# Define CloudComp group number variable "group_number" { type = string default = "30" } # Define OpenStack credentials, project config etc. locals { auth_url = "https://private-cloud.informatik.hs-fulda.de:5000/v3" user_name = "CloudComp${var.group_number}" user_password = "demo" tenant_name = "CloudComp${var.group_number}" network_name = "CloudComp${var.group_number}-net" image_name = "Ubuntu 18.04 - Bionic Beaver - 64-bit - Cloud Based Image" flavor_name = "m1.small" region_name = "RegionOne" } # Define OpenStack provider terraform { required_version = ">= 0.14.0" required_providers { openstack = { source = "terraform-provider-openstack/openstack" version = ">= 1.40.0" } } } # Configure the OpenStack Provider provider "openstack" { user_name = local.user_name tenant_name = local.tenant_name password = local.user_password auth_url = local.auth_url region = local.region_name use_octavia = true } # import keypair resource "openstack_compute_keypair_v2" "terraform-keypair" { name = "my-terraform-pubkey" #public_key = file("~/.ssh/id_rsa.pub") } # create api security group resource "openstack_networking_secgroup_v2" "terraform-secgroup-api" { name = "my-terraform-secgroup-api" description = "for API services only" } resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-api-rule-http" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 80 port_range_max = 80 #remote_ip_prefix = "0.0.0.0/0" security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-api.id } resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-api-rule-ssh" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 22 port_range_max = 22 #remote_ip_prefix = "0.0.0.0/0" security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-api.id } # create worker security group resource "openstack_networking_secgroup_v2" "terraform-secgroup-worker" { name = "my-terraform-secgroup-worker" description = "for services that run on a worker node" } resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-worker-rule-ssh" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 22 port_range_max = 22 #remote_ip_prefix = "0.0.0.0/0" security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-worker.id } resource "openstack_networking_secgroup_v2" "terraform-secgroup-control" { name = "my-terraform-secgroup-control" description = "for services that run on a control node" } resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-control-rule-ssh" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 22 port_range_max = 22 #remote_ip_prefix = "0.0.0.0/0" security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-control.id } resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-control-rule-http" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 80 port_range_max = 80 #remote_ip_prefix = "0.0.0.0/0" security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-control.id } resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-control-rule-rabbitmq" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 5672 port_range_max = 5672 remote_group_id = openstack_networking_secgroup_v2.terraform-secgroup-worker.id security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-control.id } # create services security group resource "openstack_networking_secgroup_v2" "terraform-secgroup-services" { name = "my-terraform-secgroup-services" description = "for DB and AMQP services only" } resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-ssh" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 22 port_range_max = 22 #remote_ip_prefix = "0.0.0.0/0" security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id } resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-http" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 80 port_range_max = 80 #remote_ip_prefix = "0.0.0.0/0" security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id } resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-mysql-api" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 3306 port_range_max = 3306 remote_group_id = openstack_networking_secgroup_v2.terraform-secgroup-api.id security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id } resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-rabbitmq-worker" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 5672 port_range_max = 5672 remote_group_id = openstack_networking_secgroup_v2.terraform-secgroup-worker.id security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id } resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-rabbitmq-api" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 5672 port_range_max = 5672 remote_group_id = openstack_networking_secgroup_v2.terraform-secgroup-api.id security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id } ########################################################################### # # create app-services instance # ########################################################################### resource "openstack_compute_instance_v2" "terraform-instance-app-services" { name = "my-terraform-app-services" image_name = local.image_name flavor_name = local.flavor_name key_pair = openstack_compute_keypair_v2.terraform-keypair.name security_groups = [openstack_networking_secgroup_v2.terraform-secgroup-services.name] network { name = local.network_name } user_data = <<-EOF #!