From 8c561b990b11ff69029eeca0b56f484c8366d1e6 Mon Sep 17 00:00:00 2001
From: Chris King <kingtc@uab.edu>
Date: Mon, 12 Jul 2021 14:42:57 -0500
Subject: [PATCH] Add config for web interface

* Add security group so that 8080 and 8443 can be accessed
* Request a second floating IP attached to the first mon instance for
  the interface
* Add more setup to the cloud-init.yml file to include salt-minion setup
* Break out cloud-init.yml for admin node to set up minion and master,
  in addition to installing ceph-salt
---
 compute.tf                     | 20 ++++++++++++++++++--
 networks.tf                    |  6 ++++++
 outputs.tf                     |  4 ++++
 securitygroups.tf              | 19 +++++++++++++++++++
 templates/cloud-init-admin.yml | 11 +++++++++++
 templates/cloud-init.yml       |  4 ++++
 6 files changed, 62 insertions(+), 2 deletions(-)
 create mode 100644 templates/cloud-init-admin.yml

diff --git a/compute.tf b/compute.tf
index 054b990..82fc1cb 100644
--- a/compute.tf
+++ b/compute.tf
@@ -12,6 +12,15 @@ data "openstack_compute_flavor_v2" "m1_small" {
 
 
 # template file cloud-init.yml
+#
+data "template_file" "cloud_init_admin_yml" {
+  template = file("${path.module}/templates/cloud-init-admin.yml")
+  vars = {
+    sles_reg_code  = var.sles_reg_code
+    sles_reg_email = var.sles_reg_email
+    sles_ses_reg   = var.sles_ses_reg
+  }
+}
 
 data "template_file" "cloud_init_yml" {
   template = file("${path.module}/templates/cloud-init.yml")
@@ -34,7 +43,7 @@ resource "openstack_compute_instance_v2" "admin" {
     openstack_compute_secgroup_v2.allow_ssh.name
   ]
 
-  user_data = data.template_file.cloud_init_yml.rendered
+  user_data = data.template_file.cloud_init_admin_yml.rendered
 
   block_device {
     # this is the image to clone from
@@ -140,7 +149,8 @@ resource "openstack_compute_instance_v2" "mon" {
   flavor_id = data.openstack_compute_flavor_v2.m1_small.id
   key_pair  = var.ssh_keypair
   security_groups = [
-    "default"
+    "default",
+    openstack_compute_secgroup_v2.allow_web_interface.name
   ]
 
   user_data = data.template_file.cloud_init_yml.rendered
@@ -158,3 +168,9 @@ resource "openstack_compute_instance_v2" "mon" {
     uuid = openstack_networking_network_v2.public_network.id
   }
 }
+
+resource "openstack_compute_floatingip_associate_v2" "mon_association" {
+  floating_ip = openstack_compute_floatingip_v2.floating_ip_mon.address
+  instance_id = openstack_compute_instance_v2.mon[0].id
+}
+
diff --git a/networks.tf b/networks.tf
index 9f3a51c..9c2de7b 100644
--- a/networks.tf
+++ b/networks.tf
@@ -45,6 +45,12 @@ resource "openstack_networking_router_interface_v2" "router_interface_public" {
 
 # floating ip
 
+# ip for admin node
 resource "openstack_compute_floatingip_v2" "floating_ip" {
   pool = data.openstack_networking_network_v2.external.name
 }
+
+# ip for mon node
+resource "openstack_compute_floatingip_v2" "floating_ip_mon" {
+  pool = data.openstack_networking_network_v2.external.name
+}
diff --git a/outputs.tf b/outputs.tf
index 3e9ec7e..a545ee7 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,3 +1,7 @@
 output "admin_ip_address" {
   value = openstack_compute_floatingip_v2.floating_ip.address
 }
+
+output "web_ip_address" {
+  value = "https://${openstack_compute_floatingip_v2.floating_ip_mon.address}:8443/"
+}
diff --git a/securitygroups.tf b/securitygroups.tf
index 737af1d..7d0307d 100644
--- a/securitygroups.tf
+++ b/securitygroups.tf
@@ -9,3 +9,22 @@ resource "openstack_compute_secgroup_v2" "allow_ssh" {
     cidr        = "0.0.0.0/0"
   }
 }
+
+resource "openstack_compute_secgroup_v2" "allow_web_interface" {
+  name        = "allow web interfaces for ceph"
+  description = "allow 8080/8443 to the monitor host"
+
+  rule {
+    from_port   = 8080
+    to_port     = 8080
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+
+  rule {
+    from_port   = 8443
+    to_port     = 8443
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+}
diff --git a/templates/cloud-init-admin.yml b/templates/cloud-init-admin.yml
new file mode 100644
index 0000000..4bd808d
--- /dev/null
+++ b/templates/cloud-init-admin.yml
@@ -0,0 +1,11 @@
+#cloud-config
+
+runcmd:
+  - sudo SUSEConnect -r ${sles_reg_code} -e ${sles_reg_email}
+  - sudo SUSEConnect -p ses/7/x86_64 -r ${sles_ses_reg}
+  - sudo zypper in -y salt-minion salt-master
+  - sudo sed -i 's/^#\(log_level_logfile:\).*/\1 info/' /etc/salt/minion
+  - sudo sed -i 's/^#\(master:\).*/\1 admin.openstack.internal/' /etc/salt/minion
+  - sudo systemctl enable salt-minion && sudo systemctl start salt-minion && sudo systemctl enable salt-master && sudo systemctl start salt-master
+  - sudo zypper in -y ceph-salt
+  - sudo systemctl restart salt-master.service
diff --git a/templates/cloud-init.yml b/templates/cloud-init.yml
index ee4a445..790cce9 100644
--- a/templates/cloud-init.yml
+++ b/templates/cloud-init.yml
@@ -3,3 +3,7 @@
 runcmd:
   - sudo SUSEConnect -r ${sles_reg_code} -e ${sles_reg_email}
   - sudo SUSEConnect -p ses/7/x86_64 -r ${sles_ses_reg}
+  - sudo zypper in -y salt-minion
+  - sudo sed -i 's/^#\(log_level_logfile:\).*/\1 info/' /etc/salt/minion
+  - sudo sed -i 's/^#\(master:\).*/\1 admin.openstack.internal/' /etc/salt/minion
+  - sudo systemctl enable salt-minion && sudo systemctl start salt-minion
-- 
GitLab