terraform: update OpenStack provider

This commit is contained in:
Malte Poll 2024-02-12 15:25:23 +01:00
parent f9442cecb1
commit 6c8504323f
4 changed files with 126 additions and 87 deletions

View File

@ -26,36 +26,27 @@ provider "registry.terraform.io/hashicorp/random" {
} }
provider "registry.terraform.io/terraform-provider-openstack/openstack" { provider "registry.terraform.io/terraform-provider-openstack/openstack" {
version = "1.52.1" version = "1.54.1"
constraints = "1.52.1" constraints = "1.54.1"
hashes = [ hashes = [
"h1:A+g4494kx7lEsJe4M16GzM9MKNPBR5tnzbZ9+33QlkM=", "h1:Cqk18+r4bJF/sIusEK9lM0gc841RwsJ8AMhWyiU7lig=",
"h1:EOTtuZvB5p6DRvmHZutxA5maQUkMD7EMWTzFf2JL1HM=", "h1:Cs9sP2V0MssWIQo+gur9soaNAAQleRaWdnvFP61s0Y0=",
"h1:NWz1fLVT0cItJmL8t5tK5AKXrP9EA9FIPaVYWEfhAMQ=", "h1:JC0mScAPBs1MlHeEIPMZTQGhTA5aIG3iEuKMSPpR31E=",
"h1:PAaUknZ3JC1blyZ0BOrIrYAKaV0KKt79SLWDwboG2To=", "h1:jx2WdbttenKA2gWZDil6ffQT2CcY/TZ46pG0FlbNPuY=",
"h1:TdvatmiIUG+9RB/IIr2E/4ISw7ktF1jUCWrZe/fibaM=", "h1:xt7LbO3lAXcDUjDxPHrQtgv4mO2GKvSOFMF1uPsK4vE=",
"h1:UB2hQdQ8FA7V4jJa4q9/3sFnsXUhlLKWC8cQqX+H6ZU=", "zh:45ba84df17f94b15af7aab7007241e035dde8a5b46aeb761259d937058a80f71",
"h1:cuiQP8rBuyh+wAv/ItSKLu4Evro8TMaB0KXL++XB18g=", "zh:493b1deb7be9b600e5b1f5da2a9dfd3bce5df0c6d38090614dbe4ed05ade8441",
"h1:iWC3awIqtrlq/AAk5fCRrw7icPRrXducOXYA+1f2q6E=", "zh:53551401fba8c1d5b27a08ee307552b84b1d0c1218f3717a4b766ec701b3e016",
"h1:iuuAlX04fEyvdJTWsqa3To2lRg9+7meIO3CtIasQFOI=", "zh:53629bebb48ce5220f7601d776c2ac1485b6c860cb695f150fb716f5be8aa86d",
"h1:kRQXDWW2DnblI6UNmMxNf6jt+CUQ7ENGRs2Nch0aYxI=", "zh:5a20f32cca767bef70b79bc8ecbd10fec3dc8696183e2d29631aa510947cb70d",
"h1:sP0p4CedQh3sErEZ0QIPjaqFkLHMh/OOzUwmb+sdisI=", "zh:653693f630777e4aa3f410976a5169cf0f2a301516a820b3860de116054ae30a",
