hpcugent · GoodOldJack12 · Sep 10, 2024 · Sep 10, 2024 · Sep 11, 2024 · Sep 12, 2024
diff --git a/terraform/modules/multi_instance/main.tf b/terraform/modules/multi_instance/main.tf
@@ -7,8 +7,9 @@ module "main" {
   project_name  = var.project_name
   access_key    = var.access_key
   vsc_enabled   = var.public_vsc_enabled
-  playbook_url  = var.playbook_url
+  userscript = var.userscript
   is_windows    = false
+  custom_secgroup_rules = var.public_secgroup_rules
 }
 module "private" {
   count        = var.private_count

diff --git a/terraform/modules/multi_instance/variable.tf b/terraform/modules/multi_instance/variable.tf
@@ -23,8 +23,9 @@ variable "public_vsc_enabled" {
   default = false
   type    = bool
 }
-variable "playbook_url" {
-  default = "https://raw.githubusercontent.com/hpcugent/openstack-templates/master/heat/playbooks/install_nginx.yaml"
+variable "userscript" {
+  type = string
+  default = ""
 }
 variable "project_name" {
   default = "default"
@@ -39,3 +40,12 @@ locals {
   private_image  = var.private_image == "default" ? var.public_image : var.private_image
   private_flavor = var.private_flavor == "default" ? var.public_flavor : var.private_flavor
 }
+variable "public_secgroup_rules" {
+  type = map(object({
+    port = number
+    remote_ip_prefix = string
+    protocol = string
+    expose = optional(bool,false)
+  }))
+  default = {}
+}
diff --git a/terraform/modules/nfs/main.tf b/terraform/modules/nfs/main.tf
@@ -28,3 +28,34 @@ resource "openstack_sharedfilesystem_share_access_v2" "share_01_access" {
   access_to    = "0.0.0.0"
   access_level = "rw"
 }
+resource "null_resource" "nfs" {
+  count = var.host.scripts_enabled ? 1 : 0
+  triggers = {
+    path = openstack_sharedfilesystem_share_v2.share_01.export_locations[0].path
+    ansible_command = local.ansible_command
+    ansible_env = jsonencode(local.ansible_env)
+  }
+  depends_on = [ openstack_sharedfilesystem_share_access_v2.share_01_access, openstack_compute_interface_attach_v2.ai_1 ]
+  provisioner "local-exec" {
+    environment = jsondecode(self.triggers.ansible_env)
+    command = <<EOF
+    ${self.triggers.ansible_command} ${path.module}/mount_nfs.yaml -e "mount=true nfs_path=${self.triggers.path}"
+    EOF
+  }
+  provisioner "local-exec" {
+    environment = jsondecode(self.triggers.ansible_env)
+    when = destroy
+    on_failure = continue
+    command = <<EOF
+    ${self.triggers.ansible_command} ${path.module}/mount_nfs.yaml -e "mount=false nfs_path=${self.triggers.path}"
+    EOF  
+  }
+}
+locals {
+  ansible_env={
+    ANSIBLE_REMOTE_PORT = var.host.port
+    ANSIBLE_REMOTE_USER = var.host.user
+    ANSIBLE_HOST_KEY_CHECKING = false
+  }
+  ansible_command="timeout 2m ansible-playbook -c ssh -i ${var.host.ip},"
+}
diff --git a/terraform/modules/nfs/mount_nfs.yaml b/terraform/modules/nfs/mount_nfs.yaml
@@ -0,0 +1,12 @@
+- name: Configure NFS mount
+  hosts: all
