update network

Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>

README.md

@@ -11,7 +11,7 @@ The goal is to create all cloud services from scratch.
 | [Exoscale](exoscale)   | 1.3.0  | CCM,Autoscaler     | many regions | ✗ |
 | [GCP](gcp-zonal)       | 0.14.0 | CCM,CSI,Autoscaler | one region, many zones | ✓ |
 | [Hetzner](hetzner)     | 1.3.0  | CCM,CSI,Autoscaler | many regions | ✗ |
-| [Openstack](openstack) | 1.1.0  | CCM,CSI            | many regions, many zones | ✓ |
+| [Openstack](openstack) | 1.3.0  | CCM,CSI            | many regions, many zones | ✓ |
 | [Oracle](oracle)       | 1.0.0  |                    | many regions, many zones | ✓ |
 | [Scaleway](scaleway)   | 1.3.0  | CCM,CSI            | one region | ✓ |
 

openstack/images/README.md

@@ -10,7 +10,7 @@ regions          = ["GRA7", "GRA9"]
 ```
 
 ```shell
-wget https://github.com/siderolabs/talos/releases/download/v1.1.0-beta.2/openstack-amd64.tar.gz
+wget https://github.com/siderolabs/talos/releases/download/v1.3.0/openstack-amd64.tar.gz
 tar -xzf openstack-amd64.tar.gz
 
 terraform init && terraform apply -auto-approve

openstack/images/images.tf

@@ -7,13 +7,14 @@ resource "openstack_images_image_v2" "talos" {
   disk_format      = "raw"
   min_disk_gb      = 5
   min_ram_mb       = 1
-  tags             = ["talos-1.1.0-beta.2"]
+  tags             = ["talos-1.3.0"]
 
   properties = {
-    hw_firmware_type = "uefi"
+    hw_qemu_guest_agent = "no"
-    hw_disk_bus      = "scsi"
+    hw_firmware_type    = "uefi"
-    hw_scsi_model    = "virtio-scsi"
+    hw_disk_bus         = "scsi"
-    support_rtm      = "yes"
+    hw_scsi_model       = "virtio-scsi"
+    support_rtm         = "no"
   }
 
   visibility      = "private"

openstack/images/versions.tf

@@ -3,8 +3,8 @@ terraform {
   required_providers {
     openstack = {
       source  = "terraform-provider-openstack/openstack"
-      version = "~> 1.47.0"
+      version = "~> 1.49.0"
     }
   }
-  required_version = ">= 1.0"
+  required_version = ">= 1.2"
 }

openstack/prepare/common.tf

@@ -1,9 +1,9 @@
 
-# data "openstack_networking_quota_v2" "quota" {
+data "openstack_networking_quota_v2" "quota" {
-#   for_each   = { for idx, name in var.regions : name => idx }
+  for_each   = { for idx, name in var.regions : name => idx }
-#   region     = each.key
+  region     = each.key
-#   project_id = var.project_id
+  project_id = var.project_id
-# }
+}
 
 resource "openstack_compute_keypair_v2" "keypair" {
   for_each   = { for idx, name in var.regions : name => idx }

openstack/prepare/network-gw.tf

@@ -22,7 +22,7 @@ data "openstack_networking_subnet_ids_v2" "external_v6" {
 # }
 
 resource "openstack_networking_router_v2" "nat" {
-  for_each            = { for idx, name in var.regions : name => idx if try(var.capabilities[name].gateway, false) }
+  for_each            = { for idx, name in var.regions : name => idx if try(var.capabilities[name].gateway, false) && data.openstack_networking_quota_v2.quota[name].router > 0 }
   region              = each.key
   name                = "nat-${openstack_networking_subnet_v2.private[each.key].name}"
   external_network_id = data.openstack_networking_network_v2.external[each.key].id
@@ -43,11 +43,10 @@ resource "openstack_networking_router_v2" "nat" {
 # }
 
 resource "openstack_networking_router_interface_v2" "private" {
-  for_each  = { for idx, name in var.regions : name => idx if try(var.capabilities[name].gateway, false) }
+  for_each  = { for idx, name in var.regions : name => idx if try(var.capabilities[name].gateway, false) && data.openstack_networking_quota_v2.quota[name].router > 0 }
   region    = each.key
   router_id = openstack_networking_router_v2.nat[each.key].id
   subnet_id = openstack_networking_subnet_v2.private[each.key].id
-  # port_id = openstack_networking_port_v2.gw_private[each.key].id
 }
 
