diff --git a/data/data/azurestack/bootstrap/main.tf b/data/data/azurestack/bootstrap/main.tf deleted file mode 100644 index 6cfa2d016e..0000000000 --- a/data/data/azurestack/bootstrap/main.tf +++ /dev/null @@ -1,168 +0,0 @@ -locals { - bootstrap_nic_ip_v4_configuration_name = "bootstrap-nic-ip-v4" - description = "Created By OpenShift Installer" - tags = merge( - { - "kubernetes.io_cluster.${var.cluster_id}" = "owned" - }, - var.azure_extra_tags, - ) -} - -provider "azurestack" { - arm_endpoint = var.azure_arm_endpoint - subscription_id = var.azure_subscription_id - client_id = var.azure_client_id - client_secret = var.azure_client_secret - tenant_id = var.azure_tenant_id -} - -data "azurestack_storage_account_sas" "ignition" { - connection_string = var.storage_account.primary_connection_string - https_only = true - - resource_types { - service = false - container = false - object = true - } - - services { - blob = true - queue = false - table = false - file = false - } - - start = timestamp() - expiry = timeadd(timestamp(), "24h") - - permissions { - read = true - list = true - create = false - add = false - delete = false - process = false - write = false - update = false - } -} - -resource "azurestack_storage_container" "ignition" { - name = "ignition" - resource_group_name = var.resource_group_name - storage_account_name = var.storage_account.name - container_access_type = "private" -} - -resource "local_file" "ignition_bootstrap" { - content = var.ignition_bootstrap - filename = "${path.module}/ignition_bootstrap.ign" -} - -resource "azurestack_storage_blob" "ignition" { - name = "bootstrap.ign" - source = local_file.ignition_bootstrap.filename - resource_group_name = var.resource_group_name - storage_account_name = var.storage_account.name - storage_container_name = azurestack_storage_container.ignition.name - type = "block" -} - -resource "azurestack_public_ip" "bootstrap_public_ip_v4" { - count = var.azure_private ? 0 : 1 - - location = var.azure_region - name = "${var.cluster_id}-bootstrap-pip-v4" - resource_group_name = var.resource_group_name - public_ip_address_allocation = "Static" -} - -data "azurestack_public_ip" "bootstrap_public_ip_v4" { - count = var.azure_private ? 0 : 1 - - name = azurestack_public_ip.bootstrap_public_ip_v4[0].name - resource_group_name = var.resource_group_name -} - -resource "azurestack_network_interface" "bootstrap" { - name = "${var.cluster_id}-bootstrap-nic" - location = var.azure_region - resource_group_name = var.resource_group_name - - ip_configuration { - primary = true - name = local.bootstrap_nic_ip_v4_configuration_name - subnet_id = var.master_subnet_id - private_ip_address_allocation = "Dynamic" - public_ip_address_id = var.azure_private ? null : azurestack_public_ip.bootstrap_public_ip_v4[0].id - load_balancer_backend_address_pools_ids = concat( - [var.ilb_backend_pool_v4_id], - ! var.azure_private ? [var.elb_backend_pool_v4_id] : [] - ) - } -} - -resource "azurestack_virtual_machine" "bootstrap" { - name = "${var.cluster_id}-bootstrap" - location = var.azure_region - resource_group_name = var.resource_group_name - network_interface_ids = [azurestack_network_interface.bootstrap.id] - vm_size = var.azure_master_vm_type - availability_set_id = var.availability_set_id - - os_profile { - computer_name = "${var.cluster_id}-bootstrap-vm" - admin_username = "core" - # The password is normally applied by WALA (the Azure agent), but this - # isn't installed in RHCOS. As a result, this password is never set. It is - # included here because it is required by the Azure ARM API. - admin_password = "NotActuallyApplied!" - - custom_data = base64encode(replace(var.azure_bootstrap_ignition_stub, - var.azure_bootstrap_ignition_url_placeholder, - "${azurestack_storage_blob.ignition.url}${data.azurestack_storage_account_sas.ignition.sas}")) - } - - os_profile_linux_config { - disable_password_authentication = false - } - - storage_image_reference { - id = var.vm_image - } - - storage_os_disk { - name = "${var.cluster_id}-bootstrap_OSDisk" # os disk name needs to match cluster-api convention - create_option = "FromImage" - disk_size_gb = 100 - managed_disk_type = var.azure_master_root_volume_type - } - - boot_diagnostics { - enabled = true - storage_uri = var.storage_account.primary_blob_endpoint - } - - # Workaround for bug in provider where destroy fails by trying to delete NIC before VM. - # This depends_on ensures the VM is destroyed before the NIC. - depends_on = [ - azurestack_network_interface.bootstrap - ] -} - -resource "azurestack_network_security_rule" "bootstrap_ssh_in" { - name = "bootstrap_ssh_in" - priority = 103 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "22" - source_address_prefix = "*" - destination_address_prefix = "*" - resource_group_name = var.resource_group_name - network_security_group_name = var.nsg_name - description = local.description -} diff --git a/data/data/azurestack/bootstrap/outputs.tf b/data/data/azurestack/bootstrap/outputs.tf deleted file mode 100644 index 8066ceadea..0000000000 --- a/data/data/azurestack/bootstrap/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "bootstrap_ip" { - value = var.azure_private ? azurestack_network_interface.bootstrap.private_ip_address : azurestack_public_ip.bootstrap_public_ip_v4[0].ip_address -} diff --git a/data/data/azurestack/bootstrap/variables.tf b/data/data/azurestack/bootstrap/variables.tf deleted file mode 100644 index a134747f12..0000000000 --- a/data/data/azurestack/bootstrap/variables.tf +++ /dev/null @@ -1,40 +0,0 @@ -variable "elb_backend_pool_v4_id" { - type = string - default = null - description = "The external load balancer backend pool id. used to attach the bootstrap NIC" -} - -variable "ilb_backend_pool_v4_id" { - type = string - description = "The internal load balancer backend pool id. used to attach the bootstrap NIC" -} - -variable "master_subnet_id" { - type = string - description = "The subnet ID for the bootstrap node." -} - -variable "nsg_name" { - type = string - description = "The network security group for the subnet." -} - -variable "resource_group_name" { - type = string - description = "The resource group name for the deployment." -} - -variable "storage_account" { - type = any - description = "the storage account for the cluster. It can be used for boot diagnostics." -} - -variable "vm_image" { - type = string - description = "The URI of the vm image to used for bootstrap." -} - -variable "availability_set_id" { - type = string - description = "ID of the availability set in which to place VMs" -} diff --git a/data/data/azurestack/cluster/dns/dns.tf b/data/data/azurestack/cluster/dns/dns.tf deleted file mode 100644 index 0c36d0e4d7..0000000000 --- a/data/data/azurestack/cluster/dns/dns.tf +++ /dev/null @@ -1,22 +0,0 @@ -locals { - // extracting from - cluster_name = replace(var.cluster_domain, ".${var.base_domain}", "") -} - -resource "azurestack_dns_a_record" "api_external_v4" { - name = "api.${local.cluster_name}" - zone_name = var.base_domain - resource_group_name = var.base_domain_resource_group_name - ttl = 300 - records = var.private ? [var.ilb_ipaddress_v4] : [var.elb_pip_v4] - tags = var.tags -} - -resource "azurestack_dns_a_record" "api_internal_v4" { - name = "api-int.${local.cluster_name}" - zone_name = var.base_domain - resource_group_name = var.base_domain_resource_group_name - ttl = 300 - records = [var.ilb_ipaddress_v4] - tags = var.tags -} diff --git a/data/data/azurestack/cluster/dns/variables.tf b/data/data/azurestack/cluster/dns/variables.tf deleted file mode 100644 index b7adb336f1..0000000000 --- a/data/data/azurestack/cluster/dns/variables.tf +++ /dev/null @@ -1,55 +0,0 @@ -variable "tags" { - type = map(string) - default = {} - description = "tags to be applied to created resources." -} - -variable "cluster_id" { - description = "The identifier for the cluster." - type = string -} - -variable "cluster_domain" { - description = "The domain for the cluster that all DNS records must belong" - type = string -} - -variable "base_domain" { - description = "The base domain used for public records" - type = string -} - -variable "base_domain_resource_group_name" { - description = "The resource group where the base domain is" - type = string -} - -variable "elb_fqdn_v4" { - description = "External API's LB fqdn for IPv4" - type = string -} - -variable "elb_pip_v4" { - description = "Public IP address of the external API's LB" - type = string -} - -variable "ilb_ipaddress_v4" { - description = "Internal API's LB IP v4 address" - type = string -} - -variable "virtual_network_id" { - description = "The ID for Virtual Network that will be linked to the Private DNS zone." - type = string -} - -variable "resource_group_name" { - type = string - description = "Resource group for the deployment" -} - -variable "private" { - type = bool - description = "This value determines if this is a private cluster or not." -} diff --git a/data/data/azurestack/cluster/main.tf b/data/data/azurestack/cluster/main.tf deleted file mode 100644 index b6af05fb3a..0000000000 --- a/data/data/azurestack/cluster/main.tf +++ /dev/null @@ -1,52 +0,0 @@ -locals { - tags = merge( - { - "kubernetes.io_cluster.${var.cluster_id}" = "owned" - }, - var.azure_extra_tags, - ) - description = "Created By OpenShift Installer" -} - -provider "azurestack" { - arm_endpoint = var.azure_arm_endpoint - subscription_id = var.azure_subscription_id - client_id = var.azure_client_id - client_secret = var.azure_client_secret - tenant_id = var.azure_tenant_id -} - - -module "master" { - source = "./master" - resource_group_name = var.resource_group_name - cluster_id = var.cluster_id - region = var.azure_region - vm_size = var.azure_master_vm_type - vm_image_uri = var.vm_image - ignition = var.ignition_master - elb_backend_pool_v4_id = var.elb_backend_pool_v4_id - ilb_backend_pool_v4_id = var.ilb_backend_pool_v4_id - subnet_id = var.master_subnet_id - instance_count = var.master_count - storage_account = var.storage_account - os_volume_type = var.azure_master_root_volume_type - os_volume_size = var.azure_master_root_volume_size - private = var.azure_private - availability_set_id = var.availability_set_id -} - -module "dns" { - source = "./dns" - cluster_domain = var.cluster_domain - cluster_id = var.cluster_id - base_domain = var.base_domain - virtual_network_id = var.virtual_network_id - elb_fqdn_v4 = var.elb_pip_v4_fqdn - elb_pip_v4 = var.elb_pip_v4 - ilb_ipaddress_v4 = var.ilb_ip_v4_address - resource_group_name = var.resource_group_name - base_domain_resource_group_name = var.azure_base_domain_resource_group_name - private = var.azure_private - tags = local.tags -} diff --git a/data/data/azurestack/cluster/master/master.tf b/data/data/azurestack/cluster/master/master.tf deleted file mode 100644 index b19b2d2bd7..0000000000 --- a/data/data/azurestack/cluster/master/master.tf +++ /dev/null @@ -1,65 +0,0 @@ -locals { - // The name of the masters' ipconfiguration is hardcoded to "pipconfig". It needs to match cluster-api - // https://github.com/openshift/cluster-api-provider-azure/blob/master/pkg/cloud/azure/services/networkinterfaces/networkinterfaces.go#L131 - ip_v4_configuration_name = "pipConfig" -} - -resource "azurestack_network_interface" "master" { - count = var.instance_count - - name = "${var.cluster_id}-master-${count.index}-nic" - location = var.region - resource_group_name = var.resource_group_name - - ip_configuration { - primary = true - name = local.ip_v4_configuration_name - subnet_id = var.subnet_id - private_ip_address_allocation = "Dynamic" - load_balancer_backend_address_pools_ids = concat( - [var.ilb_backend_pool_v4_id], - ! var.private ? [var.elb_backend_pool_v4_id] : [] - ) - } -} - -resource "azurestack_virtual_machine" "master" { - count = var.instance_count - - name = "${var.cluster_id}-master-${count.index}" - location = var.region - resource_group_name = var.resource_group_name - network_interface_ids = [element(azurestack_network_interface.master.*.id, count.index)] - vm_size = var.vm_size - availability_set_id = var.availability_set_id - - os_profile { - computer_name = "${var.cluster_id}-master-${count.index}" - admin_username = "core" - # The password is normally applied by WALA (the Azure agent), but this - # isn't installed in RHCOS. As a result, this password is never set. It is - # included here because it is required by the Azure ARM API. - admin_password = "NotActuallyApplied!" - custom_data = base64encode(var.ignition) - } - - os_profile_linux_config { - disable_password_authentication = false - } - - storage_image_reference { - id = var.vm_image_uri - } - - storage_os_disk { - name = "${var.cluster_id}-master-${count.index}_OSDisk" # os disk name needs to match cluster-api convention - create_option = "FromImage" - disk_size_gb = var.os_volume_size - managed_disk_type = var.os_volume_type - } - - boot_diagnostics { - enabled = true - storage_uri = var.storage_account.primary_blob_endpoint - } -} diff --git a/data/data/azurestack/cluster/master/outputs.tf b/data/data/azurestack/cluster/master/outputs.tf deleted file mode 100644 index 4c2636bae4..0000000000 --- a/data/data/azurestack/cluster/master/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "ip_addresses" { - value = azurestack_network_interface.master.