Skip to content
Snippets Groups Projects
Normal view Permalink
nodes.tf 7.2 KiB
Newer Older
Rob Kooper's avatar
backwards compatible
Rob Kooper committed
1 2 3 4 5 6 7 8 9 10 11 12 13 
locals {
  usernames = {
    "centos" = "centos",
    "ubuntu" = "ubuntu"
  }

  node_options = {
    "controlplane" = "--address awspublic --internal-address awslocal --controlplane --etcd",
    "worker"       = "--address awspublic --internal-address awslocal --worker"
  }

  machines = flatten([
    for x in var.cluster_machines : [
Rob Kooper's avatar
ncsa security  
Rob Kooper committed
14 15 
      for i in range(contains(keys(x), "count") ? x.count : 1) : {
        hostname    = format("%s-%s-%02d", var.cluster_name, x.name, (i + (contains(keys(x), "start_index") ? x.start_index : 1)))
Rob Kooper's avatar
backwards compatible
Rob Kooper committed
16 17 18 19 20 21 22 23 
        username    = lookup(local.usernames, x.os, "UNDEFINED")
        image_name  = lookup(var.openstack_os_image, x.os, "UNDEFINED")
        flavor      = try(x.flavor, "gp.medium")
        image_id    = data.openstack_images_image_v2.os_image[try(x.os, "UNDEFINED")].id
        disk_size   = try(x.disk, 40)
        zone        = try(x.zone, "nova")
        role        = try(x.role, "worker")
        floating_ip = try(x.floating_ip, can(x.role == "controlplane"))
Rob Kooper's avatar
ncsa security  
Rob Kooper committed
24 
        labels      = flatten([format("ncsa.role=%s", x.name), format("ncsa.flavor=%s", try(x.flavor, "gp.medium")), try(x.labels, [])])
Rob Kooper's avatar
backwards compatible
Rob Kooper committed
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 
      }
    ]
  ])

  jumphost = concat([for vm in local.machines : vm.hostname if vm.floating_ip], local.controlplane)[0]

  # DEPRECATED
  controlplane = [for l in range(var.controlplane_count) : var.old_hostnames ? format("%s-controlplane-%d", var.cluster_name, l) : format("%s-controlplane-%d", var.cluster_name, l + 1)]
  worker       = [for l in range(var.worker_count) : var.old_hostnames ? format("%s-worker-%d", var.cluster_name, l) : format("%s-worker-%02d", var.cluster_name, l + 1)]
}

# ----------------------------------------------------------------------
# cluster nodes
# ----------------------------------------------------------------------
resource "openstack_compute_instance_v2" "machine" {
  for_each          = { for vm in local.machines : vm.hostname => vm }
  name              = each.value.hostname
  image_name        = each.value.image_name
  availability_zone = each.value.zone
  flavor_name       = each.value.flavor
  key_pair          = openstack_compute_keypair_v2.key.name
  config_drive      = false

  depends_on = [
    openstack_networking_secgroup_rule_v2.same_security_group_ingress_tcp,
  ]

  security_groups = [
    openstack_networking_secgroup_v2.cluster_security_group.name
  ]

  network {
    port = openstack_networking_port_v2.machine_ip[each.key].id
  }

  block_device {
    uuid                  = each.value.image_id
    source_type           = "image"
    volume_size           = each.value.disk_size
    destination_type      = "volume"
    delete_on_termination = true
  }

  user_data = base64encode(templatefile("${path.module}/templates/user_data.tmpl", {
Rob Kooper's avatar
ncsa security  
Rob Kooper committed
69 70 71 72 73 74 75 76 77 78 79 
    private_key    = openstack_compute_keypair_v2.key.private_key
    project_name   = data.openstack_identity_auth_scope_v3.scope.project_name
    cluster_name   = var.cluster_name
    username       = each.value.username
    node_name      = each.value.hostname
    node_command   = rancher2_cluster.kube.cluster_registration_token.0.node_command
    node_options   = lookup(local.node_options, each.value.role, "--worker")
    node_labels    = join(" ", [for l in each.value.labels : format("-l %s", replace(l, " ", "_"))])
    ncsa_security  = var.ncsa_security
    taiga_enabled  = var.taiga_enabled
    install_docker = var.install_docker
Rob Kooper's avatar
backwards compatible
Rob Kooper committed
80 
  }))
Rob Kooper's avatar
fix critical issue where nodes could be destroyed  
Rob Kooper committed
81 82 83 84 85 86 87 88 89 

  lifecycle {
    ignore_changes = [
      key_pair,
      block_device,
      user_data,
      availability_zone
    ]
  }
Rob Kooper's avatar
backwards compatible
Rob Kooper committed
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 
}

