terraform: add subnet for OpenStack LBs

2024-10-01 01:36:09 -04:00 · 2024-02-14 16:37:26 +01:00 · 2024-02-14 16:37:26 +01:00 · 1e987f6a85
commit 1e987f6a85
parent 9d164de18b
8 changed files with 75 additions and 10 deletions
--- a/cli/internal/terraform/terraform.go
+++ b/cli/internal/terraform/terraform.go
@ -349,8 +349,18 @@ func (c *Client) ShowInfrastructure(ctx context.Context, provider cloudprovider.
 		if !ok {
 			return state.Infrastructure{}, errors.New("invalid type in network_id output: not a string")
 		}
+		lbSubnetworkIDOutput, ok := tfState.Values.Outputs["lb_subnetwork_id"]
+		if !ok {
+			return state.Infrastructure{}, errors.New("no lb_subnetwork_id output found")
+		}
+		lbSubnetworkID, ok := lbSubnetworkIDOutput.Value.(string)
+		if !ok {
+			return state.Infrastructure{}, errors.New("invalid type in lb_subnetwork_id output: not a string")
+		}
+
 		res.OpenStack = &state.OpenStack{
 			NetworkID: networkID,
+			SubnetID:  lbSubnetworkID,
 		}
 	}
 	return res, nil
--- a/internal/constellation/state/state.go
+++ b/internal/constellation/state/state.go
@ -176,6 +176,9 @@ type OpenStack struct {
 	// description: |
 	//   ID of the network
 	NetworkID string `yaml:"networkID"`
+	// description: |
+	//   ID of the subnet
+	SubnetID string `yaml:"subnetID"`
 }

 // New creates a new cluster state (file).
--- a/internal/constellation/state/state_doc.go
+++ b/internal/constellation/state/state_doc.go
@ -198,12 +198,17 @@ func init() {
 			FieldName: "openstack",
 		},
 	}
-	OpenStackDoc.Fields = make([]encoder.Doc, 1)
+	OpenStackDoc.Fields = make([]encoder.Doc, 2)
 	OpenStackDoc.Fields[0].Name = "networkID"
 	OpenStackDoc.Fields[0].Type = "string"
 	OpenStackDoc.Fields[0].Note = ""
 	OpenStackDoc.Fields[0].Description = "ID of the network"
 	OpenStackDoc.Fields[0].Comments[encoder.LineComment] = "ID of the network"
+	OpenStackDoc.Fields[1].Name = "subnetID"
+	OpenStackDoc.Fields[1].Type = "string"
+	OpenStackDoc.Fields[1].Note = ""
+	OpenStackDoc.Fields[1].Description = "ID of the subnet"
+	OpenStackDoc.Fields[1].Comments[encoder.LineComment] = "ID of the subnet"
 }

 func (_ State) Doc() *encoder.Doc {
--- a/terraform/infrastructure/openstack/main.tf
+++ b/terraform/infrastructure/openstack/main.tf
@ -33,6 +33,7 @@ locals {
  ports_recovery         = "9999"
  ports_debugd           = "4000"
  cidr_vpc_subnet_nodes  = "192.168.178.0/24"
+  cidr_vpc_subnet_lbs    = "192.168.177.0/24"
  tags                   = ["constellation-uid-${local.uid}"]
  identity_service = [
    for entry in data.openstack_identity_auth_scope_v3.scope.service_catalog :
@ -78,6 +79,19 @@ resource "openstack_networking_subnet_v2" "vpc_subnetwork" {
  tags = local.tags
 }

+resource "openstack_networking_subnet_v2" "lb_subnetwork" {
+  name        = "${var.name}-${local.uid}-lb"
+  description = "Constellation LB subnetwork"
+  network_id  = openstack_networking_network_v2.vpc_network.id
+  cidr        = local.cidr_vpc_subnet_lbs
+  dns_nameservers = [
+    "1.1.1.1",
+    "8.8.8.8",
+    "9.9.9.9",
+  ]
+  tags = local.tags
+}
+
 resource "openstack_networking_router_v2" "vpc_router" {
  name                = local.name
  external_network_id = data.openstack_networking_network_v2.floating_ip_pool.network_id
@ -88,6 +102,11 @@ resource "openstack_networking_router_interface_v2" "vpc_router_interface" {
  subnet_id = openstack_networking_subnet_v2.vpc_subnetwork.id
 }