*.private_ip_address -} diff --git a/data/data/azurestack/cluster/master/variables.tf b/data/data/azurestack/cluster/master/variables.tf deleted file mode 100644 index db6c3f4c23..0000000000 --- a/data/data/azurestack/cluster/master/variables.tf +++ /dev/null @@ -1,74 +0,0 @@ -variable "region" { - type = string - description = "The region for the deployment." -} - -variable "resource_group_name" { - type = string - description = "The resource group name for the deployment." -} - -variable "cluster_id" { - type = string -} - -variable "vm_size" { - type = string -} - -variable "vm_image_uri" { - type = string - description = "The URI of the vm image used for masters." -} - -variable "instance_count" { - type = string -} - -variable "elb_backend_pool_v4_id" { - type = string -} - -variable "ilb_backend_pool_v4_id" { - type = string -} - -variable "subnet_id" { - type = string - description = "The subnet to attach the masters to." -} - -variable "os_volume_type" { - type = string - description = "The type of the volume for the root block device." -} - -variable "os_volume_size" { - type = string - description = "The size of the volume in gigabytes for the root block device." -} - -variable "tags" { - type = map(string) - default = {} - description = "tags to be applied to created resources." -} - -variable "storage_account" { - type = any - description = "the storage account for the cluster. It can be used for boot diagnostics." -} - -variable "ignition" { - type = string -} - -variable "private" { - type = bool - description = "This value determines if this is a private cluster or not." -} - -variable "availability_set_id" { - type = string - description = "ID of the availability set in which to place VMs" -} \ No newline at end of file diff --git a/data/data/azurestack/cluster/outputs.tf b/data/data/azurestack/cluster/outputs.tf deleted file mode 100644 index 6c62d865e5..0000000000 --- a/data/data/azurestack/cluster/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "control_plane_ips" { - value = module.master.ip_addresses -} diff --git a/data/data/azurestack/cluster/variables.tf b/data/data/azurestack/cluster/variables.tf deleted file mode 100644 index a97e3b7bd1..0000000000 --- a/data/data/azurestack/cluster/variables.tf +++ /dev/null @@ -1,65 +0,0 @@ -variable "elb_backend_pool_v4_id" { - type = string - default = null - description = "The external load balancer bakend pool id. used to attach the bootstrap NIC" -} - -variable "ilb_backend_pool_v4_id" { - type = string - default = null - description = "The internal load balancer bakend pool id. used to attach the bootstrap NIC" -} - -variable "elb_pip_v4" { - type = string - default = null -} - -variable "elb_pip_v4_fqdn" { - type = string - default = null -} - -variable "ilb_ip_v4_address" { - type = string -} - -variable "virtual_network_id" { - description = "The ID for Virtual Network that will be linked to the Private DNS zone." - type = string -} - -variable "master_subnet_id" { - type = string - description = "The subnet ID for the bootstrap node." -} - -variable "nsg_name" { - type = string - description = "The network security group for the subnet." -} - -variable "resource_group_name" { - type = string - description = "The resource group name for the deployment." -} - -variable "storage_account" { - type = any - description = "the storage account for the cluster. It can be used for boot diagnostics." -} - -variable "vm_image" { - type = string - description = "The resource id of the vm image used for bootstrap." -} - -variable "availability_set_id" { - type = string - description = "ID of the availability set in which to place VMs" -} - -variable "bootstrap_ip" { - type = string - description = "The ip of the bootstrap node. Used for log gathering but not for infrastructure provisioning." -} \ No newline at end of file diff --git a/data/data/azurestack/variables-azurestack.tf b/data/data/azurestack/variables-azurestack.tf deleted file mode 100644 index 195d23822a..0000000000 --- a/data/data/azurestack/variables-azurestack.tf +++ /dev/null @@ -1,300 +0,0 @@ -variable "azure_environment" { - type = string - description = "The target Azure cloud environment for the cluster." -} - -variable "azure_region" { - type = string - description = "The target Azure region for the cluster." -} - -variable "azure_master_vm_type" { - type = string - description = "Instance type for the master node(s). Example: `Standard_D8s_v3`." -} - -variable "azure_master_disk_encryption_set_id" { - type = string - default = null - description = "The ID of the Disk Encryption Set which should be used to encrypt OS disk for the master node(s)." -} - -variable "azure_master_encryption_at_host_enabled" { - type = bool - description = "Enables encryption at the VM host for the master node(s)." -} - -variable "azure_extra_tags" { - type = map(string) - - description = < 0 ? var.control_plane_dedicated_host_id_list[0] : null - - vpc = var.vpc_id - zone = var.control_plane_subnet_zone_list[0] - keys = [] - - # Use custom ignition config that pulls content from COS bucket - # TODO: Once support for the httpHeaders field is added to - # terraform-provider-ignition, we should use it instead of this template. - # https://github.com/community-terraform-providers/terraform-provider-ignition/issues/16 - user_data = templatefile("${path.module}/templates/bootstrap.ign", { - HOSTNAME = replace(ibm_cos_bucket.bootstrap_ignition.s3_endpoint_direct, "https://", "") - BUCKET_NAME = ibm_cos_bucket.bootstrap_ignition.bucket_name - OBJECT_NAME = ibm_cos_bucket_object.bootstrap_ignition.key - IAM_TOKEN = data.ibm_iam_auth_token.iam_token.iam_access_token - }) -} - -############################################ -# Floating IP -############################################ - -resource "ibm_is_floating_ip" "bootstrap_floatingip" { - count = local.public_endpoints ? 1 : 0 - - name = "${local.prefix}-bootstrap-node-ip" - resource_group = var.resource_group_id - target = ibm_is_instance.bootstrap_node.primary_network_interface.0.id - tags = local.tags -} - -############################################ -# Security group -############################################ - -resource "ibm_is_security_group" "bootstrap" { - name = "${local.prefix}-security-group-bootstrap" - resource_group = var.resource_group_id - tags = local.tags - vpc = var.vpc_id -} - -# SSH -resource "ibm_is_security_group_rule" "bootstrap_ssh_inbound" { - count = local.public_endpoints ? 1 : length(local.all_subnet_cidrs) - - group = ibm_is_security_group.bootstrap.id - direction = "inbound" - remote = local.public_endpoints ? "0.0.0.0/0" : local.all_subnet_cidrs[count.index] - tcp { - port_min = 22 - port_max = 22 - } -} - -############################################ -# Load balancer backend pool members -############################################ - -resource "ibm_is_lb_pool_member" "kubernetes_api_public" { - count = local.public_endpoints ? 1 : 0 - - lb = var.lb_kubernetes_api_public_id - pool = var.lb_pool_kubernetes_api_public_id - port = local.port_kubernetes_api - target_address = ibm_is_instance.bootstrap_node.primary_network_interface.0.primary_ipv4_address -} - -resource "ibm_is_lb_pool_member" "kubernetes_api_private" { - lb = var.lb_kubernetes_api_private_id - pool = var.lb_pool_kubernetes_api_private_id - port = local.port_kubernetes_api - target_address = ibm_is_instance.bootstrap_node.primary_network_interface.0.primary_ipv4_address -} - -resource "ibm_is_lb_pool_member" "machine_config" { - lb = var.lb_kubernetes_api_private_id - pool = var.lb_pool_machine_config_id - port = local.port_machine_config - target_address = ibm_is_instance.bootstrap_node.primary_network_interface.0.primary_ipv4_address -} diff --git a/data/data/ibmcloud/bootstrap/outputs.tf b/data/data/ibmcloud/bootstrap/outputs.tf deleted file mode 100644 index f19f35b7d5..0000000000 --- a/data/data/ibmcloud/bootstrap/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "bootstrap_ip" { - value = local.public_endpoints ? ibm_is_floating_ip.bootstrap_floatingip[0].address : ibm_is_instance.bootstrap_node.primary_network_interface[0].primary_ipv4_address -} diff --git a/data/data/ibmcloud/bootstrap/templates/bootstrap.ign b/data/data/ibmcloud/bootstrap/templates/bootstrap.ign deleted file mode 100644 index cf824f9c53..0000000000 --- a/data/data/ibmcloud/bootstrap/templates/bootstrap.ign +++ /dev/null @@ -1,16 +0,0 @@ -{ - "ignition": { - "version": "3.2.0", - "config": { - "replace": { - "source": "https://${HOSTNAME}/${BUCKET_NAME}/${OBJECT_NAME}", - "httpHeaders": [ - { - "name": "Authorization", - "value": "${IAM_TOKEN}" - } - ] - } - } - } -} \ No newline at end of file diff --git a/data/data/ibmcloud/bootstrap/variables.tf b/data/data/ibmcloud/bootstrap/variables.tf deleted file mode 100644 index d56212cb56..0000000000 --- a/data/data/ibmcloud/bootstrap/variables.tf +++ /dev/null @@ -1,60 +0,0 @@ -####################################### -# Bootstrap module variables -####################################### - -variable "control_plane_dedicated_host_id_list" { - type = list(string) - default = [] -} - -variable "control_plane_security_group_id_list" { - type = list(string) -} - -variable "control_plane_subnet_id_list" { - type = list(string) -} - -variable "compute_subnet_id_list" { - type = list(string) -} - -variable "control_plane_subnet_zone_list" { - type = list(string) -} - -variable "cos_resource_instance_crn" { - type = string -} - -variable "lb_kubernetes_api_public_id" { - type = string -} - -variable "lb_kubernetes_api_private_id" { - type = string -} - -variable "lb_pool_kubernetes_api_public_id" { - type = string -} - -variable "lb_pool_kubernetes_api_private_id" { - type = string -} - -variable "lb_pool_machine_config_id" { - type = string -} - -variable "resource_group_id" { - type = string -} - -variable "vpc_id" { - type = string -} - -variable "vsi_image_id" { - type = string -} diff --git a/data/data/ibmcloud/master/common.tf b/data/data/ibmcloud/master/common.tf deleted file mode 100644 index 70d3514987..0000000000 --- a/data/data/ibmcloud/master/common.tf +++ /dev/null @@ -1,23 +0,0 @@ -locals { - description = "Created By OpenShift Installer" - # If specified, set visibility to 'private' for IBM Terraform Provider - endpoint_visibility = var.ibmcloud_terraform_private_visibility ? "private" : "public" - public_endpoints = var.ibmcloud_publish_strategy == "External" ? true : false - tags = concat( - ["kubernetes.io_cluster_${var.cluster_id}:owned"], - var.ibmcloud_extra_tags - ) -} - -############################################ -# IBM Cloud provider -############################################ - -provider "ibm" { - ibmcloud_api_key = var.ibmcloud_api_key - region = var.ibmcloud_region - - # Manage endpoints for IBM Cloud services - visibility = local.endpoint_visibility - endpoints_file_path = var.ibmcloud_endpoints_json_file -} diff --git a/data/data/ibmcloud/master/main.tf b/data/data/ibmcloud/master/main.tf deleted file mode 100644 index 33f315e8cb..0000000000 --- a/data/data/ibmcloud/master/main.tf +++ /dev/null @@ -1,75 +0,0 @@ -locals { - # If a boot volume encryption key CRN was supplied, create a list containing that CRN, otherwise an empty list for a dynamic block of boot volumes - boot_volume_key_crns = var.ibmcloud_control_plane_boot_volume_key == "" ? [] : [var.ibmcloud_control_plane_boot_volume_key] - prefix = var.cluster_id - port_kubernetes_api = 6443 - port_machine_config = 22623 - subnet_count = length(var.control_plane_subnet_id_list) - zone_count = length(var.control_plane_subnet_zone_list) -} - -############################################ -# Master nodes -############################################ - -resource "ibm_is_instance" "master_node" { - count = var.master_count - - name = "${local.prefix}-master-${count.index}" - image = var.vsi_image_id - profile = var.ibmcloud_master_instance_type - resource_group = var.resource_group_id - tags = local.tags - - primary_network_interface { - name = "eth0" - subnet = var.control_plane_subnet_id_list[count.index % local.subnet_count] - security_groups = var.control_plane_security_group_id_list - } - - dynamic "boot_volume" { - for_each = local.boot_volume_key_crns - content { - encryption = boot_volume.value - } - } - - dedicated_host = length(var.control_plane_dedicated_host_id_list) > 0 ? var.control_plane_dedicated_host_id_list[count.index % local.zone_count] : null - - vpc = var.vpc_id - zone = var.control_plane_subnet_zone_list[count.index % local.zone_count] - keys = [] - - user_data = var.ignition_master -} - -############################################ -# Load balancer backend pool members -############################################ - -resource "ibm_is_lb_pool_member" "kubernetes_api_public" { - count = local.public_endpoints ? var.master_count : 0 - - lb = var.lb_kubernetes_api_public_id - pool = var.lb_pool_kubernetes_api_public_id - port = local.port_kubernetes_api - target_address = ibm_is_instance.master_node[count.index].primary_network_interface.0.primary_ipv4_address -} - -resource "ibm_is_lb_pool_member" "kubernetes_api_private" { - count = var.master_count - - lb = var.lb_kubernetes_api_private_id - pool = var.lb_pool_kubernetes_api_private_id - port = local.port_kubernetes_api - target_address = ibm_is_instance.master_node[count.index].primary_network_interface.0.primary_ipv4_address -} - -resource "ibm_is_lb_pool_member" "machine_config" { - count = var.master_count - - lb = var.lb_kubernetes_api_private_id - pool = var.lb_pool_machine_config_id - port = local.port_machine_config - target_address = ibm_is_instance.master_node[count.index].primary_network_interface.0.primary_ipv4_address -} diff --git a/data/data/ibmcloud/master/outputs.tf b/data/data/ibmcloud/master/outputs.tf deleted file mode 100644 index 67ea8c8c76..0000000000 --- a/data/data/ibmcloud/master/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "control_plane_ips" { - value = ibm_is_instance.master_node[*].primary_network_interface[0].primary_ipv4_address -} diff --git a/data/data/ibmcloud/master/variables.tf b/data/data/ibmcloud/master/variables.tf deleted file mode 100644 index 1428f28b33..0000000000 --- a/data/data/ibmcloud/master/variables.tf +++ /dev/null @@ -1,57 +0,0 @@ -####################################### -# Master module variables -####################################### - -variable "control_plane_dedicated_host_id_list" { - type = list(string) - default = [] -} - -variable "control_plane_security_group_id_list" { - type = list(string) -} - -variable "control_plane_subnet_id_list" { - type = list(string) -} - -variable "control_plane_subnet_zone_list" { - type = list(string) -} - -variable "cos_resource_instance_crn" { - type = string - default = "" -} - -variable "lb_kubernetes_api_public_id" { - type = string -} - -variable "lb_kubernetes_api_private_id" { - type = string -} - -variable "lb_pool_kubernetes_api_public_id" { - type = string -} - -variable "lb_pool_kubernetes_api_private_id" { - type = string -} - -variable "lb_pool_machine_config_id" { - type = string -} - -variable "resource_group_id" { - type = string -} - -variable "vpc_id" { - type = string -} - -variable "vsi_image_id" { - type = string -} diff --git a/data/data/ibmcloud/network/cis/main.tf b/data/data/ibmcloud/network/cis/main.tf deleted file mode 100644 index 7d1fee4943..0000000000 --- a/data/data/ibmcloud/network/cis/main.tf +++ /dev/null @@ -1,36 +0,0 @@ -############################################ -# Datasources -############################################ - -data "ibm_cis_domain" "base_domain" { - count = var.is_external ? 1 : 0 - - cis_id = var.cis_id - domain = var.base_domain -} - -############################################ -# CIS DNS records (CNAME) -############################################ - -resource "ibm_cis_dns_record" "kubernetes_api" { - count = var.is_external ? 