From 80615dbf110b75f7c8f2df5206306d9a232948ce Mon Sep 17 00:00:00 2001 From: Miguel Parada Date: Thu, 23 Oct 2025 14:25:46 -0500 Subject: [PATCH 1/6] feat: add server groups to workers and windows --- .../lib/openstack-servergroup/main.tf | 2 +- .../lib/openstack-servergroup/variables.tf | 2 +- iac/cloud/openstack/openstack-nova/main.tf | 25 ++++++++++++++++--- .../openstack/openstack-nova/variables.tf | 12 +++++++++ 4 files changed, 36 insertions(+), 5 deletions(-) diff --git a/iac/cloud/openstack/lib/openstack-servergroup/main.tf b/iac/cloud/openstack/lib/openstack-servergroup/main.tf index 6071d9d..7e2b455 100644 --- a/iac/cloud/openstack/lib/openstack-servergroup/main.tf +++ b/iac/cloud/openstack/lib/openstack-servergroup/main.tf @@ -1,4 +1,4 @@ resource "openstack_compute_servergroup_v2" "servergroup" { name = "${var.naming_prefix}${var.name}" - policies = var.cp_server_group_affinity + policies = var.server_group_affinity } diff --git a/iac/cloud/openstack/lib/openstack-servergroup/variables.tf b/iac/cloud/openstack/lib/openstack-servergroup/variables.tf index 74e5a1c..8faf3c0 100644 --- a/iac/cloud/openstack/lib/openstack-servergroup/variables.tf +++ b/iac/cloud/openstack/lib/openstack-servergroup/variables.tf @@ -6,7 +6,7 @@ variable "naming_prefix" { type = string } -variable "cp_server_group_affinity" { +variable "server_group_affinity" { type = list(string) default = [] } \ No newline at end of file diff --git a/iac/cloud/openstack/openstack-nova/main.tf b/iac/cloud/openstack/openstack-nova/main.tf index 5828be8..4981484 100644 --- a/iac/cloud/openstack/openstack-nova/main.tf +++ b/iac/cloud/openstack/openstack-nova/main.tf @@ -104,6 +104,7 @@ module "node_worker" { node_count = var.size_worker.count node_type = var.node_worker == "" ? "worker" : var.node_worker security_group_ids = [module.secgroup.worker_id] + servergroup_id = length(var.wn_server_group_affinity) > 0 ? module.servergroup_worker[0].id : "" subnet_id = var.subnet_id == "" ? openstack_networking_subnet_v2.subnet[0].id : var.subnet_id user_data = module.user_data_ubuntu.rendered pf9_onboard = var.pf9_onboard @@ -131,6 +132,7 @@ module "node_worker_windows" { node_count = var.size_worker_windows.count node_type = var.node_worker_windows == "" ? "win_wn" : var.node_worker_windows security_group_ids = [module.secgroup.worker_windows_id] + servergroup_id = length(var.win_server_group_affinity) > 0 ? module.servergroup_windows[0].id : "" subnet_id = var.subnet_id == "" ? openstack_networking_subnet_v2.subnet[0].id : var.subnet_id user_data = module.user_data_windows[0].rendered node_bfv_size = var.worker_node_bfv_size_windows @@ -155,11 +157,28 @@ module "secgroup" { module "servergroup_master" { source = "../lib/openstack-servergroup" - name = "master" - naming_prefix = var.naming_prefix - cp_server_group_affinity = var.cp_server_group_affinity + name = "master" + naming_prefix = var.naming_prefix + server_group_affinity = var.cp_server_group_affinity +} + +module "servergroup_worker" { + source = "../lib/openstack-servergroup" + count = length(var.wn_server_group_affinity) > 0 ? 1 : 0 + name = "worker" + naming_prefix = var.naming_prefix + server_group_affinity = var.wn_server_group_affinity } +module "servergroup_windows" { + source = "../lib/openstack-servergroup" + count = length(var.win_server_group_affinity) > 0 ? 1 : 0 + name = "windows" + naming_prefix = var.naming_prefix + server_group_affinity = var.win_server_group_affinity +} + + module "user_data_ubuntu" { source = "../lib/user_data-ubuntu" diff --git a/iac/cloud/openstack/openstack-nova/variables.tf b/iac/cloud/openstack/openstack-nova/variables.tf index 12739d9..721029a 100644 --- a/iac/cloud/openstack/openstack-nova/variables.tf +++ b/iac/cloud/openstack/openstack-nova/variables.tf @@ -118,6 +118,18 @@ variable "cp_server_group_affinity" { description = "Set the Affinity Policy for the control plane server group" } +variable "wn_server_group_affinity" { + type = list(string) + default = [] + description = "Set the Affinity Policy for the control plane server group" +} + +variable "win_server_group_affinity" { + type = list(string) + default = [] + description = "Set the Affinity Policy for the control plane server group" +} + variable "csi_enabled" { type = bool default = false From 9be8f475a879b3049bf5b36970929a5bad46131c Mon Sep 17 00:00:00 2001 From: Miguel Parada Date: Tue, 28 Oct 2025 12:55:06 -0500 Subject: [PATCH 2/6] feat: added support for worker pools --- .../lib/openstack-compute-windows/main.tf | 17 ++- .../openstack-compute-windows/variables.tf | 37 +++++- .../openstack/lib/openstack-secgroup/main.tf | 22 ++-- .../lib/openstack-secgroup/output.tf | 3 +- .../lib/openstack-secgroup/variables.tf | 34 +++++ iac/cloud/openstack/openstack-nova/main.tf | 116 +++++++++++++++++- iac/cloud/openstack/openstack-nova/output.tf | 15 ++- .../openstack/openstack-nova/variables.tf | 67 ++++++++++ 8 files changed, 290 insertions(+), 21 deletions(-) diff --git a/iac/cloud/openstack/lib/openstack-compute-windows/main.tf b/iac/cloud/openstack/lib/openstack-compute-windows/main.tf index 20d4684..5fb0fee 100644 --- a/iac/cloud/openstack/lib/openstack-compute-windows/main.tf +++ b/iac/cloud/openstack/lib/openstack-compute-windows/main.tf @@ -37,12 +37,25 @@ resource "openstack_compute_instance_v2" "node" { block_device { uuid = var.image_id source_type = "image" - volume_size = var.node_bfv_size + volume_size = var.node_bfv_volume_size boot_index = 0 - destination_type = var.node_bfv_type + destination_type = var.node_bfv_destination_type delete_on_termination = true } + dynamic "block_device" { + for_each = var.additional_block_devices + content { + uuid = block_device.value.source_type == "blank" ? "" : null + source_type = block_device.value.source_type + volume_size = block_device.value.volume_size + volume_type = block_device.value.destination_type == "local" ? "" : block_device.value.volume_type + boot_index = block_device.value.boot_index + destination_type = block_device.value.destination_type + delete_on_termination = block_device.value.delete_on_termination + } + } + network { port = openstack_networking_port_v2.node[count.index].id } diff --git a/iac/cloud/openstack/lib/openstack-compute-windows/variables.tf b/iac/cloud/openstack/lib/openstack-compute-windows/variables.tf index 6f3d3eb..3e04644 100644 --- a/iac/cloud/openstack/lib/openstack-compute-windows/variables.tf +++ b/iac/cloud/openstack/lib/openstack-compute-windows/variables.tf @@ -1,3 +1,19 @@ +variable "additional_block_devices" { + description = "List of additional block devices to attach to instances" + type = list(object({ + source_type = string # "blank", "image", "volume", "snapshot" + volume_size = number + volume_type = optional(string, "") + boot_index = number # Must be > 0 for non-boot devices + destination_type = optional(string, "volume") + delete_on_termination = optional(bool, true) + mountpoint = string + filesystem = optional(string, "ext4") + label = string + })) + default = [] +} + variable "allowed_addresses" { type = list(string) default = [] @@ -8,12 +24,29 @@ variable "availability_zone" { default = "nova" } -variable "node_bfv_size" { + +variable "node_bfv_source_type" { + type = string + description = "he source type of the device. Must be one of blank, image, volume, or snapshot. Changing this creates a new server." +} + +variable "node_bfv_destination_type" { + type = string + description = "The destination type of the device. Must be one of volume or local." +} + +variable "node_bfv_delete_on_termination" { + type = bool + default = true + description = "If true, the volume will be deleted when the server is terminated." +} + +variable "node_bfv_volume_size" { type = number description = "volume size for boot from volume nodes" } -variable "node_bfv_type" { +variable "node_bfv_volume_type" { type = string description = "boot from volume type for nodes" } diff --git a/iac/cloud/openstack/lib/openstack-secgroup/main.tf b/iac/cloud/openstack/lib/openstack-secgroup/main.tf index fd00b7a..0d61799 100644 --- a/iac/cloud/openstack/lib/openstack-secgroup/main.tf +++ b/iac/cloud/openstack/lib/openstack-secgroup/main.tf @@ -162,12 +162,12 @@ resource "openstack_networking_secgroup_rule_v2" "worker_ipv6" { resource "openstack_networking_secgroup_v2" "worker_windows" { - count = var.worker_count_windows > 0 ? 1 : 0 + count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) name = "${var.naming_prefix}worker-windows" } resource "openstack_networking_secgroup_rule_v2" "worker_windows_nodeport_ipv4" { - count = var.worker_count_windows > 0 ? 1 : 0 + count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) direction = "ingress" ethertype = "IPv4" port_range_min = 30000 @@ -178,7 +178,7 @@ resource "openstack_networking_secgroup_rule_v2" "worker_windows_nodeport_ipv4" } resource "openstack_networking_secgroup_rule_v2" "controlplane_ipv4_windows" { - count = var.worker_count_windows > 0 ? 1 : 0 + count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) direction = "ingress" ethertype = "IPv4" remote_group_id = openstack_networking_secgroup_v2.worker_windows[0].id @@ -186,7 +186,7 @@ resource "openstack_networking_secgroup_rule_v2" "controlplane_ipv4_windows" { } resource "openstack_networking_secgroup_rule_v2" "rdp_ipv4" { - count = var.worker_count_windows > 0 ? 1 : 0 + count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) direction = "ingress" ethertype = "IPv4" remote_ip_prefix = "0.0.0.0/0" @@ -197,7 +197,7 @@ resource "openstack_networking_secgroup_rule_v2" "rdp_ipv4" { } resource "openstack_networking_secgroup_rule_v2" "rdp_ipv6" { - count = var.worker_count_windows > 0 ? 1 : 0 + count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) direction = "ingress" ethertype = "IPv6" remote_ip_prefix = "::/0" @@ -208,7 +208,7 @@ resource "openstack_networking_secgroup_rule_v2" "rdp_ipv6" { } resource "openstack_networking_secgroup_rule_v2" "worker_windows_int_ipv4" { - count = var.worker_count_windows > 0 ? 1 : 0 + count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) direction = "ingress" ethertype = "IPv4" remote_group_id = openstack_networking_secgroup_v2.worker_windows[0].id @@ -216,7 +216,7 @@ resource "openstack_networking_secgroup_rule_v2" "worker_windows_int_ipv4" { } resource "openstack_networking_secgroup_rule_v2" "worker_windows_int_ipv6" { - count = var.worker_count_windows > 0 ? 