+resource "openstack_networking_router_interface_v2" "lbs_router_interface_lbs" {
+  router_id = openstack_networking_router_v2.vpc_router.id
+  subnet_id = openstack_networking_subnet_v2.lb_subnetwork.id
+}
+
 resource "openstack_networking_secgroup_v2" "vpc_secgroup" {
  name        = local.name
  description = "Constellation VPC security group"
@ -209,6 +228,7 @@ module "instance_group" {
  tags                       = local.tags
  uid                        = local.uid
  network_id                 = openstack_networking_network_v2.vpc_network.id
+  subnet_id                  = openstack_networking_subnet_v2.vpc_subnetwork.id
  init_secret_hash           = local.init_secret_hash
  identity_internal_url      = local.identity_internal_url
  openstack_username         = var.openstack_username
@ -223,9 +243,9 @@ resource "openstack_networking_floatingip_v2" "public_ip" {
 }


-resource "openstack_compute_floatingip_associate_v2" "public_ip_associate" {
+resource "openstack_networking_floatingip_associate_v2" "public_ip_associate" {
  floating_ip = openstack_networking_floatingip_v2.public_ip.address
-  instance_id = module.instance_group["control_plane_default"].instance_ids.0
+  port_id     = module.instance_group["control_plane_default"].port_ids.0
  depends_on = [
    openstack_networking_router_v2.vpc_router,
    openstack_networking_router_interface_v2.vpc_router_interface,
--- a/terraform/infrastructure/openstack/modules/instance_group/main.tf
+++ b/terraform/infrastructure/openstack/modules/instance_group/main.tf
@ -17,6 +17,19 @@ resource "random_id" "uid" {
  byte_length = 4
 }

+resource "openstack_networking_port_v2" "port" {
+  name           = "${local.name}-${count.index}"
+  count          = var.initial_count
+  admin_state_up = "true"
+
+  network_id = var.network_id
+  fixed_ip {
+    subnet_id = var.subnet_id
+  }
+
+  security_group_ids = var.security_groups
+}
+
 # TODO(malt3): get this API enabled in the test environment
 # resource "openstack_compute_servergroup_v2" "instance_group" {
 #   name = local.name
@ -24,18 +37,17 @@ resource "random_id" "uid" {
 # }

 resource "openstack_compute_instance_v2" "instance_group_member" {
-  name            = "${local.name}-${count.index}"
-  count           = var.initial_count
-  image_id        = var.image_id
-  flavor_id       = var.flavor_id
-  security_groups = var.security_groups
-  tags            = local.tags
+  name      = "${local.name}-${count.index}"
+  count     = var.initial_count
+  image_id  = var.image_id
+  flavor_id = var.flavor_id
+  tags      = local.tags
  # TODO(malt3): get this API enabled in the test environment
  # scheduler_hints {
  #   group = openstack_compute_servergroup_v2.instance_group.id
  # }
  network {
-    uuid = var.network_id
+    port = openstack_networking_port_v2.port[count.index].id
  }
  block_device {
    uuid                  = var.image_id
--- a/terraform/infrastructure/openstack/modules/instance_group/outputs.tf
+++ b/terraform/infrastructure/openstack/modules/instance_group/outputs.tf
@ -7,3 +7,8 @@ output "instance_ids" {
  value       = openstack_compute_instance_v2.instance_group_member.*.id
  description = "IDs of the instances."
 }
+
+output "port_ids" {
+  value       = openstack_networking_port_v2.port.*.id
+  description = "IDs of ports of the instances."
+}
--- a/terraform/infrastructure/openstack/modules/instance_group/variables.tf
+++ b/terraform/infrastructure/openstack/modules/instance_group/variables.tf
@ -67,6 +67,11 @@ variable "network_id" {
  description = "Network ID to attach each node to."
 }

+variable "subnet_id" {
+  type        = string
+  description = "Subnetwork ID to attach each node to."
+}
+
 variable "init_secret_hash" {
  type        = string
  description = "Hash of the init secret."
--- a/terraform/infrastructure/openstack/outputs.tf
+++ b/terraform/infrastructure/openstack/outputs.tf
@ -42,3 +42,8 @@ output "network_id" {
  value       = openstack_networking_network_v2.vpc_network.id
  description = "The OpenStack network id the cluster is deployed in."
 }
+
+output "lb_subnetwork_id" {
+  value       = openstack_networking_subnet_v2.lb_subnetwork.id
+  description = "The OpenStack subnetwork id lbs are deployed in."
+}