 ### Soft router to peering networks
@@ -69,7 +68,7 @@ resource "openstack_networking_port_v2" "router" {
   admin_state_up = "true"
   fixed_ip {
     subnet_id  = openstack_networking_subnet_v2.private[each.key].id
-    ip_address = cidrhost(openstack_networking_subnet_v2.private[each.key].cidr, try(var.capabilities[each.key].gateway, false) ? 2 : 1)
+    ip_address = cidrhost(openstack_networking_subnet_v2.private[each.key].cidr, try(var.capabilities[each.key].gateway, false) && data.openstack_networking_quota_v2.quota[each.key].router > 0 ? 2 : 1)
   }
   # fixed_ip {
   #   subnet_id  = openstack_networking_subnet_v2.private_v6[each.key].id

openstack/prepare/network.tf

@@ -57,24 +57,25 @@ resource "openstack_networking_subnet_v2" "private_v6" {
   ip_version        = 6
   ipv6_address_mode = "slaac" # dhcpv6-stateless dhcpv6-stateful # slaac
   # ipv6_ra_mode      = "slaac" # dhcpv6-stateless dhcpv6-stateful
+  # dns_nameservers = ["2001:4860:4860::8888", "2606:4700:4700::1111"]
 }
 
 resource "openstack_networking_subnet_route_v2" "public_v4" {
-  for_each         = { for idx, name in var.regions : name => idx if try(var.capabilities[name].gateway, false) }
+  for_each         = { for idx, name in var.regions : name => idx if try(var.capabilities[name].gateway, false) && data.openstack_networking_quota_v2.quota[name].router > 0 }
   subnet_id        = openstack_networking_subnet_v2.public[each.key].id
   destination_cidr = var.network_cidr
   next_hop         = try(var.capabilities[each.key].gateway, false) ? cidrhost(openstack_networking_subnet_v2.private[each.key].cidr, 2) : cidrhost(openstack_networking_subnet_v2.private[each.key].cidr, 1)
 }
 
 resource "openstack_networking_subnet_route_v2" "private_v4" {
-  for_each         = { for idx, name in var.regions : name => idx if try(var.capabilities[name].gateway, false) }
+  for_each         = { for idx, name in var.regions : name => idx if try(var.capabilities[name].gateway, false) && data.openstack_networking_quota_v2.quota[name].router > 0 }
   subnet_id        = openstack_networking_subnet_v2.private[each.key].id
   destination_cidr = var.network_cidr
   next_hop         = try(var.capabilities[each.key].gateway, false) ? cidrhost(openstack_networking_subnet_v2.private[each.key].cidr, 2) : cidrhost(openstack_networking_subnet_v2.private[each.key].cidr, 1)
 }
 
 resource "openstack_networking_subnet_route_v2" "private_v6" {
-  for_each         = { for idx, name in var.regions : name => idx if try(var.capabilities[name].gateway, false) }
+  for_each         = { for idx, name in var.regions : name => idx if try(var.capabilities[name].gateway, false) && data.openstack_networking_quota_v2.quota[name].router > 0 }
   subnet_id        = openstack_networking_subnet_v2.private_v6[each.key].id
   destination_cidr = local.network_cidr_v6
   next_hop         = cidrhost(openstack_networking_subnet_v2.private_v6[each.key].cidr, 1)

openstack/prepare/versions.tf

@@ -3,8 +3,8 @@ terraform {
   required_providers {
     openstack = {
       source  = "terraform-provider-openstack/openstack"
-      version = "~> 1.47.0"
+      version = "~> 1.49.0"
     }
   }
-  required_version = ">= 1.0"
+  required_version = ">= 1.2"
 }