diff --git a/.tflint.hcl b/.tflint.hcl
new file mode 100644
index 0000000000000000000000000000000000000000..8af4099d8f3765204296403be3a48d169ccb4319
--- /dev/null
+++ b/.tflint.hcl
@@ -0,0 +1,9 @@
+config {
+ call_module_type = "local"
+ force = false
+}
+
+plugin "terraform" {
+ enabled = true
+ preset = "recommended"
+}
diff --git a/cesnet-mcc/terraform/vms.tf b/cesnet-mcc/terraform/vms.tf
index 4d4275a0f8b7dea453b1869dc089aa5b02f1221f..fa8741548255ca0a77063e9a157e3a7f05ac8797 100644
--- a/cesnet-mcc/terraform/vms.tf
+++ b/cesnet-mcc/terraform/vms.tf
@@ -3,11 +3,11 @@ locals {
openstack_compute_instance_v2.ingress,
openstack_compute_instance_v2.nfs,
], openstack_compute_instance_v2.worker[*], openstack_compute_instance_v2.gpu[*])
- master_ip = replace(openstack_compute_instance_v2.master.network[1].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
+ master_ip = replace(openstack_compute_instance_v2.master.network[1].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
ingress_ip = replace(openstack_compute_instance_v2.ingress.network[1].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
- nfs_ip = replace(openstack_compute_instance_v2.nfs.network[1].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
+ nfs_ip = replace(openstack_compute_instance_v2.nfs.network[1].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
worker_ips = [for s in openstack_compute_instance_v2.worker[*].network[1].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
- gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[1].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
+ gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[1].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
}
# Security groups
@@ -25,9 +25,9 @@ resource "openstack_compute_secgroup_v2" "ping" {
rule {
from_port = 128
to_port = 0
- # initial installation (bug in terraform): ip_protocol = "icmp"
ip_protocol = "ipv6-icmp"
cidr = "::/0"
+ # initial installation (bug in terraform): ip_protocol = "icmp"
}
}
@@ -100,9 +100,8 @@ data "openstack_compute_flavor_v2" "gpu-flavor" {
}
resource "openstack_compute_instance_v2" "master" {
- name = "k8s-${var.site_name}-master"
- image_id = data.openstack_images_image_v2.ubuntu.id
- # 4 cores 4 GB RAM
+ name = "k8s-${var.site_name}-master"
+ image_id = data.openstack_images_image_v2.ubuntu.id
flavor_id = data.openstack_compute_flavor_v2.master-flavor.id
security_groups = ["default", "all"]
user_data = file("cloud-init.yaml")
@@ -296,7 +295,7 @@ nfs:
worker:
hosts:
- ${join("\n ", [for s in local.worker_ips: "${s}:"])}
+ ${join("\n ", [for s in local.worker_ips : "${s}:"])}
gpu:
hosts:
diff --git a/common/terraform/firewall.tf b/common/terraform/firewall.tf
index 7e332d05e9d3a2fd80fe4a4542029a70e7e54d26..68b3621983361e7689ae216d00f3894d9e66ae4b 100644
--- a/common/terraform/firewall.tf
+++ b/common/terraform/firewall.tf
@@ -20,10 +20,11 @@ resource "openstack_networking_secgroup_rule_v2" "ping" {
ethertype = strcontains(each.key, ":") ? "IPv6" : "IPv4"
port_range_min = strcontains(each.key, ":") ? 128 : 8
port_range_max = 0
- # protocol = strcontains(each.key, ":") ? "ipv6-icmp" : "icmp"
protocol = "icmp"
remote_ip_prefix = each.key
security_group_id = openstack_networking_secgroup_v2.ping.id
+ # for update:
+ # protocol = strcontains(each.key, ":") ? "ipv6-icmp" : "icmp"
}
resource "openstack_networking_secgroup_rule_v2" "ssh" {
diff --git a/common/terraform/vars.tf b/common/terraform/vars.tf
index 4c83a79b52a2f594159b994960f760dd88f5a876..8d204cddbeac1e4f670a9ad3ef0cb82361fc5ea8 100644
--- a/common/terraform/vars.tf
+++ b/common/terraform/vars.tf
@@ -19,7 +19,7 @@ variable "site_name" {
}
variable "gpu_flavor_name" {
- type = string
+ type = string
description = "Name of the GPU flavor"
}
