Add config for web interface

* Add security group so that 8080 and 8443 can be accessed
* Request a second floating IP attached to the first mon instance for
  the interface
* Add more setup to the cloud-init.yml file to include salt-minion setup
* Break out cloud-init.yml for admin node to set up minion and master,
  in addition to installing ceph-salt

compute.tf

@@ -12,6 +12,15 @@ data "openstack_compute_flavor_v2" "m1_small" {
 
 
 # template file cloud-init.yml
+#
+data "template_file" "cloud_init_admin_yml" {
+  template = file("${path.module}/templates/cloud-init-admin.yml")
+  vars = {
+    sles_reg_code  = var.sles_reg_code
+    sles_reg_email = var.sles_reg_email
+    sles_ses_reg   = var.sles_ses_reg
+  }
+}
 
 data "template_file" "cloud_init_yml" {
   template = file("${path.module}/templates/cloud-init.yml")
@@ -34,7 +43,7 @@ resource "openstack_compute_instance_v2" "admin" {
     openstack_compute_secgroup_v2.allow_ssh.name
   ]
 
-  user_data = data.template_file.cloud_init_yml.rendered
+  user_data = data.template_file.cloud_init_admin_yml.rendered
 
   block_device {
     # this is the image to clone from
@@ -140,7 +149,8 @@ resource "openstack_compute_instance_v2" "mon" {
   flavor_id = data.openstack_compute_flavor_v2.m1_small.id
   key_pair  = var.ssh_keypair
   security_groups = [
-    "default"
+    "default",
+    openstack_compute_secgroup_v2.allow_web_interface.name
   ]
 
   user_data = data.template_file.cloud_init_yml.rendered
@@ -158,3 +168,9 @@ resource "openstack_compute_instance_v2" "mon" {
     uuid = openstack_networking_network_v2.public_network.id
   }
 }
+
+resource "openstack_compute_floatingip_associate_v2" "mon_association" {
+  floating_ip = openstack_compute_floatingip_v2.floating_ip_mon.address
+  instance_id = openstack_compute_instance_v2.mon[0].id
+}
+

networks.tf

@@ -45,6 +45,12 @@ resource "openstack_networking_router_interface_v2" "router_interface_public" {
 
 # floating ip
 
+# ip for admin node
 resource "openstack_compute_floatingip_v2" "floating_ip" {
   pool = data.openstack_networking_network_v2.external.name
 }
+
+# ip for mon node
+resource "openstack_compute_floatingip_v2" "floating_ip_mon" {
+  pool = data.openstack_networking_network_v2.external.name
+}

outputs.tf

 output "admin_ip_address" {
   value = openstack_compute_floatingip_v2.floating_ip.address
 }
+
+output "web_ip_address" {
+  value = "https://${openstack_compute_floatingip_v2.floating_ip_mon.address}:8443/"
+}

securitygroups.tf

@@ -9,3 +9,22 @@ resource "openstack_compute_secgroup_v2" "allow_ssh" {
     cidr        = "0.0.0.0/0"
   }
 }
+
+resource "openstack_compute_secgroup_v2" "allow_web_interface" {
+  name        = "allow web interfaces for ceph"
+  description = "allow 8080/8443 to the monitor host"
+
+  rule {
+    from_port   = 8080
+    to_port     = 8080
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+
+  rule {
+    from_port   = 8443
+    to_port     = 8443
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+}

templates/cloud-init-admin.yml

+#cloud-config
+
+runcmd:
+  - sudo SUSEConnect -r ${sles_reg_code} -e ${sles_reg_email}
+  - sudo SUSEConnect -p ses/7/x86_64 -r ${sles_ses_reg}
+  - sudo zypper in -y salt-minion salt-master
+  - sudo sed -i 's/^#\(log_level_logfile:\).*/\1 info/' /etc/salt/minion
+  - sudo sed -i 's/^#\(master:\).*/\1 admin.openstack.internal/' /etc/salt/minion
+  - sudo systemctl enable salt-minion && sudo systemctl start salt-minion && sudo systemctl enable salt-master && sudo systemctl start salt-master
+  - sudo zypper in -y ceph-salt
+  - sudo systemctl restart salt-master.service

templates/cloud-init.yml

@@ -3,3 +3,7 @@
 runcmd:
   - sudo SUSEConnect -r ${sles_reg_code} -e ${sles_reg_email}
   - sudo SUSEConnect -p ses/7/x86_64 -r ${sles_ses_reg}
+  - sudo zypper in -y salt-minion
+  - sudo sed -i 's/^#\(log_level_logfile:\).*/\1 info/' /etc/salt/minion
+  - sudo sed -i 's/^#\(master:\).*/\1 admin.openstack.internal/' /etc/salt/minion
+  - sudo systemctl enable salt-minion && sudo systemctl start salt-minion