstack_networking_secgroup_rule_v2" "aux-k8s-portsp-in" { direction = "ingress" @@ -287,7 +287,7 @@ resource "openstack_networking_secgroup_rule_v2" "aux-k8s-portsp-in" { port_range_min = 30001 port_range_max = 30004 remote_ip_prefix = "0.0.0.0/0" - security_group_id = "${openstack_networking_secgroup_v2.security_group.id}" + security_group_id = openstack_networking_secgroup_v2.security_group.id } resource "openstack_networking_secgroup_rule_v2" "icinga-api-in" { @@ -309,9 +309,9 @@ resource "openstack_networking_secgroup_rule_v2" "icmp-in" { } # Subnet for the VM. On Pouta all VMs need to be in subnets to boot properly resource "openstack_networking_subnet_v2" "instance_subnet" { - name = "${var.instance_name}-subnet" - network_id = "${openstack_networking_network_v2.instance_net.id}" - cidr = "10.0.0.0/24" + name = "${var.instance_name}-subnet" + network_id = openstack_networking_network_v2.instance_net.id + cidr = "10.0.0.0/24" ip_version = 4 dns_nameservers = [ "1.1.1.1", @@ -321,7 +321,7 @@ resource "openstack_networking_subnet_v2" "instance_subnet" { # Handy output to get the IP address that we've got in the output output "address" { - value = "${openstack_networking_floatingip_v2.ip.address}" + value = openstack_networking_floatingip_v2.ip.address } output "cloud-init" { value = local.cloud_init