1 : 0 + count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) direction = "ingress" ethertype = "IPv6" remote_group_id = openstack_networking_secgroup_v2.worker_windows[0].id @@ -224,7 +224,7 @@ resource "openstack_networking_secgroup_rule_v2" "worker_windows_int_ipv6" { } resource "openstack_networking_secgroup_rule_v2" "winrm_ipv4" { - count = var.worker_count_windows > 0 ? 1 : 0 + count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) direction = "ingress" ethertype = "IPv4" remote_ip_prefix = var.subnet_servers @@ -235,7 +235,7 @@ resource "openstack_networking_secgroup_rule_v2" "winrm_ipv4" { } resource "openstack_networking_secgroup_rule_v2" "ssh_ipv4" { - count = var.worker_count_windows > 0 ? 1 : 0 + count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) direction = "ingress" ethertype = "IPv4" remote_ip_prefix = "0.0.0.0/0" @@ -246,7 +246,7 @@ resource "openstack_networking_secgroup_rule_v2" "ssh_ipv4" { } resource "openstack_networking_secgroup_rule_v2" "ssh_ipv6" { - count = var.worker_count_windows > 0 ? 1 : 0 + count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) direction = "ingress" ethertype = "IPv6" remote_ip_prefix = "::/0" @@ -257,7 +257,7 @@ resource "openstack_networking_secgroup_rule_v2" "ssh_ipv6" { } resource "openstack_networking_secgroup_rule_v2" "worker_windows_nodes_ipv4" { - count = var.worker_count_windows > 0 ? 1 : 0 + count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) direction = "ingress" ethertype = "IPv4" port_range_min = 0 diff --git a/iac/cloud/openstack/lib/openstack-secgroup/output.tf b/iac/cloud/openstack/lib/openstack-secgroup/output.tf index 814d3e0..dbae1ff 100644 --- a/iac/cloud/openstack/lib/openstack-secgroup/output.tf +++ b/iac/cloud/openstack/lib/openstack-secgroup/output.tf @@ -15,5 +15,6 @@ output "worker_id" { } output "worker_windows_id" { - value = var.worker_count_windows > 0 ? openstack_networking_secgroup_v2.worker_windows[0].id : "" + value = var.worker_count_windows > 0 ? openstack_networking_secgroup_v2.worker_windows[0].id : (length(var.additional_server_pools_worker_windows) > 0 ? openstack_networking_secgroup_v2.worker_windows[0].id : "") } + diff --git a/iac/cloud/openstack/lib/openstack-secgroup/variables.tf b/iac/cloud/openstack/lib/openstack-secgroup/variables.tf index e78d9d4..015e74d 100644 --- a/iac/cloud/openstack/lib/openstack-secgroup/variables.tf +++ b/iac/cloud/openstack/lib/openstack-secgroup/variables.tf @@ -10,6 +10,40 @@ variable "additional_ports_worker" { default = [] # No rules created by default } +variable "additional_server_pools_worker_windows" { + description = "List of additional Windows worker server pools with their configurations" + type = list(object({ + name = string + server_group_affinity = optional(string, "soft-anti-affinity") + worker_count = number + flavor_worker = string + node_worker = string + image_id = string + image_name = optional(string, "") + allowed_addresses = optional(list(string), []) + worker_node_bfv_volume_size = optional(number, 0) + worker_node_bfv_destination_type = optional(string, "local") + worker_node_bfv_source_type = optional(string, "image") + worker_node_bfv_volume_type = optional(string, "") + worker_node_bfv_delete_on_termination = optional(bool, true) + additional_block_devices_worker_windows = optional(list(object({ + source_type = string + volume_size = number + volume_type = string + boot_index = number + destination_type = string + delete_on_termination = bool + mountpoint = optional(string, "") + filesystem = optional(string, "") + label = optional(string, "") + })), []) + subnet_id = optional(string, "") + windows_user = optional(string, "Administrator") + windows_admin_password = optional(string, "") + })) + default = [] +} + variable "naming_prefix" { type = string } diff --git a/iac/cloud/openstack/openstack-nova/main.tf b/iac/cloud/openstack/openstack-nova/main.tf index 4981484..bd0ebfb 100644 --- a/iac/cloud/openstack/openstack-nova/main.tf +++ b/iac/cloud/openstack/openstack-nova/main.tf @@ -120,7 +120,7 @@ module "node_worker" { module "node_worker_windows" { source = "../lib/openstack-compute-windows" - count = var.size_worker_windows.count > 0 ? 1 : 0 + # count = var.size_worker_windows.count > 0 ? 1 : 0 depends_on = [module.bastion, module.secgroup] availability_zone = var.availability_zone allowed_addresses = [var.subnet_nodes, var.subnet_pods, var.subnet_services] @@ -135,8 +135,11 @@ module "node_worker_windows" { servergroup_id = length(var.win_server_group_affinity) > 0 ? module.servergroup_windows[0].id : "" subnet_id = var.subnet_id == "" ? openstack_networking_subnet_v2.subnet[0].id : var.subnet_id user_data = module.user_data_windows[0].rendered - node_bfv_size = var.worker_node_bfv_size_windows - node_bfv_type = var.worker_node_bfv_type_windows + node_bfv_source_type = var.worker_node_bfv_source_type + node_bfv_destination_type = var.worker_node_bfv_destination_type + node_bfv_volume_size = var.worker_node_bfv_volume_size + node_bfv_delete_on_termination = var.worker_node_bfv_delete_on_termination + node_bfv_volume_type = var.worker_node_bfv_volume_type } module "secgroup" { @@ -151,6 +154,7 @@ module "secgroup" { k8s_api_port = var.k8s_api_port disable_bastion = var.disable_bastion worker_count_windows = var.size_worker_windows.count + additional_server_pools_worker_windows = var.additional_server_pools_worker_windows vrrp_enabled = var.vrrp_enabled k8s_api_port_acl = var.k8s_api_port_acl } @@ -209,7 +213,7 @@ module "user_data_bastion" { module "user_data_windows" { source = "../lib/user_data-windows" - count = var.size_worker_windows.count > 0 ? 1 : 0 + count = var.size_worker_windows.count > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) ca_certificates = join("\n", [var.openstack_ca, (var.services_ca_enabled == true ? module.ca.certificate : ""), var.ca_certificates]) ssh_authorized_keys = concat(var.ssh_authorized_keys, [module.ssh-keypair.keypair.public_key]) ntp_servers = var.ntp_servers @@ -227,3 +231,107 @@ module "ansible_inventory" { master_nodes = module.node_master.nodes ssh_user = var.ssh_user } + +# Server groups for additional worker pools - always created for each pool +module "servergroup_additional_worker_pools" { + source = "../lib/openstack-servergroup" + for_each = { for pool in var.additional_server_pools_worker : pool.name => pool } + + naming_prefix = var.naming_prefix + name = "${each.value.name}-worker" + server_group_affinity = length(each.value.server_group_affinity) > 0 ? [each.value.server_group_affinity] : ["soft-anti-affinity"] +} + +module "additional_worker_pools" { + source = "../lib/openstack-compute" + for_each = { for pool in var.additional_server_pools_worker : pool.name => pool } + + depends_on = [module.bastion, module.ssh-keypair, module.secgroup] + + # Basic configuration + availability_zone = var.availability_zone + naming_prefix = var.naming_prefix + ssh_user = var.ssh_user + + # Network configuration + network_id = var.network_id == "" ? openstack_networking_network_v2.network[0].id : var.network_id + subnet_id = length(each.value.subnet_id) > 0 ? each.value.subnet_id : (var.subnet_id == "" ? openstack_networking_subnet_v2.subnet[0].id : var.subnet_id) + + # Node-specific configuration from the variable + node_count = each.value.worker_count + node_type = each.value.node_worker + flavor_name = each.value.flavor_worker + image_id = each.value.image_id + image_name = each.value.image_name + allowed_addresses = [var.subnet_nodes, var.subnet_pods, var.subnet_services] + + # Boot from volume configuration + node_bfv_volume_size = each.value.worker_node_bfv_volume_size + node_bfv_destination_type = each.value.worker_node_bfv_destination_type + node_bfv_source_type = each.value.worker_node_bfv_source_type + node_bfv_volume_type = each.value.worker_node_bfv_volume_type + node_bfv_delete_on_termination = each.value.worker_node_bfv_delete_on_termination + + # Additional block devices + additional_block_devices = each.value.additional_block_devices_worker + + # Security and server group configuration - each pool gets its own server group + security_group_ids = [module.secgroup.worker_id] + servergroup_id = module.servergroup_additional_worker_pools[each.key].id + + # User data and bastion configuration + user_data = module.user_data_ubuntu.rendered + pf9_onboard = each.value.pf9_onboard + key_pair = module.ssh-keypair.keypair + +} + +# Server groups for additional Windows worker pools - always created for each pool +module "servergroup_additional_worker_pools_windows" { + source = "../lib/openstack-servergroup" + for_each = { for pool in var.additional_server_pools_worker_windows : pool.name => pool } + + naming_prefix = var.naming_prefix + name = "${each.value.name}-worker-windows" + server_group_affinity = each.value.server_group_affinity != "" ? [each.value.server_group_affinity] : ["soft-anti-affinity"] +} + +module "additional_worker_pools_windows" { + source = "../lib/openstack-compute-windows" + for_each = { for pool in var.additional_server_pools_worker_windows : pool.name => pool } + + depends_on = [module.bastion, module.secgroup] + + # Basic configuration + availability_zone = var.availability_zone + naming_prefix = var.naming_prefix + + # Network configuration + network_id = var.network_id == "" ? openstack_networking_network_v2.network[0].id : var.network_id + subnet_id = length(each.value.subnet_id) > 0 ? each.value.subnet_id : (var.subnet_id == "" ? openstack_networking_subnet_v2.subnet[0].id : var.subnet_id) + + # Node-specific configuration from the variable + node_count = each.value.worker_count + node_type = each.value.node_worker + flavor_name = each.value.flavor_worker + image_id = each.value.image_id + image_name = each.value.image_name + allowed_addresses = length(each.value.allowed_addresses) > 0 ? each.value.allowed_addresses : [var.subnet_nodes, var.subnet_pods, var.subnet_services] + + # Boot from volume configuration (Windows uses different parameter names) + node_bfv_volume_size = each.value.worker_node_bfv_volume_size + node_bfv_destination_type = each.value.worker_node_bfv_destination_type + node_bfv_source_type = each.value.worker_node_bfv_source_type + node_bfv_volume_type = each.value.worker_node_bfv_volume_type + node_bfv_delete_on_termination = each.value.worker_node_bfv_delete_on_termination + + # Additional block devices + additional_block_devices = each.value.additional_block_devices_worker_windows + + # Security and server group configuration - each pool gets its own server group + security_group_ids = [module.secgroup.worker_windows_id] + servergroup_id = module.servergroup_additional_worker_pools_windows[each.key].id + + # User data configuration + user_data = module.user_data_windows[0].rendered +} diff --git a/iac/cloud/openstack/openstack-nova/output.tf b/iac/cloud/openstack/openstack-nova/output.tf index 7b3f907..e2323c4 100644 --- a/iac/cloud/openstack/openstack-nova/output.tf +++ b/iac/cloud/openstack/openstack-nova/output.tf @@ -31,6 +31,19 @@ output "secgroup_id_master" { } output "windows_nodes" { - value = var.size_worker_windows.count > 0 ? module.node_worker_windows[0].nodes[*] : [] + value = var.size_worker_windows.count > 0 ? module.node_worker_windows.nodes[*] : [] } +output "additional_worker_pools_nodes" { + description = "Map of additional worker pool names to their node objects" + value = { + for pool_name, pool_module in module.additional_worker_pools : pool_name => pool_module.nodes[*] + } +} + +output "additional_worker_pools_windows_nodes" { + description = "Map of additional Windows worker pool names to their node objects" + value = { + for pool_name, pool_module in module.additional_worker_pools_windows : pool_name => pool_module.nodes[*] + } +} \ No newline at end of file diff --git a/iac/cloud/openstack/openstack-nova/variables.tf b/iac/cloud/openstack/openstack-nova/variables.tf index 721029a..902e626 100644 --- a/iac/cloud/openstack/openstack-nova/variables.tf +++ b/iac/cloud/openstack/openstack-nova/variables.tf @@ -656,3 +656,70 @@ variable "windows_admin_password" { # type = string # default = "" # } + +variable "additional_server_pools_worker" { + description = "List of additional worker server pools with their configurations" + type = list(object({ + name = string + server_group_affinity = optional(string, "soft-anti-affinity") + worker_count = number + flavor_worker = string + node_worker = string + image_id = string + image_name = optional(string, "") + allowed_addresses = optional(list(string), []) + worker_node_bfv_volume_size = optional(number, 0) + worker_node_bfv_destination_type = optional(string, "local") + worker_node_bfv_source_type = optional(string, "image") + worker_node_bfv_volume_type = optional(string, "") + worker_node_bfv_delete_on_termination = optional(bool, true) + additional_block_devices_worker = optional(list(object({ + source_type = string + volume_size = number + volume_type = string + boot_index = number + destination_type = string + delete_on_termination = bool + mountpoint = optional(string, "") + filesystem = optional(string, "") + label = optional(string, "") + })), []) + pf9_onboard = optional(bool, false) + subnet_id = optional(string, "") + })) + default = [] +} + +variable "additional_server_pools_worker_windows" { + description = "List of additional Windows worker server pools with their configurations" + type = list(object({ + name = string + server_group_affinity = optional(string, "soft-anti-affinity") + worker_count = number + flavor_worker = string + node_worker = string + image_id = string + image_name = optional(string, "") + allowed_addresses = optional(list(string), []) + worker_node_bfv_volume_size = optional(number, 0) + worker_node_bfv_destination_type = optional(string, "local") + worker_node_bfv_source_type = optional(string, "image") + worker_node_bfv_volume_type = optional(string, "") + worker_node_bfv_delete_on_termination = optional(bool, true) + additional_block_devices_worker_windows = optional(list(object({ + source_type = string + volume_size = number + volume_type = string + boot_index = number + destination_type = string + delete_on_termination = bool + mountpoint = optional(string, "") + filesystem = optional(string, "") + label = optional(string, "") + })), []) + subnet_id = optional(string, "") + windows_user = optional(string, "Administrator") + windows_admin_password = optional(string, "") + })) + default = [] +} \ No newline at end of file From 5c91bf80863848182793bf048ec0f6a8ec587d62 Mon Sep 17 00:00:00 2001 From: Miguel Parada Date: Tue, 28 Oct 2025 13:15:01 -0500 Subject: [PATCH 3/6] fix: win userdata --- iac/cloud/openstack/openstack-nova/main.tf | 130 ++++++++++----------- 1 file changed, 65 insertions(+), 65 deletions(-) diff --git a/iac/cloud/openstack/openstack-nova/main.tf b/iac/cloud/openstack/openstack-nova/main.tf index bd0ebfb..8a294e0 100644 --- a/iac/cloud/openstack/openstack-nova/main.tf +++ b/iac/cloud/openstack/openstack-nova/main.tf @@ -1,6 +1,6 @@ module "bastion" { source = "../lib/openstack-bastion" - count = var.disable_bastion == true ? 0 : 1 + count = var.disable_bastion == true ? 0 : 1 availability_zone = var.availability_zone flavor_bastion = var.flavor_bastion @@ -12,7 +12,7 @@ module "bastion" { security_group_name = module.secgroup.controlplane_name user_data = module.user_data_bastion.rendered key_pair = module.ssh-keypair.keypair - module_depends_on = var.vlan_id == "" ? ( var.router_id == "" ? [openstack_networking_router_interface_v2.router[0].id] : [var.router_id]) : [] + module_depends_on = var.vlan_id == "" ? (var.router_id == "" ? [openstack_networking_router_interface_v2.router[0].id] : [var.router_id]) : [] } module "ca" { @@ -56,7 +56,7 @@ module "floating-vip" { module "ssh-keypair" { source = "../lib/openstack-keypair" openstack_user_name = var.openstack_user_name - naming_prefix = var.naming_prefix + naming_prefix = var.naming_prefix } @@ -66,7 +66,7 @@ module "node_master" { depends_on = [module.bastion, module.ssh-keypair, module.secgroup] additional_block_devices = var.additional_block_devices_master availability_zone = var.availability_zone - allowed_addresses = [var.vrrp_ip ,var.subnet_nodes, var.subnet_pods, var.subnet_services] + allowed_addresses = [var.vrrp_ip, var.subnet_nodes, var.subnet_pods, var.subnet_services] flavor_name = var.size_master.flavor image_id = var.image_id image_name = var.image_name @@ -93,7 +93,7 @@ module "node_worker" { source = "../lib/openstack-compute" depends_on = [module.bastion, module.ssh-keypair, module.secgroup] - additional_block_devices = var.additional_block_devices_worker + additional_block_devices = var.additional_block_devices_worker availability_zone = var.availability_zone allowed_addresses = [var.subnet_nodes, var.subnet_pods, var.subnet_services] flavor_name = var.size_worker.flavor @@ -121,20 +121,20 @@ module "node_worker" { module "node_worker_windows" { source = "../lib/openstack-compute-windows" # count = var.size_worker_windows.count > 0 ? 1 : 0 - depends_on = [module.bastion, module.secgroup] - availability_zone = var.availability_zone - allowed_addresses = [var.subnet_nodes, var.subnet_pods, var.subnet_services] - flavor_name = var.size_worker_windows.flavor - image_id = var.image_id_windows - image_name = var.image_name - naming_prefix = var.naming_prefix - network_id = var.network_id == "" ? openstack_networking_network_v2.network[0].id : var.network_id - node_count = var.size_worker_windows.count - node_type = var.node_worker_windows == "" ? "win_wn" : var.node_worker_windows - security_group_ids = [module.secgroup.worker_windows_id] - servergroup_id = length(var.win_server_group_affinity) > 0 ? module.servergroup_windows[0].id : "" - subnet_id = var.subnet_id == "" ? openstack_networking_subnet_v2.subnet[0].id : var.subnet_id - user_data = module.user_data_windows[0].rendered + depends_on = [module.bastion, module.secgroup] + availability_zone = var.availability_zone + allowed_addresses = [var.subnet_nodes, var.subnet_pods, var.subnet_services] + flavor_name = var.size_worker_windows.flavor + image_id = var.image_id_windows + image_name = var.image_name + naming_prefix = var.naming_prefix + network_id = var.network_id == "" ? openstack_networking_network_v2.network[0].id : var.network_id + node_count = var.size_worker_windows.count + node_type = var.node_worker_windows == "" ? "win_wn" : var.node_worker_windows + security_group_ids = [module.secgroup.worker_windows_id] + servergroup_id = length(var.win_server_group_affinity) > 0 ? module.servergroup_windows[0].id : "" + subnet_id = var.subnet_id == "" ? openstack_networking_subnet_v2.subnet[0].id : var.subnet_id + user_data = module.user_data_windows.rendered node_bfv_source_type = var.worker_node_bfv_source_type node_bfv_destination_type = var.worker_node_bfv_destination_type node_bfv_volume_size = var.worker_node_bfv_volume_size @@ -145,41 +145,41 @@ module "node_worker_windows" { module "secgroup" { source = "../lib/openstack-secgroup" - additional_ports_master = var.additional_ports_master - additional_ports_worker = var.additional_ports_worker - naming_prefix = var.naming_prefix - subnet_pods = var.subnet_pods - subnet_services = var.subnet_services - subnet_servers = var.subnet_nodes - k8s_api_port = var.k8s_api_port - disable_bastion = var.disable_bastion - worker_count_windows = var.size_worker_windows.count + additional_ports_master = var.additional_ports_master + additional_ports_worker = var.additional_ports_worker + naming_prefix = var.naming_prefix + subnet_pods = var.subnet_pods + subnet_services = var.subnet_services + subnet_servers = var.subnet_nodes + k8s_api_port = var.k8s_api_port + disable_bastion = var.disable_bastion + worker_count_windows = var.size_worker_windows.count additional_server_pools_worker_windows = var.additional_server_pools_worker_windows - vrrp_enabled = var.vrrp_enabled - k8s_api_port_acl = var.k8s_api_port_acl + vrrp_enabled = var.vrrp_enabled + k8s_api_port_acl = var.k8s_api_port_acl } module "servergroup_master" { - source = "../lib/openstack-servergroup" - name = "master" - naming_prefix = var.naming_prefix - server_group_affinity = var.cp_server_group_affinity + source = "../lib/openstack-servergroup" + name = "master" + naming_prefix = var.naming_prefix + server_group_affinity = var.cp_server_group_affinity } module "servergroup_worker" { - source = "../lib/openstack-servergroup" - count = length(var.wn_server_group_affinity) > 0 ? 