"h1:scQS826puQFDo6EY0B3Tlk0kXYtm+ru7YPyMM9GCIMI=", "zh:70f2d7bd5f5940f4fc3f023a01468890fbd9d704d0256bc65f7c64fb2cbcd4e4",
"h1:tzawotEtjBcVWnzA+wAqcbkxW7XnJCfXqod4SBts9vI=", "zh:9cc22af51e5124dd5c2e0f1adefb1b08dcff3138aba9c92961cef36b1641d7aa",
"h1:yhED1rCRd7TSqnQmOUb2wiYpQP5EnhUtu3enrcf60K8=", "zh:9df45e893f215266159733dbc120809bc3d313188e121532dc6e2d10165e9899",
"zh:037f7ab5a0942daee00d23402e7ccab472380864e13013284910fa7841a6e37c", "zh:cb3e240992069cd6160f5b5cbbd50b70948f25bb337a75e780a0648461505d3f",
"zh:52ac973e6c5cd584c5086494218e9b49d93217f5fbc34fc76fa8a9ddd635447a", "zh:cb8343c0cf1bf5ca4d060826a8b68e3e5935b4a65974c76ac9c071c5a510e67e",
"zh:5acad7b8c7a493fd0b659271743e2853859a4b2669df26f21aecf1b2f60fa706", "zh:cc2060f93c66276dff6366b48e3a0e619874e3d939e0d2a39fc6ce10ca91232d",
"zh:5d9218a7f10849f2227fc11df19f78b3b11cccade6b674c314e804f0e98d4368", "zh:d495b3051977018696113eded89c2cddfae0570f2adbdf7e9097c189ba41903e",
"zh:91ea6bf80ff706e734300041cf22e946c049abf8dcf1bed899f93f20f7779121", "zh:dfad1be943769780d5e948c06db957ce45f98b057a774964da0b82130c22f139",
"zh:961d67ebf1116bd539b726ef483f7d67c95351efd09e55fbeb30cd2ca7946a12",
"zh:9d3d8ee11cda45804e9b759064fbc9f47d6f54203bd17654236f2f601424b460",
"zh:a0af7e5bad6114a7a0ac88cee63e2c14558572e293bebcf651ed8d8d9c20dfda",
"zh:a1fd5609f61a43c9c2a403e024042afc3a45fde39935a388009d05105e2d39d3",
"zh:bd84aae9f2ac6eb978837ea5994bb24be221e2e4d69a3e8842eef3fcf62594f0",
"zh:be690e77aa497ab8bb8ed59f7e03018e96805e2e13df334086a8c5ac4290db09",
"zh:c4ee17773e7295b0598e36148ac49b2c61caa6da3f7b02e439aa61ca6486da07",
"zh:c871d03abf9c916584dd8fc6b63ed85bbe41208eba684b2175ac741003bf9d25",
"zh:f1e5c4a5740ad75b9b37376db4ea0e3067b0c2b6871521bbc6a1625bef137abf",
] ]
} }

