init vsi terraform module

terraform-ibm-modules · Jun 9, 2022 · 7463483 · 7463483
1 parent 0ce076a
commit 7463483
Show file tree

Hide file tree

Showing 9 changed files with 1,079 additions and 1 deletion.
diff --git a/.docs/vsi-lb.png b/.docs/vsi-lb.png
diff --git a/README.md b/README.md
diff --git a/load_balancer.tf b/load_balancer.tf
@@ -0,0 +1,90 @@
+##############################################################################
+# Load Balancer
+##############################################################################
+
+locals {
+  load_balancer_map = {
+    for load_balancer in var.load_balancers :
+    (load_balancer.name) => load_balancer
+  }
+}
+
+resource "ibm_is_lb" "lb" {
+  for_each        = local.load_balancer_map
+  name            = "${var.prefix}-${each.value.name}-lb"
+  subnets         = var.subnets.*.id
+  type            = each.value.type
+  security_groups = each.value.security_group == null ? null : [ibm_is_security_group.security_group[each.value.security_group.name].id]
+  resource_group  = var.resource_group_id
+  tags            = var.tags
+}
+
+##############################################################################
+
+
+##############################################################################
+# Load Balancer Pool
+##############################################################################
+
+resource "ibm_is_lb_pool" "pool" {
+  for_each       = local.load_balancer_map
+  lb             = ibm_is_lb.lb[each.value.name].id
+  name           = "${var.prefix}-${each.value.name}-lb-pool"
+  algorithm      = each.value.algorithm
+  protocol       = each.value.protocol
+  health_delay   = each.value.health_delay
+  health_retries = each.value.health_retries
+  health_timeout = each.value.health_timeout
+  health_type    = each.value.health_type
+}
+
+##############################################################################
+
+##############################################################################
+# Load Balancer Pool Member
+##############################################################################
+
+locals {
+  pool_members = flatten([
+    for load_balancer in var.load_balancers :
+    [
+      for ipv4_address in [
+        for server in ibm_is_instance.vsi :
+        lookup(server, "primary_network_interface", null) == null ? null : server.primary_network_interface.0.primary_ipv4_address
+      ] :
+      {
+        port           = load_balancer.pool_member_port
+        target_address = ipv4_address
+        lb             = load_balancer.name
+      }
+    ]
+  ])
+}
+
+resource "ibm_is_lb_pool_member" "pool_members" {
+  count          = length(local.pool_members)
+  port           = local.pool_members[count.index].port
+  lb             = ibm_is_lb.lb[local.pool_members[count.index].lb].id
+  pool           = element(split("/", ibm_is_lb_pool.pool[local.pool_members[count.index].lb].id), 1)
+  target_address = local.pool_members[count.index].target_address
+}
+
+##############################################################################
+
+
+
+##############################################################################
+# Load Balancer Listener
+##############################################################################
+
+resource "ibm_is_lb_listener" "listener" {
+  for_each         = local.load_balancer_map
+  lb               = ibm_is_lb.lb[each.value.name].id
+  default_pool     = ibm_is_lb_pool.pool[each.value.name].id
+  port             = each.value.listener_port
+  protocol         = each.value.listener_protocol
+  connection_limit = each.value.connection_limit > 0 ? each.value.connection_limit : null
+  depends_on       = [ibm_is_lb_pool_member.pool_members]
+}
+
+##############################################################################
diff --git a/main.tf b/main.tf
@@ -0,0 +1,117 @@
+##############################################################################
+# Virtual Server Data
+##############################################################################
+locals {
+
+  # Create list of VSI using subnets and VSI per subnet
+  vsi_list = flatten([
+    # For each subnet
+    for subnet in range(length(var.subnets)) : [
+      # For each number in a range from 0 to VSI per subnet
+      for count in range(var.vsi_per_subnet) :
+      {
+        name        = "${var.prefix}-${(subnet) * (var.vsi_per_subnet) + count + 1}"
+        subnet_id   = var.subnets[subnet].id
+        zone        = var.subnets[subnet].zone
+        subnet_name = var.subnets[subnet].name
+      }
+    ]
+  ])
+
+  # Create map of VSI from list
+  vsi_map = {
+    for server in local.vsi_list :
+    server.name => server
+  }
+
+  secondary_fip_list = flatten([
+    # For each interface in list of floating ips
+    for interface in var.secondary_floating_ips :
+    [
+      # For each virtual server