@@ -64,10 +64,10 @@ variable "squid_volume_size" {
}
variable "security_public_cidr" {
- type = map(string)
+ type = map(string)
description = "Enabled IP ranges"
default = {
- "0.0.0.0/0": "Public access",
- "::/0": "Public access",
+ "0.0.0.0/0" : "Public access",
+ "::/0" : "Public access",
}
}
diff --git a/common/terraform/versions.tf b/common/terraform/versions.tf
index ff6f75b8b4c0492023bcb1017cd41c460169a7a4..21fd5cad74a521ef8111b05b2f55c1e0a96b57b9 100644
--- a/common/terraform/versions.tf
+++ b/common/terraform/versions.tf
@@ -3,9 +3,12 @@ provider "openstack" {
terraform {
required_providers {
- local = "~> 2.0"
+ local = {
+ source = "hashicorp/local"
+ version = "~> 2.0"
+ }
openstack = {
- source = "terraform-provider-openstack/openstack",
+ source = "terraform-provider-openstack/openstack"
version = ">= 1.38.0"
}
}
diff --git a/production1/terraform/vms.tf b/production1/terraform/vms.tf
index c170ede24adb3a851714d744ed90cc1a7d75db30..95b974d2c25e40a45d9b3af021bd7c2b252287dc 100644
--- a/production1/terraform/vms.tf
+++ b/production1/terraform/vms.tf
@@ -3,11 +3,11 @@ locals {
openstack_compute_instance_v2.ingress,
openstack_compute_instance_v2.nfs,
], openstack_compute_instance_v2.worker[*], openstack_compute_instance_v2.gpu[*])
- master_ip = openstack_compute_instance_v2.master.network[0].fixed_ip_v4
+ master_ip = openstack_compute_instance_v2.master.network[0].fixed_ip_v4
ingress_ip = openstack_compute_instance_v2.ingress.network[0].fixed_ip_v4
- nfs_ip = openstack_compute_instance_v2.nfs.network[0].fixed_ip_v4
+ nfs_ip = openstack_compute_instance_v2.nfs.network[0].fixed_ip_v4
worker_ips = [for s in openstack_compute_instance_v2.worker[*].network[0].fixed_ip_v4 : s]
- gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[0].fixed_ip_v4 : s]
+ gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[0].fixed_ip_v4 : s]
}
resource "openstack_networking_floatingip_v2" "public_ip" {
@@ -31,7 +31,7 @@ data "openstack_compute_flavor_v2" "gpu-flavor" {
}
resource "openstack_compute_instance_v2" "master" {
- name = "k8s-${var.site_name}-master"
+ name = "k8s-${var.site_name}-master"
flavor_id = data.openstack_compute_flavor_v2.master-flavor.id
security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml")
@@ -93,7 +93,7 @@ resource "openstack_compute_instance_v2" "gpu" {
flavor_id = data.openstack_compute_flavor_v2.gpu-flavor.id
security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml")
- tags = ["worker"]
+ tags = ["worker"]
network {
uuid = openstack_networking_network_v2.local-network.id
}
@@ -221,7 +221,7 @@ nfs:
worker:
hosts:
- ${join("\n ", [for s in local.worker_ips: "${s}:"])}
+ ${join("\n ", [for s in local.worker_ips : "${s}:"])}
gpu:
hosts:
diff --git a/production2/terraform/vms.tf b/production2/terraform/vms.tf
index c6314656be86bbec189412d06b34531e1409eea8..c59595e2c054cce0b35d657f1cc8b99b19f83985 100644
--- a/production2/terraform/vms.tf
+++ b/production2/terraform/vms.tf
@@ -3,11 +3,11 @@ locals {
openstack_compute_instance_v2.ingress,
openstack_compute_instance_v2.nfs,
], openstack_compute_instance_v2.worker[*], openstack_compute_instance_v2.gpu[*])
- master_ip = replace(openstack_compute_instance_v2.master.network[0].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
+ master_ip = replace(openstack_compute_instance_v2.master.network[0].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
ingress_ip = replace(openstack_compute_instance_v2.ingress.network[0].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
- nfs_ip = replace(openstack_compute_instance_v2.nfs.network[0].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
+ nfs_ip = replace(openstack_compute_instance_v2.nfs.network[0].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
