From 81d3e22d6992ff37911256ff8641fe00a2af8327 Mon Sep 17 00:00:00 2001
From: Malte Poll <1780588+malt3@users.noreply.github.com>
Date: Wed, 14 Feb 2024 16:37:26 +0100
Subject: [PATCH] terraform: add subnet for OpenStack LBs

---
 cli/internal/terraform/terraform.go           | 10 +++++++
 internal/constellation/state/state.go         |  3 +++
 internal/constellation/state/state_doc.go     |  7 ++++-
 terraform/infrastructure/openstack/main.tf    | 24 +++++++++++++++--
 .../openstack/modules/instance_group/main.tf  | 26 ++++++++++++++-----
 .../modules/instance_group/outputs.tf         |  5 ++++
 .../modules/instance_group/variables.tf       |  5 ++++
 terraform/infrastructure/openstack/outputs.tf |  5 ++++
 8 files changed, 75 insertions(+), 10 deletions(-)

diff --git a/cli/internal/terraform/terraform.go b/cli/internal/terraform/terraform.go
index 374170ecc..f48d36e02 100644
--- a/cli/internal/terraform/terraform.go
+++ b/cli/internal/terraform/terraform.go
@@ -349,8 +349,18 @@ func (c *Client) ShowInfrastructure(ctx context.Context, provider cloudprovider.
 		if !ok {
 			return state.Infrastructure{}, errors.New("invalid type in network_id output: not a string")
 		}
+		lbSubnetworkIDOutput, ok := tfState.Values.Outputs["lb_subnetwork_id"]
+		if !ok {
+			return state.Infrastructure{}, errors.New("no lb_subnetwork_id output found")
+		}
+		lbSubnetworkID, ok := lbSubnetworkIDOutput.Value.(string)
+		if !ok {
+			return state.Infrastructure{}, errors.New("invalid type in lb_subnetwork_id output: not a string")
+		}
+
 		res.OpenStack = &state.OpenStack{
 			NetworkID: networkID,
+			SubnetID:  lbSubnetworkID,
 		}
 	}
 	return res, nil
diff --git a/internal/constellation/state/state.go b/internal/constellation/state/state.go
index 80610c596..bee5f8b2b 100644
--- a/internal/constellation/state/state.go
+++ b/internal/constellation/state/state.go
@@ -176,6 +176,9 @@ type OpenStack struct {
 	// description: |
 	//   ID of the network
 	NetworkID string `yaml:"networkID"`
+	// description: |
+	//   ID of the subnet
+	SubnetID string `yaml:"subnetID"`
 }
 
 // New creates a new cluster state (file).
diff --git a/internal/constellation/state/state_doc.go b/internal/constellation/state/state_doc.go
index 230bdb698..cf1b99f97 100644
--- a/internal/constellation/state/state_doc.go
+++ b/internal/constellation/state/state_doc.go
@@ -198,12 +198,17 @@ func init() {
 			FieldName: "openstack",
 		},
 	}
-	OpenStackDoc.Fields = make([]encoder.Doc, 1)
+	OpenStackDoc.Fields = make([]encoder.Doc, 2)
 	OpenStackDoc.Fields[0].Name = "networkID"
 	OpenStackDoc.Fields[0].Type = "string"
 	OpenStackDoc.Fields[0].Note = ""
 	OpenStackDoc.Fields[0].Description = "ID of the network"
 	OpenStackDoc.Fields[0].Comments[encoder.LineComment] = "ID of the network"
+	OpenStackDoc.Fields[1].Name = "subnetID"
+	OpenStackDoc.Fields[1].Type = "string"
+	OpenStackDoc.Fields[1].Note = ""
+	OpenStackDoc.Fields[1].Description = "ID of the subnet"
+	OpenStackDoc.Fields[1].Comments[encoder.LineComment] = "ID of the subnet"
 }
 
 func (_ State) Doc() *encoder.Doc {
diff --git a/terraform/infrastructure/openstack/main.tf b/terraform/infrastructure/openstack/main.tf
index 8e2b40f18..33287f44c 100644
--- a/terraform/infrastructure/openstack/main.tf
+++ b/terraform/infrastructure/openstack/main.tf
@@ -33,6 +33,7 @@ locals {
   ports_recovery         = "9999"
   ports_debugd           = "4000"
   cidr_vpc_subnet_nodes  = "192.168.178.0/24"
+  cidr_vpc_subnet_lbs    = "192.168.177.0/24"
   tags                   = ["constellation-uid-${local.uid}"]
   identity_service = [
     for entry in data.openstack_identity_auth_scope_v3.scope.service_catalog :
@@ -78,6 +79,19 @@ resource "openstack_networking_subnet_v2" "vpc_subnetwork" {
   tags = local.tags
 }
 
+resource "openstack_networking_subnet_v2" "lb_subnetwork" {
+  name        = "${var.name}-${local.uid}-lb"
+  description = "Constellation LB subnetwork"
+  network_id  = openstack_networking_network_v2.vpc_network.id
+  cidr        = local.cidr_vpc_subnet_lbs
+  dns_nameservers = [
+    "1.1.1.1",
+    "8.8.8.8",
+    "9.9.9.9",
+  ]
+  tags = local.tags
+}
+
 resource "openstack_networking_router_v2" "vpc_router" {
   name                = local.name
   external_network_id = data.openstack_networking_network_v2.floating_ip_pool.network_id
@@ -88,6 +102,11 @@ resource "openstack_networking_router_interface_v2" "vpc_router_interface" {
   subnet_id = openstack_networking_subnet_v2.vpc_subnetwork.id
 }
 
