Merge pull request #10 from thobiast/dev

Dev

Author: thobiast

.github/workflows/terraform.yml

@@ -11,17 +11,17 @@ jobs:
       run:
         shell: bash
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v1
+        uses: hashicorp/setup-terraform@v3
         with:
           terraform_wrapper: false
-          terraform_version: 0.13.x
+          terraform_version: ">=1.3.0"
       - name: Terraform version
         run: terraform --version
       - name: Terraform init
         run: terraform init
       - name: Terraform format
-        run: terraform fmt -check
+        run: terraform fmt -diff -check
       - name: Terraform validate
         run: terraform validate

.gitignore

@@ -53,3 +53,6 @@ tags
 [._]*.un~
 
 # End of https://www.gitignore.io/api/vim,terraform
+
+# tests
+.envrc

README.md

@@ -0,0 +1,117 @@
+###############################################
+# Example: Basic HTTP Load Balancer
+#
+# This example creates the following topology:
+#
+#  - 1 Load Balancer
+#  - 1 Listener:
+#      - my_http -> port 80 -> my_pool
+#
+#  - 1 Pool (HTTP) with health monitor:
+#      - my_pool
+#        - HTTP monitor
+#        - Backend members: http instances
+#
+# Traffic flow:
+#  VIP:80 -> my_http listener -> my_pool pool -> http instances
+###############################################
+
+#############
+### Image ###
+#############
+data "openstack_images_image_v2" "image" {
+  most_recent = true
+  tag         = "ubuntu-jammy"
+}
+
+###################
+### Instance(s) ###
+###################
+resource "openstack_compute_instance_v2" "http" {
+  count = 2
+
+  name            = format("test-basic-http-%02d", count.index + 1)
+  image_id        = data.openstack_images_image_v2.image.id
+  flavor_name     = var.flavor_name
+  key_pair        = var.keypair_name
+  security_groups = [var.secgroup_name]
+
+  network {
+    uuid = var.network_id
+  }
+
+  # Cloud-init user_data: install Apache and expose basic info on "/"
+  user_data = <<-EOF
+#cloud-config
+runcmd:
+  - apt update
+  - apt -y install apache2
+  - systemctl enable apache2
+  - systemctl start apache2
+  - echo "$(hostname; echo ; ip a)" > /var/www/html/index.html
+EOF
+}
+
+#####################
+### Basic http LB ###
+#####################
+module "openstack-lb" {
+  source = "git::https://github.com/thobiast/terraform-openstack-loadbalancer.git"
+
+  # Logical name for the load balancer
+  lb_name = "example-basic-http"
+
+  # Subnet where the LB VIP will be allocated
+  lb_vip_subnet_id = var.subnet_id
+
+  #################
+  # HTTP listener #
+  #################
+  listeners = {
+    # The map key "my_http" is the listener key
+    my_http = {
+      protocol      = "HTTP"
+      protocol_port = 80
+
+      # default_pool_key MUST match a pool key from the "pools" map below
+      # Traffic arriving on this listener will be sent to pool "my_pool"
+      default_pool_key = "my_pool"
+    }
+  }
+
+  ############
+  # One Pool #
+  ############
+  pools = {
+    # The map key "my_pool" is the pool key
+    my_pool = {
+      protocol = "HTTP"
+      monitor  = { type = "HTTP", delay = 5, timeout = 3, max_retries = 3 }
+
+      # Build members map. One entry per instance
+      # Example:
+      # {
+      #   "test-basic-http-01" = { address = "10.x.x.x", protocol_port = 80 }
+      #   "test-basic-http-02" = { address = "10.x.x.y", protocol_port = 80 }
+      # }
+      #
+      # - key:   instance name
+      # - value: backend address and port
+      members = {
+        for inst in openstack_compute_instance_v2.http :
+        inst.name => {
+          address       = inst.network[0].fixed_ip_v4
+          protocol_port = 80
+        }
+      }
+    }
+  }
+}
+
+#####################
+### LB VIP Output ###
+#####################
+output "vip_address" {
+  description = "Allocated VIP address"
+  value       = module.openstack-lb.vip_address
+}

