Commit graph

48 commits

Author SHA1 Message Date
Hugo Blom
49196c2ec4
[Openstack] Add bastion_allowed_ports to allow custom security group rules on bastion node (#9336)
* make it possible to configure bastion remote ips

* Update README.md
2022-09-27 22:03:35 -07:00
Robin Ramquist
f4daf5856e
Subnet setup order fix & Number of master nodes syntax fix (#9159)
* Subnet setup order fix & Number of master nodes syntax fix

* Mistake fix!

* Formatting
2022-08-18 00:56:43 -07:00
Robin Wallace
fe66121287
[Openstack] master foreach and fixes (#8709)
* [openstack] fix for new network modules

* [openstack] for-each master nodes
2022-05-03 08:51:56 -07:00
Cristian Calin
7759494c85
[terraform][openstack] allow disabling port_security at port level (#8455)
Use openstack_networking_port_v2 and openstack_networking_floatingip_associate_v2
to attach floating ips. This gives us more flexibility on disabling port security
when binding instances directly on provider networks in private cloud scenario.
2022-02-02 08:50:22 -08:00
Cristian Calin
ea44d64511
[contrib] terraform openstack: allow disabling port security (#8410) 2022-01-14 12:58:32 -08:00
Robin Wallace
38c12288f1
Add option for boot volume type for k8s node (#8256) 2021-11-30 12:59:01 -08:00
Olle Larsson
fe0810aff9
Add option to set different server group policy for etcd, node, and master server (#8046) 2021-11-22 02:53:09 -08:00
Febrian Setianto
f48ae18630
Use Pre-existing Floating IP for Bastion (#8214)
* use pre-existing floating IP for bastion

* document bastion_fips in readme
2021-11-19 07:58:52 -08:00
Simon Kollberg
d7039ef707
Openstack cwd (#7643)
* terraform/openstack: Use path.root for ansible_bastion_template.txt

The path.root variable points to the root module path. Using this
instead of a relative path makes less assumptions about the current
working directory.

* terraform/openstack: Add group_vars_path variable

Previously, the group_vars path was assumed to be in CWD. The
default value for the group_vars_path variable is still relative
to CWD and thus should be backwards compatible if unset.
2021-06-25 00:26:45 -07:00
Hugo Blom
f2d10e9465
allow users to set image_uuid instead of name, this allows the use of openstack community images (#7283) 2021-02-16 07:05:06 -08:00
Cristian Klein
fd3ebc13f7
Fix terraform0.13 errors (#7077)
* [terraform/aws] Fix Terraform >=0.13 warnings

Terraform >=0.13 gives the following warning:

```
Warning: Interpolation-only expressions are deprecated
```

The fix was tested as follows:
```
rm -rf .terraform && terraform0.12.26 init && terraform0.12.26 validate
rm -rf .terraform && terraform0.13.5 init && terraform0.13.5 validate
rm -rf .terraform && terraform0.14.3 init && terraform0.14.3 validate
```
which gave no errors nor warnings.

* [terraform/openstack] Fixes for Terraform >=0.13

Terraform >=0.13 gives the following error:
```
Error: Failed to install providers
Could not find required providers, but found possible alternatives:
  hashicorp/openstack -> terraform-provider-openstack/openstack
```

This patch fixes these errors.

This fix was tested as follows:
```
rm -rf .terraform && terraform0.12.26 init && terraform0.12.26 validate
rm -rf .terraform && terraform0.13.5 init && terraform0.13.5 validate
rm -rf .terraform && terraform0.14.3 init && terraform0.14.3 validate
```
which gave no errors nor warnings for Terraform 0.13.5 and Terraform
0.14.3. Unfortunately, 0.12.x gives a harmless warning, but
with 0.14.3 out the door, I guess we need to move on.

* [terraform/packet] Fixes for Terraform >=0.13

This fix was tested as follows:
```
export PACKET_AUTH_TOKEN=blah-blah
rm -rf .terraform && terraform0.12.26 init && terraform0.12.26 validate
rm -rf .terraform && terraform0.13.5 init && terraform0.13.5 validate
rm -rf .terraform && terraform0.14.3 init && terraform0.14.3 validate
```

Errors are gone, but warnings still remain. It is impossible to please
all three versions of Terraform.