View File

@ -2,7 +2,7 @@ terraform {
required_providers { required_providers {
openstack = { openstack = {
source = "terraform-provider-openstack/openstack" source = "terraform-provider-openstack/openstack"
version = "1.52.1" version = "1.54.1"
} }
random = { random = {
@ -101,63 +101,111 @@ resource "openstack_networking_router_interface_v2" "vpc_router_interface" {
subnet_id = openstack_networking_subnet_v2.vpc_subnetwork.id subnet_id = openstack_networking_subnet_v2.vpc_subnetwork.id
} }
resource "openstack_compute_secgroup_v2" "vpc_secgroup" { resource "openstack_networking_secgroup_v2" "vpc_secgroup" {
name = local.name name = local.name
description = "Constellation VPC security group" description = "Constellation VPC security group"
rule {
from_port = -1
to_port = -1
ip_protocol = "icmp"
self = true
}
rule {
from_port = 1
to_port = 65535
ip_protocol = "udp"
cidr = local.cidr_vpc_subnet_nodes
}
rule {
from_port = 1
to_port = 65535
ip_protocol = "tcp"
cidr = local.cidr_vpc_subnet_nodes
}
rule {
from_port = local.ports_node_range_start
to_port = local.ports_node_range_end
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
rule {
from_port = local.ports_node_range_start
to_port = local.ports_node_range_end
ip_protocol = "udp"
cidr = "0.0.0.0/0"
}
dynamic "rule" {
for_each = flatten([
local.ports_kubernetes,
local.ports_bootstrapper,
local.ports_konnectivity,
local.ports_verify,
local.ports_recovery,
var.debug ? [local.ports_debugd] : [],
])
content {
from_port = rule.value
to_port = rule.value
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
} }
resource "openstack_networking_secgroup_rule_v2" "icmp_in" {
description = "icmp ingress"
direction = "ingress"
ethertype = "IPv4"
protocol = "icmp"
port_range_min = 0
port_range_max = 0
security_group_id = openstack_networking_secgroup_v2.vpc_secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "icmp_out" {
description = "icmp egress"
direction = "egress"
ethertype = "IPv4"
protocol = "icmp"
port_range_min = 0
port_range_max = 0
security_group_id = openstack_networking_secgroup_v2.vpc_secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "tcp_out" {
description = "tcp egress"
direction = "egress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 0
port_range_max = 0
security_group_id = openstack_networking_secgroup_v2.vpc_secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "udp_out" {
description = "udp egress"
direction = "egress"
ethertype = "IPv4"
protocol = "udp"
port_range_min = 0
port_range_max = 0
security_group_id = openstack_networking_secgroup_v2.vpc_secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "tcp_between_nodes" {
description = "tcp between nodes"
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 0
port_range_max = 0
remote_ip_prefix = local.cidr_vpc_subnet_nodes
security_group_id = openstack_networking_secgroup_v2.vpc_secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "udp_between_nodes" {
description = "udp between nodes"
direction = "ingress"
ethertype = "IPv4"
protocol = "udp"
port_range_min = 0
port_range_max = 0
remote_ip_prefix = local.cidr_vpc_subnet_nodes
security_group_id = openstack_networking_secgroup_v2.vpc_secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "nodeport_tcp" {
description = "nodeport tcp"
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = local.ports_node_range_start
port_range_max = local.ports_node_range_end
security_group_id = openstack_networking_secgroup_v2.vpc_secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "nodeport_udp" {
description = "nodeport udp"
direction = "ingress"
ethertype = "IPv4"
protocol = "udp"
port_range_min = local.ports_node_range_start
port_range_max = local.ports_node_range_end
security_group_id = openstack_networking_secgroup_v2.vpc_secgroup.id
}
resource "openstack_networking_secgroup_rule_v2" "tcp_port_forward" {
for_each = toset(flatten([
local.ports_kubernetes,
local.ports_bootstrapper,
local.ports_konnectivity,
local.ports_verify,
local.ports_recovery,
var.debug ? [local.ports_debugd] : [],
]))
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = each.value
port_range_max = each.value
security_group_id = openstack_networking_secgroup_v2.vpc_secgroup.id
}
module "instance_group" { module "instance_group" {
source = "./modules/instance_group" source = "./modules/instance_group"
for_each = var.node_groups for_each = var.node_groups
@ -170,7 +218,7 @@ module "instance_group" {
availability_zone = each.value.zone availability_zone = each.value.zone
image_id = openstack_images_image_v2.image_id.image_id image_id = openstack_images_image_v2.image_id.image_id
flavor_id = each.value.flavor_id flavor_id = each.value.flavor_id
security_groups = [openstack_compute_secgroup_v2.vpc_secgroup.id] security_groups = [openstack_networking_secgroup_v2.vpc_secgroup.id]
tags = local.tags tags = local.tags
uid = local.uid uid = local.uid
network_id = openstack_networking_network_v2.vpc_network.id network_id = openstack_networking_network_v2.vpc_network.id

View File

@ -2,7 +2,7 @@ terraform {
required_providers { required_providers {
openstack = { openstack = {
source = "terraform-provider-openstack/openstack" source = "terraform-provider-openstack/openstack"
version = "1.52.1" version = "1.54.1"
} }
} }
} }

View File

@ -2,7 +2,7 @@ terraform {
required_providers { required_providers {
openstack = { openstack = {
source = "terraform-provider-openstack/openstack" source = "terraform-provider-openstack/openstack"
version = "1.52.1" version = "1.54.1"
} }
} }
} }