+resource "openstack_networking_router_interface_v2" "lbs_router_interface_lbs" {
+  router_id = openstack_networking_router_v2.vpc_router.id
+  subnet_id = openstack_networking_subnet_v2.lb_subnetwork.id
+}
+
 resource "openstack_networking_secgroup_v2" "vpc_secgroup" {
   name        = local.name
   description = "Constellation VPC security group"
@@ -209,6 +228,7 @@ module "instance_group" {
   tags                       = local.tags
   uid                        = local.uid
   network_id                 = openstack_networking_network_v2.vpc_network.id
+  subnet_id                  = openstack_networking_subnet_v2.vpc_subnetwork.id
   init_secret_hash           = local.init_secret_hash
   identity_internal_url      = local.identity_internal_url
   openstack_username         = var.openstack_username
@@ -223,9 +243,9 @@ resource "openstack_networking_floatingip_v2" "public_ip" {
 }
 
 
-resource "openstack_compute_floatingip_associate_v2" "public_ip_associate" {
+resource "openstack_networking_floatingip_associate_v2" "public_ip_associate" {
   floating_ip = openstack_networking_floatingip_v2.public_ip.address
-  instance_id = module.instance_group["control_plane_default"].instance_ids.0
+  port_id     = module.instance_group["control_plane_default"].port_ids.0
   depends_on = [
     openstack_networking_router_v2.vpc_router,
     openstack_networking_router_interface_v2.vpc_router_interface,
diff --git a/terraform/infrastructure/openstack/modules/instance_group/main.tf b/terraform/infrastructure/openstack/modules/instance_group/main.tf
index 60a2ec141..1d7cee430 100644
--- a/terraform/infrastructure/openstack/modules/instance_group/main.tf
+++ b/terraform/infrastructure/openstack/modules/instance_group/main.tf
@@ -17,6 +17,19 @@ resource "random_id" "uid" {
   byte_length = 4
 }
 
+resource "openstack_networking_port_v2" "port" {
+  name           = "${local.name}-${count.index}"
+  count          = var.initial_count
+  admin_state_up = "true"
+
+  network_id = var.network_id
+  fixed_ip {
+    subnet_id = var.subnet_id
+  }
+
+  security_group_ids = var.security_groups
+}
+
 # TODO(malt3): get this API enabled in the test environment
 # resource "openstack_compute_servergroup_v2" "instance_group" {
 #   name = local.name
@@ -24,18 +37,17 @@ resource "random_id" "uid" {
 # }
 
 resource "openstack_compute_instance_v2" "instance_group_member" {
-  name            = "${local.name}-${count.index}"
-  count           = var.initial_count
-  image_id        = var.image_id
-  flavor_id       = var.flavor_id
-  security_groups = var.security_groups
-  tags            = local.tags
+  name      = "${local.name}-${count.index}"
+  count     = var.initial_count
+  image_id  = var.image_id
+  flavor_id = var.flavor_id
+  tags      = local.tags
   # TODO(malt3): get this API enabled in the test environment
   # scheduler_hints {
   #   group = openstack_compute_servergroup_v2.instance_group.id
   # }
   network {
-    uuid = var.network_id
+    port = openstack_networking_port_v2.port[count.index].id
   }
   block_device {
     uuid                  = var.image_id
diff --git a/terraform/infrastructure/openstack/modules/instance_group/outputs.tf b/terraform/infrastructure/openstack/modules/instance_group/outputs.tf
index ffce94cb4..974c195c1 100644
--- a/terraform/infrastructure/openstack/modules/instance_group/outputs.tf
+++ b/terraform/infrastructure/openstack/modules/instance_group/outputs.tf
@@ -7,3 +7,8 @@ output "instance_ids" {
   value       = openstack_compute_instance_v2.instance_group_member.*.id
   description = "IDs of the instances."
 }
+
+output "port_ids" {
+  value       = openstack_networking_port_v2.port.*.id
+  description = "IDs of ports of the instances."
+}
diff --git a/terraform/infrastructure/openstack/modules/instance_group/variables.tf b/terraform/infrastructure/openstack/modules/instance_group/variables.tf
index 391bbcf07..a9d0fdd66 100644
--- a/terraform/infrastructure/openstack/modules/instance_group/variables.tf
+++ b/terraform/infrastructure/openstack/modules/instance_group/variables.tf
@@ -67,6 +67,11 @@ variable "network_id" {
   description = "Network ID to attach each node to."
 }
 
+variable "subnet_id" {
+  type        = string
+  description = "Subnetwork ID to attach each node to."
+}
+
 variable "init_secret_hash" {
   type        = string
   description = "Hash of the init secret."
diff --git a/terraform/infrastructure/openstack/outputs.tf b/terraform/infrastructure/openstack/outputs.tf
index 35a85fe50..be45ec065 100644
--- a/terraform/infrastructure/openstack/outputs.tf
+++ b/terraform/infrastructure/openstack/outputs.tf
@@ -42,3 +42,8 @@ output "network_id" {
   value       = openstack_networking_network_v2.vpc_network.id
   description = "The OpenStack network id the cluster is deployed in."
 }
+
+output "lb_subnetwork_id" {
+  value       = openstack_networking_subnet_v2.lb_subnetwork.id
+  description = "The OpenStack subnetwork id lbs are deployed in."
+}