examples/basic_http_lb.tf

@@ -0,0 +1,170 @@
+##############################################################
+# Example: Load Balancer with L7 Policy (Redirect to Pool)
+#
+# This example creates the following topology:
+#
+#   - 1 Load Balancer
+#   - 1 HTTP listener on port 80
+#   - 2 backend pools:
+#       - app_default -> frontend instances
+#       - app_admin   -> admin instances
+#       (each pool includes an HTTP health monitor)
+#
+#   - 1 L7 policy applied to the listener:
+#       - Requests with PATH starting with "/admin"
+#         are redirected to pool "app_admin".
+#       - All other requests go to pool "app_default".
+#
+# Traffic flow:
+#   curl http://<VIP>/          -> app_default pool
+#   curl http://<VIP>/admin/... -> app_admin pool
+##############################################################
+
+#############
+### Image ###
+#############
+data "openstack_images_image_v2" "distro" {
+  most_recent = true
+  tag         = "ubuntu-jammy"
+}
+
+##############################
+### Instance(s): front-end ###
+##############################
+resource "openstack_compute_instance_v2" "frontend" {
+  count = 2
+
+  name            = format("example-l7-frontend-%02d", count.index + 1)
+  image_id        = data.openstack_images_image_v2.distro.id
+  flavor_name     = var.flavor_name
+  key_pair        = var.keypair_name
+  security_groups = [openstack_networking_secgroup_v2.my_lb.name]
+
+  network {
+    uuid = var.network_id
+  }
+
+  user_data = <<-EOF
+#cloud-config
+runcmd:
+  - apt update
+  - apt -y install apache2
+  - systemctl enable apache2
+  - systemctl start apache2
+  - echo "FRONTEND - $(hostname; echo ; ip a)" > /var/www/html/index.html
+EOF
+}
+
+##########################
+### Instance(s): admin ###
+##########################
+resource "openstack_compute_instance_v2" "admin" {
+  count = 2
+
+  name            = format("example-l7-admin-%02d", count.index + 1)
+  image_id        = data.openstack_images_image_v2.distro.id
+  flavor_name     = var.flavor_name
+  key_pair        = var.keypair_name
+  security_groups = [openstack_networking_secgroup_v2.my_lb.name]
+
+  network {
+    uuid = var.network_id
+  }
+
+  user_data = <<-EOF
+#cloud-config
+runcmd:
+  - apt update
+  - apt -y install apache2
+  - systemctl enable apache2
+  - systemctl start apache2
+  - mkdir /var/www/html/admin
+  - echo "ADMIN - $(hostname; echo ; ip a)" > /var/www/html/admin/index.html
+EOF
+}
+
+####################
+### LB L7 Policy ###
+####################
+module "openstack-lb" {
+  source = "git::https://github.com/thobiast/terraform-openstack-loadbalancer.git"
+
+  lb_name          = "example-l7-policy"
+  lb_vip_subnet_id = var.subnet_id
+
+  #################
+  # HTTP listener #
+  #################
+  listeners = {
+    # The map key "my_http_listener" is the listener key
+    # This same key will be used under "l7policies" map to attach L7 policies
+    my_http_listener = {
+      protocol      = "HTTP"
+      protocol_port = 80
+      # Must match a pool key from the "pools" map below.
+      default_pool_key = "app_default"
+    }
+  }
+
+  ###############################
+  # Two pools (default + admin) #
+  ###############################
+  pools = {
+    # The map key "app_default" is the pool key
+    # This is the default pool for normal traffic (non-/admin)
+    app_default = {
+      protocol = "HTTP"
+      monitor  = { type = "HTTP", delay = 5, timeout = 3, max_retries = 3 }
+      members = {
+        # One member per frontend instance
+        for inst in openstack_compute_instance_v2.frontend :
+        inst.name => {
+          address       = inst.network[0].fixed_ip_v4
+          protocol_port = 80
+        }
+      }
+    }
+    # The map key "app_admin" is the pool key
+    # This pool only receives traffic that matches the L7 /admin rule
+    app_admin = {
+      protocol = "HTTP"
+      monitor  = { type = "HTTP", delay = 5, timeout = 3, max_retries = 3 }
+      members = {
+        # One member per admin instance
+        for inst in openstack_compute_instance_v2.admin :
+        inst.name => {
+          address       = inst.network[0].fixed_ip_v4
+          protocol_port = 80
+        }
+      }
+    }
+  }
+
+  ################################################################
+  # L7 Policy: redirect /admin* to app_admin pool                #
+  # Example: curl http://<vip>/admin/   # goes to app_admin pool #
+  ################################################################
+  l7policies = {
+    # This map key MUST match the listener key in the "listeners" map
+    # In this case "my_http_listener"
+    my_http_listener = {
+      path_to_admin = {
+        action   = "REDIRECT_TO_POOL"
+        position = 1
+        # Redirect to the pool whose key is "app_admin" in "pools" map
+        redirect_pool_key = "app_admin"
+        rules = {
+          path_admin = { type = "PATH", compare_type = "STARTS_WITH", value = "/admin" }
+        }
+      }
+    }
+  }
+}
+
+#####################
+### LB VIP Output ###
+#####################
+output "vip_address" {
+  description = "Allocated VIP address"
+  value       = module.openstack-lb.vip_address
+}