+  tasks:
+  - name: NFS
+    ansible.posix.mount:
+      path: /mnt/nfs
+      src: "{{ nfs_path }}"
+      fstype: nfs
+      opts: defaults,_netdev
+      state: "{{ 'mounted' if mount == 'true' else 'absent' }}"
+  become: true
+  timeout: 120
diff --git a/terraform/modules/nfs/variable.tf b/terraform/modules/nfs/variable.tf
@@ -18,3 +18,11 @@ variable "vm_name" {
 variable "user_name" {
 
 }
+variable "host" {
+  type = object({
+    ip = string
+    port = string
+    user = string
+    scripts_enabled = bool
+  })
+}
diff --git a/terraform/modules/single_instance/ansible.tf b/terraform/modules/single_instance/ansible.tf
@@ -0,0 +1,29 @@
+locals {
+  ansible_env={
+    ANSIBLE_REMOTE_PORT = local.ports.ssh
+    ANSIBLE_REMOTE_USER = local.ssh_user
+    ANSIBLE_HOST_KEY_CHECKING = false
+  }
+  ansible_command="timeout 4m ansible-playbook -c ssh -i ${data.openstack_networking_floatingip_v2.public.address},"
+}
+resource "null_resource" "testconnection" {
+  count = local.scripts_enabled ? 1 : 0
+  depends_on = [ openstack_compute_instance_v2.instance_01 ]
+  triggers = {
+    user = local.ssh_user
+    port = local.ports.ssh
+    ip = data.openstack_networking_floatingip_v2.public.address
+  }
+  provisioner "remote-exec" {
+    connection {
+      user     = self.triggers.user
+      host     = self.triggers.ip
+      port = self.triggers.port
+      timeout = "5m"
+    }
+    inline = [ "until [ \"$(cloud-init status)\" = 'status: done' ] ;do sleep 5;done" ]
+  }
+}
+locals {
+  scripts_enabled = var.is_windows ? false : var.scripts_enabled
+}
diff --git a/terraform/modules/single_instance/cloudinit.tf b/terraform/modules/single_instance/cloudinit.tf
@@ -0,0 +1,32 @@
+data "cloudinit_config" "main" {
+  gzip          = false
+  base64_encode = false
+  part {
+    filename     = "cloud-config.yaml"
+    content_type = "text/cloud-config"
+    content = file("${local.scripts_dir}/cloud-config.yaml")
+  }
+  part {
+    filename     = "userscript.sh"
+    content_type = "text/x-shellscript"
+    content = var.userscript
+  }
+  part {
+    filename = "install_common.sh"
+    content_type = "text/x-shellscript"
+    content = <<-EOF
+    #!/bin/bash
+    if [[ -r '/etc/debian_version' ]];then 
+      apt-get update && apt-get install -y nfs-common cron
+    fi
+    EOF
+  }
+  dynamic "part" {
+    for_each = var.cloudinit
+    content {
+      filename = part.key
+      content_type = part.value.content_type
+      content = part.value.content
+    }
+  }
+}
diff --git a/terraform/modules/single_instance/cron.tf b/terraform/modules/single_instance/cron.tf
@@ -0,0 +1,71 @@
+variable "crontabs" {
+  type = map(object({
+    cron_time = string
+    cron_user = optional(string,"root")
+    script = string 
+  }))
+  default = {}
+  validation {
+    condition = !( length(var.crontabs) > 0 && var.is_windows )
+    error_message = "Can't add crons to windows!"