* Add tests for Terraform >=0.13
2020-12-23 05:08:26 -08:00
Hugo Blom
1b0326f773
do not apply floating IP's before router port is created (#6887) 2020-11-06 00:16:50 -08:00
Hugo Blom
df7ed24389
[Openstack] Add security groups not managed by terraform (#6865)
* add custom sec groups

* make sure groups are applied only when created

* fix spacing
2020-11-05 05:30:54 -08:00
rptaylor
07858e8f71
allow pre-existing floating IPs to be specified with k8s_master_fips (#6755)
k8s_master_no_etcd_fips should not be input var
2020-10-11 23:54:47 -07:00
Hugo Blom
2f8fc92182
make it possible to open additional ports on master nodes (#6547) 2020-08-27 02:07:13 -07:00
rptaylor
f2d2d080f6
add master_volume_type variable (#6524) 2020-08-18 00:49:29 -07:00
Florian Ruynat
764a851189
Terraform quoted references are now deprecated (#6203) 2020-06-05 00:05:43 -07:00
qvicksilver
065292f8a4
Terraform/OpenStack: Allow free form worker node definition (#5952)
* Terraform/OpenStack: Allow free form worker node definition

* fixup! Terraform/OpenStack: Allow free form worker node definition
2020-04-16 07:52:45 -07:00
qvicksilver
0d2990510e
Terraform/OpenStack: Enable usage of an existing router (#5890) 2020-04-06 02:41:46 -07:00
rptaylor
277b347604
add az_list_node variable to specify different AZs for kubelets (#5413)
* rebase and add az_list_node variable to specify different AZs for kubelets

* fix missing variable name change
2020-02-18 04:29:27 -08:00
Hugo Blom
40e35b3fa6 Support Openstack servergroups (#5412)
* add support for nova servergroups

* Add documentation for openstack nova servergroups

* uppdate to TF 0.12.12 format and fix etcd

* revert for_each change

* fix variables and formatting in main.tf

* try to avoid errors

* update variable

* Update main.tf

* Update main.tf

* update all other instance resources
2019-12-09 01:15:10 -08:00
Hugo Blom
a8c5a0afdc Make it possible to disable access_ip (openstack provider) (#5239)
* Add a variable do disable access_ip

* Document the use of use_access_ip
2019-10-07 04:09:09 -07:00
Robert Neumann
a5d165dc85 Customize host root volume size by Terrafrom provisioning (#4239)
* print hostnames (#5110)

Terrafrom - customize hosts root volume size

disable block_device by default value

Terraform formatting fix

Fixed typos

* fix resources after rebase

* Fix glusterfs image issue
2019-09-25 05:17:59 -07:00
mcayland
3732c3a9b1 terraform/openstack: add network_dns_domain variable (#5093)
This allows the user to optionally specify the dns_domain attribute on the
generated internal kubernetes network.
2019-08-21 05:09:15 -07:00
Hugo Blom
da015e0249 Updated Openstack to terraform 0.12 (#5062)
* update openstack to terraform 0.12(.5)

* replace cluter.tf with cluster.tfvars

* update README.md to terraform 0.12

* update Openstack CI tests to use terraform 0.12

* specify terraform version in openstack README

* gitlab CI to copy cluster.tfvars in case of openstack provider

* The terraform/openstack dynamic inventory can read
tfstate v4 (generated by terraform 0.12) and convert them internally
ro v3 (as generated by terraform 0.11.x).

Additionally the script has been updated to Python 3.
2019-08-18 01:30:05 -07:00
Robert Neumann
787a9c74fa Terraform wait for floating IP instance has been associated (#4321)
* Add wait for floating ip associate with instance

* Terraform formatting fix

* Sort Open Telekom Cloud in compatible list
2019-05-09 02:16:50 -07:00
Jiang Yi Tao
f518b90c6b associate fips for masters with no etcd (#4657) 2019-04-28 22:58:20 -07:00
Maxime Guyot
37d98e79ec Pin Terraform provider versions (#4620) 2019-04-23 22:22:01 -07:00
rptaylor
873b5608cf add master_allowed_remote_ips (with terraform fmt) (#4022) 2019-04-21 01:57:44 -07:00
Maxime Guyot
1cf76a10db Disable usage of default security group (#4533) 2019-04-17 02:10:03 -07:00
Andreas Holmsten
7f1d9ff543 [contrib/terraform/openstack] Add k8s_allowed_remote_ips variable (#4506)
* Add k8s_allowed_remote_ips variable

Useful for defining CIDRs allowed to initiate a SSH connection when
you don't want to use a bastion.

* Add TF_VAR_k8s_allowed_remote_ips variable to tf-apply-ovh
2019-04-15 07:22:08 -07:00
Andreas Holmsten
6c34745958
Add worker_allowed_ports
* [contrib/terraform/openstack] Add worker_allowed_ports

  Allow user to define in terraform template which ports and remote
  IPs that are allowed to access worker nodes. This is useful when you
  don't want to open up whole NodePort range to the outside world, or
  ports outside NodePort range.
2018-11-01 17:48:37 +01:00
Maxime Guyot
38beab8fe8 Add support for router less deployments 2018-10-19 12:39:34 +02:00
Andreas Holmsten
0a9a42b544 Change from Nova security groups to Neutron (#2910)
* Replace `openstack_compute_secgroup_v2` with `openstack_networking_secgroup_v2`

The `openstack_networking_secgroup_v2` resource allow specifications of
both ingress and egress. Nova security groups define ingress rules only.

