-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
232 lines (211 loc) · 6.88 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
#! global variables
variable "project_name" {
type = string
description = "The name of the project"
validation {
condition = can(regex("^[0-9A-Za-z-_]+$", var.project_name))
error_message = "For the project_name value only a-z, A-Z, 0-9, - and _ are allowed."
}
}
variable "project_domain" {
type = string
description = "The domain where this project will be created"
default = "default"
}
variable "project_tags" {
type = list(string)
description = "The tags to append to this project"
default = []
}
#! architecture tiering variables
variable "architecture_tiers" {
type = number
description = <<-EOT
The type of architecture.
Can be either 0, 1, 2 or 3.
Tier 0 will not create any subnets or networks.
Tier 1 will only create a single frontend subnet.
Tier 2 will create a frontend and backend subnet.
Tier 3 will create a frontend, backend and database subnet.
EOT
default = 1
validation {
condition = (
var.architecture_tiers > 0 &&
var.architecture_tiers <= 3
)
error_message = "The architecture_tiers must be between 0 and 3."
}
}
#! subnetpools creation
variable "create_application_subnetpool" {
type = bool
description = "Whether the module should create an application subnet pool for this project, or use an existing one."
default = true
}
variable "application_subnetpool_cidr_blocks" {
type = list(string)
description = "The CIDR blocks for the application subnet pool"
default = ["192.168.0.0/21"]
validation {
condition = alltrue([
for i in var.application_subnetpool_cidr_blocks : can(cidrhost(i, 0))
])
error_message = "The application_subnetpool_cidr_blocks must be a valid IPv4 CIDR"
}
}
variable "create_database_subnetpool" {
type = bool
description = "Whether the module should create a database subnet pool for this project, or use an existing one."
default = true
}
variable "database_subnetpool_cidr_blocks" {
type = list(string)
description = "The CIDR blocks for the database subnet pool"
default = ["192.168.8.0/23"]
validation {
condition = alltrue([
for i in var.database_subnetpool_cidr_blocks : can(cidrhost(i, 0))
])
error_message = "The database_subnetpool_cidr_blocks must be a valid IPv4 CIDR"
}
}
#! networking variables
variable "network_internal_domain_name" {
type = string
description = "The domain name to use for dns resolution inside the private networks"
default = null
}
variable "frontend_subnet_prefix_len" {
type = number
description = "The prefix length of the frontend subnet. Must be between 20 and 32."
default = 24
validation {
condition = (
var.frontend_subnet_prefix_len >= 20 &&
var.frontend_subnet_prefix_len <= 32
)
error_message = "The prefix length must be between 20 and 32."
}
}
variable "backend_subnet_prefix_len" {
type = number
description = "The prefix length of the backend subnet. Must be between 20 and 32."
default = 24
validation {
condition = (
var.backend_subnet_prefix_len >= 20 &&
var.backend_subnet_prefix_len <= 32
)
error_message = "The prefix length must be between 20 and 32."
}
}
variable "database_subnet_prefix_len" {
type = number
description = "The prefix length of the database subnet. Must be between 24 and 32."
default = 24
validation {
condition = (
var.database_subnet_prefix_len >= 24 &&
var.database_subnet_prefix_len <= 32
)
error_message = "The prefix length must be between 24 and 32."
}
}
variable "public_nameservers" {
type = list(string)
description = <<-EOT
A list of public DNS servers to upstreams requests to in your subnets.
This is not necessary if your openstack deployment already has configured default upstreams for neutron.
EOT
default = []
}
#! security variables
variable "create_default_secgroups" {
type = bool
description = <<-EOT
Whether to create default security groups or not.
Depending on your choice of architecture tiering, will create security groups so that each tier can connect to the one below.
Security groups for the database tier will be created for mariadb, postgresql and redis.
A default security group allowing ssh connection will also be created.
EOT
default = false
}
variable "database_secgroup_strict" {
type = bool
description = <<-EOT
Defines whether the security groups for the database network should be strict.
In strict mode, egress is only allowed to the backend network.
EOT
default = false
}
locals {
db_secgroups = [
{
type = "mariadb"
ingress_port = 3306
},
{
type = "postgresql"
ingress_port = 5432
},
{
type = "mysql"
ingress_port = 3306
},
{
type = "redis"
ingress_port = 6379
}
]
}
#! subnetpool variables & validation
variable "application_subnetpool_id" {
type = string
description = <<-EOT
The id of the subnetpool to create the public (first 2 tier) networks from.
Since this module can route private subnets to the backbone, it needs to make sure it's not creating overlapping subnets.
EOT
default = null
}
variable "database_subnetpool_id" {
type = string
description = <<-EOT
The id of the subnetpool to create the databse network from.
Since this module can route private subnets to the backbone, it needs to make sure it's not creating overlapping subnets.
EOT
default = null
}
locals {
validate_application_subnetpool_ids = (
var.architecture_tiers > 0 &&
var.create_application_subnetpool == false &&
var.application_subnetpool_id == null
) ? tobool("You have to either create or specify an existing subnetpool to create the public subnets from") : true
validate_database_subnetpool_ids = (
var.architecture_tiers > 2 &&
var.create_database_subnetpool == false &&
var.database_subnetpool_id == null
) ? tobool("You have to either create or specify an existing subnetpool to create the database subnets from") : true
}
#! public network attachement variables
variable "attach_to_external" {
type = bool
description = <<-EOT
Whether to attach the router to an external network.
This will add a gateway interface to the router, and possibly consume a public IP address which might be billed by your cloud provider.
EOT
default = false
}
variable "external_network_id" {
type = string
description = "The id of the external network to connect the frontend router to."
default = null
}
locals {
validate_external_network_id = (
var.architecture_tiers > 0 &&
var.attach_to_external &&
var.external_network_id == null
) ? tobool("Please pass in the external network ID to attach the frontend router to.") : true
}