1 : 0 - - cis_id = var.cis_id - domain_id = data.ibm_cis_domain.base_domain[0].id - type = "CNAME" - name = "api.${var.cluster_domain}" - content = var.lb_kubernetes_api_public_hostname != "" ? var.lb_kubernetes_api_public_hostname : var.lb_kubernetes_api_private_hostname - ttl = 60 -} - -resource "ibm_cis_dns_record" "kubernetes_api_internal" { - count = var.is_external ? 1 : 0 - - cis_id = var.cis_id - domain_id = data.ibm_cis_domain.base_domain[0].id - type = "CNAME" - name = "api-int.${var.cluster_domain}" - content = var.lb_kubernetes_api_private_hostname - ttl = 60 -} diff --git a/data/data/ibmcloud/network/cis/variables.tf b/data/data/ibmcloud/network/cis/variables.tf deleted file mode 100644 index 51ad634889..0000000000 --- a/data/data/ibmcloud/network/cis/variables.tf +++ /dev/null @@ -1,27 +0,0 @@ -############################################ -# CIS module variables -############################################ - -variable "cis_id" { - type = string -} - -variable "base_domain" { - type = string -} - -variable "cluster_domain" { - type = string -} - -variable "is_external" { - type = bool -} - -variable "lb_kubernetes_api_public_hostname" { - type = string -} - -variable "lb_kubernetes_api_private_hostname" { - type = string -} diff --git a/data/data/ibmcloud/network/common.tf b/data/data/ibmcloud/network/common.tf deleted file mode 100644 index 70d3514987..0000000000 --- a/data/data/ibmcloud/network/common.tf +++ /dev/null @@ -1,23 +0,0 @@ -locals { - description = "Created By OpenShift Installer" - # If specified, set visibility to 'private' for IBM Terraform Provider - endpoint_visibility = var.ibmcloud_terraform_private_visibility ? "private" : "public" - public_endpoints = var.ibmcloud_publish_strategy == "External" ? true : false - tags = concat( - ["kubernetes.io_cluster_${var.cluster_id}:owned"], - var.ibmcloud_extra_tags - ) -} - -############################################ -# IBM Cloud provider -############################################ - -provider "ibm" { - ibmcloud_api_key = var.ibmcloud_api_key - region = var.ibmcloud_region - - # Manage endpoints for IBM Cloud services - visibility = local.endpoint_visibility - endpoints_file_path = var.ibmcloud_endpoints_json_file -} diff --git a/data/data/ibmcloud/network/dhost/main.tf b/data/data/ibmcloud/network/dhost/main.tf deleted file mode 100644 index 65ec73741f..0000000000 --- a/data/data/ibmcloud/network/dhost/main.tf +++ /dev/null @@ -1,73 +0,0 @@ -locals { - prefix = var.cluster_id - dhosts_master_create = [for dhost in var.dedicated_hosts_master : dhost if lookup(dhost, "id", "") == ""] - dhosts_master_zones = [for i, dhost in var.dedicated_hosts_master : var.zones_master[i] if lookup(dhost, "id", "") == ""] - dhosts_worker_create = [for dhost in var.dedicated_hosts_worker : dhost if lookup(dhost, "id", "") == ""] - dhosts_worker_zones = [for i, dhost in var.dedicated_hosts_worker : var.zones_worker[i] if lookup(dhost, "id", "") == ""] - dhosts_master_merged = [ - for i, dhost in var.dedicated_hosts_master : - lookup(dhost, "id", "") == "" - ? ibm_is_dedicated_host.control_plane[index(ibm_is_dedicated_host.control_plane.*.zone, var.zones_master[i])].id - : dhost.id - ] -} - -############################################ -# Dedicated hosts (Control Plane) -############################################ - -data "ibm_is_dedicated_host_profile" "control_plane" { - count = length(local.dhosts_master_create) - name = local.dhosts_master_create[count.index].profile -} - -resource "ibm_is_dedicated_host_group" "control_plane" { - count = length(local.dhosts_master_create) - - name = "${local.prefix}-dgroup-control-plane-${local.dhosts_master_zones[count.index]}" - class = data.ibm_is_dedicated_host_profile.control_plane[count.index].class - family = data.ibm_is_dedicated_host_profile.control_plane[count.index].family - resource_group = var.resource_group_id - zone = local.dhosts_master_zones[count.index] -} - -resource "ibm_is_dedicated_host" "control_plane" { - count = length(local.dhosts_master_create) - - name = "${local.prefix}-dhost-control-plane-${local.dhosts_master_zones[count.index]}" - host_group = ibm_is_dedicated_host_group.control_plane[count.index].id - profile = local.dhosts_master_create[count.index].profile - resource_group = var.resource_group_id - - instance_placement_enabled = true -} - -############################################ -# Dedicated hosts (Compute) -############################################ - -data "ibm_is_dedicated_host_profile" "compute" { - count = length(local.dhosts_worker_create) - name = local.dhosts_worker_create[count.index].profile -} - -resource "ibm_is_dedicated_host_group" "compute" { - count = length(local.dhosts_worker_create) - - name = "${local.prefix}-dgroup-compute-${local.dhosts_worker_zones[count.index]}" - class = data.ibm_is_dedicated_host_profile.compute[count.index].class - family = data.ibm_is_dedicated_host_profile.compute[count.index].family - resource_group = var.resource_group_id - zone = local.dhosts_worker_zones[count.index] -} - -resource "ibm_is_dedicated_host" "compute" { - count = length(local.dhosts_worker_create) - - name = "${local.prefix}-dhost-compute-${local.dhosts_worker_zones[count.index]}" - host_group = ibm_is_dedicated_host_group.compute[count.index].id - profile = local.dhosts_worker_create[count.index].profile - resource_group = var.resource_group_id - - instance_placement_enabled = true -} \ No newline at end of file diff --git a/data/data/ibmcloud/network/dhost/outputs.tf b/data/data/ibmcloud/network/dhost/outputs.tf deleted file mode 100644 index 78568e74f5..0000000000 --- a/data/data/ibmcloud/network/dhost/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -####################################### -# Dedicated Host module outputs -####################################### - -output "control_plane_dedicated_host_id_list" { - value = local.dhosts_master_merged -} diff --git a/data/data/ibmcloud/network/dhost/variables.tf b/data/data/ibmcloud/network/dhost/variables.tf deleted file mode 100644 index e899144139..0000000000 --- a/data/data/ibmcloud/network/dhost/variables.tf +++ /dev/null @@ -1,29 +0,0 @@ -####################################### -# Dedicated Host module variables -####################################### - -variable "cluster_id" { - type = string -} - -variable "dedicated_hosts_master" { - type = list(map(string)) - default = [] -} - -variable "dedicated_hosts_worker" { - type = list(map(string)) - default = [] -} - -variable "resource_group_id" { - type = string -} - -variable "zones_master" { - type = list(string) -} - -variable "zones_worker" { - type = list(string) -} \ No newline at end of file diff --git a/data/data/ibmcloud/network/dns/common.tf b/data/data/ibmcloud/network/dns/common.tf deleted file mode 100644 index f04a9389a5..0000000000 --- a/data/data/ibmcloud/network/dns/common.tf +++ /dev/null @@ -1,13 +0,0 @@ -locals { - dns_zone_id = var.is_external ? "" : data.ibm_dns_zones.zones[0].dns_zones[index(data.ibm_dns_zones.zones[0].dns_zones[*].name, var.base_domain)].zone_id -} - -############################################ -# DNS Zone -############################################ - -data "ibm_dns_zones" "zones" { - count = var.is_external ? 0 : 1 - - instance_id = var.dns_id -} diff --git a/data/data/ibmcloud/network/dns/main.tf b/data/data/ibmcloud/network/dns/main.tf deleted file mode 100644 index f917b4efd7..0000000000 --- a/data/data/ibmcloud/network/dns/main.tf +++ /dev/null @@ -1,39 +0,0 @@ -############################################ -# DNS permitted networks -############################################ - -resource "ibm_dns_permitted_network" "vpc" { - # Only create the Permitted Network if Internal (Private using DNS) and the VPC is not already a Permitted Network - count = ! var.is_external && ! var.vpc_permitted ? 1 : 0 - - instance_id = var.dns_id - zone_id = local.dns_zone_id - vpc_crn = var.vpc_crn - type = "vpc" -} - -############################################ -# DNS records (CNAME) -############################################ - -resource "ibm_dns_resource_record" "kubernetes_api_internal_public" { - count = var.is_external ? 0 : 1 - - instance_id = var.dns_id - zone_id = local.dns_zone_id - type = "CNAME" - name = "api.${var.cluster_domain}" - rdata = var.lb_kubernetes_api_private_hostname - ttl = "60" -} - -resource "ibm_dns_resource_record" "kubernetes_api_private" { - count = var.is_external ? 0 : 1 - - instance_id = var.dns_id - zone_id = local.dns_zone_id - type = "CNAME" - name = "api-int.${var.cluster_domain}" - rdata = var.lb_kubernetes_api_private_hostname - ttl = "60" -} diff --git a/data/data/ibmcloud/network/dns/variables.tf b/data/data/ibmcloud/network/dns/variables.tf deleted file mode 100644 index 4c6e81fd0a..0000000000 --- a/data/data/ibmcloud/network/dns/variables.tf +++ /dev/null @@ -1,31 +0,0 @@ -############################################ -# DNS module variables -############################################ - -variable "dns_id" { - type = string -} - -variable "vpc_crn" { - type = string -} - -variable "vpc_permitted" { - type = bool -} - -variable "base_domain" { - type = string -} - -variable "cluster_domain" { - type = string -} - -variable "is_external" { - type = bool -} - -variable "lb_kubernetes_api_private_hostname" { - type = string -} diff --git a/data/data/ibmcloud/network/image/main.tf b/data/data/ibmcloud/network/image/main.tf deleted file mode 100644 index 6628555124..0000000000 --- a/data/data/ibmcloud/network/image/main.tf +++ /dev/null @@ -1,47 +0,0 @@ -locals { - # Use the direct COS endpoint if IBM Cloud Service Endpoints are being overridden, - # as public and private may not be available. The direct endpoint requires - # additional IBM Cloud Account configuration, which must be configured when using - # Service Endpoint overrides. - cos_endpoint_type = var.endpoint_visibility == "private" ? "direct" : "public" - prefix = var.cluster_id -} - -resource "ibm_cos_bucket" "images" { - bucket_name = "${local.prefix}-vsi-image" - # Use the direct COS endpoint if IBM Cloud Service endpoints are being overridden, - # as public and private may not be available. Direct requires additional IBM Cloud - # Account configuration - endpoint_type = local.cos_endpoint_type - resource_instance_id = var.cos_resource_instance_crn - region_location = var.region - storage_class = "smart" -} - -resource "ibm_cos_bucket_object" "file" { - bucket_crn = ibm_cos_bucket.images.crn - bucket_location = ibm_cos_bucket.images.region_location - content_file = var.image_filepath - endpoint_type = local.cos_endpoint_type - key = basename(var.image_filepath) -} - -resource "ibm_iam_authorization_policy" "policy" { - source_service_name = "is" - source_resource_type = "image" - target_service_name = "cloud-object-storage" - target_resource_instance_id = element(split(":", var.cos_resource_instance_crn), 7) - roles = ["Reader"] -} - -resource "ibm_is_image" "image" { - depends_on = [ - ibm_iam_authorization_policy.policy - ] - - name = var.name - href = "cos://${ibm_cos_bucket.images.region_location}/${ibm_cos_bucket.images.bucket_name}/${ibm_cos_bucket_object.file.key}" - operating_system = "rhel-coreos-stable-amd64" - resource_group = var.resource_group_id - tags = var.tags -} diff --git a/data/data/ibmcloud/network/image/outputs.tf b/data/data/ibmcloud/network/image/outputs.tf deleted file mode 100644 index e14c4d02e3..0000000000 --- a/data/data/ibmcloud/network/image/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "vsi_image_id" { - value = ibm_is_image.image.id -} diff --git a/data/data/ibmcloud/network/image/variables.tf b/data/data/ibmcloud/network/image/variables.tf deleted file mode 100644 index c72fa5d786..0000000000 --- a/data/data/ibmcloud/network/image/variables.tf +++ /dev/null @@ -1,31 +0,0 @@ -variable "name" { - type = string -} - -variable "image_filepath" { - type = string -} - -variable "cluster_id" { - type = string -} - -variable "resource_group_id" { - type = string -} - -variable "region" { - type = string -} - -variable "tags" { - type = list(string) -} - -variable "cos_resource_instance_crn" { - type = string -} - -variable "endpoint_visibility" { - type = string -} diff --git a/data/data/ibmcloud/network/main.tf b/data/data/ibmcloud/network/main.tf deleted file mode 100644 index b3ce0be811..0000000000 --- a/data/data/ibmcloud/network/main.tf +++ /dev/null @@ -1,122 +0,0 @@ -locals { - network_resource_group_id = var.ibmcloud_network_resource_group_name == "" ? local.resource_group_id : data.ibm_resource_group.network_group.0.id - resource_group_id = var.ibmcloud_resource_group_name == "" ? ibm_resource_group.group.0.id : data.ibm_resource_group.group.0.id -} - -############################################ -# Resource groups -############################################ - -data "ibm_resource_group" "network_group" { - count = var.ibmcloud_network_resource_group_name == "" ? 0 : 1 - name = var.ibmcloud_network_resource_group_name -} - -resource "ibm_resource_group" "group" { - count = var.ibmcloud_resource_group_name == "" ? 1 : 0 - name = var.cluster_id -} - -data "ibm_resource_group" "group" { - count = var.ibmcloud_resource_group_name == "" ? 