+  }
+}
+
+resource "null_resource" "cron" {
+  for_each = {
+    for k,v in local.crons : k => v
+    if local.scripts_enabled
+  }
+  depends_on = [ null_resource.testconnection ]
+  triggers = {
+    user = local.ssh_user
+    port = local.ports.ssh
+    ip = data.openstack_networking_floatingip_v2.public.address
+    content = each.value.script
+  }
+  connection {
+    type     = "ssh"
+    user     = self.triggers.user
+    agent = true
+    host     = self.triggers.ip
+    timeout = "5m"
+    port = self.triggers.port
+  }
+  provisioner "file" {
+    destination = "/home/${local.ssh_user}/${random_id.obscure[each.key].id}-${each.key}.sh"
+    content = each.value.script
+  }
+  provisioner "file" {
+    destination = "/home/${local.ssh_user}/${random_id.obscure[each.key].id}-${each.key}.cron"
+    content = <<-EOT
+    ${each.value.cron_time} ${each.value.cron_user} /opt/vsc/cron/${each.key}.sh
+
+    EOT
+  }
+  provisioner "remote-exec" {
+    inline = [
+      "set -e",
+      "sudo cp /home/${local.ssh_user}/${random_id.obscure[each.key].id}-${each.key}.sh /opt/vsc/cron/${each.key}.sh",
+      "sudo chmod +x /opt/vsc/cron/${each.key}.sh",
+      "sudo mv /home/${local.ssh_user}/${random_id.obscure[each.key].id}-${each.key}.cron /etc/cron.d/${each.key}",
+      "sudo chown root:root /etc/cron.d/${each.key}",
+      "sudo restorecon /etc/cron.d/${each.key} || echo \"SELinux not installed?\""
+     ]
+  }
+  provisioner "remote-exec" {
+    when = destroy
+    on_failure = continue
+    inline = [ 
+      "sudo rm /etc/cron.d/${each.key}",
+      "sudo rm /opt/vsc/cron/${each.key}.sh"
+     ]
+  }
+}
+resource "random_id" "obscure" {
+  for_each = local.crons
+  byte_length = 8
+}
+locals {
+  crons = var.is_windows ? {} : merge(var.crontabs,local.default_crons)
+  default_crons = {}
+}
diff --git a/terraform/modules/single_instance/custom_secgroup.tf b/terraform/modules/single_instance/custom_secgroup.tf
@@ -22,7 +22,7 @@ resource "shell_script" "custom_portforward" {
     "OS_CLOUD"   = local.cloud
   }
   lifecycle_commands {
-    create = file("../scripts/generate_port.sh")
+    create = file("${local.scripts_dir}/generate_port.sh")
     delete = <<-EOF
       rm -rf "port_${var.vm_name}-${substr(random_uuid.uuid.result, 0, 4)}_${each.key}.json"
     EOF

diff --git a/terraform/modules/single_instance/data.tf b/terraform/modules/single_instance/data.tf
@@ -3,14 +3,16 @@ locals {
   any_enabled  = var.nfs_enabled || var.nginx_enabled
   ports = {
     ssh  = jsondecode(shell_script.port_ssh.output["ports"])[0]
-    http = var.nginx_enabled ? jsondecode(shell_script.port_http[0].output["ports"])[0] : null
+    http = var.nginx_enabled ? ( var.alt_http ? jsondecode(shell_script.port_http[0].output["ports"])[0] : 80 ) : null
+    https = var.nginx_enabled ? ( var.alt_http ? jsondecode(shell_script.port_http[0].output["ports"])[1] : 443) : null
   }
   ssh_internal_port = var.is_windows ? 3389 : 22
   project_name      = data.openstack_identity_project_v3.project.name
-  cloud             = jsondecode(file("${path.cwd}/terraform.tfvars.json"))["cloud"]
+  cloud             = jsondecode(file("${path.root}/terraform.tfvars.json"))["cloud"]
   access_key        = var.access_key == "default" ? data.shell_script.access_key.output["Name"] : var.access_key
   disk_var          = var.rootdisk_size == "default" ? data.openstack_compute_flavor_v2.flavor.disk : var.rootdisk_size
   disk_size         = var.is_windows ? max(local.disk_var,60) : local.disk_var
+  scripts_dir       = "${path.module}/scripts"
 }
 
 # UUID for this "instance of the module" rather than depending on a changeable instance ID
@@ -25,7 +27,7 @@ resource "shell_script" "port_ssh" {
     "OS_CLOUD"   = local.cloud
   }
   lifecycle_commands {
-    create = file("../scripts/generate_port.sh")
+    create = file("${local.scripts_dir}/generate_port.sh")
     delete = <<-EOF
       rm -rf "port_${var.vm_name}-${substr(random_uuid.uuid.result, 0, 4)}_ssh.json"
     EOF
@@ -37,15 +39,15 @@ resource "shell_script" "port_ssh" {
   interpreter       = ["/bin/bash", "-c"]
 }
 resource "shell_script" "port_http" {
-  count = var.nginx_enabled ? 1 : 0
+  count = var.nginx_enabled && var.alt_http ? 1 : 0
   environment = {
     "OS_CLOUD"   = local.cloud
     "IP_ID"      = data.openstack_networking_floatingip_v2.public.id
-    "PORT_COUNT" = 1
+    "PORT_COUNT" = 2
     "PORT_NAME"  = "${var.vm_name}-${substr(random_uuid.uuid.result, 0, 4)}_http"
   }
   lifecycle_commands {
-    create = file("../scripts/generate_port.sh")
+    create = file("${local.scripts_dir}/generate_port.sh")
     delete = <<-EOF
       rm -rf "port_${var.vm_name}-${substr(random_uuid.uuid.result, 0, 4)}_http.json"
     EOF

diff --git a/terraform/modules/single_instance/http.tf b/terraform/modules/single_instance/http.tf
@@ -6,14 +6,37 @@ resource "openstack_networking_portforwarding_v2" "http" {
   internal_port_id    = openstack_networking_port_v2.vm.id
   internal_ip_address = openstack_networking_port_v2.vm.all_fixed_ips[0]
   protocol            = "tcp"
+  depends_on          = [openstack_networking_secgroup_rule_v2.http, shell_script.port_http]
+  lifecycle {
+    precondition {
+      condition     = var.public
+      error_message = ("Cant enable forward on a private instance!")