+      for instance in ibm_is_instance.vsi :
+      {
+        # fip name
+        name = "${instance.name}-${interface}-fip"
+        # target interface at the same index as subnet name
+        target = instance.network_interfaces[index(var.secondary_subnets.*.name, interface)].id
+      }
+    ]
+  ])
+}
+
+##############################################################################
+
+
+##############################################################################
+# Create Virtual Servers
+##############################################################################
+
+resource "ibm_is_instance" "vsi" {
+  for_each       = local.vsi_map
+  name           = each.key
+  image          = var.image_id
+  profile        = var.machine_type
+  resource_group = var.resource_group_id
+  vpc            = var.vpc_id
+  zone           = each.value.zone
+  user_data      = var.user_data
+  keys           = var.ssh_key_ids
+
+  primary_network_interface {
+    subnet = each.value.subnet_id
+    security_groups = flatten([
+      (var.create_security_group ? [ibm_is_security_group.security_group[var.security_group.name].id] : []),
+      var.security_group_ids
+    ])
+    allow_ip_spoofing = var.allow_ip_spoofing
+  }
+
+  dynamic "network_interfaces" {
+    for_each = var.secondary_subnets == null ? [] : var.secondary_subnets
+    content {
+      subnet = network_interfaces.value.id
+      security_groups = flatten([
+        (var.create_security_group && var.secondary_use_vsi_security_group ? [ibm_is_security_group.security_group[var.security_group.name].id] : []),
+        [
+          for group in var.secondary_security_groups :
+          group.security_group_id if group.interface_name == network_interfaces.value.name
+        ]
+      ])
+      allow_ip_spoofing = var.secondary_allow_ip_spoofing
+    }
+  }
+
+  boot_volume {
+    encryption = var.boot_volume_encryption_key == "" ? null : var.boot_volume_encryption_key
+  }
+
+  # Only add volumes if volumes are being created by the module
+  volumes = length(var.block_storage_volumes) == 0 ? [] : local.volume_by_vsi[each.key]
+}
+
+
+
+##############################################################################
+
+
+##############################################################################
+# Optionally create floating IP
+##############################################################################
+
+resource "ibm_is_floating_ip" "vsi_fip" {
+  for_each = var.enable_floating_ip ? ibm_is_instance.vsi : {}
+  name     = "${each.value.name}-fip"
+  target   = each.value.primary_network_interface.0.id
+}
+
+resource "ibm_is_floating_ip" "secondary_fip" {
+  for_each = length(var.secondary_floating_ips) == 0 ? {} : {
+    for interface in local.secondary_fip_list :
+    (interface.name) => interface
+  }
+  name   = each.key
+  target = each.value.target
+}
+
+##############################################################################
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,54 @@
+##############################################################################
+# VSI Outputs
+##############################################################################
+
+output "ids" {
+  description = "The IDs of the VSI"
+  value = [
+    for virtual_server in ibm_is_instance.vsi :
+    virtual_server.id
+  ]
+}
+
+output "vsi_security_group" {
+  description = "Security group for the VSI"
+  value       = var.security_group == null ? null : ibm_is_security_group.security_group[var.security_group.name]
+}
+
+output "list" {
+  description = "A list of VSI with name, id, zone, and primary ipv4 address"
+  value = [
+    for virtual_server in ibm_is_instance.vsi :
+    {
+      name         = virtual_server.name
+      id           = virtual_server.id
+      zone         = virtual_server.zone
+      ipv4_address = virtual_server.primary_network_interface.0.primary_ipv4_address
+      floating_ip  = var.enable_floating_ip ? ibm_is_floating_ip.vsi_fip[virtual_server.name].address : null
+    }
+  ]
+}
+
+##############################################################################
+
+##############################################################################
+# Load Balancer Outputs
+##############################################################################
+
+output "lb_hostnames" {
+  description = "Hostnames for the Load Balancer created"
+  value = [
+    for load_balancer in ibm_is_lb.lb :
+    load_balancer.hostname
+  ]
+}
+
+output "lb_security_groups" {
+  description = "Load Balancer security groups"
+  value = {
+    for load_balancer in var.load_balancers :
+    (load_balancer.name) => ibm_is_security_group.security_group[load_balancer.security_group.name] if load_balancer.security_group != null
+  }
+}
+
+##############################################################################