0 : 1 - name = var.ibmcloud_resource_group_name -} - -############################################ -# Shared COS Instance -############################################ -resource "ibm_resource_instance" "cos" { - name = "${var.cluster_id}-cos" - service = "cloud-object-storage" - plan = "standard" - location = "global" - resource_group_id = local.resource_group_id - tags = local.tags -} - -############################################ -# Import VPC Custom Image -############################################ - -module "image" { - source = "./image" - - name = "${var.cluster_id}-rhcos" - image_filepath = var.ibmcloud_image_filepath - cluster_id = var.cluster_id - region = var.ibmcloud_region - resource_group_id = local.resource_group_id - tags = local.tags - cos_resource_instance_crn = ibm_resource_instance.cos.crn - endpoint_visibility = local.endpoint_visibility -} - -############################################ -# CIS module -############################################ - -module "cis" { - source = "./cis" - - cis_id = var.ibmcloud_cis_crn - base_domain = var.base_domain - cluster_domain = var.cluster_domain - is_external = local.public_endpoints - - lb_kubernetes_api_public_hostname = module.vpc.lb_kubernetes_api_public_hostname - lb_kubernetes_api_private_hostname = module.vpc.lb_kubernetes_api_private_hostname -} - -############################################ -# DNS module -############################################ - -module "dns" { - source = "./dns" - depends_on = [module.vpc] - - dns_id = var.ibmcloud_dns_id - vpc_crn = module.vpc.vpc_crn - vpc_permitted = var.ibmcloud_vpc_permitted - base_domain = var.base_domain - cluster_domain = var.cluster_domain - is_external = local.public_endpoints - - lb_kubernetes_api_private_hostname = module.vpc.lb_kubernetes_api_private_hostname -} - -############################################ -# Dedicated Host module -############################################ - -module "dhost" { - source = "./dhost" - - cluster_id = var.cluster_id - dedicated_hosts_master = var.ibmcloud_master_dedicated_hosts - dedicated_hosts_worker = var.ibmcloud_worker_dedicated_hosts - resource_group_id = local.resource_group_id - zones_master = distinct(var.ibmcloud_master_availability_zones) - zones_worker = distinct(var.ibmcloud_worker_availability_zones) -} - -############################################ -# VPC module -############################################ - -module "vpc" { - source = "./vpc" - - cluster_id = var.cluster_id - network_resource_group_id = local.network_resource_group_id - public_endpoints = local.public_endpoints - resource_group_id = local.resource_group_id - tags = local.tags - zones_master = distinct(var.ibmcloud_master_availability_zones) - zones_worker = distinct(var.ibmcloud_worker_availability_zones) - - preexisting_vpc = var.ibmcloud_preexisting_vpc - cluster_vpc = var.ibmcloud_vpc - control_plane_subnets = var.ibmcloud_control_plane_subnets - compute_subnets = var.ibmcloud_compute_subnets -} diff --git a/data/data/ibmcloud/network/outputs.tf b/data/data/ibmcloud/network/outputs.tf deleted file mode 100644 index 63aad839d2..0000000000 --- a/data/data/ibmcloud/network/outputs.tf +++ /dev/null @@ -1,59 +0,0 @@ -####################################### -# Network module outputs -####################################### - -output "control_plane_dedicated_host_id_list" { - value = module.dhost.control_plane_dedicated_host_id_list -} - -output "control_plane_security_group_id_list" { - value = module.vpc.control_plane_security_group_id_list -} - -output "control_plane_subnet_id_list" { - value = module.vpc.control_plane_subnet_id_list -} - -output "control_plane_subnet_zone_list" { - value = module.vpc.control_plane_subnet_zone_list -} - -output "compute_subnet_id_list" { - value = module.vpc.compute_subnet_id_list -} - -output "cos_resource_instance_crn" { - value = ibm_resource_instance.cos.crn -} - -output "lb_kubernetes_api_public_id" { - value = module.vpc.lb_kubernetes_api_public_id -} - -output "lb_kubernetes_api_private_id" { - value = module.vpc.lb_kubernetes_api_private_id -} - -output "lb_pool_kubernetes_api_public_id" { - value = module.vpc.lb_pool_kubernetes_api_public_id -} - -output "lb_pool_kubernetes_api_private_id" { - value = module.vpc.lb_pool_kubernetes_api_private_id -} - -output "lb_pool_machine_config_id" { - value = module.vpc.lb_pool_machine_config_id -} - -output "resource_group_id" { - value = local.resource_group_id -} - -output "vpc_id" { - value = module.vpc.vpc_id -} - -output "vsi_image_id" { - value = module.image.vsi_image_id -} diff --git a/data/data/ibmcloud/network/vpc/common.tf b/data/data/ibmcloud/network/vpc/common.tf deleted file mode 100644 index 9069bdd6f7..0000000000 --- a/data/data/ibmcloud/network/vpc/common.tf +++ /dev/null @@ -1,36 +0,0 @@ -locals { - # Common locals - prefix = var.cluster_id - zones_all = distinct(concat(var.zones_master, var.zones_worker)) - - # VPC locals - vpc_id = var.preexisting_vpc ? data.ibm_is_vpc.vpc[0].id : ibm_is_vpc.vpc[0].id - vpc_crn = var.preexisting_vpc ? data.ibm_is_vpc.vpc[0].crn : ibm_is_vpc.vpc[0].crn - - # LB locals - port_kubernetes_api = 6443 - port_machine_config = 22623 - control_plane_subnets = var.preexisting_vpc ? data.ibm_is_subnet.control_plane[*] : ibm_is_subnet.control_plane[*] - compute_subnets = var.preexisting_vpc ? data.ibm_is_subnet.compute[*] : ibm_is_subnet.compute[*] - - # SG locals - subnet_cidr_blocks = concat(local.control_plane_subnets[*].ipv4_cidr_block, local.compute_subnets[*].ipv4_cidr_block) -} - -data "ibm_is_vpc" "vpc" { - count = var.preexisting_vpc ? 1 : 0 - - name = var.cluster_vpc -} - -data "ibm_is_subnet" "control_plane" { - count = var.preexisting_vpc ? length(var.control_plane_subnets) : 0 - - name = var.control_plane_subnets[count.index] -} - -data "ibm_is_subnet" "compute" { - count = var.preexisting_vpc ? length(var.compute_subnets) : 0 - - name = var.compute_subnets[count.index] -} diff --git a/data/data/ibmcloud/network/vpc/lb-private.tf b/data/data/ibmcloud/network/vpc/lb-private.tf deleted file mode 100644 index a5287d9e0d..0000000000 --- a/data/data/ibmcloud/network/vpc/lb-private.tf +++ /dev/null @@ -1,59 +0,0 @@ -############################################ -# Load balancers -############################################ - -resource "ibm_is_lb" "kubernetes_api_private" { - name = "${local.prefix}-kubernetes-api-private" - resource_group = var.resource_group_id - security_groups = [ibm_is_security_group.kubernetes_api_lb.id] - subnets = local.control_plane_subnets[*].id - tags = var.tags - type = "private" -} - -############################################ -# Load balancer backend pools -############################################ - -resource "ibm_is_lb_pool" "kubernetes_api_private" { - name = "${local.prefix}-kubernetes-api-private" - lb = ibm_is_lb.kubernetes_api_private.id - algorithm = "round_robin" - protocol = "tcp" - health_delay = 60 - health_retries = 5 - health_timeout = 30 - health_type = "https" - health_monitor_url = "/readyz" - health_monitor_port = local.port_kubernetes_api -} - -resource "ibm_is_lb_pool" "machine_config" { - name = "${local.prefix}-machine-config" - lb = ibm_is_lb.kubernetes_api_private.id - algorithm = "round_robin" - protocol = "tcp" - health_delay = 60 - health_retries = 5 - health_timeout = 30 - health_type = "tcp" - health_monitor_port = local.port_machine_config -} - -############################################ -# Load balancer frontend listeners -############################################ - -resource "ibm_is_lb_listener" "kubernetes_api_private" { - lb = ibm_is_lb.kubernetes_api_private.id - default_pool = ibm_is_lb_pool.kubernetes_api_private.id - port = local.port_kubernetes_api - protocol = "tcp" -} - -resource "ibm_is_lb_listener" "machine_config" { - lb = ibm_is_lb.kubernetes_api_private.id - default_pool = ibm_is_lb_pool.machine_config.id - port = local.port_machine_config - protocol = "tcp" -} diff --git a/data/data/ibmcloud/network/vpc/lb-public.tf b/data/data/ibmcloud/network/vpc/lb-public.tf deleted file mode 100644 index 0f2d6f2f2a..0000000000 --- a/data/data/ibmcloud/network/vpc/lb-public.tf +++ /dev/null @@ -1,46 +0,0 @@ -############################################ -# Load balancers -############################################ - -resource "ibm_is_lb" "kubernetes_api_public" { - count = var.public_endpoints ? 1 : 0 - - name = "${local.prefix}-kubernetes-api-public" - resource_group = var.resource_group_id - security_groups = [ibm_is_security_group.kubernetes_api_lb.id] - subnets = local.control_plane_subnets[*].id - tags = var.tags - type = "public" -} - -############################################ -# Load balancer backend pools -############################################ - -resource "ibm_is_lb_pool" "kubernetes_api_public" { - count = var.public_endpoints ? 1 : 0 - - name = "${local.prefix}-kubernetes-api-public" - lb = ibm_is_lb.kubernetes_api_public.0.id - algorithm = "round_robin" - protocol = "tcp" - health_delay = 60 - health_retries = 5 - health_timeout = 30 - health_type = "https" - health_monitor_url = "/readyz" - health_monitor_port = local.port_kubernetes_api -} - -############################################ -# Load balancer frontend listeners -############################################ - -resource "ibm_is_lb_listener" "kubernetes_api_public" { - count = var.public_endpoints ? 1 : 0 - - lb = ibm_is_lb.kubernetes_api_public.0.id - default_pool = ibm_is_lb_pool.kubernetes_api_public.0.id - port = local.port_kubernetes_api - protocol = "tcp" -} diff --git a/data/data/ibmcloud/network/vpc/outputs.tf b/data/data/ibmcloud/network/vpc/outputs.tf deleted file mode 100644 index f192c6dfdd..0000000000 --- a/data/data/ibmcloud/network/vpc/outputs.tf +++ /dev/null @@ -1,69 +0,0 @@ -####################################### -# VPC module outputs -####################################### - -output "control_plane_security_group_id_list" { - value = [ - ibm_is_security_group.cluster_wide.id, - ibm_is_security_group.openshift_network.id, - ibm_is_security_group.control_plane.id, - ibm_is_security_group.control_plane_internal.id, - ] -} - -output "control_plane_subnet_id_list" { - value = local.control_plane_subnets[*].id -} - -output "control_plane_subnet_zone_list" { - value = local.control_plane_subnets[*].zone -} - -output "compute_subnet_id_list" { - value = local.compute_subnets[*].id -} - -output "lb_kubernetes_api_public_hostname" { - value = var.public_endpoints ? ibm_is_lb.kubernetes_api_public.0.hostname : "" -} - -output "lb_kubernetes_api_public_id" { - # Wait for frontend listeners to be ready before use - depends_on = [ - ibm_is_lb_listener.kubernetes_api_public - ] - value = var.public_endpoints ? ibm_is_lb.kubernetes_api_public.0.id : "" -} - -output "lb_kubernetes_api_private_hostname" { - value = ibm_is_lb.kubernetes_api_private.hostname -} - -output "lb_kubernetes_api_private_id" { - # Wait for frontend listeners to be ready before use - depends_on = [ - ibm_is_lb_listener.kubernetes_api_private, - ibm_is_lb_listener.machine_config, - ] - value = ibm_is_lb.kubernetes_api_private.id -} - -output "lb_pool_kubernetes_api_public_id" { - value = var.public_endpoints ? ibm_is_lb_pool.kubernetes_api_public.0.id : "" -} - -output "lb_pool_kubernetes_api_private_id" { - value = ibm_is_lb_pool.kubernetes_api_private.id -} - -output "lb_pool_machine_config_id" { - value = ibm_is_lb_pool.machine_config.id -} - -output "vpc_id" { - value = local.vpc_id -} - -output "vpc_crn" { - value = local.vpc_crn -} diff --git a/data/data/ibmcloud/network/vpc/security-groups.tf b/data/data/ibmcloud/network/vpc/security-groups.tf deleted file mode 100644 index 3208e1c76d..0000000000 --- a/data/data/ibmcloud/network/vpc/security-groups.tf +++ /dev/null @@ -1,294 +0,0 @@ -# NOTE: Security group rules enforces network access based on OCP requirements -# https://docs.openshift.com/container-platform/4.9/installing/installing_platform_agnostic/installing-platform-agnostic.html#installation-network-connectivity-user-infra_installing-platform-agnostic - -# NOTE: Security group limitations -# 5 per network interface (NIC) on a virtual server instance -# 5 remote rules per security group - -############################################ -# Security group (Cluster-wide) -############################################ - -resource "ibm_is_security_group" "cluster_wide" { - name = "${local.prefix}-sg-cluster-wide" - resource_group = var.resource_group_id - tags = var.tags - vpc = local.vpc_id -} - -# SSH -resource "ibm_is_security_group_rule" "cluster_wide_ssh_inbound" { - count = length(local.subnet_cidr_blocks) - - group = ibm_is_security_group.cluster_wide.id - direction = "inbound" - remote = local.subnet_cidr_blocks[count.index] - tcp { - port_min = 22 - port_max = 22 - } -} - -# ICMP -resource "ibm_is_security_group_rule" "cluster_wide_icmp_inbound" { - group = ibm_is_security_group.cluster_wide.id - direction = "inbound" - remote = ibm_is_security_group.cluster_wide.id - icmp {} -} - -# VXLAN and Geneve - port 4789 -resource "ibm_is_security_group_rule" "cluster_wide_vxlan_geneve_4789_inbound" { - group = ibm_is_security_group.cluster_wide.id - direction = "inbound" - remote = ibm_is_security_group.cluster_wide.id - udp { - port_min = 4789 - port_max = 4789 - } -} - -# VXLAN and Geneve - port 6081 -resource "ibm_is_security_group_rule" "cluster_wide_vxlan_geneve_6081_inbound" { - group = ibm_is_security_group.cluster_wide.id - direction = "inbound" - remote = ibm_is_security_group.cluster_wide.id - udp { - port_min = 6081 - port_max = 6081 - } -} - -# Outbound -resource "ibm_is_security_group_rule" "cluster_wide_outbound" { - group = ibm_is_security_group.cluster_wide.id - direction = "outbound" - remote = "0.0.0.0/0" -} - -############################################ -# Security group (OpenShift network) -############################################ - -resource "ibm_is_security_group" "openshift_network" { - name = "${local.prefix}-sg-openshift-net" - resource_group = var.resource_group_id - tags = var.tags - vpc = local.vpc_id -} - -# Host level services - TCP -resource "ibm_is_security_group_rule" "openshift_network_host_services_tcp_inbound" { - group = ibm_is_security_group.openshift_network.id - direction = "inbound" - remote = ibm_is_security_group.openshift_network.id - tcp { - port_min = 9000 - port_max = 9999 - } -} - -# Host level services - UDP -resource "ibm_is_security_group_rule" "openshift_network_host_services_udp_inbound" { - group = ibm_is_security_group.openshift_network.id - direction = "inbound" - remote = ibm_is_security_group.openshift_network.id - udp { - port_min = 9000 - port_max = 9999 - } -} - -# Kubernetes default ports -resource "ibm_is_security_group_rule" "openshift_network_kube_default_ports_inbound" { - group = ibm_is_security_group.openshift_network.id - direction = "inbound" - remote = ibm_is_security_group.openshift_network.id - tcp { - port_min = 10250 - port_max = 10250 - } -} - -# Due to limtation of only 5 SGs per interface and only 5 remotes per SG -# we stick the IPsec rules here in openshift_network since this SG is added -# to all nodes. -# There is a max of 50 rules per SG, so if we have more subnets this will break. - -# IPsec IKE - port 500 -resource "ibm_is_security_group_rule" "openshift_network_ipsec_ike_500_inbound" { - group = ibm_is_security_group.openshift_network.id - direction = "inbound" - remote = ibm_is_security_group.openshift_network.id - udp { - port_min = 500 - port_max = 500 - } -} - -# IPsec IKE NAT-T - port 4500 -resource "ibm_is_security_group_rule" "openshift_network_ipsec_ike_nat_t_4500_inbound" { - group = ibm_is_security_group.openshift_network.id - direction = "inbound" - remote = ibm_is_security_group.openshift_network.id - udp { - port_min = 4500 - port_max = 4500 - } -} - -# Kubernetes node ports - TCP -# Allows access to node ports from within VPC subnets to accommodate CCM LBs -resource "ibm_is_security_group_rule" "openshift_network_node_ports_tcp_inbound" { - count = length(local.subnet_cidr_blocks) - - group = ibm_is_security_group.openshift_network.id - direction = "inbound" - remote = local.subnet_cidr_blocks[count.index] - tcp { - port_min = 30000 - port_max = 32767 - } -} - -# Kubernetes node ports - UDP -# Allows access to node ports from within VPC subnets to accommodate CCM LBs -resource "ibm_is_security_group_rule" "openshift_network_node_ports_udp_inbound" { - count = length(local.subnet_cidr_blocks) - - group = ibm_is_security_group.openshift_network.id - direction = "inbound" - remote = local.subnet_cidr_blocks[count.index] - udp { - port_min = 30000 - port_max = 32767 - } -} - -############################################ -# Security group (Kubernetes API LB) -############################################ - -resource "ibm_is_security_group" "kubernetes_api_lb" { - name = "${local.prefix}-sg-kube-api-lb" - resource_group = var.resource_group_id - tags = var.tags - vpc = local.vpc_id -} - -# Kubernetes API LB - inbound -resource "ibm_is_security_group_rule" "kubernetes_api_lb_inbound" { - group = ibm_is_security_group.kubernetes_api_lb.id - direction = "inbound" - remote = "0.0.0.0/0" - tcp { - port_min = 6443 - port_max = 6443 - } -} - -# Kubernetes API LB - outbound -resource "ibm_is_security_group_rule" "kubernetes_api_lb_outbound" { - group = ibm_is_security_group.kubernetes_api_lb.id - direction = "outbound" - remote = ibm_is_security_group.control_plane.id - tcp { - port_min = 6443 - port_max = 6443 - } -} - -# Machine config server LB - inbound -resource "ibm_is_security_group_rule" "kubernetes_api_lb_machine_config_inbound" { - group = ibm_is_security_group.kubernetes_api_lb.id - direction = "inbound" - remote = ibm_is_security_group.cluster_wide.id - tcp { - port_min = 22623 - port_max = 22623 - } -} - -# Machine config server LB - outbound -resource "ibm_is_security_group_rule" "kubernetes_api_lb_machine_config_outbound" { - group = ibm_is_security_group.kubernetes_api_lb.id - direction = "outbound" - remote = ibm_is_security_group.control_plane.id - tcp { - port_min = 22623 - port_max = 22623 - } -} - -############################################ -# Security group (Control plane) -############################################ - -resource "ibm_is_security_group" "control_plane" { - name = "${local.prefix}-sg-control-plane" - resource_group = var.resource_group_id - tags = var.tags - vpc = local.vpc_id -} - -resource "ibm_is_security_group" "control_plane_internal" { - name = "${local.prefix}-sg-cp-internal" - resource_group = var.resource_group_id - tags = var.tags - vpc = local.vpc_id -} - -# etcd -resource "ibm_is_security_group_rule" "control_plane_internal_etcd_inbound" { - group = ibm_is_security_group.control_plane_internal.id - direction = "inbound" - remote = ibm_is_security_group.control_plane_internal.id - tcp { - port_min = 2379 - port_max = 2380 - } -} - -# Kubernetes default ports -resource "ibm_is_security_group_rule" "control_plane_internal_kube_default_ports_inbound" { - group = ibm_is_security_group.control_plane_internal.id - direction = "inbound" - remote = ibm_is_security_group.cluster_wide.id - tcp { - port_min = 10257 - port_max = 10259 - } -} - -# Kubernetes API - inbound -resource "ibm_is_security_group_rule" "control_plane_kubernetes_api_inbound" { - group = ibm_is_security_group.control_plane.id - direction = "inbound" - remote = ibm_is_security_group.cluster_wide.id - tcp { - port_min = 6443 - port_max = 6443 - } -} - -# Kubernetes API - inbound via LB -resource "ibm_is_security_group_rule" "control_plane_kubernetes_api_lb_inbound" { - group = ibm_is_security_group.control_plane.id - direction = "inbound" - remote = ibm_is_security_group.kubernetes_api_lb.id - tcp { - port_min = 6443 - port_max = 6443 - } -} - -# Machine config server - inbound via LB -resource "ibm_is_security_group_rule" "control_plane_machine_config_lb_inbound" { - group = ibm_is_security_group.control_plane.id - direction = "inbound" - remote = ibm_is_security_group.kubernetes_api_lb.id - tcp { - port_min = 22623 - port_max = 22623 - } -} diff --git a/data/data/ibmcloud/network/vpc/variables.tf b/data/data/ibmcloud/network/vpc/variables.tf deleted file mode 100644 index ea91bd6fc3..0000000000 --- a/data/data/ibmcloud/network/vpc/variables.tf +++ /dev/null @@ -1,48 +0,0 @@ -####################################### -# VPC module variables -####################################### - -variable "cluster_id" { - type = string -} - -variable "network_resource_group_id" { - type = string -} - -variable "public_endpoints" { - type = bool -} - -variable "resource_group_id" { - type = string -} - -variable "tags" { - type = list(string) -} - -variable "zones_master" { - type = list(string) -} - -variable "zones_worker" { - type = list(string) -} - -variable "preexisting_vpc" { - type = bool - default = false -} - -variable "cluster_vpc" { - type = string -} - -variable "control_plane_subnets" { - type = list(string) -} - -variable "compute_subnets" { - type = list(string) -} diff --git a/data/data/ibmcloud/network/vpc/vpc.tf b/data/data/ibmcloud/network/vpc/vpc.tf deleted file mode 100644 index f92c1741b5..0000000000 --- a/data/data/ibmcloud/network/vpc/vpc.tf +++ /dev/null @@ -1,52 +0,0 @@ -############################################ -# VPC -############################################ - -resource "ibm_is_vpc" "vpc" { - count = var.preexisting_vpc ? 0 : 1 - name = "${local.prefix}-vpc" - resource_group = var.network_resource_group_id - tags = var.tags -} - -############################################ -# Public gateways -############################################ - -resource "ibm_is_public_gateway" "public_gateway" { - count = var.preexisting_vpc ? 0 : length(local.zones_all) - - name = "${local.prefix}-public-gateway-${local.zones_all[count.index]}" - resource_group = var.network_resource_group_id - tags = var.tags - vpc = ibm_is_vpc.vpc[0].id - zone = local.zones_all[count.index] -} - -############################################ -# Subnets -############################################ - -resource "ibm_is_subnet" "control_plane" { - count = var.preexisting_vpc ? 0 : length(var.zones_master) - - name = "${local.prefix}-subnet-control-plane-${var.zones_master[count.index]}" - resource_group = var.network_resource_group_id - tags = var.tags - vpc = ibm_is_vpc.vpc[0].id - zone = var.zones_master[count.index] - public_gateway = ibm_is_public_gateway.public_gateway[index(ibm_is_public_gateway.public_gateway.*.zone, var.zones_master[count.index])].id - total_ipv4_address_count = "256" -} - -resource "ibm_is_subnet" "compute" { - count = var.preexisting_vpc ? 0 : length(var.zones_worker) - - name = "${local.prefix}-subnet-compute-${var.zones_worker[count.index]}" - resource_group = var.network_resource_group_id - tags = var.tags - vpc = ibm_is_vpc.vpc[0].id - zone = var.zones_worker[count.index] - public_gateway = ibm_is_public_gateway.public_gateway[index(ibm_is_public_gateway.public_gateway.*.zone, var.zones_worker[count.index])].id - total_ipv4_address_count = "256" -} diff --git a/data/data/ibmcloud/variables-ibmcloud.tf b/data/data/ibmcloud/variables-ibmcloud.tf deleted file mode 100644 index 3d88caffbe..0000000000 --- a/data/data/ibmcloud/variables-ibmcloud.tf +++ /dev/null @@ -1,155 +0,0 @@ -####################################### -# Top-level module variables (required) -####################################### - -variable "ibmcloud_api_key" { - type = string - # TODO: Supported on tf 0.14 - # sensitive = true - description = "The IAM API key for authenticating with IBM Cloud APIs." -} - -variable "ibmcloud_bootstrap_instance_type" { - type = string - description = "Instance type for the bootstrap node. Example: `bx2-4x16`" -} - -variable "ibmcloud_cis_crn" { - type = string - description = "The CRN of CIS instance to use." - default = "" -} - -variable "ibmcloud_dns_id" { - type = string - description = "The ID of DNS Service instance to use." - default = "" -} - -variable "ibmcloud_region" { - type = string - description = "The target IBM Cloud region for the cluster." -} - -variable "ibmcloud_master_instance_type" { - type = string - description = "Instance type for the master node(s). Example: `bx2-4x16`" -} - -variable "ibmcloud_master_availability_zones" { - type = list(string) - description = "The availability zones in which to create the masters. The length of this list must match master_count." -} - -variable "ibmcloud_worker_availability_zones" { - type = list(string) - description = "The availability zones to provision for workers. Worker instances are created by the machine-API operator, but this variable controls their supporting infrastructure (subnets, routing, dedicated hosts, etc.)." -} - -variable "ibmcloud_image_filepath" { - type = string - description = "The file path to the RHCOS image" -} - -variable "ibmcloud_terraform_private_visibility" { - type = bool - description = "Specified whether the IBM Cloud terraform provider visibility mode should be private, for endpoint usage." - default = false -} - -####################################### -# Top-level module variables (optional) -####################################### - -variable "ibmcloud_endpoints_json_file" { - type = string - description = "JSON file containing IBM Cloud service endpoints" - default = "" -} - -variable "ibmcloud_preexisting_vpc" { - type = bool - description = "Specifies whether an existing VPC should be used or a new one created for installation." - default = false -} - -variable "ibmcloud_vpc_permitted" { - type = bool - description = "Specifies whether an existing VPC is already a Permitted Network for DNS Instance, for Private clusters." - default = false -} - -variable "ibmcloud_vpc" { - type = string - description = "The name of an existing cluster VPC." - default = null -} - -variable "ibmcloud_control_plane_boot_volume_key" { - type = string - description = "IBM Cloud Key Protect key CRN to use to encrypt the control plane's volume(s)." - default = null -} - -variable "ibmcloud_control_plane_subnets" { - type = list(string) - description = "The names of the existing subnets for the control plane." - default = [] -} - -variable "ibmcloud_compute_subnets" { - type = list(string) - description = "The names of the existing subnets for the compute plane." - default = [] -} - -variable "ibmcloud_master_dedicated_hosts" { - type = list(map(string)) - description = "(optional) The list of dedicated hosts in which to create the control plane nodes." - default = [] -} - -variable "ibmcloud_worker_dedicated_hosts" { - type = list(map(string)) - description = "(optional) The list of dedicated hosts in which to create the compute nodes." - default = [] -} - -variable "ibmcloud_extra_tags" { - type = list(string) - description = < 0 ? 1 : 0 - name = "${var.cluster_id}-master-0" - - flavor_id = data.openstack_compute_flavor_v2.masters_flavor.id - image_id = var.openstack_master_root_volume_size == null ? data.openstack_images_image_v2.base_image.id : null - security_groups = local.master_sg_ids - availability_zone = var.openstack_master_availability_zones[0] - user_data = element( - data.ignition_config.master_ignition_config.*.rendered, - 0, - ) - - dynamic "block_device" { - for_each = var.openstack_master_root_volume_size == null ? [] : [openstack_blockstorage_volume_v3.master_volume[0].id] - content { - uuid = block_device.value - source_type = "volume" - boot_index = 0 - destination_type = "volume" - delete_on_termination = true - } - } - - network { - port = local.master_port_ids[0] - } - - scheduler_hints { - group = openstack_compute_servergroup_v2.master_group.id - } - - dynamic "network" { - for_each = [for port in openstack_networking_port_v2.master_0_failuredomain : port.id] - - content { - port = network.value - } - } - - dynamic "network" { - for_each = var.openstack_additional_network_ids - - content { - uuid = network.value - } - } - - tags = ["openshiftClusterID=${var.cluster_id}"] - - metadata = { - Name = "${var.cluster_id}-master" - openshiftClusterID = var.cluster_id - } -} - -resource "openstack_compute_instance_v2" "master_conf_1" { - count = var.master_count > 1 ? 1 : 0 - name = "${var.cluster_id}-master-1" - - flavor_id = data.openstack_compute_flavor_v2.masters_flavor.id - image_id = var.openstack_master_root_volume_size == null ? data.openstack_images_image_v2.base_image.id : null - security_groups = local.master_sg_ids - availability_zone = var.openstack_master_availability_zones[1] - user_data = element( - data.ignition_config.master_ignition_config.*.rendered, - 1, - ) - - dynamic "block_device" { - for_each = var.openstack_master_root_volume_size == null ? [] : [openstack_blockstorage_volume_v3.master_volume[1].id] - content { - uuid = block_device.value - source_type = "volume" - boot_index = 0 - destination_type = "volume" - delete_on_termination = true - } - } - - network { - port = local.master_port_ids[1] - } - - scheduler_hints { - group = openstack_compute_servergroup_v2.master_group.id - } - - dynamic "network" { - for_each = [for port in openstack_networking_port_v2.master_1_failuredomain : port.id] - - content { - port = network.value - } - } - - dynamic "network" { - for_each = var.openstack_additional_network_ids - - content { - uuid = network.value - } - } - - tags = ["openshiftClusterID=${var.cluster_id}"] - - metadata = { - Name = "${var.cluster_id}-master" - openshiftClusterID = var.cluster_id - } - - depends_on = [openstack_compute_instance_v2.master_conf_0] -} - -resource "openstack_compute_instance_v2" "master_conf_2" { - count = var.master_count > 2 ? 1 : 0 - name = "${var.cluster_id}-master-2" - - flavor_id = data.openstack_compute_flavor_v2.masters_flavor.id - image_id = var.openstack_master_root_volume_size == null ? data.openstack_images_image_v2.base_image.id : null - security_groups = local.master_sg_ids - availability_zone = var.openstack_master_availability_zones[2] - user_data = element( - data.ignition_config.master_ignition_config.