-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
151 lines (132 loc) · 6.08 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
locals {
ibm_powervs_zone_region_map = {
"syd04" = "syd"
"syd05" = "syd"
"eu-de-1" = "eu-de"
"eu-de-2" = "eu-de"
"lon04" = "lon"
"lon06" = "lon"
"tok04" = "tok"
"us-east" = "us-east"
"us-south" = "us-south"
"dal12" = "us-south"
"tor01" = "tor"
"osa21" = "osa"
"sao01" = "sao"
"mon01" = "mon"
"wdc06" = "us-east"
}
ibm_powervs_zone_cloud_region_map = {
"syd04" = "au-syd"
"syd05" = "au-syd"
"eu-de-1" = "eu-de"
"eu-de-2" = "eu-de"
"lon04" = "eu-gb"
"lon06" = "eu-gb"
"tok04" = "jp-tok"
"us-east" = "us-east"
"us-south" = "us-south"
"dal12" = "us-south"
"tor01" = "ca-tor"
"osa21" = "jp-osa"
"sao01" = "br-sao"
"mon01" = "ca-tor"
"wdc06" = "us-east"
}
}
# There are discrepancies between the region inputs on the powervs terraform resource, and the vpc ("is") resources
provider "ibm" {
alias = "ibm-pvs"
region = lookup(local.ibm_powervs_zone_region_map, var.powervs_zone, null)
zone = var.powervs_zone
ibmcloud_api_key = var.ibmcloud_api_key != null ? var.ibmcloud_api_key : null
}
#####################################################
# VPC landing zone module
#####################################################
module "landing_zone" {
source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone.git//patterns//vsi?ref=v3.0.1"
ibmcloud_api_key = var.ibmcloud_api_key
ssh_public_key = var.ssh_public_key
region = lookup(local.ibm_powervs_zone_cloud_region_map, var.powervs_zone, null)
prefix = var.prefix
override_json_string = var.preset
}
locals {
landing_zone_config = jsondecode(module.landing_zone.config)
nfs_disk_exists = [for vsi in local.landing_zone_config.vsi : vsi.block_storage_volumes[0].capacity if contains(keys(vsi), "block_storage_volumes")]
nfs_disk_size = length(local.nfs_disk_exists) >= 1 ? local.nfs_disk_exists[0] : ""
transit_gateway_name = module.landing_zone.transit_gateway_name
access_host_or_ip_exists = contains(keys(module.landing_zone.fip_vsi[0]), "floating_ip") ? true : false
access_host_or_ip = local.access_host_or_ip_exists ? module.landing_zone.fip_vsi[0].floating_ip : ""
private_svs_vsi_exists = contains(module.landing_zone.vsi_names, "${var.prefix}-private-svs-1") ? true : false
private_svs_ip = local.private_svs_vsi_exists ? [for vsi in module.landing_zone.vsi_list : vsi.ipv4_address if vsi.name == "${var.prefix}-private-svs-1"][0] : ""
inet_svs_vsi_exists = contains(module.landing_zone.vsi_names, "${var.prefix}-inet-svs-1") ? true : false
inet_svs_ip = local.inet_svs_vsi_exists ? [for vsi in module.landing_zone.vsi_list : vsi.ipv4_address if vsi.name == "${var.prefix}-inet-svs-1"][0] : ""
squid_port = "3128"
valid_json_used = local.access_host_or_ip_exists && local.private_svs_vsi_exists && local.inet_svs_vsi_exists ? true : false
validate_json_msg = "Wrong JSON preset used. Please use one of the JSON preset supported for Power."
# tflint-ignore: terraform_unused_declarations
validate_json_chk = regex("^${local.validate_json_msg}$", (local.valid_json_used ? local.validate_json_msg : ""))
}
locals {
### Squid Proxy will be installed on "${var.prefix}-inet-svs-1" vsi
squid_config = {
"squid_enable" = true
"server_host_or_ip" = local.inet_svs_ip
"squid_port" = local.squid_port
}
### Proxy client will be configured on "${var.prefix}-private-svs-1" vsi
perform_proxy_client_setup = {
squid_client_ips = [local.private_svs_ip]
squid_server_ip = local.squid_config["server_host_or_ip"]
squid_port = local.squid_config["squid_port"]
no_proxy_hosts = "161.0.0.0/8"
}
### DNS Forwarder will be configured on "${var.prefix}-private-svs-1" vsi
dns_config = merge(var.dns_forwarder_config, {
"dns_enable" = var.configure_dns_forwarder
"server_host_or_ip" = local.private_svs_ip
})
### NTP Forwarder will be configured on "${var.prefix}-private-svs-1" vsi
ntp_config = {
"ntp_enable" = var.configure_ntp_forwarder
"server_host_or_ip" = local.private_svs_ip
}
### NFS server will be configured on "${var.prefix}-private-svs-1" vsi
nfs_config = {
"nfs_enable" = local.nfs_disk_size != "" ? var.configure_nfs_server : false
"server_host_or_ip" = local.private_svs_ip
"nfs_file_system" = [{ name = "nfs", mount_path : "/nfs", size : local.nfs_disk_size }]
}
}
#####################################################
# PowerVS Infrastructure module
#####################################################
module "powervs_infra" {
source = "../../../../"
providers = { ibm = ibm.ibm-pvs }
depends_on = [module.landing_zone]
powervs_zone = var.powervs_zone
powervs_resource_group_name = var.powervs_resource_group_name
powervs_workspace_name = "${var.prefix}-${var.powervs_zone}-power-workspace"
tags = var.tags
powervs_image_names = var.powervs_image_names
powervs_sshkey_name = "${var.prefix}-${var.powervs_zone}-ssh-pvs-key"
ssh_public_key = var.ssh_public_key
ssh_private_key = var.ssh_private_key
powervs_management_network = var.powervs_management_network
powervs_backup_network = var.powervs_backup_network
transit_gateway_name = local.transit_gateway_name
reuse_cloud_connections = false
cloud_connection_count = var.cloud_connection["count"]
cloud_connection_speed = var.cloud_connection["speed"]
cloud_connection_gr = var.cloud_connection["global_routing"]
cloud_connection_metered = var.cloud_connection["metered"]
access_host_or_ip = local.access_host_or_ip
squid_config = local.squid_config
dns_forwarder_config = local.dns_config
ntp_forwarder_config = local.ntp_config
nfs_config = local.nfs_config
perform_proxy_client_setup = local.perform_proxy_client_setup
}