# ----------------------------------------------------------------------
# control-plane nodes
# DEPRECATED
# ----------------------------------------------------------------------
resource "openstack_compute_instance_v2" "controlplane" {
  count             = var.controlplane_count
  name              = local.controlplane[count.index]
  image_name        = var.os
  availability_zone = var.openstack_zone
  flavor_name       = var.controlplane_flavor
  key_pair          = openstack_compute_keypair_v2.key.name
  config_drive      = false

  depends_on = [
    openstack_networking_secgroup_rule_v2.same_security_group_ingress_tcp,
  ]

  security_groups = [
    openstack_networking_secgroup_v2.cluster_security_group.name
  ]

  #echo "update hosts"
  #%{ for ip in openstack_networking_port_v2.worker_ip[count.index].all_fixed_ips }
  #echo "$${ip} $${node_name} $(hostname) $(hostname -f)"  >> /etc/hosts
  #%{ endfor }

  user_data = base64encode(templatefile("${path.module}/templates/user_data.tmpl", {
Rob Kooper's avatar
ncsa security  
Rob Kooper committed
119 120 121 122 123 124 125 126 127 128 129 
    private_key    = openstack_compute_keypair_v2.key.private_key
    project_name   = data.openstack_identity_auth_scope_v3.scope.project_name
    cluster_name   = var.cluster_name
    username       = "centos"
    node_name      = local.controlplane[count.index]
    node_command   = rancher2_cluster.kube.cluster_registration_token.0.node_command
    node_options   = "--address awspublic --internal-address awslocal --controlplane --etcd"
    node_labels    = ""
    ncsa_security  = false
    taiga_enabled  = var.taiga_enabled
    install_docker = var.install_docker
Rob Kooper's avatar
backwards compatible
Rob Kooper committed
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 
  }))

  block_device {
    uuid                  = data.openstack_images_image_v2.boot.id
    source_type           = "image"
    volume_size           = var.controlplane_disksize
    destination_type      = "volume"
    delete_on_termination = true
  }

  network {
    port = element(openstack_networking_port_v2.controlplane_ip.*.id, count.index)
  }

  lifecycle {
    ignore_changes = [
      key_pair,
      block_device,
      user_data,
      availability_zone
    ]
  }
}

# ----------------------------------------------------------------------
# worker nodes
# DEPRECATED
# ----------------------------------------------------------------------
resource "openstack_compute_instance_v2" "worker" {
  count             = var.worker_count
  name              = local.worker[count.index]
  image_name        = var.os
  availability_zone = var.openstack_zone
  flavor_name       = var.worker_flavor
  key_pair          = local.key
  config_drive      = false

  depends_on = [
    openstack_networking_secgroup_rule_v2.same_security_group_ingress_tcp
  ]

  security_groups = [
    openstack_networking_secgroup_v2.cluster_security_group.name
  ]

  user_data = base64encode(templatefile("${path.module}/templates/user_data.tmpl", {
Rob Kooper's avatar
ncsa security  
Rob Kooper committed
176 177 178 179 180 181 182 183 184 185 186 
    private_key    = openstack_compute_keypair_v2.key.private_key
    project_name   = data.openstack_identity_auth_scope_v3.scope.project_name
    cluster_name   = var.cluster_name
    node_name      = local.worker[count.index]
    username       = "centos"
    node_command   = rancher2_cluster.kube.cluster_registration_token.0.node_command
    node_options   = "--worker"
    node_labels    = ""
    ncsa_security  = false
    taiga_enabled  = var.taiga_enabled
    install_docker = var.install_docker
Rob Kooper's avatar
backwards compatible
Rob Kooper committed
187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 
  }))

  block_device {
    uuid                  = data.openstack_images_image_v2.boot.id
    source_type           = "image"
    volume_size           = var.worker_disksize
    destination_type      = "volume"
    boot_index            = 0
    delete_on_termination = true
  }

  network {
    port = element(openstack_networking_port_v2.worker_ip.*.id, count.index)
  }

  lifecycle {
    ignore_changes = [
      key_pair,
      block_device,
      user_data,
      availability_zone
    ]
  }
}

Contact help@ncsa.illinois.edu with questions regarding this site. | All rights reserved. ©2024 Board of Trustees of the University of Illinois. | Web Privacy Notice