*.rendered, - 2, - ) - - dynamic "block_device" { - for_each = var.openstack_master_root_volume_size == null ? [] : [openstack_blockstorage_volume_v3.master_volume[2].id] - content { - uuid = block_device.value - source_type = "volume" - boot_index = 0 - destination_type = "volume" - delete_on_termination = true - } - } - - network { - port = local.master_port_ids[2] - } - - scheduler_hints { - group = openstack_compute_servergroup_v2.master_group.id - } - - dynamic "network" { - for_each = [for port in openstack_networking_port_v2.master_2_failuredomain : port.id] - - content { - port = network.value - } - } - - dynamic "network" { - for_each = var.openstack_additional_network_ids - - content { - uuid = network.value - } - } - - tags = ["openshiftClusterID=${var.cluster_id}"] - - metadata = { - Name = "${var.cluster_id}-master" - openshiftClusterID = var.cluster_id - } - - depends_on = [openstack_compute_instance_v2.master_conf_1] -} - -# Pre-create server groups for the Compute MachineSets, with the given policy. -resource "openstack_compute_servergroup_v2" "server_groups" { - for_each = var.openstack_worker_server_group_names - name = each.key - policies = [var.openstack_worker_server_group_policy] -} - -resource "openstack_networking_port_v2" "master_0_failuredomain" { - count = var.master_count > 0 ? length(var.openstack_additional_ports[0]) : 0 - - name = "${var.cluster_id}-master-0-${count.index}" - description = local.description - network_id = var.openstack_additional_ports[0][count.index].network_id - security_group_ids = concat(var.openstack_master_extra_sg_ids, [openstack_networking_secgroup_v2.master.id]) - tags = ["openshiftClusterID=${var.cluster_id}"] - - dynamic "fixed_ip" { - for_each = var.openstack_additional_ports[0][count.index].fixed_ips - - content { - subnet_id = fixed_ip.value["subnet_id"] - ip_address = fixed_ip.value["ip_address"] - } - } -} - -resource "openstack_networking_port_v2" "master_1_failuredomain" { - count = var.master_count > 1 ? length(var.openstack_additional_ports[1]) : 0 - - name = "${var.cluster_id}-master-1-${count.index}" - description = local.description - network_id = var.openstack_additional_ports[1][count.index].network_id - security_group_ids = concat(var.openstack_master_extra_sg_ids, [openstack_networking_secgroup_v2.master.id]) - tags = ["openshiftClusterID=${var.cluster_id}"] - - dynamic "fixed_ip" { - for_each = var.openstack_additional_ports[1][count.index].fixed_ips - - content { - subnet_id = fixed_ip.value["subnet_id"] - ip_address = fixed_ip.value["ip_address"] - } - } -} - -resource "openstack_networking_port_v2" "master_2_failuredomain" { - count = var.master_count > 2 ? length(var.openstack_additional_ports[2]) : 0 - - name = "${var.cluster_id}-master-2-${count.index}" - description = local.description - network_id = var.openstack_additional_ports[2][count.index].network_id - security_group_ids = concat(var.openstack_master_extra_sg_ids, [openstack_networking_secgroup_v2.master.id]) - tags = ["openshiftClusterID=${var.cluster_id}"] - - dynamic "fixed_ip" { - for_each = var.openstack_additional_ports[2][count.index].fixed_ips - - content { - subnet_id = fixed_ip.value["subnet_id"] - ip_address = fixed_ip.value["ip_address"] - } - } -} diff --git a/data/data/openstack/masters/outputs.tf b/data/data/openstack/masters/outputs.tf deleted file mode 100644 index d000be0d37..0000000000 --- a/data/data/openstack/masters/outputs.tf +++ /dev/null @@ -1,26 +0,0 @@ -output "control_plane_ips" { - value = concat( - openstack_compute_instance_v2.master_conf_0.*.access_ip_v4, - openstack_compute_instance_v2.master_conf_1.*.access_ip_v4, - openstack_compute_instance_v2.master_conf_2.*.access_ip_v4, - ) -} - -output "master_sg_ids" { - value = concat( - var.openstack_master_extra_sg_ids, - [openstack_networking_secgroup_v2.master.id], - ) -} - -output "master_port_ids" { - value = local.master_port_ids -} - -output "private_network_id" { - value = local.nodes_default_port.network_id -} - -output "nodes_default_port" { - value = local.nodes_default_port -} diff --git a/data/data/openstack/masters/private-network.tf b/data/data/openstack/masters/private-network.tf deleted file mode 100644 index c55de27a41..0000000000 --- a/data/data/openstack/masters/private-network.tf +++ /dev/null @@ -1,206 +0,0 @@ -locals { - # Create subnet for the first MachineNetwork CIDR if we need to - nodes_cidr_block = var.machine_v4_cidrs[0] - nodes_default_port = var.openstack_default_machines_port != null ? var.openstack_default_machines_port : { - network_id = openstack_networking_network_v2.openshift-private[0].id, - fixed_ips = [{ subnet_id = openstack_networking_subnet_v2.nodes[0].id, ip_address = "" }], - } - nodes_ports = [for port in var.openstack_machines_ports : port != null ? port : local.nodes_default_port] - create_router = (var.openstack_external_network != "" && var.openstack_default_machines_port == null) ? 1 : 0 -} - -data "openstack_networking_network_v2" "external_network" { - count = var.openstack_external_network != "" ? 1 : 0 - name = var.openstack_external_network - network_id = var.openstack_external_network_id - external = true -} - -resource "openstack_networking_network_v2" "openshift-private" { - count = var.openstack_default_machines_port == null ? 1 : 0 - name = "${var.cluster_id}-openshift" - admin_state_up = "true" - description = local.description - tags = ["openshiftClusterID=${var.cluster_id}", "${var.cluster_id}-primaryClusterNetwork"] -} - -resource "openstack_networking_subnet_v2" "nodes" { - count = var.openstack_default_machines_port == null ? 1 : 0 - name = "${var.cluster_id}-nodes" - description = local.description - cidr = local.nodes_cidr_block - ip_version = 4 - network_id = openstack_networking_network_v2.openshift-private[0].id - tags = ["openshiftClusterID=${var.cluster_id}"] - dns_nameservers = var.openstack_external_dns - - # We reserve some space at the beginning of the CIDR to use for the VIPs - # FIXME(mandre) if we let the ports pick up VIPs automatically, we don't have - # to do any of this. - allocation_pool { - start = cidrhost(local.nodes_cidr_block, 10) - end = cidrhost(local.nodes_cidr_block, pow(2, (32 - split("/", local.nodes_cidr_block)[1])) - 2) - } -} - -resource "openstack_networking_port_v2" "masters" { - name = "${var.cluster_id}-master-${count.index}" - count = var.master_count - description = local.description - - admin_state_up = "true" - network_id = local.nodes_ports[count.index].network_id - security_group_ids = concat( - var.openstack_master_extra_sg_ids, - [openstack_networking_secgroup_v2.master.id], - ) - tags = ["openshiftClusterID=${var.cluster_id}"] - - extra_dhcp_option { - name = "domain-search" - value = var.cluster_domain - } - - dynamic "fixed_ip" { - for_each = local.nodes_ports[count.index].fixed_ips - - content { - subnet_id = fixed_ip.value["subnet_id"] - ip_address = fixed_ip.value["ip_address"] - } - } - - dynamic "allowed_address_pairs" { - for_each = var.openstack_user_managed_load_balancer ? [] : var.openstack_api_int_ips - content { - ip_address = allowed_address_pairs.value - } - } - - dynamic "allowed_address_pairs" { - for_each = var.openstack_user_managed_load_balancer ? [] : var.openstack_ingress_ips - content { - ip_address = allowed_address_pairs.value - } - } - - depends_on = [openstack_networking_port_v2.api_port, openstack_networking_port_v2.ingress_port, - data.openstack_networking_port_ids_v2.api_ports, data.openstack_networking_port_ids_v2.ingress_ports] -} - -# Port needs to be created by the user when using dual-stack since SLAAC or Stateless -# does not allow specification of fixed-ips during Port creation. -data "openstack_networking_port_ids_v2" "api_ports" { - fixed_ip = var.openstack_api_int_ips[0] - network_id = local.nodes_default_port.network_id -} - -# Port needs to be created by the user when using dual-stack since SLAAC or Stateless -# does not allow specification of fixed-ips during Port creation. -data "openstack_networking_port_ids_v2" "ingress_ports" { - fixed_ip = var.openstack_ingress_ips[0] - network_id = local.nodes_default_port.network_id -} - -resource "openstack_networking_port_secgroup_associate_v2" "api_port_sg" { - count = (! var.openstack_user_managed_load_balancer && var.use_ipv6) ? 1 : 0 - port_id = data.openstack_networking_port_ids_v2.api_ports.ids[0] - security_group_ids = [openstack_networking_secgroup_v2.master.id] - depends_on = [data.openstack_networking_port_ids_v2.api_ports] -} - -resource "openstack_networking_port_secgroup_associate_v2" "ingress_port_sg" { - count = (! var.openstack_user_managed_load_balancer && var.use_ipv6) ? 1 : 0 - port_id = data.openstack_networking_port_ids_v2.ingress_ports.ids[0] - security_group_ids = [openstack_networking_secgroup_v2.worker.id] - depends_on = [data.openstack_networking_port_ids_v2.ingress_ports] -} - -resource "openstack_networking_port_v2" "api_port" { - count = var.openstack_user_managed_load_balancer || var.use_ipv6 ? 0 : 1 - name = "${var.cluster_id}-api-port" - description = local.description - - admin_state_up = "true" - network_id = local.nodes_default_port.network_id - security_group_ids = [openstack_networking_secgroup_v2.master.id] - tags = ["openshiftClusterID=${var.cluster_id}"] - - dynamic "fixed_ip" { - for_each = local.nodes_default_port.fixed_ips - - content { - subnet_id = fixed_ip.value["subnet_id"] - ip_address = var.openstack_api_int_ips[0] - } - } -} - -resource "openstack_networking_port_v2" "ingress_port" { - count = var.openstack_user_managed_load_balancer || var.use_ipv6 ? 0 : 1 - name = "${var.cluster_id}-ingress-port" - description = local.description - - admin_state_up = "true" - network_id = local.nodes_default_port.network_id - security_group_ids = [openstack_networking_secgroup_v2.worker.id] - tags = ["openshiftClusterID=${var.cluster_id}"] - - dynamic "fixed_ip" { - for_each = local.nodes_default_port.fixed_ips - - content { - subnet_id = fixed_ip.value["subnet_id"] - ip_address = var.openstack_ingress_ips[0] - } - } -} - -// If external network is defined, assign the floating IP to one of the masters. -// -// Strictly speaking, this is not required to finish the installation. We -// support environments without floating IPs. However, since the installer -// is running outside of the nodes subnet (often outside of the OpenStack -// cluster itself), it needs a floating IP to monitor the progress. -// -// This IP address is not expected to be the final solution for providing HA. -// It is only here to let the installer finish without any errors. Configuring -// a load balancer and providing external connectivity is a post-installation -// step that can't always be automated (we need to support OpenStack clusters) -// that do not have or do not want to use Octavia. -// -// If an external network has not been defined then a floating IP -// will not be provided or assigned to the masters. -// -// If the floating IP is not provided, the installer will time out waiting for -// bootstrapping to complete, but the OpenShift cluster itself should come up -// as expected. - -resource "openstack_networking_floatingip_associate_v2" "api_fip" { - count = (var.openstack_user_managed_load_balancer || length(var.openstack_api_floating_ip) == 0) ? 0 : 1 - port_id = var.use_ipv6 ? data.openstack_networking_port_ids_v2.api_ports.ids[0] : openstack_networking_port_v2.api_port[0].id - floating_ip = var.openstack_api_floating_ip - depends_on = [openstack_networking_router_interface_v2.nodes_router_interface] -} - -resource "openstack_networking_floatingip_associate_v2" "ingress_fip" { - count = (var.openstack_user_managed_load_balancer || length(var.openstack_ingress_floating_ip) == 0) ? 0 : 1 - port_id = var.use_ipv6 ? data.openstack_networking_port_ids_v2.ingress_ports.ids[0] : openstack_networking_port_v2.ingress_port[0].id - floating_ip = var.openstack_ingress_floating_ip - depends_on = [openstack_networking_router_interface_v2.nodes_router_interface] -} - -resource "openstack_networking_router_v2" "openshift-external-router" { - count = local.create_router - description = local.description - name = "${var.cluster_id}-external-router" - admin_state_up = true - external_network_id = join("", data.openstack_networking_network_v2.external_network.*.id) - tags = ["openshiftClusterID=${var.cluster_id}"] -} - -resource "openstack_networking_router_interface_v2" "nodes_router_interface" { - count = local.create_router - router_id = join("", openstack_networking_router_v2.openshift-external-router.*.id) - subnet_id = openstack_networking_subnet_v2.nodes[0].id -} diff --git a/data/data/openstack/masters/sg-master.tf b/data/data/openstack/masters/sg-master.tf deleted file mode 100644 index b32a184a1f..0000000000 --- a/data/data/openstack/masters/sg-master.tf +++ /dev/null @@ -1,568 +0,0 @@ -resource "openstack_networking_secgroup_v2" "master" { - name = "${var.cluster_id}-master" - tags = ["openshiftClusterID=${var.cluster_id}"] - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_mcs" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22623 - port_range_max = 22623 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_mcs_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 22623 - port_range_max = 22623 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -# TODO(mandre) Explicitely enable egress - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_icmp" { - direction = "ingress" - ethertype = "IPv4" - protocol = "icmp" - port_range_min = 0 - port_range_max = 0 - # FIXME(mandre) AWS only allows ICMP from cidr_block - remote_ip_prefix = "0.0.0.0/0" - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_icmp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "ipv6-icmp" - port_range_min = 0 - port_range_max = 0 - # FIXME(mandre) AWS only allows ICMP from cidr_block - remote_ip_prefix = "::/0" - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_ssh" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_ssh_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_dns_tcp" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 53 - port_range_max = 53 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_dns_tcp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 53 - port_range_max = 53 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_dns_udp" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 53 - port_range_max = 53 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_dns_udp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 53 - port_range_max = 53 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_api" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 6443 - port_range_max = 6443 - # FIXME(mandre) AWS only allows API port from cidr_block - remote_ip_prefix = "0.0.0.0/0" - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_api_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 6443 - port_range_max = 6443 - remote_ip_prefix = "::/0" - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_vxlan" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 4789 - port_range_max = 4789 