/usr/bin/env bash curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \ -i database -i messaging rabbitmqctl add_user faafo guest rabbitmqctl set_user_tags faafo administrator rabbitmqctl set_permissions -p / faafo ".*" ".*" ".*" EOF } ########################################################################### # # create app-api instances # ########################################################################### resource "openstack_compute_instance_v2" "terraform-instance-app-api-1" { name = "my-terraform-app-api-1" image_name = local.image_name flavor_name = local.flavor_name key_pair = openstack_compute_keypair_v2.terraform-keypair.name security_groups = [openstack_networking_secgroup_v2.terraform-secgroup-api.name] network { name = local.network_name } user_data = <<-EOF #!/usr/bin/env bash curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \ -i faafo -r api -m 'amqp://faafo:guest@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:5672/' \ -d 'mysql+pymysql://faafo:password@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:3306/faafo' EOF } resource "openstack_compute_instance_v2" "terraform-instance-app-api-2" { name = "my-terraform-app-api-2" image_name = local.image_name flavor_name = local.flavor_name key_pair = openstack_compute_keypair_v2.terraform-keypair.name security_groups = [openstack_networking_secgroup_v2.terraform-secgroup-api.id] network { name = local.network_name } user_data = <<-EOF #!/usr/bin/env bash curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \ -i faafo -r api -m 'amqp://faafo:guest@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:5672/' \ -d 'mysql+pymysql://faafo:password@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:3306/faafo' EOF } ########################################################################### # # create worker instances # ########################################################################### resource "openstack_compute_instance_v2" "terraform-instance-app-worker-1" { name = "my-terraform-app-worker-1" image_name = local.image_name flavor_name = local.flavor_name key_pair = openstack_compute_keypair_v2.terraform-keypair.name security_groups = [openstack_networking_secgroup_v2.terraform-secgroup-worker.id] network { name = local.network_name } user_data = <<-EOF #!/usr/bin/env bash curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \ -i faafo -r worker -e 'http://${openstack_compute_instance_v2.terraform-instance-app-api-1.access_ip_v4}' -m 'amqp://faafo:guest@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:5672/' EOF } resource "openstack_compute_instance_v2" "terraform-instance-app-worker-2" { name = "my-terraform-app-worker-2" image_name = local.image_name flavor_name = local.flavor_name key_pair = openstack_compute_keypair_v2.terraform-keypair.name security_groups = [openstack_networking_secgroup_v2.terraform-secgroup-worker.id] network { name = local.network_name } user_data = <<-EOF #!/usr/bin/env bash curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \ -i faafo -r worker -e 'http://${openstack_compute_instance_v2.terraform-instance-app-api-1.access_ip_v4}' -m 'amqp://faafo:guest@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:5672/' EOF } ########################################################################### # # create load balancer # ########################################################################### data "openstack_networking_network_v2" "network_1" { name = local.network_name } resource "openstack_lb_loadbalancer_v2" "lb_1" { vip_subnet_id = data.openstack_networking_network_v2.network_1.subnets[0] } resource "openstack_lb_listener_v2" "listener_1" { protocol = "HTTP" protocol_port = 80 loadbalancer_id = openstack_lb_loadbalancer_v2.lb_1.id connection_limit = 1024 } resource "openstack_lb_pool_v2" "pool_1" { protocol = "HTTP" lb_method = "ROUND_ROBIN" listener_id = openstack_lb_listener_v2.listener_1.id } resource "openstack_lb_members_v2" "members_1" { pool_id = openstack_lb_pool_v2.pool_1.id member { address = openstack_compute_instance_v2.terraform-instance-app-api-1.access_ip_v4 protocol_port = 80 } member { address = openstack_compute_instance_v2.terraform-instance-app-api-2.access_ip_v4 protocol_port = 80 } } resource "openstack_lb_monitor_v2" "monitor_1" { pool_id = openstack_lb_pool_v2.pool_1.id type = "HTTP" delay = 5 timeout = 5 max_retries = 3 http_method = "GET" url_path = "/" expected_codes = 200 } ########################################################################### # # assign floating ip to load balancer # ########################################################################### resource "openstack_networking_floatingip_v2" "fip_1" { pool = "public1" port_id = openstack_lb_loadbalancer_v2.lb_1.vip_port_id } output "loadbalancer_vip_addr" { value = openstack_networking_floatingip_v2.fip_1 }