worker_ips = [for s in openstack_compute_instance_v2.worker[*].network[0].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
- gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[0].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
+ gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[0].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
}
data "openstack_images_image_v2" "ubuntu" {
@@ -27,8 +27,8 @@ data "openstack_compute_flavor_v2" "gpu-flavor" {
}
resource "openstack_compute_instance_v2" "master" {
- name = "k8s-${var.site_name}-master"
- image_id = data.openstack_images_image_v2.ubuntu.id
+ name = "k8s-${var.site_name}-master"
+ image_id = data.openstack_images_image_v2.ubuntu.id
flavor_id = data.openstack_compute_flavor_v2.master-flavor.id
security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml")
@@ -82,7 +82,7 @@ resource "openstack_compute_instance_v2" "gpu" {
flavor_id = data.openstack_compute_flavor_v2.gpu-flavor.id
security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml")
- tags = ["worker"]
+ tags = ["worker"]
network {
name = var.net_name
}
@@ -204,7 +204,7 @@ nfs:
worker:
hosts:
- ${join("\n ", [for s in local.worker_ips: "${s}:"])}
+ ${join("\n ", [for s in local.worker_ips : "${s}:"])}
gpu:
hosts:
diff --git a/staging1/terraform/vms.tf b/staging1/terraform/vms.tf
index b196edab13a7ccf2a80186a39a67b6d177913411..f1dc139577cbce511be1f77ba27364c2a0c59e0d 100644
--- a/staging1/terraform/vms.tf
+++ b/staging1/terraform/vms.tf
@@ -3,11 +3,11 @@ locals {
openstack_compute_instance_v2.ingress,
openstack_compute_instance_v2.nfs,
], openstack_compute_instance_v2.worker[*], openstack_compute_instance_v2.gpu[*])
- master_ip = openstack_compute_instance_v2.master.network[0].fixed_ip_v4
+ master_ip = openstack_compute_instance_v2.master.network[0].fixed_ip_v4
ingress_ip = openstack_compute_instance_v2.ingress.network[0].fixed_ip_v4
- nfs_ip = openstack_compute_instance_v2.nfs.network[0].fixed_ip_v4
+ nfs_ip = openstack_compute_instance_v2.nfs.network[0].fixed_ip_v4
worker_ips = [for s in openstack_compute_instance_v2.worker[*].network[0].fixed_ip_v4 : s]
- gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[0].fixed_ip_v4 : s]
+ gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[0].fixed_ip_v4 : s]
}
resource "openstack_networking_floatingip_v2" "public_ip" {
@@ -31,8 +31,8 @@ data "openstack_compute_flavor_v2" "gpu-flavor" {
}
resource "openstack_compute_instance_v2" "master" {
- name = "k8s-${var.site_name}-master"
- image_id = data.openstack_images_image_v2.ubuntu.id
+ name = "k8s-${var.site_name}-master"
+ image_id = data.openstack_images_image_v2.ubuntu.id
flavor_id = data.openstack_compute_flavor_v2.master-flavor.id
security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml")
@@ -86,7 +86,7 @@ resource "openstack_compute_instance_v2" "gpu" {
flavor_id = data.openstack_compute_flavor_v2.gpu-flavor.id
security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml")
- tags = ["worker"]
+ tags = ["worker"]
network {
uuid = openstack_networking_network_v2.local-network.id
}
@@ -240,7 +240,7 @@ nfs:
worker:
hosts:
- ${join("\n ", [for s in local.worker_ips: "${s}:"])}
+ ${join("\n ", [for s in local.worker_ips : "${s}:"])}
gpu:
hosts:
diff --git a/staging2/terraform/vms.tf b/staging2/terraform/vms.tf
index c6314656be86bbec189412d06b34531e1409eea8..c59595e2c054cce0b35d657f1cc8b99b19f83985 100644
--- a/staging2/terraform/vms.tf
+++ b/staging2/terraform/vms.tf
@@ -3,11 +3,11 @@ locals {
openstack_compute_instance_v2.ingress,
openstack_compute_instance_v2.nfs,
], openstack_compute_instance_v2.worker[*], openstack_compute_instance_v2.gpu[*])
- master_ip = replace(openstack_compute_instance_v2.master.network[0].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