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_vxlan_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 4789 - port_range_max = 4789 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_geneve" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 6081 - port_range_max = 6081 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_geneve_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 6081 - port_range_max = 6081 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_ike" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 500 - port_range_max = 500 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_ike_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 500 - port_range_max = 500 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_ike_nat_t" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 4500 - port_range_max = 4500 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_esp" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "esp" - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_esp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "esp" - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_ovndb" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 6641 - port_range_max = 6642 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_ovndb_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 6641 - port_range_max = 6642 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_internal" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9000 - port_range_max = 9999 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_internal_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 9000 - port_range_max = 9999 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_internal_udp" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 9000 - port_range_max = 9999 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_internal_udp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 9000 - port_range_max = 9999 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_kube_scheduler" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10259 - port_range_max = 10259 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_kube_scheduler_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 10259 - port_range_max = 10259 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_kube_controller_manager" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10257 - port_range_max = 10257 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_kube_controller_manager_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 10257 - port_range_max = 10257 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_kubelet_secure" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10250 - port_range_max = 10250 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_kubelet_secure_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 10250 - port_range_max = 10250 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_etcd" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 2379 - port_range_max = 2380 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_etcd_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 2379 - port_range_max = 2380 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_services_tcp" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 30000 - port_range_max = 32767 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_services_tcp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 30000 - port_range_max = 32767 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_services_udp" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 30000 - port_range_max = 32767 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_services_udp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 30000 - port_range_max = 32767 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_vrrp" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - # Explicitly set the vrrp protocol number to prevent cases when the Neutron Plugin - # is disabled and it cannot identify a number by name. - protocol = "112" - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_vrrp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - # Explicitly set the vrrp protocol number to prevent cases when the Neutron Plugin - # is disabled and it cannot identify a number by name. - protocol = "112" - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_http" { - count = var.masters_schedulable ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 80 - port_range_max = 80 - remote_ip_prefix = "0.0.0.0/0" - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_https" { - count = var.masters_schedulable ? 1 : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = "0.0.0.0/0" - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_http_v6" { - count = (var.masters_schedulable && length(var.machine_v6_cidrs) > 0) ? 1 : 0 - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 80 - port_range_max = 80 - remote_ip_prefix = "::/0" - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_https_v6" { - count = (var.masters_schedulable && length(var.machine_v6_cidrs) > 0) ? 1 : 0 - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = "::/0" - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_router" { - count = var.masters_schedulable ? length(var.machine_v4_cidrs) : 0 - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 1936 - port_range_max = 1936 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "master_ingress_router_v6" { - count = (var.masters_schedulable && length(var.machine_v6_cidrs) > 0) ? 1 : 0 - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 1936 - port_range_max = 1936 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.master.id - description = local.description -} \ No newline at end of file diff --git a/data/data/openstack/masters/sg-worker.tf b/data/data/openstack/masters/sg-worker.tf deleted file mode 100644 index 6bedfa6939..0000000000 --- a/data/data/openstack/masters/sg-worker.tf +++ /dev/null @@ -1,374 +0,0 @@ -resource "openstack_networking_secgroup_v2" "worker" { - name = "${var.cluster_id}-worker" - tags = ["openshiftClusterID=${var.cluster_id}"] - description = local.description -} - -# TODO(mandre) Explicitely enable egress - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_icmp" { - direction = "ingress" - ethertype = "IPv4" - protocol = "icmp" - port_range_min = 0 - port_range_max = 0 - # FIXME(mandre) AWS only allows ICMP from cidr_block - remote_ip_prefix = "0.0.0.0/0" - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_icmp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "ipv6-icmp" - port_range_min = 0 - port_range_max = 0 - # FIXME(mandre) AWS only allows ICMP from cidr_block - remote_ip_prefix = "::/0" - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_ssh" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_ssh_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 22 - port_range_max = 22 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_http" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 80 - port_range_max = 80 - remote_ip_prefix = "0.0.0.0/0" - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_http_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 80 - port_range_max = 80 - remote_ip_prefix = "::/0" - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_https" { - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = "0.0.0.0/0" - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_https_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 443 - port_range_max = 443 - remote_ip_prefix = "::/0" - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_router" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 1936 - port_range_max = 1936 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_router_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 1936 - port_range_max = 1936 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_vxlan" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 4789 - port_range_max = 4789 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_vxlan_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 4789 - port_range_max = 4789 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_geneve" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 6081 - port_range_max = 6081 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_geneve_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 6081 - port_range_max = 6081 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_ike" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 500 - port_range_max = 500 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_ike_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 500 - port_range_max = 500 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_ike_nat_t" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 4500 - port_range_max = 4500 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_esp" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "esp" - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_esp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "esp" - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_internal" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 9000 - port_range_max = 9999 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_internal_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 9000 - port_range_max = 9999 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_internal_udp" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 9000 - port_range_max = 9999 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_internal_udp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 9000 - port_range_max = 9999 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_kubelet_insecure" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 10250 - port_range_max = 10250 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_kubelet_insecure_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 10250 - port_range_max = 10250 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_services_tcp" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "tcp" - port_range_min = 30000 - port_range_max = 32767 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_services_tcp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "tcp" - port_range_min = 30000 - port_range_max = 32767 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_services_udp" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - protocol = "udp" - port_range_min = 30000 - port_range_max = 32767 - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_services_udp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - protocol = "udp" - port_range_min = 30000 - port_range_max = 32767 - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_vrrp" { - count = length(var.machine_v4_cidrs) - direction = "ingress" - ethertype = "IPv4" - # Explicitly set the vrrp protocol number to prevent cases when the Neutron Plugin - # is disabled and it cannot identify a number by name. - protocol = "112" - remote_ip_prefix = element(var.machine_v4_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} - -resource "openstack_networking_secgroup_rule_v2" "worker_ingress_vrrp_v6" { - count = length(var.machine_v6_cidrs) - direction = "ingress" - ethertype = "IPv6" - # Explicitly set the vrrp protocol number to prevent cases when the Neutron Plugin - # is disabled and it cannot identify a number by name. - protocol = "112" - remote_ip_prefix = element(var.machine_v6_cidrs, count.index) - security_group_id = openstack_networking_secgroup_v2.worker.id - description = local.description -} diff --git a/data/data/openstack/variables-openstack.tf b/data/data/openstack/variables-openstack.tf deleted file mode 100644 index 8b286ccaf9..0000000000 --- a/data/data/openstack/variables-openstack.tf +++ /dev/null @@ -1,396 +0,0 @@ -variable "openstack_master_root_volume_size" { - type = number - default = null - description = "The size of the volume in gigabytes for the root block device of master nodes." -} - -variable "openstack_base_image_name" { - type = string - description = "Name of the base image to use for the nodes." -} - -variable "openstack_bootstrap_shim_ignition" { - type = string - default = "" - description = "Generated pointer/shim ignition config with user ca bundle." -} - -variable "openstack_credentials_auth_url" { - type = string - default = "" - - description = < 0 ? var.ovirt_master_hugepages : null - serial_console = var.ovirt_master_vm_type == "high_performance" ? true : null - soundcard_enabled = var.ovirt_master_vm_type == "high_performance" ? false : null - memory_ballooning = var.ovirt_master_vm_type == "high_performance" ? false : null - cpu_mode = var.ovirt_master_vm_type == "high_performance" ? "host_passthrough" : null - - # Here we check if the ovirt_master_clone is set and use that as a bool if yes, default to the VM type otherwise. - # - # Clone set explicitly -> clone = var.ovirt_master_clone - # VM type desktop -> clone = false - # VM type server or high performance -> clone = true - clone = var.ovirt_master_clone != null ? tobool(var.ovirt_master_clone) : (var.ovirt_master_vm_type == "desktop" ? false : true) - - # Initialization sets the host name and script run when the machine first starts. - initialization_hostname = "${var.cluster_id}-master-${count.index}" - initialization_custom_script = var.ignition_master - - # Placement policy dictates which hosts this master can run on. - # - # TODO there may be a bug here since we are pinning the masters to the existing detected hosts and this is never - # updated. - placement_policy_affinity = var.ovirt_master_auto_pinning_policy != "" && var.ovirt_master_auto_pinning_policy != "none" ? "migratable" : null - placement_policy_host_ids = var.ovirt_master_auto_pinning_policy != "" && var.ovirt_master_auto_pinning_policy != "none" ? data.ovirt_cluster_hosts.master.hosts.*.id : null - - # This section overrides the format and sparse option for the disks from the template. - dynamic "template_disk_attachment_override" { - for_each = data.ovirt_template_disk_attachments.master.disk_attachments - content { - disk_id = template_disk_attachment_override.value.disk_id - format = var.ovirt_master_format != "" ? var.ovirt_master_format : null - provisioning = var.ovirt_master_sparse == null ? null : (tobool(var.ovirt_master_sparse) ? "sparse" : "non-sparse") - } - } - depends_on = [var.ovirt_affinity_group_count] -} - -data "ovirt_disk_attachments" "master" { - count = var.master_count - vm_id = ovirt_vm.master.