1 : 0 - name = "worker" - naming_prefix = var.naming_prefix - server_group_affinity = var.wn_server_group_affinity + source = "../lib/openstack-servergroup" + count = length(var.wn_server_group_affinity) > 0 ? 1 : 0 + name = "worker" + naming_prefix = var.naming_prefix + server_group_affinity = var.wn_server_group_affinity } module "servergroup_windows" { - source = "../lib/openstack-servergroup" - count = length(var.win_server_group_affinity) > 0 ? 1 : 0 - name = "windows" - naming_prefix = var.naming_prefix - server_group_affinity = var.win_server_group_affinity + source = "../lib/openstack-servergroup" + count = length(var.win_server_group_affinity) > 0 ? 1 : 0 + name = "windows" + naming_prefix = var.naming_prefix + server_group_affinity = var.win_server_group_affinity } @@ -212,15 +212,15 @@ module "user_data_bastion" { } module "user_data_windows" { - source = "../lib/user_data-windows" - count = var.size_worker_windows.count > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) - ca_certificates = join("\n", [var.openstack_ca, (var.services_ca_enabled == true ? module.ca.certificate : ""), var.ca_certificates]) - ssh_authorized_keys = concat(var.ssh_authorized_keys, [module.ssh-keypair.keypair.public_key]) - ntp_servers = var.ntp_servers - pkg_manager_proxy = var.pkg_manager_proxy - reboot = var.reboot - windows_user = var.windows_user - windows_admin_password = var.windows_admin_password + source = "../lib/user_data-windows" + count = var.size_worker_windows.count > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) + ca_certificates = join("\n", [var.openstack_ca, (var.services_ca_enabled == true ? module.ca.certificate : ""), var.ca_certificates]) + ssh_authorized_keys = concat(var.ssh_authorized_keys, [module.ssh-keypair.keypair.public_key]) + ntp_servers = var.ntp_servers + pkg_manager_proxy = var.pkg_manager_proxy + reboot = var.reboot + windows_user = var.windows_user + windows_admin_password = var.windows_admin_password } module "ansible_inventory" { @@ -237,9 +237,9 @@ module "servergroup_additional_worker_pools" { source = "../lib/openstack-servergroup" for_each = { for pool in var.additional_server_pools_worker : pool.name => pool } - naming_prefix = var.naming_prefix - name = "${each.value.name}-worker" - server_group_affinity = length(each.value.server_group_affinity) > 0 ? [each.value.server_group_affinity] : ["soft-anti-affinity"] + naming_prefix = var.naming_prefix + name = "${each.value.name}-worker" + server_group_affinity = length(each.value.server_group_affinity) > 0 ? [each.value.server_group_affinity] : ["soft-anti-affinity"] } module "additional_worker_pools" { @@ -249,9 +249,9 @@ module "additional_worker_pools" { depends_on = [module.bastion, module.ssh-keypair, module.secgroup] # Basic configuration - availability_zone = var.availability_zone - naming_prefix = var.naming_prefix - ssh_user = var.ssh_user + availability_zone = var.availability_zone + naming_prefix = var.naming_prefix + ssh_user = var.ssh_user # Network configuration network_id = var.network_id == "" ? openstack_networking_network_v2.network[0].id : var.network_id @@ -280,9 +280,9 @@ module "additional_worker_pools" { servergroup_id = module.servergroup_additional_worker_pools[each.key].id # User data and bastion configuration - user_data = module.user_data_ubuntu.rendered - pf9_onboard = each.value.pf9_onboard - key_pair = module.ssh-keypair.keypair + user_data = module.user_data_ubuntu.rendered + pf9_onboard = each.value.pf9_onboard + key_pair = module.ssh-keypair.keypair } @@ -291,9 +291,9 @@ module "servergroup_additional_worker_pools_windows" { source = "../lib/openstack-servergroup" for_each = { for pool in var.additional_server_pools_worker_windows : pool.name => pool } - naming_prefix = var.naming_prefix - name = "${each.value.name}-worker-windows" - server_group_affinity = each.value.server_group_affinity != "" ? [each.value.server_group_affinity] : ["soft-anti-affinity"] + naming_prefix = var.naming_prefix + name = "${each.value.name}-worker-windows" + server_group_affinity = each.value.server_group_affinity != "" ? [each.value.server_group_affinity] : ["soft-anti-affinity"] } module "additional_worker_pools_windows" { From da3b6182a06788f22234515ab784b637a8074926 Mon Sep 17 00:00:00 2001 From: Miguel Parada Date: Tue, 28 Oct 2025 13:33:57 -0500 Subject: [PATCH 4/6] added windows enable var --- .../openstack/lib/openstack-secgroup/main.tf | 38 +++++++------ .../lib/openstack-secgroup/variables.tf | 54 +++++++++---------- iac/cloud/openstack/openstack-nova/main.tf | 9 +++- 3 files changed, 55 insertions(+), 46 deletions(-) diff --git a/iac/cloud/openstack/lib/openstack-secgroup/main.tf b/iac/cloud/openstack/lib/openstack-secgroup/main.tf index 0d61799..8906130 100644 --- a/iac/cloud/openstack/lib/openstack-secgroup/main.tf +++ b/iac/cloud/openstack/lib/openstack-secgroup/main.tf @@ -1,3 +1,7 @@ +locals { + windows_enabled = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) +} + resource "openstack_networking_secgroup_v2" "controlplane" { name = "${var.naming_prefix}controlplane" } @@ -50,7 +54,7 @@ resource "openstack_networking_secgroup_v2" "master" { } resource "openstack_networking_secgroup_rule_v2" "kube_api_ipv4" { - for_each = toset(var.k8s_api_port_acl) + for_each = toset(var.k8s_api_port_acl) direction = "ingress" ethertype = "IPv4" remote_ip_prefix = each.value @@ -162,12 +166,12 @@ resource "openstack_networking_secgroup_rule_v2" "worker_ipv6" { resource "openstack_networking_secgroup_v2" "worker_windows" { - count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) - name = "${var.naming_prefix}worker-windows" + count = local.windows_enabled == 1 ? 1 : 0 + name = "${var.naming_prefix}worker-windows" } resource "openstack_networking_secgroup_rule_v2" "worker_windows_nodeport_ipv4" { - count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) + count = local.windows_enabled == 1 ? 1 : 0 direction = "ingress" ethertype = "IPv4" port_range_min = 30000 @@ -178,7 +182,7 @@ resource "openstack_networking_secgroup_rule_v2" "worker_windows_nodeport_ipv4" } resource "openstack_networking_secgroup_rule_v2" "controlplane_ipv4_windows" { - count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) + count = local.windows_enabled == 1 ? 1 : 0 direction = "ingress" ethertype = "IPv4" remote_group_id = openstack_networking_secgroup_v2.worker_windows[0].id @@ -186,7 +190,7 @@ resource "openstack_networking_secgroup_rule_v2" "controlplane_ipv4_windows" { } resource "openstack_networking_secgroup_rule_v2" "rdp_ipv4" { - count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) + count = local.windows_enabled == 1 ? 1 : 0 direction = "ingress" ethertype = "IPv4" remote_ip_prefix = "0.0.0.0/0" @@ -197,7 +201,7 @@ resource "openstack_networking_secgroup_rule_v2" "rdp_ipv4" { } resource "openstack_networking_secgroup_rule_v2" "rdp_ipv6" { - count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) + count = local.windows_enabled == 1 ? 1 : 0 direction = "ingress" ethertype = "IPv6" remote_ip_prefix = "::/0" @@ -208,7 +212,7 @@ resource "openstack_networking_secgroup_rule_v2" "rdp_ipv6" { } resource "openstack_networking_secgroup_rule_v2" "worker_windows_int_ipv4" { - count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) + count = local.windows_enabled == 1 ? 1 : 0 direction = "ingress" ethertype = "IPv4" remote_group_id = openstack_networking_secgroup_v2.worker_windows[0].id @@ -216,7 +220,7 @@ resource "openstack_networking_secgroup_rule_v2" "worker_windows_int_ipv4" { } resource "openstack_networking_secgroup_rule_v2" "worker_windows_int_ipv6" { - count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) + count = local.windows_enabled == 1 ? 1 : 0 direction = "ingress" ethertype = "IPv6" remote_group_id = openstack_networking_secgroup_v2.worker_windows[0].id @@ -224,7 +228,7 @@ resource "openstack_networking_secgroup_rule_v2" "worker_windows_int_ipv6" { } resource "openstack_networking_secgroup_rule_v2" "winrm_ipv4" { - count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) + count = local.windows_enabled == 1 ? 1 : 0 direction = "ingress" ethertype = "IPv4" remote_ip_prefix = var.subnet_servers @@ -235,7 +239,7 @@ resource "openstack_networking_secgroup_rule_v2" "winrm_ipv4" { } resource "openstack_networking_secgroup_rule_v2" "ssh_ipv4" { - count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) + count = local.windows_enabled == 1 ? 1 : 0 direction = "ingress" ethertype = "IPv4" remote_ip_prefix = "0.0.0.0/0" @@ -246,7 +250,7 @@ resource "openstack_networking_secgroup_rule_v2" "ssh_ipv4" { } resource "openstack_networking_secgroup_rule_v2" "ssh_ipv6" { - count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) + count = local.windows_enabled == 1 ? 1 : 0 direction = "ingress" ethertype = "IPv6" remote_ip_prefix = "::/0" @@ -257,7 +261,7 @@ resource "openstack_networking_secgroup_rule_v2" "ssh_ipv6" { } resource "openstack_networking_secgroup_rule_v2" "worker_windows_nodes_ipv4" { - count = var.worker_count_windows > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) + count = local.windows_enabled == 1 ? 