+    }
+    replace_triggered_by = [terraform_data.http_port.output]
+  }
+  description = "${data.openstack_identity_auth_scope_v3.scope.user_name}-${var.vm_name}-http-80"
+}
+resource terraform_data http_port {
+  # stupid work around for terraform being unable to cope with optional replaced_triggered_by
+  input = try(shell_script.port_http[0].output,local.ports.http)
+}
+resource "openstack_networking_portforwarding_v2" "https" {
+  count               = var.nginx_enabled ? 1 : 0
+  floatingip_id       = data.openstack_networking_floatingip_v2.public.id
+  external_port       = local.ports.https
+  internal_port       = 443
+  internal_port_id    = openstack_networking_port_v2.vm.id
+  internal_ip_address = openstack_networking_port_v2.vm.all_fixed_ips[0]
+  protocol            = "tcp"
   depends_on          = [openstack_networking_secgroup_rule_v2.http]
   lifecycle {
     precondition {
       condition     = var.public
       error_message = ("Cant enable forward on a private instance!")
     }
+    replace_triggered_by = [terraform_data.http_port.output]
   }
-  description = "${data.openstack_identity_auth_scope_v3.scope.user_name}-${var.vm_name}-http"
+  description = "${data.openstack_identity_auth_scope_v3.scope.user_name}-${var.vm_name}-http-443"
 }
 resource "openstack_networking_secgroup_rule_v2" "http" {
   count             = var.nginx_enabled ? 1 : 0
@@ -26,3 +49,34 @@ resource "openstack_networking_secgroup_rule_v2" "http" {
   security_group_id = openstack_networking_secgroup_v2.secgroup.id
   description = "${data.openstack_identity_auth_scope_v3.scope.user_name}-${var.vm_name}-http"
 }
+resource "openstack_networking_secgroup_rule_v2" "https" {
+  count             = var.nginx_enabled ? 1 : 0
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 443
+  port_range_max    = 443
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.secgroup.id
+  description = "${data.openstack_identity_auth_scope_v3.scope.user_name}-${var.vm_name}-http"
+}
+resource "null_resource" "nginx" {
+  count = ( var.nginx_enabled && local.scripts_enabled ) ? 1 : 0
+  triggers = {
+    enabled = var.nginx_enabled
+    scripts_dir = local.scripts_dir
+    ansible_command = local.ansible_command
+    environment = jsonencode(local.ansible_env)
+  }
+  depends_on = [ null_resource.testconnection ]
+  provisioner "local-exec" {
+    environment = jsondecode(self.triggers.environment)
+    command = "${self.triggers.ansible_command} ${self.triggers.scripts_dir}/ansible/nginx.yaml --extra-vars install=${self.triggers.enabled}"
+  }
+  provisioner "local-exec" {
+    environment = jsondecode(self.triggers.environment)
+    when = destroy
+    on_failure = continue
+    command=  "${self.triggers.ansible_command} ${self.triggers.scripts_dir}/ansible/nginx.yaml --extra-vars install=false"
+  }
+}