*.id[count.index] -} - -// ovirt_vm_disks_resize resizes the master disks to the specified size. -resource "ovirt_vm_disks_resize" "master" { - count = var.master_count - vm_id = ovirt_vm.master.*.id[count.index] - size = var.ovirt_master_os_disk_size_gb * 1024 * 1024 * 1024 -} - -// ovirt_vm_graphic_consoles removes the graphic consoles from non-desktop machines. -resource "ovirt_vm_graphics_consoles" "master" { - count = var.ovirt_master_vm_type == "high_performance" ? var.master_count : 0 - vm_id = ovirt_vm.master.*.id[count.index] -} - -// ovirt_vm_optimize_cpu_settings auto-optimizes CPU and NUMA alignment on server and HP types -resource "ovirt_vm_optimize_cpu_settings" "master" { - count = var.ovirt_master_auto_pinning_policy != "" && var.ovirt_master_auto_pinning_policy != "none" ? var.master_count : 0 - vm_id = ovirt_vm.master.*.id[count.index] -} - -// ovirt_vm_start starts the master nodes. -resource "ovirt_vm_start" "master" { - count = var.master_count - vm_id = ovirt_vm.master.*.id[count.index] - - depends_on = [ - ovirt_vm_graphics_consoles.master, - ovirt_vm_optimize_cpu_settings.master, - ovirt_vm_disks_resize.master, - ovirt_vm_tag.master, - ovirt_vm_affinity_group.master, - ] -} - -resource "ovirt_tag" "cluster_tag" { - name = var.cluster_id -} - -resource "ovirt_vm_tag" "master" { - count = length(ovirt_vm.master) - tag_id = ovirt_tag.cluster_tag.id - vm_id = ovirt_vm.master.*.id[count.index] -} diff --git a/data/data/ovirt/cluster/masters/outputs.tf b/data/data/ovirt/cluster/masters/outputs.tf deleted file mode 100644 index 77155c1f9a..0000000000 --- a/data/data/ovirt/cluster/masters/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "control_plane_vm_ids" { - value = ovirt_vm_start.master.*.vm_id -} diff --git a/data/data/ovirt/cluster/masters/variables.tf b/data/data/ovirt/cluster/masters/variables.tf deleted file mode 100644 index 35cce091e5..0000000000 --- a/data/data/ovirt/cluster/masters/variables.tf +++ /dev/null @@ -1,119 +0,0 @@ -variable "cluster_id" { - description = "The ID of Openshift cluster" -} - -variable "cluster_domain" { - description = "The domain name of Openshift cluster" -} - -variable "master_count" { - type = string - description = "Number of masters" - default = 3 -} - -variable "ovirt_cluster_id" { - type = string - description = "The ID of Cluster" -} - -variable "ovirt_template_id" { - type = string - description = "The ID of VM template" -} - -variable "ignition_master" { - type = string - description = "master ignition config" -} - -variable "ovirt_master_memory" { - type = string - description = "master VM memory in MiB" - default = 16348 * 1024 * 1024 -} - -variable "ovirt_master_cores" { - type = string - description = "master VM number of cores" - default = 1 -} - -variable "ovirt_master_sockets" { - type = string - description = "master VM number of sockets" - default = 1 -} - -variable "ovirt_master_threads" { - type = string - description = "master VM number of threads" - default = 1 -} - -variable "ovirt_master_os_disk_size_gb" { - type = string - description = "master VM disk size in GiB" -} - -variable "ovirt_master_vm_type" { - type = string - description = "master VM type" -} - -variable "ovirt_master_instance_type_id" { - type = string - description = "master VM instance type ID" -} - -variable "ovirt_master_affinity_groups" { - type = list(string) - description = "master VMs affinity groups names" - default = [] -} - -//TODO: REMOVE once we port to TF 0.13 and can use depends_on modules -variable "ovirt_affinity_group_count" { - type = string - description = "create a dependency between affinity_group module to masters module" -} - -variable "ovirt_master_auto_pinning_policy" { - type = string - description = "master VM auto pinning policy" -} - -variable "ovirt_master_hugepages" { - type = string - description = "master VM hugepages size in KiB" -} - -variable "ovirt_master_sparse" { - type = bool - description = "make master VM disks sparse." - default = null -} - -variable "ovirt_master_clone" { - type = bool - description = "clone master VM disk from template instead of linking. Defaults to false for desktop ovirt_master_vm_type, true otherwise." - default = null -} - -variable "ovirt_master_format" { - type = string - description = "master VM disk format, can be empty, 'raw', or 'cow'" - validation { - condition = var.ovirt_master_format == "" || var.ovirt_master_format == "cow" || var.ovirt_master_format == "raw" - error_message = "The ovirt_master_format must be one of 'raw' or 'cow'." - } -} - -variable "ovirt_storage_domain_id" { - type = string - description = "The ID of Storage Domain for the template" - validation { - condition = var.ovirt_storage_domain_id != "" - error_message = "The ovirt_storage_domain_id must not be empty." - } -} \ No newline at end of file diff --git a/data/data/ovirt/cluster/outputs.tf b/data/data/ovirt/cluster/outputs.tf deleted file mode 100644 index d385d03554..0000000000 --- a/data/data/ovirt/cluster/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "control_plane_vm_ids" { - value = module.masters.control_plane_vm_ids -} - -output "release_image_template_id" { - value = module.template.releaseimage_template_id -} diff --git a/data/data/ovirt/cluster/template/main.tf b/data/data/ovirt/cluster/template/main.tf deleted file mode 100644 index c410f885cf..0000000000 --- a/data/data/ovirt/cluster/template/main.tf +++ /dev/null @@ -1,30 +0,0 @@ -// this module is responsible to create the unique template -// for the openshift cluster and has this properties -// 1. the name of the template will be always set after the name -// of the openshift cluster (var.cluster_id) i.e 'clustername-4t9hs2' -// which the CLUSTER.INFRA_ID -// 2. the disk.alias (the disk name) will be set to the releaseImage name -// as set by the installer, and in terraform is var.openstack_base_image_name. - -locals { - image_name = "${var.cluster_id}-rhcos" -} - -// template created using the uploaded image -resource "ovirt_template" "releaseimage_template" { - count = var.tmp_import_vm_id != "" ? 1 : 0 - - // name the template after the openshift cluster id - name = local.image_name - description = "Template in use by OpenShift. Do not delete!" - // create from vm - vm_id = var.tmp_import_vm_id -} - -// existing template provided by the user -data "ovirt_templates" "finalTemplate" { - count = var.tmp_import_vm_id == "" ? 1 : 0 - - fail_on_empty = true - name = var.openstack_base_image_name -} diff --git a/data/data/ovirt/cluster/template/outputs.tf b/data/data/ovirt/cluster/template/outputs.tf deleted file mode 100644 index 2024e8e822..0000000000 --- a/data/data/ovirt/cluster/template/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "releaseimage_template_id" { - value = var.tmp_import_vm_id == "" ? one(data.ovirt_templates.finalTemplate.0.templates.*.id) : ovirt_template.releaseimage_template.0.id -} diff --git a/data/data/ovirt/cluster/template/variables.tf b/data/data/ovirt/cluster/template/variables.tf deleted file mode 100644 index c6259f81d4..0000000000 --- a/data/data/ovirt/cluster/template/variables.tf +++ /dev/null @@ -1,18 +0,0 @@ -variable "cluster_id" { - description = "The ID of Openshift cluster" -} - -variable "ovirt_cluster_id" { - type = string - description = "The ID of Cluster" -} - -variable "openstack_base_image_name" { - type = string - description = "Name of the existing base image to use for the nodes." -} - -variable "tmp_import_vm_id" { - type = string - description = "ID of the temporary VM template created" -} diff --git a/data/data/ovirt/cluster/variables.tf b/data/data/ovirt/cluster/variables.tf deleted file mode 100644 index fa06ad4e69..0000000000 --- a/data/data/ovirt/cluster/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "tmp_import_vm_id" { - type = string - description = "ID of the temporary VM template created" -} diff --git a/data/data/ovirt/image/main.tf b/data/data/ovirt/image/main.tf deleted file mode 100644 index 8141eb670f..0000000000 --- a/data/data/ovirt/image/main.tf +++ /dev/null @@ -1,54 +0,0 @@ -locals { - image_name = "${var.cluster_id}-rhcos" -} - -provider "ovirt" { - url = var.ovirt_url - username = var.ovirt_username - password = var.ovirt_password - tls_ca_files = var.ovirt_cafile == "" ? [] : [var.ovirt_cafile] - tls_ca_bundle = var.ovirt_ca_bundle - tls_insecure = var.ovirt_insecure -} - -// We are creating a new disk from an image here. The process is a single step because a corrupted upload can cause the -// disk to be deleted and may need to be recreated. -resource "ovirt_disk_from_image" "releaseimage" { - count = length(var.ovirt_base_image_name) == 0 ? 1 : 0 - - // source_file provides the source file name to read from. - source_file = var.ovirt_base_image_local_file_path - - alias = local.image_name - storage_domain_id = var.ovirt_storage_domain_id - sparse = true - format = "cow" -} - -data "ovirt_blank_template" "blank" {} - -resource "ovirt_vm" "tmp_import_vm" { - // create the vm for import only when we don't have an existing template - count = length(var.ovirt_base_image_name) == 0 ? 1 : 0 - - name = "tmpvm-for-${ovirt_disk_from_image.releaseimage.0.alias}" - cluster_id = var.ovirt_cluster_id - template_id = data.ovirt_blank_template.blank.id - os_type = "rhcos_x64" -} - -resource "ovirt_disk_attachment" "tmp_import_vm" { - count = length(var.ovirt_base_image_name) == 0 ? 1 : 0 - vm_id = ovirt_vm.tmp_import_vm.0.id - disk_id = ovirt_disk_from_image.releaseimage.0.id - disk_interface = "virtio_scsi" - bootable = true - active = true -} - -resource "ovirt_nic" "tmp_import_vm" { - count = length(var.ovirt_base_image_name) == 0 ? 1 : 0 - vm_id = ovirt_vm.tmp_import_vm.0.id - vnic_profile_id = var.ovirt_vnic_profile_id - name = "tmpnic-for-${ovirt_disk_from_image.releaseimage.0.alias}" -} \ No newline at end of file diff --git a/data/data/ovirt/image/outputs.tf b/data/data/ovirt/image/outputs.tf deleted file mode 100644 index 53783210ae..0000000000 --- a/data/data/ovirt/image/outputs.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "tmp_import_vm_id" { - value = length(var.ovirt_base_image_name) == 0 ? ovirt_vm.tmp_import_vm.0.id : "" - depends_on = [ovirt_nic.tmp_import_vm, ovirt_disk_attachment.tmp_import_vm] -} diff --git a/data/data/ovirt/variables-ovirt.tf b/data/data/ovirt/variables-ovirt.tf deleted file mode 100644 index 6ad7340d2d..0000000000 --- a/data/data/ovirt/variables-ovirt.tf +++ /dev/null @@ -1,161 +0,0 @@ -variable "bootstrap_dns" { - type = string - default = true - description = "Whether to include DNS entries for the bootstrap node or not." -} - -variable "ovirt_url" { - type = string - description = "The Engine URL" -} - -variable "ovirt_username" { - type = string - description = "The name of user to access Engine API" -} - -variable "ovirt_password" { - type = string - description = "The plain password of user to access Engine API" -} - -variable "ovirt_cafile" { - type = string - description = "Path to a file containing the CA certificate for the oVirt engine API in PEM format" - default = "" -} - -variable "ovirt_ca_bundle" { - type = string - description = "The CA certificate for the oVirt engine API in PEM format" -} - -variable "ovirt_insecure" { - type = bool - description = "Disable oVirt engine certificate verification" -} - -variable "ovirt_cluster_id" { - type = string - description = "The ID of Cluster" - validation { - condition = var.ovirt_cluster_id != "" - error_message = "The ovirt_storage_domain_id must not be empty." - } -} - -variable "ovirt_storage_domain_id" { - type = string - description = "The ID of Storage Domain for the template" - validation { - condition = var.ovirt_storage_domain_id != "" - error_message = "The ovirt_storage_domain_id must not be empty." - } -} - -variable "ovirt_base_image_name" { - type = string - default = "" - description = "Name of an existing base image to use for the nodes." -} - -variable "ovirt_base_image_local_file_path" { - type = string - default = "" - description = "Local file path of the base image file to use for the nodes." -} - -variable "ovirt_network_name" { - type = string - default = "ovirtmgmt" - description = "The name of Logical Network for the selected Engine cluster." -} - -variable "ovirt_vnic_profile_id" { - type = string - description = "The ID of the vNIC profile of Logical Network." -} - -variable "ovirt_affinity_groups" { - type = list(object({ name = string, priority = number, description = string, enforcing = string })) - description = "Affinity groups that will be created" - default = [] -} - -variable "ovirt_master_memory" { - type = string - description = "master VM memory in MiB" - default = 16348 * 1024 * 1024 -} - -variable "ovirt_master_cores" { - type = string - description = "master VM number of cores" - default = 1 -} - -variable "ovirt_master_sockets" { - type = string - description = "master VM number of sockets" - default = 1 -} - -variable "ovirt_master_threads" { - type = string - description = "master VM number of threads" - default = 1 -} - - -variable "ovirt_master_os_disk_gb" { - type = string - description = "master VM disk size in GiB" -} - -variable "ovirt_master_vm_type" { - type = string - description = "master VM type" -} - -variable "ovirt_master_instance_type_id" { - type = string - description = "master VM instance type ID" -} - -variable "ovirt_master_affinity_groups" { - type = list(string) - description = "master VMs affinity groups names" -} - -variable "ovirt_master_auto_pinning_policy" { - type = string - default = "none" - description = "master VM auto pinning policy" -} - -variable "ovirt_master_hugepages" { - type = string - description = "master VM hugepages size in KiB" -} - -variable "ovirt_master_sparse" { - type = bool - description = "make master VM disks sparse." - default = null -} - -variable "ovirt_master_clone" { - type = bool - description = "clone master VM disk from template instead of linking. Defaults to false for desktop ovirt_master_vm_type, true otherwise." - default = null -} - -variable "ovirt_master_format" { - type = string - description = "master VM disk format, can be empty, 'raw', or 'cow'" - validation { - condition = var.ovirt_master_format == "" || var.ovirt_master_format == "cow" || var.ovirt_master_format == "raw" - error_message = "The ovirt_master_format must be one of 'raw' or 'cow'." - } -} - diff --git a/data/data/terraform.rc b/data/data/terraform.rc deleted file mode 100644 index 41b7179973..0000000000 --- a/data/data/terraform.rc +++ /dev/null @@ -1,10 +0,0 @@ -provider_installation { - filesystem_mirror { - path = "plugins" - include = ["*/*/*"] - } - direct { - exclude = ["*/*/*"] - } -} -