1 : 0 direction = "ingress" ethertype = "IPv4" port_range_min = 0 @@ -267,8 +271,8 @@ resource "openstack_networking_secgroup_rule_v2" "worker_windows_nodes_ipv4" { } resource "openstack_networking_secgroup_rule_v2" "master_additional_ports_ipv4" { - for_each = toset(var.additional_ports_master) - + for_each = toset(var.additional_ports_master) + direction = "ingress" ethertype = "IPv4" remote_ip_prefix = var.subnet_servers @@ -278,8 +282,8 @@ resource "openstack_networking_secgroup_rule_v2" "master_additional_ports_ipv4" security_group_id = openstack_networking_secgroup_v2.master.id } resource "openstack_networking_secgroup_rule_v2" "worker_additional_ports_ipv4" { - for_each = toset(var.additional_ports_worker) - + for_each = toset(var.additional_ports_worker) + direction = "ingress" ethertype = "IPv4" remote_ip_prefix = var.subnet_servers diff --git a/iac/cloud/openstack/lib/openstack-secgroup/variables.tf b/iac/cloud/openstack/lib/openstack-secgroup/variables.tf index 015e74d..8652302 100644 --- a/iac/cloud/openstack/lib/openstack-secgroup/variables.tf +++ b/iac/cloud/openstack/lib/openstack-secgroup/variables.tf @@ -1,30 +1,30 @@ variable "additional_ports_master" { description = "List of additional ports to create security group rules for custom applications" type = list(string) - default = [] # No rules created by default + default = [] # No rules created by default } variable "additional_ports_worker" { description = "List of additional ports to create security group rules for custom applications" type = list(string) - default = [] # No rules created by default + default = [] # No rules created by default } variable "additional_server_pools_worker_windows" { description = "List of additional Windows worker server pools with their configurations" type = list(object({ - name = string - server_group_affinity = optional(string, "soft-anti-affinity") - worker_count = number - flavor_worker = string - node_worker = string - image_id = string - image_name = optional(string, "") - allowed_addresses = optional(list(string), []) - worker_node_bfv_volume_size = optional(number, 0) - worker_node_bfv_destination_type = optional(string, "local") - worker_node_bfv_source_type = optional(string, "image") - worker_node_bfv_volume_type = optional(string, "") + name = string + server_group_affinity = optional(string, "soft-anti-affinity") + worker_count = number + flavor_worker = string + node_worker = string + image_id = string + image_name = optional(string, "") + allowed_addresses = optional(list(string), []) + worker_node_bfv_volume_size = optional(number, 0) + worker_node_bfv_destination_type = optional(string, "local") + worker_node_bfv_source_type = optional(string, "image") + worker_node_bfv_volume_type = optional(string, "") worker_node_bfv_delete_on_termination = optional(bool, true) additional_block_devices_worker_windows = optional(list(object({ source_type = string @@ -37,9 +37,9 @@ variable "additional_server_pools_worker_windows" { filesystem = optional(string, "") label = optional(string, "") })), []) - subnet_id = optional(string, "") - windows_user = optional(string, "Administrator") - windows_admin_password = optional(string, "") + subnet_id = optional(string, "") + windows_user = optional(string, "Administrator") + windows_admin_password = optional(string, "") })) default = [] } @@ -70,31 +70,31 @@ variable "disable_bastion" { } variable "rke2_enable" { - type = bool - default = false + type = bool + default = false description = "value to create and configure the infrastructure for rke2" } variable "rke_server_port" { - type = number - default = 9345 + type = number + default = 9345 description = "value to set the port for the rke2 join api" } variable "vrrp_enabled" { - type = bool - default = false + type = bool + default = false description = "Will create a port to use as a VIP. If floating IP pool is defined it will get a floating IP assigned to it." } variable "k8s_api_port_acl" { - type = list(string) - default = ["0.0.0.0/0"] + type = list(string) + default = ["0.0.0.0/0"] description = "List of CIDR blocks to allow access to to the vrrp VIP" } variable "worker_count_windows" { - type = number - default = 0 + type = number + default = 0 description = "number of windows worker nodes to create" } \ No newline at end of file diff --git a/iac/cloud/openstack/openstack-nova/main.tf b/iac/cloud/openstack/openstack-nova/main.tf index 8a294e0..59dde56 100644 --- a/iac/cloud/openstack/openstack-nova/main.tf +++ b/iac/cloud/openstack/openstack-nova/main.tf @@ -1,3 +1,8 @@ +locals { + windows_enabled = var.size_worker_windows.count > 0 || length(var.additional_server_pools_worker_windows) > 0 +} + + module "bastion" { source = "../lib/openstack-bastion" count = var.disable_bastion == true ? 0 : 1 @@ -134,7 +139,7 @@ module "node_worker_windows" { security_group_ids = [module.secgroup.worker_windows_id] servergroup_id = length(var.win_server_group_affinity) > 0 ? module.servergroup_windows[0].id : "" subnet_id = var.subnet_id == "" ? openstack_networking_subnet_v2.subnet[0].id : var.subnet_id - user_data = module.user_data_windows.rendered + user_data = module.user_data_windows[0].rendered node_bfv_source_type = var.worker_node_bfv_source_type node_bfv_destination_type = var.worker_node_bfv_destination_type node_bfv_volume_size = var.worker_node_bfv_volume_size @@ -213,7 +218,7 @@ module "user_data_bastion" { module "user_data_windows" { source = "../lib/user_data-windows" - count = var.size_worker_windows.count > 0 ? 1 : (length(var.additional_server_pools_worker_windows) > 0 ? 1 : 0) + count = local.windows_enabled == true ? 1 : 0 ca_certificates = join("\n", [var.openstack_ca, (var.services_ca_enabled == true ? module.ca.certificate : ""), var.ca_certificates]) ssh_authorized_keys = concat(var.ssh_authorized_keys, [module.ssh-keypair.keypair.public_key]) ntp_servers = var.ntp_servers From 9d560d8199c48ec68ac03352849a91648f38c465 Mon Sep 17 00:00:00 2001 From: Miguel Parada Date: Tue, 28 Oct 2025 13:35:52 -0500 Subject: [PATCH 5/6] fix win userdata ref --- iac/cloud/openstack/openstack-nova/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iac/cloud/openstack/openstack-nova/main.tf b/iac/cloud/openstack/openstack-nova/main.tf index 59dde56..28ca7ee 100644 --- a/iac/cloud/openstack/openstack-nova/main.tf +++ b/iac/cloud/openstack/openstack-nova/main.tf @@ -139,7 +139,7 @@ module "node_worker_windows" { security_group_ids = [module.secgroup.worker_windows_id] servergroup_id = length(var.win_server_group_affinity) > 0 ? module.servergroup_windows[0].id : "" subnet_id = var.subnet_id == "" ? openstack_networking_subnet_v2.subnet[0].id : var.subnet_id - user_data = module.user_data_windows[0].rendered + user_data = local.windows_enabled == 1 ? module.user_data_windows[0].rendered : "" node_bfv_source_type = var.worker_node_bfv_source_type node_bfv_destination_type = var.worker_node_bfv_destination_type node_bfv_volume_size = var.worker_node_bfv_volume_size From 627fd589c1d226772c05d2611be01fd00ecd6ef4 Mon Sep 17 00:00:00 2001 From: Miguel Parada Date: Wed, 29 Oct 2025 15:50:10 -0500 Subject: [PATCH 6/6] terraform fmt --- .../openstack/lib/ansible-inventory/main.tf | 4 +- .../lib/ansible-inventory/variables.tf | 2 +- .../openstack/lib/floating-vip/output.tf | 2 +- .../lib/openstack-compute-windows/main.tf | 64 +++--- .../openstack-compute-windows/variables.tf | 16 +- .../openstack/lib/openstack-compute/main.tf | 2 +- .../lib/openstack-compute/variables.tf | 18 +- .../openstack/lib/openstack-keypair/main.tf | 8 +- .../lib/openstack-loadbalancer/main.tf | 24 +-- .../lib/openstack-loadbalancer/variables.tf | 12 +- .../openstack/lib/user_data-ubuntu/main.tf | 2 +- .../lib/user_data-ubuntu/variables.tf | 6 +- .../lib/user_data-windows/variables.tf | 8 +- iac/cloud/openstack/openstack-nova/network.tf | 2 +- .../openstack/openstack-nova/provider.tf | 24 +-- .../openstack/openstack-nova/variables.tf | 188 +++++++++--------- iac/cni/calico/main.tf | 4 +- iac/provider/kubespray/main.tf | 30 +-- iac/provider/kubespray/variables.tf | 2 +- playbooks/configure-disks.yaml | 2 +- 20 files changed, 210 insertions(+), 210 deletions(-) diff --git a/iac/cloud/openstack/lib/ansible-inventory/main.tf b/iac/cloud/openstack/lib/ansible-inventory/main.tf index 4c3d597..e5d94bf 100644 --- a/iac/cloud/openstack/lib/ansible-inventory/main.tf +++ b/iac/cloud/openstack/lib/ansible-inventory/main.tf @@ -7,7 +7,7 @@ resource "local_file" "ansible_inventory" { master_nodes = var.master_nodes ssh_user = var.ssh_user }) - filename = "infra-inventory" + filename = "infra-inventory" - depends_on = [ var.master_nodes, var.worker_nodes ] + depends_on = [var.master_nodes, var.worker_nodes] } \ No newline at end of file diff --git a/iac/cloud/openstack/lib/ansible-inventory/variables.tf b/iac/cloud/openstack/lib/ansible-inventory/variables.tf index 26734c6..b3bf4c0 100644 --- a/iac/cloud/openstack/lib/ansible-inventory/variables.tf +++ b/iac/cloud/openstack/lib/ansible-inventory/variables.tf @@ -1,5 +1,5 @@ variable "address_bastion" { - type = string + type = string default = "" } diff --git a/iac/cloud/openstack/lib/floating-vip/output.tf b/iac/cloud/openstack/lib/floating-vip/output.tf index 41a2e39..3214833 100644 --- a/iac/cloud/openstack/lib/floating-vip/output.tf +++ b/iac/cloud/openstack/lib/floating-vip/output.tf @@ -1,3 +1,3 @@ output "ip" { - value = var.floatingip_pool == "" ? var.vrrp_ip : openstack_compute_floatingip_v2.k8s_api_ip[0].address + value = var.floatingip_pool == "" ? var.vrrp_ip : openstack_compute_floatingip_v2.k8s_api_ip[0].address } diff --git a/iac/cloud/openstack/lib/openstack-compute-windows/main.tf b/iac/cloud/openstack/lib/openstack-compute-windows/main.tf index 5fb0fee..436552f 100644 --- a/iac/cloud/openstack/lib/openstack-compute-windows/main.tf +++ b/iac/cloud/openstack/lib/openstack-compute-windows/main.tf @@ -19,20 +19,20 @@ resource "openstack_networking_port_v2" "node" { resource "openstack_compute_instance_v2" "node" { name = "${substr(var.naming_prefix, 0, 8)}${var.node_type}${count.index}" - config_drive = true # Windows needs config drive + config_drive = true # Windows needs config drive count = var.node_count flavor_name = var.flavor_name image_id = var.image_id image_name = var.image_name user_data = var.user_data availability_zone = var.availability_zone -# key_pair = var.key_pair.name + # key_pair = var.key_pair.name -# metadata = { -# bastion = var.bastion_floating_ip -# user = var.windows_user -# admin_pass = var.admin_password # Windows admin password -# } + # metadata = { + # bastion = var.bastion_floating_ip + # user = var.windows_user + # admin_pass = var.admin_password # Windows admin password + # } block_device { uuid = var.image_id @@ -43,7 +43,7 @@ resource "openstack_compute_instance_v2" "node" { delete_on_termination = true } - dynamic "block_device" { + dynamic "block_device" { for_each = var.additional_block_devices content { uuid = block_device.value.source_type == "blank" ? "" : null @@ -65,36 +65,36 @@ resource "openstack_compute_instance_v2" "node" { } # Windows-specific provisioner using WinRM -# provisioner "remote-exec" { -# when = destroy -# on_failure = continue -# inline = [ -# "powershell.exe -ExecutionPolicy Bypass -File C:\\remove_node.ps1" -# ] + # provisioner "remote-exec" { + # when = destroy + # on_failure = continue + # inline = [ + # "powershell.exe -ExecutionPolicy Bypass -File C:\\remove_node.ps1" + # ] -# connection { -# type = "winrm" -# user = self.metadata.user -# password = self.metadata.admin_pass -# host = self.access_ip_v4 -# port = 5985 -# https = false -# insecure = true -# timeout = "10m" # Windows boot times are typically longer - -# # If using bastion/jump host for Windows -# # Note: WinRM through bastion is more complex and may require additional setup -# bastion_host = var.use_bastion ? self.metadata.bastion : null -# bastion_user = var.use_bastion ? self.metadata.user : null -# bastion_password = var.use_bastion ? var.bastion_password : null -# } -# } + # connection { + # type = "winrm" + # user = self.metadata.user + # password = self.metadata.admin_pass + # host = self.access_ip_v4 + # port = 5985 + # https = false + # insecure = true + # timeout = "10m" # Windows boot times are typically longer + + # # If using bastion/jump host for Windows + # # Note: WinRM through bastion is more complex and may require additional setup + # bastion_host = var.use_bastion ? self.metadata.bastion : null + # bastion_user = var.use_bastion ? self.metadata.user : null + # bastion_password = var.use_bastion ? var.bastion_password : null + # } + # } lifecycle { ignore_changes = [ user_data, image_id, - metadata.admin_pass # Ignore password changes + metadata.admin_pass # Ignore password changes ] } } \ No newline at end of file diff --git a/iac/cloud/openstack/lib/openstack-compute-windows/variables.tf b/iac/cloud/openstack/lib/openstack-compute-windows/variables.tf index 3e04644..bf444a9 100644 --- a/iac/cloud/openstack/lib/openstack-compute-windows/variables.tf +++ b/iac/cloud/openstack/lib/openstack-compute-windows/variables.tf @@ -1,10 +1,10 @@ variable "additional_block_devices" { description = "List of additional block devices to attach to instances" type = list(object({ - source_type = string # "blank", "image", "volume", "snapshot" + source_type = string # "blank", "image", "volume", "snapshot" volume_size = number volume_type = optional(string, "") - boot_index = number # Must be > 0 for non-boot devices + boot_index = number # Must be > 0 for non-boot devices destination_type = optional(string, "volume") delete_on_termination = optional(bool, true) mountpoint = string @@ -26,28 +26,28 @@ variable "availability_zone" { variable "node_bfv_source_type" { - type = string + type = string description = "he source type of the device. Must be one of blank, image, volume, or snapshot. Changing this creates a new server." } variable "node_bfv_destination_type" { - type = string + type = string description = "The destination type of the device. Must be one of volume or local." } variable "node_bfv_delete_on_termination" { - type = bool - default = true + type = bool + default = true description = "If true, the volume will be deleted when the server is terminated." } variable "node_bfv_volume_size" { - type = number + type = number description = "volume size for boot from volume nodes" } variable "node_bfv_volume_type" { - type = string + type = string description = "boot from volume type for nodes" } diff --git a/iac/cloud/openstack/lib/openstack-compute/main.tf b/iac/cloud/openstack/lib/openstack-compute/main.tf index 0f24b16..d669841 100644 --- a/iac/cloud/openstack/lib/openstack-compute/main.tf +++ b/iac/cloud/openstack/lib/openstack-compute/main.tf @@ -42,7 +42,7 @@ resource "openstack_compute_instance_v2" "node" { destination_type = var.node_bfv_destination_type delete_on_termination = var.node_bfv_delete_on_termination } - + dynamic "block_device" { for_each = var.additional_block_devices content { diff --git a/iac/cloud/openstack/lib/openstack-compute/variables.tf b/iac/cloud/openstack/lib/openstack-compute/variables.tf index d69ac60..9fac115 100644 --- a/iac/cloud/openstack/lib/openstack-compute/variables.tf +++ b/iac/cloud/openstack/lib/openstack-compute/variables.tf @@ -1,10 +1,10 @@ variable "additional_block_devices" { description = "List of additional block devices to attach to instances" type = list(object({ - source_type = string # "blank", "image", "volume", "snapshot" + source_type = string # "blank", "image", "volume", "snapshot" volume_size = number volume_type = optional(string, "") - boot_index = number # Must be > 0 for non-boot devices + boot_index = number # Must be > 0 for non-boot devices destination_type = optional(string, "volume") delete_on_termination = optional(bool, true) mountpoint = string @@ -53,28 +53,28 @@ variable "node_type" { } variable "node_bfv_source_type" { - type = string + type = string description = "he source type of the device. Must be one of blank, image, volume, or snapshot. Changing this creates a new server." } variable "node_bfv_destination_type" { - type = string + type = string description = "The destination type of the device. Must be one of volume or local." } variable "node_bfv_delete_on_termination" { - type = bool - default = true + type = bool + default = true description = "If true, the volume will be deleted when the server is terminated." } variable "node_bfv_volume_size" { - type = number + type = number description = "volume size for boot from volume nodes" } variable "node_bfv_volume_type" { - type = string + type = string description = "boot from volume type for nodes" } @@ -102,7 +102,7 @@ variable "pf9_onboard" { } variable "bastion_floating_ip" { - type = string + type = string default = "" } diff --git a/iac/cloud/openstack/lib/openstack-keypair/main.tf b/iac/cloud/openstack/lib/openstack-keypair/main.tf index b24027f..7ecb6d0 100644 --- a/iac/cloud/openstack/lib/openstack-keypair/main.tf +++ b/iac/cloud/openstack/lib/openstack-keypair/main.tf @@ -3,13 +3,13 @@ resource "openstack_compute_keypair_v2" "ssh_keypair" { } resource "local_file" "private_key" { - content = openstack_compute_keypair_v2.ssh_keypair.private_key - filename = "${path.root}/id_rsa" + content = openstack_compute_keypair_v2.ssh_keypair.private_key + filename = "${path.root}/id_rsa" file_permission = "0600" } resource "local_file" "public_key" { - content = openstack_compute_keypair_v2.ssh_keypair.public_key - filename = "${path.root}/id_rsa.pub" + content = openstack_compute_keypair_v2.ssh_keypair.public_key + filename = "${path.root}/id_rsa.pub" file_permission = "0644" } diff --git a/iac/cloud/openstack/lib/openstack-loadbalancer/main.tf b/iac/cloud/openstack/lib/openstack-loadbalancer/main.tf index d39d026..d30da6a 100644 --- a/iac/cloud/openstack/lib/openstack-loadbalancer/main.tf +++ b/iac/cloud/openstack/lib/openstack-loadbalancer/main.tf @@ -2,13 +2,13 @@ resource "openstack_lb_loadbalancer_v2" "k8s" { loadbalancer_provider = var.loadbalancer_provider # availability_zone = var.availability_zone - name = "${var.naming_prefix}k8s" - vip_subnet_id = var.subnet_id - vip_address = var.vrrp_ip + name = "${var.naming_prefix}k8s" + vip_subnet_id = var.subnet_id + vip_address = var.vrrp_ip } resource "openstack_lb_pool_v2" "k8s" { - + lb_method = "SOURCE_IP" protocol = "TCP" name = "${var.naming_prefix}k8s" @@ -16,7 +16,7 @@ resource "openstack_lb_pool_v2" "k8s" { } resource "openstack_lb_pool_v2" "rke2" { - count = var.rke2_enable == false ? 0 : 1 + count = var.rke2_enable == false ? 0 : 1 lb_method = "SOURCE_IP" protocol = "TCP" name = "${var.naming_prefix}rke2" @@ -24,7 +24,7 @@ resource "openstack_lb_pool_v2" "rke2" { } resource "openstack_lb_monitor_v2" "k8s" { - depends_on = [ openstack_lb_pool_v2.k8s ] + depends_on = [openstack_lb_pool_v2.k8s] delay = 30 max_retries = 3 name = "${var.naming_prefix}k8s" @@ -34,8 +34,8 @@ resource "openstack_lb_monitor_v2" "k8s" { } resource "openstack_lb_monitor_v2" "rke2" { - count = var.rke2_enable == false ? 0 : 1 - depends_on = [ openstack_lb_pool_v2.rke2 ] + count = var.rke2_enable == false ? 0 : 1 + depends_on = [openstack_lb_pool_v2.rke2] delay = 30 max_retries = 3 name = "${var.naming_prefix}rke2" @@ -46,7 +46,7 @@ resource "openstack_lb_monitor_v2" "rke2" { resource "openstack_lb_member_v2" "rke2" { - depends_on = [ openstack_lb_pool_v2.rke2[0] ] + depends_on = [openstack_lb_pool_v2.rke2[0]] count = var.rke2_enable == false ? 0 : var.server_count address = var.master_ips[count.index] name = "${var.naming_prefix}${count.index}" @@ -56,7 +56,7 @@ resource "openstack_lb_member_v2" "rke2" { } resource "openstack_lb_member_v2" "k8s" { - depends_on = [ openstack_lb_pool_v2.k8s ] + depends_on = [openstack_lb_pool_v2.k8s] count = var.server_count address = var.master_ips[count.index] name = "${var.naming_prefix}${count.index}" @@ -75,7 +75,7 @@ resource "openstack_lb_listener_v2" "k8s" { } resource "openstack_lb_listener_v2" "rke2_api" { - count = var.rke2_enable == false ? 0 : 1 + count = var.rke2_enable == false ? 0 : 1 default_pool_id = openstack_lb_pool_v2.k8s.id loadbalancer_id = openstack_lb_loadbalancer_v2.k8s.id name = "${var.naming_prefix}rke2-api" @@ -84,7 +84,7 @@ resource "openstack_lb_listener_v2" "rke2_api" { } resource "openstack_lb_listener_v2" "rke2_server" { - count = var.rke2_enable == false ? 0 : 1 + count = var.rke2_enable == false ? 