Support attaching a floating IP to the Ansible control host

This may be used for SSH access to the Ansible control host when no
direct access to the multinode network is available.

Author: markgoddard

README.rst

@@ -129,6 +129,8 @@ Generate Terraform variables:
    infra_vm_flavor    = "general.v1.small"
    infra_vm_disk_size = 100
 
+   add_ansible_control_fip = false
+   ansible_control_fip_pool = ""
    EOF
 
 You will need to set the `multinode_keypair`, `prefix`, and `ssh_public_key`.
@@ -147,6 +149,12 @@ If `deploy_wazuh` is set to true, an infrastructure VM will be created that
 hosts the Wazuh manager. The Wazuh deployment playbooks will also be triggered
 automatically to deploy Wazuh agents to the overcloud hosts.
 
+If `add_ansible_control_fip` is set to `true`, a floating IP will be created
+and attached to the Ansible control host. In that case
+`ansible_control_fip_pool` should be set to the name of the pool (network) from
+which to allocate the floating IP, and the floating IP will be used for SSH
+access to the control host.
+
 Generate a plan:
 
 .. code-block:: console

compute_instances.tf

@@ -1,11 +1,30 @@
+data "openstack_networking_network_v2" "multinode_network" {
+  name = var.multinode_vm_network
+}
+
+resource "openstack_networking_port_v2" "ansible_control_port" {
+  network_id = data.openstack_networking_network_v2.multinode_network.id
+}
+
+resource "openstack_networking_floatingip_v2" "ansible_control_fip" {
+  count = var.add_ansible_control_fip ? 1 : 0
+  pool = var.ansible_control_fip_pool
+}
+
+resource "openstack_networking_floatingip_associate_v2" "ansible_control_fip_association" {
+  count = var.add_ansible_control_fip ? 1 : 0
+  floating_ip = resource.openstack_networking_floatingip_v2.ansible_control_fip.0.address
+  port_id = resource.openstack_networking_port_v2.ansible_control_port.id
+}
+
 resource "openstack_compute_instance_v2" "ansible_control" {
   name         = format("%s-%s", var.prefix, var.ansible_control_vm_name)
   flavor_name  = var.ansible_control_vm_flavor
   key_pair     = resource.openstack_compute_keypair_v2.keypair.name
   config_drive = true
   user_data    = file("templates/userdata.cfg.tpl")
   network {
-    name = var.multinode_vm_network
+    port = resource.openstack_networking_port_v2.ansible_control_port.id
   }
 
   dynamic "block_device" {

outputs.tf

@@ -1,5 +1,5 @@
 output "ansible_control_access_ip_v4" {
-  value = openstack_compute_instance_v2.ansible_control.access_ip_v4
+  value = var.add_ansible_control_fip ? openstack_networking_floatingip_v2.ansible_control_fip[0].address : openstack_compute_instance_v2.ansible_control.access_ip_v4
 }
 
 output "seed_access_ip_v4" {
@@ -76,7 +76,7 @@ resource "local_file" "deploy_openstack" {
 }
 
 resource "ansible_host" "control_host" {
-  name   = openstack_compute_instance_v2.ansible_control.access_ip_v4
+  name   = var.add_ansible_control_fip ? openstack_networking_floatingip_v2.ansible_control_fip[0].address : openstack_compute_instance_v2.ansible_control.access_ip_v4
   groups = ["ansible_control"]
   variables = {
     ansible_user = var.ssh_user

variables.tf

@@ -102,3 +102,15 @@ variable "deploy_wazuh" {
   type = bool
   default = false
 }
+
+variable "add_ansible_control_fip" {
+  description = "Bool, whether to add a floating IP address to the Ansible control host."
+  type = bool
+  default = false
+}
+
+variable "ansible_control_fip_pool" {
+  description = "Pool/network from which to allocate a floating IP for the Ansible control host."
+  type = string
+  default = ""
+}