This change will also allow for more user-friendly specified security
rules, as the different security group resources have different HCL
syntax.
2018-09-28 11:35:02 +02:00
Antoine Legrand
a642931422
Merge pull request #3019 from holmsten/terraform-ops-worker-groups
[contrib/terraform/openstack] Add supplementary node groups
2018-08-16 16:06:53 +02:00
Rong Zhang
16bd0d2b5d
Merge pull request #2900 from drekle/configure_openstack_subnet_CIDR
Configure openstack subnet cidr
2018-08-07 17:27:01 +08:00
rguichard
c19643cee2 availability zones support for OpenStack
allow masters, nodes and gluster nodes (within each group) to be scheduled
on differents AZ.
2018-08-01 16:42:58 +02:00
Andreas Holmsten
b900bd6e94
[contrib/terraform/openstack] Add supplementary node groups
* Add supplementary node groups

  To add additional ansible groups to the k8s nodes, such as
  `kube-ingress` for running ingress controller pods. Empty by default.
2018-06-28 16:46:20 +02:00
Derek Lemon
27d62941b2 Add the subnet_cidr as a required argument to the network module 2018-06-14 17:41:58 +00:00
Pablo Moreno
df6c5b28a1 [contrib/terraform/openstack] Backward compatibility changes (#2539)
* [terraform/openstack] Restores ability to use existing public nodes and masters as bastion.

* [terraform/openstack] Uses network_id as output

* [terraform/openstack] Fixes link to inventory/local/group_vars

* [terraform/openstack] Adds supplementary master groups

* [terraform/openstack] Updates documentation avoiding manual setups for bastion (as they are not needed now).

* [terraform/openstack] Supplementary master groups in docs.

* [terraform/openstack] Fixes repeated usage of master fips instead of bastion fips

* [terraform/openstack] Missing change for network_id to subnet_id

* [terraform/openstack] Changes conditional to element( concat ) form to avoid type issues with empty lists.
2018-04-30 18:11:07 +03:00
ArchiFleKs
74fd975b57 run terraform FMT for readability 2018-01-05 12:09:04 +01:00
ArchiFleKs
6eb6e806e7 Update Terraform docs and authentication method
Hardcoded variables are removed from variables.tf file because it might
not be suitable for all OpenStack Cloud depending on Identity API
version available (between v2 or v3) and preferred authentication
method.
2018-01-05 11:25:37 +01:00
BenGalewsky
591ae700ce Update OpenStack Terraform: Modules, Bastions, and New Floating IP config (#1958)
* Adding bastion and private network provisioning for openstack terraform

* Remove usage of floating-ip property

* Combine openstack instances + floating ips

* Fix relating floating IPs to hosts for openstack builds

* Tighten up security groups

Allow ssh into all instances with floating IP

* Add the gluster hosts to the no-floating group

* Break terraform into modules

* Update README and var descriptions to match current config

* Remove volume property in gluster compute def

* Include cluster name in internal network and router names

* Make dns_nameservers a variable
2017-12-05 12:48:47 +00:00
Pablo Moreno
c819238da9 Adds support for separate etcd machines on terraform/openstack deployment (#1674) 2017-09-27 10:59:09 +01:00
Pablo Moreno
cf26585cff Restores working order of contrib/terraform/openstack, includes vault group and avoids group_vars/k8s-cluster.yml 2017-03-02 23:58:07 +00:00
Pablo Moreno
27e239c8d6 GlusterFS with external VMs, terraform/os included 2016-12-06 11:03:13 +00:00
Matthew Mosesohn
f106bf5bc4 adds ability to have hosts with no floating ips on terraform/openstack (+8 squashed commits)
Squashed commits:
[f9355ea] Swap order in which we reload docker/socket
[2ca6819] Reload docker.socket after installing flannel on coreos

Workaround for #569
[9f976e5] Vagrantfile: setup proxy inside virtual machines

In corporate networks, it is good to pre-configure proxy variables.
[9d7142f] Vagrantfile: use Ubuntu 16.04 LTS

Use recent supported version of Ubuntu for local development setup
with Vagrant.
[50f77cc] Add CI test layouts

* Drop Wily from test matrix
* Replace the Wily cases dropped with extra cases to test separate
  roles deployment

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
[03e162b] Update OWNERS
[c7b00ca] Use tar+register instead of copy/slurp for distributing tokens and certs

Related bug: https://github.com/ansible/ansible/issues/15405

Uses tar and register because synchronize module cannot sudo on the
remote side correctly and copy is too slow.

This patch dramatically cuts down the number of tasks to process
for cert synchronization.
[2778ac6] Add new var skip_dnsmasq_k8s

If skip_dnsmasq is set, it will still not set up dnsmasq
k8s pod. This enables independent setup of resolvconf section
before kubelet is up.
2016-11-07 10:53:13 +00:00
Paul Czarkowski
e924504928 WIP: terraform openstack 2016-06-05 15:52:20 -05:00