0 : 1 default_pool_id = openstack_lb_pool_v2.rke2[0].id loadbalancer_id = openstack_lb_loadbalancer_v2.k8s.id name = "${var.naming_prefix}rke2-server" diff --git a/iac/cloud/openstack/lib/openstack-loadbalancer/variables.tf b/iac/cloud/openstack/lib/openstack-loadbalancer/variables.tf index dea1a58..a2a0c5c 100644 --- a/iac/cloud/openstack/lib/openstack-loadbalancer/variables.tf +++ b/iac/cloud/openstack/lib/openstack-loadbalancer/variables.tf @@ -34,23 +34,23 @@ variable "k8s_api_port" { } variable "vrrp_ip" { - type = string + type = string default = "" } variable "loadbalancer_provider" { - type = string + type = string default = "amphora" } variable "rke2_enable" { - type = bool - default = false + type = bool + default = false description = "value to create additional listeners for rke2" } variable "rke_server_port" { - type = number - default = 9345 + type = number + default = 9345 description = "value to set the port for the rke2 join api" } diff --git a/iac/cloud/openstack/lib/user_data-ubuntu/main.tf b/iac/cloud/openstack/lib/user_data-ubuntu/main.tf index f2b702a..ec416c2 100644 --- a/iac/cloud/openstack/lib/user_data-ubuntu/main.tf +++ b/iac/cloud/openstack/lib/user_data-ubuntu/main.tf @@ -17,7 +17,7 @@ data "cloudinit_config" "config" { pf9_region : var.pf9_region pf9_tenant : var.pf9_tenant pf9ctl_setup_download_url : var.pf9ctl_setup_download_url - reboot : var.reboot + reboot : var.reboot }) } } \ No newline at end of file diff --git a/iac/cloud/openstack/lib/user_data-ubuntu/variables.tf b/iac/cloud/openstack/lib/user_data-ubuntu/variables.tf index f0e8186..6b8002d 100644 --- a/iac/cloud/openstack/lib/user_data-ubuntu/variables.tf +++ b/iac/cloud/openstack/lib/user_data-ubuntu/variables.tf @@ -69,12 +69,12 @@ variable "pf9ctl_setup_download_url" { } variable "reboot" { - type = bool + type = bool default = false - + } variable "ub_version" { - type = string + type = string default = "" } \ No newline at end of file diff --git a/iac/cloud/openstack/lib/user_data-windows/variables.tf b/iac/cloud/openstack/lib/user_data-windows/variables.tf index 7bc2ddb..36f7c1e 100644 --- a/iac/cloud/openstack/lib/user_data-windows/variables.tf +++ b/iac/cloud/openstack/lib/user_data-windows/variables.tf @@ -3,8 +3,8 @@ variable "windows_user" { default = "administrator" } variable "windows_admin_password" { - type = string - default = "" + type = string + default = "" sensitive = true } @@ -46,11 +46,11 @@ variable "logrotate_size" { } variable "reboot" { - type = bool + type = bool default = true } variable "win_version" { - type = string + type = string default = "2022" } \ No newline at end of file diff --git a/iac/cloud/openstack/openstack-nova/network.tf b/iac/cloud/openstack/openstack-nova/network.tf index 2751493..b070639 100644 --- a/iac/cloud/openstack/openstack-nova/network.tf +++ b/iac/cloud/openstack/openstack-nova/network.tf @@ -19,7 +19,7 @@ resource "openstack_networking_subnet_v2" "subnet" { } resource "openstack_networking_router_v2" "router" { - count = var.vlan_id == "" ? 1 : 0 + count = var.vlan_id == "" ? 1 : 0 name = "${var.naming_prefix}k8s" external_network_id = var.router_external_network_id diff --git a/iac/cloud/openstack/openstack-nova/provider.tf b/iac/cloud/openstack/openstack-nova/provider.tf index 36812ac..200bea1 100644 --- a/iac/cloud/openstack/openstack-nova/provider.tf +++ b/iac/cloud/openstack/openstack-nova/provider.tf @@ -1,16 +1,16 @@ provider "openstack" { - auth_url = var.openstack_auth_url - cacert_file = var.openstack_ca - delayed_auth = true - insecure = var.openstack_insecure - password = var.openstack_password - region = var.openstack_region - tenant_name = var.openstack_tenant_name - use_octavia = true - user_name = var.openstack_user_name - user_domain_name = var.openstack_user_domain_name - project_domain_name = var.openstack_project_domain_name - application_credential_id = var.application_credential_id + auth_url = var.openstack_auth_url + cacert_file = var.openstack_ca + delayed_auth = true + insecure = var.openstack_insecure + password = var.openstack_password + region = var.openstack_region + tenant_name = var.openstack_tenant_name + use_octavia = true + user_name = var.openstack_user_name + user_domain_name = var.openstack_user_domain_name + project_domain_name = var.openstack_project_domain_name + application_credential_id = var.application_credential_id application_credential_secret = var.application_credential_secret } diff --git a/iac/cloud/openstack/openstack-nova/variables.tf b/iac/cloud/openstack/openstack-nova/variables.tf index 902e626..984f893 100644 --- a/iac/cloud/openstack/openstack-nova/variables.tf +++ b/iac/cloud/openstack/openstack-nova/variables.tf @@ -1,10 +1,10 @@ variable "additional_block_devices_worker" { description = "List of additional block devices to attach to worker instances" type = list(object({ - source_type = string # "blank", "image", "volume", "snapshot" + source_type = string # "blank", "image", "volume", "snapshot" volume_size = number volume_type = optional(string, "") - boot_index = number # Must be > 0 for non-boot devices + boot_index = number # Must be > 0 for non-boot devices destination_type = optional(string, "volume") delete_on_termination = optional(bool, true) mountpoint = string @@ -17,10 +17,10 @@ variable "additional_block_devices_worker" { variable "additional_block_devices_master" { description = "List of additional block devices to attach to master instances" type = list(object({ - source_type = string # "blank", "image", "volume", "snapshot" + source_type = string # "blank", "image", "volume", "snapshot" volume_size = number volume_type = optional(string, "") - boot_index = number # Must be > 0 for non-boot devices + boot_index = number # Must be > 0 for non-boot devices destination_type = optional(string, "volume") delete_on_termination = optional(bool, true) mountpoint = string @@ -33,16 +33,16 @@ variable "additional_block_devices_master" { variable "additional_ports_master" { description = "List of additional ports to create security group rules for custom applications" type = list(string) - default = [] # No rules created by default + default = [] # No rules created by default } variable "additional_ports_worker" { description = "List of additional ports to create security group rules for custom applications" type = list(string) - default = [] # No rules created by default + default = [] # No rules created by default } -variable "ansible_inventory_enabled"{ +variable "ansible_inventory_enabled" { type = bool default = false } @@ -113,20 +113,20 @@ variable "create_container" { } variable "cp_server_group_affinity" { - type = list(string) - default = ["anti-affinity"] + type = list(string) + default = ["anti-affinity"] description = "Set the Affinity Policy for the control plane server group" } variable "wn_server_group_affinity" { - type = list(string) - default = [] + type = list(string) + default = [] description = "Set the Affinity Policy for the control plane server group" } variable "win_server_group_affinity" { - type = list(string) - default = [] + type = list(string) + default = [] description = "Set the Affinity Policy for the control plane server group" } @@ -136,7 +136,7 @@ variable "csi_enabled" { } variable "disable_bastion" { - type = bool + type = bool default = false } @@ -183,7 +183,7 @@ variable "image_id" { } variable "image_id_windows" { - type = string + type = string default = "899af84f-d98f-4255-bf98-ceba5e3a8257" } @@ -252,12 +252,12 @@ variable "openstack_user_name" { } variable "openstack_project_domain_name" { - type = string + type = string default = null } variable "openstack_user_domain_name" { - type = string + type = string default = null } @@ -315,7 +315,7 @@ variable "size_worker_windows" { flavor = string }) default = { - count = 0 + count = 0 flavor = "gp.0.8.16" } } @@ -407,7 +407,7 @@ variable "use_octavia" { } variable "loadbalancer_provider" { - type = string + type = string default = "amphora" } @@ -433,7 +433,7 @@ variable "kubelet_extra_binds" { } variable "k8s_api_port" { - type = number + type = number default = 443 } @@ -503,141 +503,141 @@ variable "vlan_id" { } variable "node_master" { - type = string - default = "" + type = string + default = "" description = "define the role to be used in hostname" } variable "node_worker" { - type = string - default = "" + type = string + default = "" description = "define the role to be used in hostname" } variable "node_worker_windows" { - type = string - default = "" + type = string + default = "" description = "define the role to be used in hostname" } variable "master_node_bfv_source_type" { - type = string - default = "image" + type = string + default = "image" description = "he source type of the device. Must be one of blank, image, volume, or snapshot. Changing this creates a new server." } variable "master_node_bfv_volume_size" { - type = number - default = 0 + type = number + default = 0 description = "boot from volume size for the master nodes" } variable "master_node_bfv_destination_type" { - type = string - default = "local" + type = string + default = "local" description = "boot from volume type for the master nodes" } variable "master_node_bfv_delete_on_termination" { - type = bool - default = true + type = bool + default = true description = "If true, the volume will be deleted when the server is terminated." } variable "master_node_bfv_volume_type" { - type = string - default = "Standard" + type = string + default = "Standard" description = "The volume type that will be used, for example SSD or HDD storage. The available types depend on the OpenStack deployment." } variable "worker_node_bfv_source_type" { - type = string - default = "image" + type = string + default = "image" description = "he source type of the device. Must be one of blank, image, volume, or snapshot. Changing this creates a new server." } variable "worker_node_bfv_volume_size" { - type = number - default = 0 + type = number + default = 0 description = "boot from volume size for the master nodes" } variable "worker_node_bfv_destination_type" { - type = string - default = "local" + type = string + default = "local" description = "boot from volume type for the master nodes" } variable "worker_node_bfv_delete_on_termination" { - type = bool - default = true + type = bool + default = true description = "If true, the volume will be deleted when the server is terminated." } variable "worker_node_bfv_volume_type" { - type = string - default = "standard" + type = string + default = "standard" description = "The volume type that will be used, for example SSD or HDD storage. The available types depend on the OpenStack deployment." } variable "worker_node_bfv_size_windows" { - type = number - default = 100 + type = number + default = 100 description = "boot from volume size for the worker nodes" } variable "worker_node_bfv_type_windows" { - type = string - default = "local" + type = string + default = "local" description = "boot from volume type for the worker nodes" } variable "ub_version" { - type = string + type = string default = "" } variable "rke2_enable" { - type = bool - default = false + type = bool + default = false description = "value to create and configure the infrastructure for rke2" } variable "rke_server_port" { - type = number - default = 9345 + type = number + default = 9345 description = "value to set the port for the rke2 join api" } variable "reboot" { - type = bool - default = true + type = bool + default = true description = "Reboot the node on cloud-init run?" } variable "vrrp_enabled" { - type = bool - default = true + type = bool + default = true description = "Will create a port to use as a VIP. If floating IP pool is defined it will get a floating IP assigned to it." } variable "k8s_api_port_acl" { - type = list(string) - default = ["0.0.0.0/0"] + type = list(string) + default = ["0.0.0.0/0"] description = "List of CIDR blocks to allow access to to the K8s API Port" } variable "windows_user" { type = string default = "administrator" - + } variable "windows_admin_password" { - type = string - default = "" - sensitive = true + type = string + default = "" + sensitive = true description = "The password for the Windows administrator user." } @@ -660,18 +660,18 @@ variable "windows_admin_password" { variable "additional_server_pools_worker" { description = "List of additional worker server pools with their configurations" type = list(object({ - name = string - server_group_affinity = optional(string, "soft-anti-affinity") - worker_count = number - flavor_worker = string - node_worker = string - image_id = string - image_name = optional(string, "") - allowed_addresses = optional(list(string), []) - worker_node_bfv_volume_size = optional(number, 0) - worker_node_bfv_destination_type = optional(string, "local") - worker_node_bfv_source_type = optional(string, "image") - worker_node_bfv_volume_type = optional(string, "") + name = string + server_group_affinity = optional(string, "soft-anti-affinity") + worker_count = number + flavor_worker = string + node_worker = string + image_id = string + image_name = optional(string, "") + allowed_addresses = optional(list(string), []) + worker_node_bfv_volume_size = optional(number, 0) + worker_node_bfv_destination_type = optional(string, "local") + worker_node_bfv_source_type = optional(string, "image") + worker_node_bfv_volume_type = optional(string, "") worker_node_bfv_delete_on_termination = optional(bool, true) additional_block_devices_worker = optional(list(object({ source_type = string @@ -684,8 +684,8 @@ variable "additional_server_pools_worker" { filesystem = optional(string, "") label = optional(string, "") })), []) - pf9_onboard = optional(bool, false) - subnet_id = optional(string, "") + pf9_onboard = optional(bool, false) + subnet_id = optional(string, "") })) default = [] } @@ -693,18 +693,18 @@ variable "additional_server_pools_worker" { variable "additional_server_pools_worker_windows" { description = "List of additional Windows worker server pools with their configurations" type = list(object({ - name = string - server_group_affinity = optional(string, "soft-anti-affinity") - worker_count = number - flavor_worker = string - node_worker = string - image_id = string - image_name = optional(string, "") - allowed_addresses = optional(list(string), []) - worker_node_bfv_volume_size = optional(number, 0) - worker_node_bfv_destination_type = optional(string, "local") - worker_node_bfv_source_type = optional(string, "image") - worker_node_bfv_volume_type = optional(string, "") + name = string + server_group_affinity = optional(string, "soft-anti-affinity") + worker_count = number + flavor_worker = string + node_worker = string + image_id = string + image_name = optional(string, "") + allowed_addresses = optional(list(string), []) + worker_node_bfv_volume_size = optional(number, 0) + worker_node_bfv_destination_type = optional(string, "local") + worker_node_bfv_source_type = optional(string, "image") + worker_node_bfv_volume_type = optional(string, "") worker_node_bfv_delete_on_termination = optional(bool, true) additional_block_devices_worker_windows = optional(list(object({ source_type = string @@ -717,9 +717,9 @@ variable "additional_server_pools_worker_windows" { filesystem = optional(string, "") label = optional(string, "") })), []) - subnet_id = optional(string, "") - windows_user = optional(string, "Administrator") - windows_admin_password = optional(string, "") + subnet_id = optional(string, "") + windows_user = optional(string, "Administrator") + windows_admin_password = optional(string, "") })) default = [] } \ No newline at end of file diff --git a/iac/cni/calico/main.tf b/iac/cni/calico/main.tf index 06ee904..61da533 100644 --- a/iac/cni/calico/main.tf +++ b/iac/cni/calico/main.tf @@ -10,11 +10,11 @@ resource "local_file" "calico_values" { calico_interface_autodetect = var.calico_interface_autodetect calico_interface_autodetect_cidr = var.calico_interface_autodetect_cidr calico_version = var.calico_version - k8s_internal_ip = var.k8s_internal_ip + k8s_internal_ip = var.k8s_internal_ip k8s_api_port = var.k8s_api_port }) - filename = "${path.root}/../../../applications/overlays/${var.cluster_name}/services/calico/helm-values/override_values.yaml" + filename = "${path.root}/../../../applications/overlays/${var.cluster_name}/services/calico/helm-values/override_values.yaml" file_permission = "0644" } \ No newline at end of file diff --git a/iac/provider/kubespray/main.tf b/iac/provider/kubespray/main.tf index 044c336..7b6f566 100644 --- a/iac/provider/kubespray/main.tf +++ b/iac/provider/kubespray/main.tf @@ -1,5 +1,5 @@ locals { - ssh_key_path = var.ssh_key_path == "" ? "${path.cwd}/id_rsa" : var.ssh_key_path + ssh_key_path = var.ssh_key_path == "" ? "${path.cwd}/id_rsa" : var.ssh_key_path os_hardening_resource = var.os_hardening_enabled == true ? null_resource.os_hardening : null } @@ -12,7 +12,7 @@ resource "local_file" "ansible_inventory" { cluster_name = var.cluster_name dns_zone_name = var.dns_zone_name k8s_api_ip = var.k8s_api_ip - k8s_internal_ip = var.k8s_internal_ip + k8s_internal_ip = var.k8s_internal_ip kubernetes_version = var.kubernetes_version master_nodes = var.master_nodes network_plugin = var.network_plugin @@ -22,9 +22,9 @@ resource "local_file" "ansible_inventory" { windows_nodes = var.windows_nodes }) - filename = "./inventory/inventory.yaml" + filename = "./inventory/inventory.yaml" file_permission = "0644" - depends_on = [var.master_nodes, var.worker_nodes] + depends_on = [var.master_nodes, var.worker_nodes] # lifecycle { # replace_triggered_by = [var.master_nodes, var.worker_nodes] # } @@ -53,9 +53,9 @@ resource "local_file" "k8s_cluster" { kube_oidc_groups_prefix = var.kube_oidc_groups_prefix }) - filename = "./inventory/group_vars/k8s_cluster/k8s-cluster.yml" + filename = "./inventory/group_vars/k8s_cluster/k8s-cluster.yml" file_permission = "0644" - depends_on = [local_file.ansible_inventory] + depends_on = [local_file.ansible_inventory] } resource "local_file" "addons" { @@ -70,9 +70,9 @@ resource "local_file" "addons" { vrrp_ip = var.vrrp_ip }) - filename = "./inventory/group_vars/k8s_cluster/addons.yml" + filename = "./inventory/group_vars/k8s_cluster/addons.yml" file_permission = "0644" - depends_on = [local_file.ansible_inventory] + depends_on = [local_file.ansible_inventory] } resource "local_file" "k8s_hardening" { @@ -93,9 +93,9 @@ resource "local_file" "k8s_hardening" { kubelet_rotate_server_certificates = var.kubelet_rotate_server_certificates }) - filename = "./inventory/k8s_hardening.yml" + filename = "./inventory/k8s_hardening.yml" file_permission = "0644" - depends_on = [local_file.ansible_inventory] + depends_on = [local_file.ansible_inventory] } resource "null_resource" "clone_kubespray" { @@ -119,7 +119,7 @@ resource "null_resource" "setup_kubespray_venv" { provisioner "local-exec" { interpreter = ["/bin/bash", "-c"] - command = <<-EOT + command = <<-EOT #!/bin/bash set -e @@ -217,11 +217,11 @@ resource "local_file" "os_hardening_playbook" { {}) file_permission = "0644" - filename = "./inventory/os_hardening_playbook.yml" + filename = "./inventory/os_hardening_playbook.yml" } resource "null_resource" "clone_ansible_hardening" { - count = var.os_hardening_enabled == true ? 1 : 0 + count = var.os_hardening_enabled == true ? 1 : 0 provisioner "local-exec" { interpreter = ["/bin/bash", "-c"] @@ -240,7 +240,7 @@ resource "null_resource" "clone_ansible_hardening" { resource "null_resource" "os_hardening" { count = var.os_hardening_enabled == true ? 1 : 0 - depends_on = [null_resource.wait_cloudinit, local_file.os_hardening_playbook,null_resource.setup_kubespray_venv] + depends_on = [null_resource.wait_cloudinit, local_file.os_hardening_playbook, null_resource.setup_kubespray_venv] provisioner "local-exec" { interpreter = ["/bin/bash", "-c"] @@ -262,7 +262,7 @@ resource "null_resource" "os_hardening" { resource "null_resource" "run_kubespray" { count = var.deploy_cluster ? 1 : 0 - depends_on = [null_resource.wait_cloudinit, local.os_hardening_resource, null_resource.clone_kubespray,null_resource.setup_kubespray_venv] + depends_on = [null_resource.wait_cloudinit, local.os_hardening_resource, null_resource.clone_kubespray, null_resource.setup_kubespray_venv] provisioner "local-exec" { interpreter = ["/bin/bash", "-c"] diff --git a/iac/provider/kubespray/variables.tf b/iac/provider/kubespray/variables.tf index b27d19e..49d1f61 100644 --- a/iac/provider/kubespray/variables.tf +++ b/iac/provider/kubespray/variables.tf @@ -167,7 +167,7 @@ variable "os_hardening_enabled" { description = "Enable hardening for the operating system. This will apply settings to the OS from https://opendev.org/openstack/ansible-hardening" } -variable "ansible_hardening_version" { +variable "ansible_hardening_version" { type = string default = "stable/2025.1" } diff --git a/playbooks/configure-disks.yaml b/playbooks/configure-disks.yaml index 27bd909..1f13372 100644 --- a/playbooks/configure-disks.yaml +++ b/playbooks/configure-disks.yaml @@ -2,7 +2,7 @@ # configure-disks.yml # Production-grade disk configuration with explicit device paths # Uses group_vars to define disk_config variable -# Examplegroup_vars/oc_worker_nodes.yaml: +# Example group_vars/oc_worker_nodes.yaml: # disk_config: # - device: "/dev/vdd" # label: "longhorn-vol"