use first network as access network and support extra_networks only

Author: sjpb

docs/networks.md

@@ -1,12 +1,12 @@
-# Networks
+# Networking
 
 The default OpenTofu configurations in the appliance do not provision networks,
 subnets or associated infrastructure such as routers. The requirements are that:
 1. At least one network exists.
-2. At least one network spans all nodes, referred to as the "access network".
+2. The first network defined spans all nodes, referred to as the "access network".
 3. Only one subnet per network is attached to nodes.
-4. At least one network on each node provides outbound internet access (either directly,
-  or via a proxy).
+4. At least one network on each node provides outbound internet access (either
+directly, or via a proxy).
 
 Futhermore, it is recommended that the deploy host has an interface on the
 access network. While it is possible to e.g. use a floating IP on a login node
@@ -40,18 +40,17 @@ cluster_networks = [
 ```
 
 ## Multiple homogenous networks
-This is similar to the above, except each node has multiple networks. Therefore
-`access_network` must be explicitly set. Note that only one subnet must have
-a gateway defined, else default routes via both subnets will be present causing
-routing problems. It also shows the second network (netB) using direct-type vNICs
-for RDMA.
+This is similar to the above, except each node has multiple networks. The first
+network, "netA" is the access network. Note that only one subnet must have a
+gateway defined, else default routes via both subnets will be present causing
+routing problems. It also shows the second network (netB) using direct-type
+vNICs for RDMA.
 
 ```terraform
 cluster_networks = [
   {
     network = "netA"
     subnet = "subnetA"
-    access_network = true
   },
   {
     network = "netB"
@@ -68,7 +67,7 @@ vnic_types = {
 
 ## Additional networks on some nodes
 
-This example shows how to override variables for specific node groups. In this
+This example shows how to modify variables for specific node groups. In this
 case a baremetal node group has a second network attached. As above, only a
 single subnet can have a gateway IP.
 
@@ -86,12 +85,7 @@ compute = {
   }
   baremetal = {
     nodes = ["baremetal-0", "baremetal-1"]
-    networks = [
-      {
-        network = "netA"
-        subnet = "subnetA"
-        access_network = true
-      },
+    extra_networks = [
       {
         network = "netB"
         subnet = "subnetB"
@@ -101,6 +95,7 @@ compute = {
         netA = "baremetal"
         netB = "baremetal"
     ...
+    }
   }
 }
 ...

environments/skeleton/{{cookiecutter.environment}}/tofu/compute.tf

@@ -14,12 +14,14 @@ module "compute" {
   environment_root = var.environment_root
 
   # can be set for group, defaults to top-level value:
-  networks = lookup(each.value, "networks", var.cluster_networks)
   image_id = lookup(each.value, "image_id", var.cluster_image_id)
   vnic_types = lookup(each.value, "vnic_types", var.vnic_types)
   vnic_profiles = lookup(each.value, "vnic_profiles", var.vnic_profiles)
   volume_backed_instances = lookup(each.value, "volume_backed_instances", var.volume_backed_instances)
   root_volume_size = lookup(each.value, "root_volume_size", var.root_volume_size)
+  
+  # optionally set for group
+  networks = concat(var.cluster_networks, lookup(each.value, "extra_networks", []))
   extra_volumes = lookup(each.value, "extra_volumes", {})
   compute_init_enable = lookup(each.value, "compute_init_enable", [])
   ignore_image_changes = lookup(each.value, "ignore_image_changes", false)

environments/skeleton/{{cookiecutter.environment}}/tofu/login.tf

@@ -11,14 +11,17 @@ module "login" {
   cluster_domain_suffix = var.cluster_domain_suffix
 
   # can be set for group, defaults to top-level value:
-  networks = lookup(each.value, "networks", var.cluster_networks)
   image_id = lookup(each.value, "image_id", var.cluster_image_id)
   vnic_types = lookup(each.value, "vnic_types", var.vnic_types)
   vnic_profiles = lookup(each.value, "vnic_profiles", var.vnic_profiles)
   volume_backed_instances = lookup(each.value, "volume_backed_instances", var.volume_backed_instances)
   root_volume_size = lookup(each.value, "root_volume_size", var.root_volume_size)
+  
+  # optionally set for group
+  networks = concat(var.cluster_networks, lookup(each.value, "extra_networks", []))
   extra_volumes = lookup(each.value, "extra_volumes", {})
 
+  # can't be set for login
   compute_init_enable = []
   ignore_image_changes = false
 

environments/skeleton/{{cookiecutter.environment}}/tofu/node_group/nodes.tf

@@ -78,7 +78,7 @@ resource "openstack_compute_instance_v2" "compute_fixed_image" {
     for_each = {for net in var.networks: net.network => net}
     content {
       port = openstack_networking_port_v2.compute["${each.key}-${network.key}"].id
-      access_network = length(var.networks) == 1 ? true : lookup(network.value, "access_network", false)
+      access_network = network.key == var.networks[0].network
     }
   }
 
@@ -129,7 +129,7 @@ resource "openstack_compute_instance_v2" "compute" {
     for_each = {for net in var.networks: net.network => net}
     content {
       port = openstack_networking_port_v2.compute["${each.key}-${network.key}"].id
-      access_network = length(var.networks) == 1 ? true : lookup(network.value, "access_network", false)
+      access_network = network.key == var.networks[0].network
     }
   }
 

environments/skeleton/{{cookiecutter.environment}}/tofu/variables.tf

@@ -15,9 +15,6 @@ variable "cluster_networks" {
         List of mappings defining networks. Mapping key/values:
             network: Name of existing network
             subnet: Name of existing subnet
-            access_network: Bool defining whether to use network for Ansible and
-                            K3s. This network must be present on all nodes.
-                            Defaults to true if only one network is specified.
     EOT
 }
 
@@ -46,6 +43,7 @@ variable "login" {
         flavor: String flavor name
     Optional:
         image_id: Overrides variable cluster_image_id
+        extra_networks: List of mappings in same format as cluster_networks
         vnic_type: Overrides variable vnic_type
         vnic_profile: Overrides variable vnic_profile
         volume_backed_instances: Overrides variable volume_backed_instances
@@ -77,6 +75,7 @@ variable "compute" {
             flavor: String flavor name
         Optional:
             image_id: Overrides variable cluster_image_id
+            extra_networks: List of mappings in same format as cluster_networks
             vnic_type: Overrides variable vnic_type
             vnic_profile: Overrides variable vnic_profile
             compute_init_enable: Toggles compute-init rebuild (see compute-init role docs)