+ master_ip = replace(openstack_compute_instance_v2.master.network[0].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
ingress_ip = replace(openstack_compute_instance_v2.ingress.network[0].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
- nfs_ip = replace(openstack_compute_instance_v2.nfs.network[0].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
+ nfs_ip = replace(openstack_compute_instance_v2.nfs.network[0].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
worker_ips = [for s in openstack_compute_instance_v2.worker[*].network[0].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
- gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[0].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
+ gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[0].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
}
data "openstack_images_image_v2" "ubuntu" {
@@ -27,8 +27,8 @@ data "openstack_compute_flavor_v2" "gpu-flavor" {
}
resource "openstack_compute_instance_v2" "master" {
- name = "k8s-${var.site_name}-master"
- image_id = data.openstack_images_image_v2.ubuntu.id
+ name = "k8s-${var.site_name}-master"
+ image_id = data.openstack_images_image_v2.ubuntu.id
flavor_id = data.openstack_compute_flavor_v2.master-flavor.id
security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml")
@@ -82,7 +82,7 @@ resource "openstack_compute_instance_v2" "gpu" {
flavor_id = data.openstack_compute_flavor_v2.gpu-flavor.id
security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml")
- tags = ["worker"]
+ tags = ["worker"]
network {
name = var.net_name
}
@@ -204,7 +204,7 @@ nfs:
worker:
hosts:
- ${join("\n ", [for s in local.worker_ips: "${s}:"])}
+ ${join("\n ", [for s in local.worker_ips : "${s}:"])}
gpu:
hosts:
diff --git a/testing/terraform/vms.tf b/testing/terraform/vms.tf
index 0c5751c9ad49a11f8d97b600c5ffec7a80a14dd2..d4d208bc2de5d24b76455f9b07fdc185f04a21c8 100644
--- a/testing/terraform/vms.tf
+++ b/testing/terraform/vms.tf
@@ -3,11 +3,11 @@ locals {
openstack_compute_instance_v2.ingress,
openstack_compute_instance_v2.nfs,
], openstack_compute_instance_v2.worker[*], openstack_compute_instance_v2.gpu[*])
- master_ip = replace(openstack_compute_instance_v2.master.network[1].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
+ master_ip = replace(openstack_compute_instance_v2.master.network[1].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
ingress_ip = replace(openstack_compute_instance_v2.ingress.network[1].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
- nfs_ip = replace(openstack_compute_instance_v2.nfs.network[1].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
+ nfs_ip = replace(openstack_compute_instance_v2.nfs.network[1].fixed_ip_v6, "/\\[(.*)\\]/", "$1")
worker_ips = [for s in openstack_compute_instance_v2.worker[*].network[1].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
- gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[1].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
+ gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[1].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
}
resource "openstack_networking_floatingip_v2" "public_ip" {
@@ -31,8 +31,8 @@ data "openstack_compute_flavor_v2" "gpu-flavor" {
}
resource "openstack_compute_instance_v2" "master" {
- name = "k8s-${var.site_name}-master"
- image_id = data.openstack_images_image_v2.ubuntu.id
+ name = "k8s-${var.site_name}-master"
+ image_id = data.openstack_images_image_v2.ubuntu.id
flavor_id = data.openstack_compute_flavor_v2.master-flavor.id
security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml")
@@ -255,7 +255,7 @@ nfs:
worker:
hosts:
- ${join("\n ", [for s in local.worker_ips: "${s}:"])}
+ ${join("\n ", [for s in local.worker_ips : "${s}:"])}
gpu:
hosts: