diff --git a/openstack-infrastructure-as-code-automation/README.md b/openstack-infrastructure-as-code-automation/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..b03db235df03b16ad97121c78e8394413c61f7a2
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/README.md
@@ -0,0 +1,26 @@
+# OpenStack Infrastructure as Code automation
+
+Examples of an infrastructure definition using openstack commandline project and terraform infrastructure description.
+
+## [G2 e-INFRA Ostrava cloud general demonstrations](/clouds/g2/ostrava/general/README.md)
+ * [shell and OpenStack command-line client](clouds/g2/ostrava/general/commandline)
+ * [terraform declarative language](clouds/g2/ostrava/general/terraform)
+
+## [G1 MetaCentrum/e-INFRA Brno general demonstrations](/clouds/g1/brno/general/README.md)
+ * [infrastructure in terraform HCL](clouds/g1/brno/general/terraform) (IaC, GitOps, DevOps)
+ * [shell and OpenStack command-line client](clouds/g1/brno/general/commandline)
+
+## [G1 Brno vo.enes.org demonstrations](/clouds/g1/brno/vo.enes.org/README.md)
+ * [infrastructure in terraform HCL](clouds/g1/brno/vo.enes.org/terraform) (IaC, GitOps, DevOps)
+ * [shell and OpenStack command-line client](clouds/g1/brno/vo.enes.org/commandline)
+
+## [G1 Brno Repet terraform Workshop](/clouds/g1/brno/repet-workshop/terraform/ost-terraform/README.md)
+
+## [G1 Brno Metaseminar hands-on](/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/README.md)
+ * [shell and OpenStack command-line client](clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/commandline)
+ * [terraform declarative language](clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project)
+
+## [G2 Ostrava cloud announcement demo](/clouds/g2/ostrava)
+ * [shell and OpenStack command-line client](clouds/g2/ostrava/general/commandline)
+ * [terraform declarative language](clouds/g2/ostrava/general/terraform)
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/common/lib.sh.inc b/openstack-infrastructure-as-code-automation/clouds/common/lib.sh.inc
new file mode 100644
index 0000000000000000000000000000000000000000..00a4bdc26eaf6b21cfd5bd6710de243804506a4f
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/common/lib.sh.inc
@@ -0,0 +1,191 @@
+#!/usr/bin/env bash
+# common functions
+
+#############################################################################
+# functions
+#############################################################################
+function report_tools() {
+ local commands=("openstack --version" "bash --version" "awk -W version"
+ "ssh -V" "which ssh-keygen" "ncat --version" "grep --version" )
+ local err_cnt=0
+ for i_cmd in "${commands[@]}" "$@"; do
+ echo "${i_cmd}:"
+ ${i_cmd} |& head -1 | awk '{print " " $0}'
+ [ "${PIPESTATUS[0]}" != "0" ] && let "err_cnt++"
+ done
+ [ "${err_cnt}" -gt 0 ] && return 2
+ return 0
+}
+
+function delete_object_if_exists() {
+ local object="$1"
+ local name="$2"
+
+ if openstack ${object} show "${name}" &>/dev/null; then
+ # delete
+ openstack ${object} delete "${name}" &>/dev/null
+ # wait for deletion
+ for ((i=0;i<10;i++)); do
+ openstack ${object} show "${name}" &>/dev/null || \
+ break
+ sleep 3
+ done
+ fi
+}
+
+function vm_wait_for_status() {
+ local name="$1"
+ local status="$2"
+ while true; do
+ i_status="$(openstack server show "${SERVER_NAME}" -f value -c status)"
+ echo -n "${i_status} "
+ if [ "${i_status}" == "${status}" ]; then
+ echo ""
+ break
+ fi
+ sleep 2
+ done
+}
+
+function test_vm_access() {
+ local ip="$1"
+ local port="${2:-"22"}"
+ for ((i=0;i<60;i++)); do
+ if ncat -z "${ip}" "${port}"; then
+ echo "VM is accessible at ${ip}:${port}"
+ break
+ else
+ echo -n .
+ fi
+ sleep 10
+ done
+}
+
+function test_vm_access_ncat() {
+ test_vm_access "$@"
+}
+
+function delete_common_objects() {
+ if [ -s "${FIP_FILE}" ]; then
+ echo -n 'floating-ip '
+ delete_object_if_exists "floating ip" "$(head -1 "${FIP_FILE}")"
+ rm -f "${FIP_FILE}"
+ fi
+ echo -n 'server '
+ delete_object_if_exists server "${SERVER_NAME}"
+ echo -n 'volume '
+ delete_object_if_exists volume "${EXTRA_VOLUME_NAME}"
+ echo -n 'keypair '
+ delete_object_if_exists keypair "${KEYPAIR_NAME}"
+}
+
+function delete_objects_group_project() {
+ delete_common_objects
+ if openstack router show "${ROUTER_NAME}" &>/dev/null; then
+ echo -n 'disconnect-router-from-subnet '
+ openstack router remove subnet "${ROUTER_NAME}" "${SUBNET_NAME}"
+ fi
+ echo -n 'router '
+ delete_object_if_exists router "${ROUTER_NAME}"
+ echo -n 'subnet '
+ delete_object_if_exists subnet "${SUBNET_NAME}"
+ echo -n 'network '
+ delete_object_if_exists network "${NETWORK_NAME}"
+ echo 'security-group'
+ delete_object_if_exists "security group" "${SECGROUP_NAME}"
+}
+
+function delete_objects_personal_project() {
+ delete_common_objects
+ echo 'security-group'
+ delete_object_if_exists "security group" "${SECGROUP_NAME}"
+}
+
+function list_objects() {
+ local regexp="${ENTITIES_PREFIX}-demo|${SUBNET_NAME}|${NETWORK_NAME}|${ROUTER_NAME}"
+ if [ -s "${FIP_FILE}" ]; then
+ regexp="${regexp}|$(head -1 "${FIP_FILE}")"
+ fi
+ for i_object in keypair network subnet router floating_ip security_group volume server ; do
+ i_objects="$(openstack ${i_object/_/ } list)"
+ if echo "${i_objects}" | grep -Eq "${regexp}"; then
+ echo "${i_object}s:"
+ echo "${i_objects}" | grep -E "^\| (ID|Name)|^\+---| ${regexp}" | awk '{print " " $0}'
+ fi
+ done
+}
+
+function duration_human() {
+ local secs="$1"
+ if [[ "${secs}" -lt 60 ]]; then
+ echo "${secs}s"
+ elif [[ "${secs}" -lt $((60*60)) ]]; then
+ echo "$((${secs} / 60))m$((${secs} % 60))s"
+ else
+ echo "$((${secs} / (60*60)))h$(( ( ${secs} % (60*60) ) /60 ))m$((${secs} % 60))s"
+ fi
+}
+
+function log() {
+ echo ""
+ echo -e "$@"
+ export STAGE_NAME="$@"
+}
+
+function log_section() {
+ local terminal_size="${COLUMNS}"
+ [ -z "${terminal_size}" -o "${terminal_size}" == "0" ] && terminal_size="$(tput cols)"
+
+ local input_string="$(echo -e "$@"| tail -1)"
+ local section_width=$(( ${terminal_size} - ${#input_string} - 2 ))
+ local section_character="="
+ local section_string=$(printf -- "${section_character}%.0s" $(seq 1 ${section_width}))
+ echo ""
+ echo -e "$@ ${section_string}"
+ export STAGE_NAME="$@"
+}
+
+function wait_keypress_timeout() {
+ local x=
+ local duration_seconds=${KEYPRESS_DURATION_SECONDS:-120}
+
+ echo -n "... (press Enter or wait $(duration_human ${duration_seconds}))"
+ read -t ${duration_seconds} x || \
+ echo " [keyboard input timed out]"
+}
+
+function log_keypress() {
+ log "$@"
+ wait_keypress_timeout
+}
+
+function log_section_keypress() {
+ log_section "$@"
+ wait_keypress_timeout
+}
+
+function is_personal_project() {
+ if [ -n "${OS_APPLICATION_CREDENTIAL_ID}" ]; then
+ local project_id="$(openstack application credential show ${OS_APPLICATION_CREDENTIAL_ID} -f value -c project_id)"
+ local user_id="$(openstack application credential show ${OS_APPLICATION_CREDENTIAL_ID} -f value -c user_id)"
+ local project_name="$(openstack project show "${project_id}" -fvalue -c name)"
+ local user_name="$(openstack user show "${user_id}" -fvalue -c name)"
+ echo "${project_name}"
+ [[ "${project_name}" == "${user_name}" && "${user_name}" =~ [a-fA-F0-9]+@[a-z.]+ ]]
+ elif [ -n "${OS_USERNAME}" -a -n "${OS_PROJECT_NAME}" ]; then
+ echo "${OS_PROJECT_NAME}"
+ [[ "${OS_PROJECT_NAME}" == "${OS_USERNAME}" && "${OS_USERNAME}" =~ [a-fA-F0-9]+@[a-z.]+ ]]
+ else
+ return 2
+ fi
+}
+
+function myexit() {
+ local ecode="${1:-0}"
+ if [ "${ecode}" == 0 ]; then
+ echo "Successfuly exiting from stage \"${STAGE_NAME}\""
+ else
+ echo -e "\nAbnormaly exiting from stage \"${STAGE_NAME}\""
+ fi
+ exit ${ecode}
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/common/pictures/basic-infrastructure.png b/openstack-infrastructure-as-code-automation/clouds/common/pictures/basic-infrastructure.png
new file mode 100644
index 0000000000000000000000000000000000000000..c866407bf731fac84926cb6e8e2c81ac026dc826
Binary files /dev/null and b/openstack-infrastructure-as-code-automation/clouds/common/pictures/basic-infrastructure.png differ
diff --git a/openstack-infrastructure-as-code-automation/clouds/common/pictures/single-tier-infra.png b/openstack-infrastructure-as-code-automation/clouds/common/pictures/single-tier-infra.png
new file mode 100644
index 0000000000000000000000000000000000000000..14997a46652615ceda5f4f8149e90b35843a4acc
Binary files /dev/null and b/openstack-infrastructure-as-code-automation/clouds/common/pictures/single-tier-infra.png differ
diff --git a/openstack-infrastructure-as-code-automation/clouds/common/pictures/two-tier-infra.png b/openstack-infrastructure-as-code-automation/clouds/common/pictures/two-tier-infra.png
new file mode 100644
index 0000000000000000000000000000000000000000..40dc7416d7f43e3a7e55888ab77a3543542face1
Binary files /dev/null and b/openstack-infrastructure-as-code-automation/clouds/common/pictures/two-tier-infra.png differ
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..e7cfda329751c1daa1215ee886d0aeb6ee515838
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/README.md
@@ -0,0 +1,15 @@
+# General IaaS infrastructure demo
+
+Assuming you are added into a group project and you can log in via [MetaCentrum OpenStack cloud dashboard](https://cloud.metacentrum.cz/) using one of supported federations (e-INFRA CZ, EGI CHeck-in, ...).
+
+We recommend to build custom cloud infrastructure with Terraform or openstack client rather than using [MetaCentrum OpenStack cloud Horizon UI dashboard](https://dashboard.cloud.muni.cz).
+
+Below demos show in detail how to do so.
+
+## [Terraform `general` demo](./terraform)
+
+Terraform demo shows how to automate building highly scalable IaaS infrastructure.
+
+## [OpenStack client `general` demo](./commandline)
+
+OpenStack shell script demo shows how to automate small IaaS infrastructure which does not need additional scalability.
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/commandline/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/commandline/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..3d375d7eb55b5ad071213270188327223ce1bed4
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/commandline/README.md
@@ -0,0 +1,28 @@
+# Build OpenStack infrastructure from command-line using openstack client
+
+## Pre-requisites
+ * Linux/Mac/WSL2 terminal
+ * BASH shell
+ * installed openstack client ([how?](https://docs.fuga.cloud/how-to-use-the-openstack-cli-tools-on-linux))
+ * MetaCentrum OpenStack cloud [group project granted](https://docs.e-infra.cz/compute/openstack/technical-reference/brno-site/get-access/#group-project).
+ * downloaded application credentials from OpenStack Horizon dashboard ([how?](https://docs.cloud.muni.cz/cloud/cli/#getting-credentials)) and store as text file `project_openrc.sh.inc`.
+
+## How to use the script
+```sh
+# in bash shell
+source project_openrc.sh.inc
+EXTRA_VOLUME_SIZE_GB=10 ./cmdline-demo.sh basic-infrastructure-1
+```
+See [linked reference execution](./cmdline-demo.sh.log).
+
+## Infrastructure schema
+How does the basic infrastructure looks like?
+* single VM (ubuntu-jammy)
+ * VM firewall opening port 22
+ * VM SSH keypair generated locally and pubkey uploaded to cloud
+ * attached additional volume (size 10GB)
+* private subnet and network
+* router to external internet
+* public floating ip address
+
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/commandline/cmdline-demo.sh b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/commandline/cmdline-demo.sh
new file mode 100755
index 0000000000000000000000000000000000000000..e791e0d4dc0a5f9b05275aff81ecdbee2f9d59f7
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/commandline/cmdline-demo.sh
@@ -0,0 +1,120 @@
+#!/usr/bin/env bash
+# general group project command-line demo
+# Usage: cmdline-demo.sh [ostack-entities-prefix/profile-name]
+#
+
+SCRIPT_DIR=$(dirname $(readlink -f $0))
+#############################################################################
+# variables
+#############################################################################
+ENTITIES_PREFIX="${1:-"${USER}_$(hostname)"}"
+EXTERNAL_NETWORK_NAME="public-muni-147-251-124-GROUP"
+KEYPAIR_NAME="${ENTITIES_PREFIX}-demo-keypair"
+NETWORK_NAME="${ENTITIES_PREFIX}-demo-network"
+SUBNET_NAME="${ENTITIES_PREFIX}-demo-subnet"
+SUBNET_CIDR="${SUBNET_CIDR:-"192.168.0.0/24"}"
+SERVER_NAME="${ENTITIES_PREFIX}-demo-server"
+FLAVOR_NAME="${FLAVOR_NAME:-"standard.small"}"
+IMAGE_NAME="${IMAGE_NAME:-"ubuntu-jammy-x86_64"}"
+VM_LOGIN="${VM_LOGIN:-"ubuntu"}"
+ROUTER_NAME="${ENTITIES_PREFIX}-demo-router"
+FIP_FILE="${ENTITIES_PREFIX}-demo-fip.txt"
+SECGROUP_NAME="${ENTITIES_PREFIX}-demo-secgroup"
+SSH_KEYPAIR_DIR="${HOME}/.ssh/generated-keypair"
+EXTRA_VOLUME_SIZE_GB=${EXTRA_VOLUME_SIZE_GB:-"10"}
+EXTRA_VOLUME_NAME="${ENTITIES_PREFIX}-demo-volume"
+EXTRA_VOLUME_TYPE="${EXTRA_VOLUME_TYPE:-"ceph-standard"}"
+SERVER_CREATE_ADDITIONAL_ARGS="${SERVER_CREATE_ADDITIONAL_ARGS:-""}"
+SERVER_EPHEMERAL_DISK_SIZE="${SERVER_EPHEMERAL_DISK_SIZE:-"0"}"
+#############################################################################
+# functions
+#############################################################################
+source ${SCRIPT_DIR}/../../../../common/lib.sh.inc
+
+#############################################################################
+# main steps
+#############################################################################
+log "Using commandline tools:"
+report_tools || myexit 1
+
+log "Using OpenStack cloud:"
+openstack version show | grep identity || myexit 1
+log "In project $(is_personal_project)"
+
+# delete objects (from previous run)
+log "Delete previously created objects in profile ${ENTITIES_PREFIX} (so we start from the nothing)"
+delete_objects_group_project
+
+log "List currently allocated objects (profile ${ENTITIES_PREFIX})"
+list_objects
+
+log_keypress "Create (generate) locally SSH keypair, upload public SSH key to cloud"
+mkdir -p ${SSH_KEYPAIR_DIR}
+chmod 700 ${SSH_KEYPAIR_DIR}
+ssh-keygen -t rsa -b 4096 -f "${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}"
+openstack keypair create --type ssh --public-key "${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}.pub" "${KEYPAIR_NAME}"
+ls -la ${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}*
+
+log_keypress "Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22"
+openstack security group create --description "${ENTITIES_PREFIX} demo default security group" "${SECGROUP_NAME}"
+openstack security group rule create --ingress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 22 "${SECGROUP_NAME}"
+openstack security group rule create --egress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 1:65535 "${SECGROUP_NAME}"
+
+log_keypress "Create cloud private network and subnet, so far isolated (CIDR:${SUBNET_CIDR})"
+openstack network create "${NETWORK_NAME}"
+NETWORK_ID=$(openstack network show "${NETWORK_NAME}" -f value -c id)
+openstack subnet create "${SUBNET_NAME}" --network "${NETWORK_ID}" --subnet-range "${SUBNET_CIDR}"
+
+if [ "${EXTRA_VOLUME_SIZE_GB}" -gt 0 ]; then
+ log_keypress "Create cloud VM extra volume \"${EXTRA_VOLUME_NAME}\" with following configuration:\n" \
+ " size: ${EXTRA_VOLUME_SIZE_GB} GB, volume type: ${EXTRA_VOLUME_TYPE}"
+ openstack volume create --type "${EXTRA_VOLUME_TYPE}" --size "${EXTRA_VOLUME_SIZE_GB}" ${EXTRA_VOLUME_NAME}
+fi
+
+if [ -n "${SERVER_EPHEMERAL_DISK_SIZE}" -a "${SERVER_EPHEMERAL_DISK_SIZE}" -gt "0" ]; then
+ SERVER_CREATE_ADDITIONAL_ARGS="${SERVER_CREATE_ADDITIONAL_ARGS} --ephemeral=size=${SERVER_EPHEMERAL_DISK_SIZE}"
+fi
+log_keypress "Create cloud VM instance \"${SERVER_NAME}\" with following configuration:\n" \
+ " flavor: ${FLAVOR_NAME}, image/os: ${IMAGE_NAME}, network: ${NETWORK_NAME}\n" \
+ " keypair: ${KEYPAIR_NAME}, sec-group/firewall: ${SECGROUP_NAME})" \
+ " additional arguments: ${SERVER_CREATE_ADDITIONAL_ARGS}"
+openstack server create --flavor "${FLAVOR_NAME}" --image "${IMAGE_NAME}" \
+ --network "${NETWORK_ID}" --key-name "${KEYPAIR_NAME}" \
+ --security-group "${SECGROUP_NAME}" ${SERVER_CREATE_ADDITIONAL_ARGS} "${SERVER_NAME}"
+SERVER_ID=$(openstack server show "${SERVER_NAME}" -f value -c id)
+
+log "Wait for VM instance \"${SERVER_NAME}\" being ACTIVE"
+vm_wait_for_status "${SERVER_NAME}" "ACTIVE"
+
+if [ "${EXTRA_VOLUME_SIZE_GB}" -gt 0 ]; then
+ log_keypress "Attach extra volume \"${EXTRA_VOLUME_NAME}\" (${EXTRA_VOLUME_SIZE_GB} GB) to VM \"${SERVER_NAME}\""
+ openstack server add volume ${SERVER_NAME} ${EXTRA_VOLUME_NAME} --device /dev/sdb
+fi
+
+log "Route VM from internal software defined networking outside"
+log_keypress " 1] Create route, associate router with external provider network and internal subnet (${SUBNET_CIDR})"
+openstack router create "${ROUTER_NAME}"
+openstack router set "${ROUTER_NAME}" --external-gateway "${EXTERNAL_NETWORK_NAME}"
+openstack router add subnet "${ROUTER_NAME}" "${SUBNET_NAME}"
+
+log_keypress " 2] Allocate single FIP (floating ip) from external provider network"
+FIP=$(openstack floating ip create "${EXTERNAL_NETWORK_NAME}" -f value -c name)
+echo "${FIP}" > "${FIP_FILE}"
+echo "Obtained public FIP ${FIP}"
+
+log_keypress " 3] Assign selected FIP with created VM"
+openstack server add floating ip "${SERVER_NAME}" "${FIP}"
+
+log "Test access to the VM server instance"
+log_keypress " 1] TCP ping (ncat -z ${FIP} 22)"
+test_vm_access "${FIP}"
+log_keypress " 2] SSH command (ssh -i ${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME} ${VM_LOGIN}@${FIP})"
+ssh-keygen -R ${FIP} &>/dev/null
+ssh -i "${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}" "${VM_LOGIN}@${FIP}" 'echo "";uname -a;uptime'
+
+log_keypress "Object summary in profile ${ENTITIES_PREFIX}"
+list_objects
+
+log_keypress "Teardown of the objects " \
+ "(Interrupt with CTRL-C if you want to keep the created infrastructure and skip its destruction)"
+delete_objects_group_project
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..36ef29301e6583ba2b763e63167bd6d68f74b568
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/README.md
@@ -0,0 +1,50 @@
+# Terraform demonstration
+
+This Terraform module creates up to two kind of VMs:
+ - public facing small bastion VM
+ - private VM farm
+
+Cloud-init add following:
+ - Add ssh keys, disable SSH password auth
+ - Create partition and filesystemand mount extra data from extra volume
+
+## Infrastructure schema
+
+### Two tier infrastructure: public bastion and private VM farm
+
+
+
+### Single tier infrastructure: public VM farm
+
+
+
+## Create Infrastructure
+
+1. Clone the repository.
+1. Load you OpenStack application credentials to environment variables `source project_openrc.sh.inc`
+1. Override any infrastructure variables in [main.tf](main.tf) file if needed. Full set of variables can be found in [modules/2tier_public_bastion_private_vm_farm/variables.tf](modules/2tier_public_bastion_private_vm_farm/variables.tf) or [modules/1tier-public-vm-farm/variables.tf](modules/1tier-public-vm-farm/variables.tf).
+1. In the [terraform root directory](/clouds/g1/brno/general/terraform) run following commands to initiate and validate environment
+ * `terraform init`
+ * `terraform validate`
+1. In the [same directory](/clouds/g1/brno/general/terraform) run commands to deploy cloud infrastructure
+ * `terraform plan --out plan`
+ * `terraform apply plan`
+1. Once you need to change the infrastructure, first modify the infrastructure declaration and repeat above steps to deploy changes.
+1. Similarly for resource teardown, once you want to clean-up cloud resources issue `terraform destroy`.
+
+
+Detailed terminal transcript can be found in [terminal-transcript.log](./terminal-transcript.log).
+
+
+## Access to the VM nodes
+
+In single tier infrastructure you access directly the individual VM nodes via SSH on public IP addresses.
+Two tier infrastructure requires the access following way:
+1. Establish the connection with bastion
+```sh
+sshuttle -r ubuntu@<bastion-ip>
+```
+1. Connect directly to VM nodes via SSH on private IP addresses:
+```sh
+ssh ubuntu@<vm-node-ip-from-10.10.10.0/24>
+```
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/main.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..a92b3e605ca9f94c588cbb11c2ccd4c4ca4d96a0
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/main.tf
@@ -0,0 +1,21 @@
+terraform {
+ backend "local" {}
+}
+
+module "toplevel" {
+ # two tier infrastructure (2tier_public_bastion_private_vm_farm module):
+ # * single public facing tiny bastion VM
+ # * <nodes_count> private HPC VM farm
+ source = "./modules/2tier_public_bastion_private_vm_farm"
+ # single tier infrastructure (1tier_public_vm_farm monule)
+ # * <nodes_count> public HPC VM farm
+ #source = "./modules/1tier_public_vm_farm"
+
+ infra_name = "general-tf-demo"
+
+ nodes_count = 2
+ nodes_extra_volume_size = 20 # in GB
+
+ #nodes_flavor = "standard.medium"
+ #nodes_image = "ubuntu-jammy-x86_64"
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/instances.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/instances.tf
new file mode 120000
index 0000000000000000000000000000000000000000..1b0affe75dec19d734fca77cad9c11ace98c3ed8
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/instances.tf
@@ -0,0 +1 @@
+../common/instances.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/keypair.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/keypair.tf
new file mode 120000
index 0000000000000000000000000000000000000000..77516d3e7806eb2637f74b83653fecbf63d490f9
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/keypair.tf
@@ -0,0 +1 @@
+../common/keypair.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/networks.tf
new file mode 120000
index 0000000000000000000000000000000000000000..09f02c14eabbdd83d5441fd2f735cb7cd9437258
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/networks.tf
@@ -0,0 +1 @@
+../common/networks.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/nodes-cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/nodes-cloudinit.txt
new file mode 120000
index 0000000000000000000000000000000000000000..cd96cf14a086f7a1ee2a9190b9f9379311d148f4
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/nodes-cloudinit.txt
@@ -0,0 +1 @@
+../common/nodes-cloudinit.txt
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/nodes-networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/nodes-networks.tf
new file mode 100644
index 0000000000000000000000000000000000000000..b97a8d6ef5bf6dc81f42bf42e2663024cbc5a980
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/nodes-networks.tf
@@ -0,0 +1,11 @@
+# Floating IPs
+resource "openstack_networking_floatingip_v2" "nodes_fips" {
+ count = var.nodes_count
+ pool = var.public_external_network
+}
+
+resource "openstack_compute_floatingip_associate_v2" "nodes_fips_associations" {
+ count = var.nodes_count
+ floating_ip = element(openstack_networking_floatingip_v2.nodes_fips.*.address, count.index)
+ instance_id = element(openstack_compute_instance_v2.nodes.*.id, count.index)
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/providers.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/providers.tf
new file mode 120000
index 0000000000000000000000000000000000000000..4b272fc455489e11a6b6570233567d2f234a0878
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/providers.tf
@@ -0,0 +1 @@
+../common/providers.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/secgroup_rules.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/secgroup_rules.tf
new file mode 120000
index 0000000000000000000000000000000000000000..b8efc8637cfbf34b857abcdadca20bc45f0b7430
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/secgroup_rules.tf
@@ -0,0 +1 @@
+../common/secgroup_rules.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/variables.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..c7238f086813874ba08687790e68c1681d854391
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/variables.tf
@@ -0,0 +1,81 @@
+variable "infra_name" {
+ description = "Infrastructure (profile) name. Used as a name prefix. Must match [a-zA-Z0-9-]+ regexp."
+ default = "general-tf-demo"
+}
+
+variable "ssh_public_key" {
+ default = "~/.ssh/id_rsa.pub"
+}
+
+
+#########################
+# master nodes settings #
+#########################
+
+variable "nodes_count" {
+ default = 1
+}
+
+variable "nodes_name" {
+ description = "Name of the nodes. Must match [a-zA-Z0-9-]+ regexp."
+ default = "server"
+}
+
+variable "bastion_name" {
+ description = "Name of the bastion VM. Must match [a-zA-Z0-9-]+ regexp."
+ default = "bastion-server"
+}
+
+variable "bastion_flavor" {
+ default = "standard.small"
+}
+
+variable "nodes_flavor" {
+ default = "standard.large"
+}
+
+
+variable "int_network" {
+ description = "Internal network address, use CIDR notation"
+ default = "10.10.10.0/24"
+}
+
+variable "public_external_network" {
+ description = "Cloud public external network pool"
+ default = "public-cesnet-195-113-167-GROUP"
+}
+
+
+variable "bastion_image" {
+ description = "Bastion OS: Image name"
+ default = "ubuntu-jammy-x86_64"
+}
+
+variable "nodes_image" {
+ description = "nodes OS: Image name"
+ default = "ubuntu-jammy-x86_64"
+}
+
+variable "bastion_ssh_user_name" {
+ default = "ubuntu"
+}
+
+variable "nodes_ssh_user_name" {
+ default = "ubuntu"
+}
+
+
+variable "nodes_volume_size" {
+ description = "The size of the volume to create (in gigabytes) for root filesystem. "
+ default = "10"
+}
+
+variable "nodes_extra_volume_size" {
+ description = "The size of the volume to create (in gigabytes) for extra data."
+ default = "10"
+}
+
+variable "nodes_extra_volume_type" {
+ description = "The type of extra volume."
+ default = "ceph-standard"
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/volumes.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/volumes.tf
new file mode 120000
index 0000000000000000000000000000000000000000..cfca71e1a757c5785a365745fc26c3c1c3c038bd
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/1tier_public_vm_farm/volumes.tf
@@ -0,0 +1 @@
+../common/volumes.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-cloudinit.txt
new file mode 100644
index 0000000000000000000000000000000000000000..13818fd8f5f2c90a7cf36e7e272c4e75c72edaeb
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-cloudinit.txt
@@ -0,0 +1,7 @@
+users:
+ - default
+ - name: ubuntu
+ shell: /bin/bash
+ ssh_authorized_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5fFLKPzxna7fq6kh1CHaIQFnpqXybqLqGs4ZpTDbIrEn7xjCsdyxMm9dcptyS0t6BzXO56BlJyYsR1GWo4rp3g8rMmb9u6/oHmMwgn7G/GLgsaAAO5XHW0A3UEJl3JHfCQLHkN1APQ4dy7gNTG24ahH/pcyr4rV0SsjPUCqFqkSMDZxRgfllNGftxWVHR2fYfPALLrGdhR/SjNSIs3pwBIUXaSfF3aBLsjeGBj4y5YsiR9yI3y2gUmpURROofTvtE7Fp8OIgmWCVqRe70CKDbl17HFbz3FIqYwZLAQHILcp1M45zV8koSOjW5+3C/ZJYzBKOnw/a/1Cw3uHFDrZfRqKLMP/gagnoEPRHjfmUsJ3UJO0eXDCXmnH7F48xBI76CgxYl039/SMmJ2mR0KqAHGnwqVmJI3yBGyK+Z4iEwk+JVDLEB14RHiMp2/I/tYpDWFE1IOigFFNLdfaZrVFY1/fD+yGGyFUO1Wo+CKb8tpndLB4H3Yj2MLRDP/aNpLC4M7Aru7hWnUF81aE/VUAqR6CP2vsHzlAOmH08pOlP9FVITinmJqzBL15l+W7q0Rhh4WBRO4ixlrtRJDNL2wm0vf+GiJnXligFtZ7Cw8bk/LcAe37WqcTl0xLKDyPSw4SvWOC2aE6BVuJjPAhoUUcBaNzoBa7lf4eb+FS4tquTZlQ== freznicek@LenovoThinkCentreE73
+ssh_pwauth: false
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-instance.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-instance.tf
new file mode 100644
index 0000000000000000000000000000000000000000..4aad5371fd76a15e0567960432230daa9980482e
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-instance.tf
@@ -0,0 +1,13 @@
+resource "openstack_compute_instance_v2" "bastion" {
+ name = "${var.infra_name}-${var.bastion_name}"
+ image_name = var.bastion_image
+ flavor_name = var.bastion_flavor
+ key_pair = openstack_compute_keypair_v2.pubkey.name
+ security_groups = [openstack_networking_secgroup_v2.secgroup_default.name]
+ user_data = "#cloud-config\nhostname: ${var.infra_name}-${var.bastion_name}.local\n${file("${path.module}/bastion-cloudinit.txt")}"
+
+ network {
+ uuid = openstack_networking_network_v2.network_default.id
+ port = openstack_networking_port_v2.bastion_port.id
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-networks.tf
new file mode 100644
index 0000000000000000000000000000000000000000..c7962e107fc13a10755d1ef22494f94e05fbf205
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-networks.tf
@@ -0,0 +1,20 @@
+# Floating IPs (only for bastion node)
+resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ pool = var.public_external_network
+}
+
+resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ floating_ip = openstack_networking_floatingip_v2.bastion_fip.address
+ instance_id = openstack_compute_instance_v2.bastion.id
+}
+
+# Ports
+resource "openstack_networking_port_v2" "bastion_port" {
+ name = "${var.infra_name}-${var.bastion_name}-port"
+ network_id = openstack_networking_network_v2.network_default.id
+ admin_state_up = "true"
+ security_group_ids = [openstack_networking_secgroup_v2.secgroup_default.id]
+ fixed_ip {
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/instances.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/instances.tf
new file mode 120000
index 0000000000000000000000000000000000000000..1b0affe75dec19d734fca77cad9c11ace98c3ed8
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/instances.tf
@@ -0,0 +1 @@
+../common/instances.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/keypair.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/keypair.tf
new file mode 120000
index 0000000000000000000000000000000000000000..77516d3e7806eb2637f74b83653fecbf63d490f9
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/keypair.tf
@@ -0,0 +1 @@
+../common/keypair.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/networks.tf
new file mode 120000
index 0000000000000000000000000000000000000000..09f02c14eabbdd83d5441fd2f735cb7cd9437258
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/networks.tf
@@ -0,0 +1 @@
+../common/networks.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/nodes-cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/nodes-cloudinit.txt
new file mode 120000
index 0000000000000000000000000000000000000000..cd96cf14a086f7a1ee2a9190b9f9379311d148f4
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/nodes-cloudinit.txt
@@ -0,0 +1 @@
+../common/nodes-cloudinit.txt
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/providers.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/providers.tf
new file mode 120000
index 0000000000000000000000000000000000000000..4b272fc455489e11a6b6570233567d2f234a0878
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/providers.tf
@@ -0,0 +1 @@
+../common/providers.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/secgroup_rules.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/secgroup_rules.tf
new file mode 120000
index 0000000000000000000000000000000000000000..b8efc8637cfbf34b857abcdadca20bc45f0b7430
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/secgroup_rules.tf
@@ -0,0 +1 @@
+../common/secgroup_rules.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/variables.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..c7238f086813874ba08687790e68c1681d854391
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/variables.tf
@@ -0,0 +1,81 @@
+variable "infra_name" {
+ description = "Infrastructure (profile) name. Used as a name prefix. Must match [a-zA-Z0-9-]+ regexp."
+ default = "general-tf-demo"
+}
+
+variable "ssh_public_key" {
+ default = "~/.ssh/id_rsa.pub"
+}
+
+
+#########################
+# master nodes settings #
+#########################
+
+variable "nodes_count" {
+ default = 1
+}
+
+variable "nodes_name" {
+ description = "Name of the nodes. Must match [a-zA-Z0-9-]+ regexp."
+ default = "server"
+}
+
+variable "bastion_name" {
+ description = "Name of the bastion VM. Must match [a-zA-Z0-9-]+ regexp."
+ default = "bastion-server"
+}
+
+variable "bastion_flavor" {
+ default = "standard.small"
+}
+
+variable "nodes_flavor" {
+ default = "standard.large"
+}
+
+
+variable "int_network" {
+ description = "Internal network address, use CIDR notation"
+ default = "10.10.10.0/24"
+}
+
+variable "public_external_network" {
+ description = "Cloud public external network pool"
+ default = "public-cesnet-195-113-167-GROUP"
+}
+
+
+variable "bastion_image" {
+ description = "Bastion OS: Image name"
+ default = "ubuntu-jammy-x86_64"
+}
+
+variable "nodes_image" {
+ description = "nodes OS: Image name"
+ default = "ubuntu-jammy-x86_64"
+}
+
+variable "bastion_ssh_user_name" {
+ default = "ubuntu"
+}
+
+variable "nodes_ssh_user_name" {
+ default = "ubuntu"
+}
+
+
+variable "nodes_volume_size" {
+ description = "The size of the volume to create (in gigabytes) for root filesystem. "
+ default = "10"
+}
+
+variable "nodes_extra_volume_size" {
+ description = "The size of the volume to create (in gigabytes) for extra data."
+ default = "10"
+}
+
+variable "nodes_extra_volume_type" {
+ description = "The type of extra volume."
+ default = "ceph-standard"
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/volumes.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/volumes.tf
new file mode 120000
index 0000000000000000000000000000000000000000..cfca71e1a757c5785a365745fc26c3c1c3c038bd
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/2tier_public_bastion_private_vm_farm/volumes.tf
@@ -0,0 +1 @@
+../common/volumes.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/instances.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/instances.tf
new file mode 100644
index 0000000000000000000000000000000000000000..82aa9fe251287cd0f36b4f56944e4f8768d51c55
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/instances.tf
@@ -0,0 +1,31 @@
+####################
+# Define instances #
+####################
+
+data "openstack_images_image_v2" "nodes_image" {
+ name = var.nodes_image
+}
+
+resource "openstack_compute_instance_v2" "nodes" {
+ count = var.nodes_count
+ name = "${var.infra_name}-${var.nodes_name}-${count.index+1}"
+ image_name = var.nodes_image
+ flavor_name = var.nodes_flavor
+ key_pair = openstack_compute_keypair_v2.pubkey.name
+ security_groups = [openstack_networking_secgroup_v2.secgroup_default.name]
+ user_data = "#cloud-config\nhostname: ${var.infra_name}-${var.nodes_name}-${count.index+1}.local\n${file("${path.module}/nodes-cloudinit.txt")}"
+
+ network {
+ uuid = openstack_networking_network_v2.network_default.id
+ port = element(openstack_networking_port_v2.nodes_ports.*.id, count.index)
+ }
+
+ block_device {
+ uuid = data.openstack_images_image_v2.nodes_image.id
+ source_type = "image"
+ volume_size = var.nodes_volume_size
+ destination_type = "local"
+ boot_index = 0
+ delete_on_termination = true
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/keypair.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/keypair.tf
new file mode 100644
index 0000000000000000000000000000000000000000..d52e2d66b33fa9e3410d84befbe2314a86c8f544
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/keypair.tf
@@ -0,0 +1,6 @@
+
+resource "openstack_compute_keypair_v2" "pubkey" {
+ name = "${var.infra_name}-keypair"
+ public_key = file("${var.ssh_public_key}")
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/networks.tf
new file mode 100644
index 0000000000000000000000000000000000000000..641864a441b6ac575051de8b6cc92338cec3aaaf
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/networks.tf
@@ -0,0 +1,38 @@
+resource "openstack_networking_network_v2" "network_default" {
+ name = "${var.infra_name}_network"
+ admin_state_up = "true"
+}
+
+resource "openstack_networking_subnet_v2" "subnet_default" {
+ name = "${var.infra_name}_subnet"
+ network_id = openstack_networking_network_v2.network_default.id
+ cidr = var.int_network
+ ip_version = 4
+ dns_nameservers = ["1.1.1.1", "8.8.8.8"]
+}
+
+data "openstack_networking_network_v2" "external_network" {
+ name = var.public_external_network
+}
+
+resource "openstack_networking_router_v2" "router_default" {
+ name = "${var.infra_name}_infra-test"
+ admin_state_up = "true"
+ external_network_id = data.openstack_networking_network_v2.external_network.id
+}
+
+resource "openstack_networking_router_interface_v2" "router_default_interface" {
+ router_id = openstack_networking_router_v2.router_default.id
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+}
+
+resource "openstack_networking_port_v2" "nodes_ports" {
+ count = var.nodes_count
+ name = "${var.infra_name}_${var.nodes_name}_port_${count.index+1}"
+ network_id = openstack_networking_network_v2.network_default.id
+ admin_state_up = "true"
+ security_group_ids = [openstack_networking_secgroup_v2.secgroup_default.id]
+ fixed_ip {
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/nodes-cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/nodes-cloudinit.txt
new file mode 100644
index 0000000000000000000000000000000000000000..29457ead3618aa7b77dadb1b41f054dd4280442c
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/nodes-cloudinit.txt
@@ -0,0 +1,21 @@
+users:
+ - default
+ - name: ubuntu
+ shell: /bin/bash
+ ssh_authorized_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5fFLKPzxna7fq6kh1CHaIQFnpqXybqLqGs4ZpTDbIrEn7xjCsdyxMm9dcptyS0t6BzXO56BlJyYsR1GWo4rp3g8rMmb9u6/oHmMwgn7G/GLgsaAAO5XHW0A3UEJl3JHfCQLHkN1APQ4dy7gNTG24ahH/pcyr4rV0SsjPUCqFqkSMDZxRgfllNGftxWVHR2fYfPALLrGdhR/SjNSIs3pwBIUXaSfF3aBLsjeGBj4y5YsiR9yI3y2gUmpURROofTvtE7Fp8OIgmWCVqRe70CKDbl17HFbz3FIqYwZLAQHILcp1M45zV8koSOjW5+3C/ZJYzBKOnw/a/1Cw3uHFDrZfRqKLMP/gagnoEPRHjfmUsJ3UJO0eXDCXmnH7F48xBI76CgxYl039/SMmJ2mR0KqAHGnwqVmJI3yBGyK+Z4iEwk+JVDLEB14RHiMp2/I/tYpDWFE1IOigFFNLdfaZrVFY1/fD+yGGyFUO1Wo+CKb8tpndLB4H3Yj2MLRDP/aNpLC4M7Aru7hWnUF81aE/VUAqR6CP2vsHzlAOmH08pOlP9FVITinmJqzBL15l+W7q0Rhh4WBRO4ixlrtRJDNL2wm0vf+GiJnXligFtZ7Cw8bk/LcAe37WqcTl0xLKDyPSw4SvWOC2aE6BVuJjPAhoUUcBaNzoBa7lf4eb+FS4tquTZlQ== freznicek@LenovoThinkCentreE73
+disk_setup:
+ /dev/sdb:
+ table_type: gpt
+ layout: true
+ overwrite: true
+fs_setup:
+- label: extra_data
+ filesystem: ext4
+ device: /dev/sdb1
+ cmd: mkfs -t %(filesystem)s -L %(label)s %(device)s
+runcmd:
+ - mkdir -p /mnt/data
+mounts:
+ - ["/dev/sdb1", "/mnt/data"]
+ssh_pwauth: false
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/providers.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/providers.tf
new file mode 100644
index 0000000000000000000000000000000000000000..411e68d2f037e32cb6c42beed58affa79a819964
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/providers.tf
@@ -0,0 +1,8 @@
+terraform {
+ required_providers {
+ openstack = {
+ source = "terraform-provider-openstack/openstack"
+ version = "~> 1.51.1"
+ }
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/secgroup_rules.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/secgroup_rules.tf
new file mode 100644
index 0000000000000000000000000000000000000000..1d4da810fc06110b5486ed101d67ad46671e40d7
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/secgroup_rules.tf
@@ -0,0 +1,82 @@
+##################################
+# Define Network Security Groups #
+##################################
+
+
+resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ name = "${var.infra_name}_security_group"
+ description = "${var.infra_name} Security group"
+}
+
+
+# Allow all internal TCP & UDP
+
+/* resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_alltcp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 1
+ port_range_max = 65535
+ remote_ip_prefix = var.int_network
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_alludp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "udp"
+ port_range_min = 1
+ port_range_max = 65535
+ remote_ip_prefix = var.int_network
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+} */
+
+
+# External communication
+# HTTP(S)
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 443
+ port_range_max = 443
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 80
+ port_range_max = 80
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+
+
+# ICMP
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "icmp"
+ port_range_min = 0
+ port_range_max = 0
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+# SSH
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 22
+ port_range_max = 22
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/volumes.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/volumes.tf
new file mode 100644
index 0000000000000000000000000000000000000000..d7bc3b03be84a4f8b942327e10d74adb1778a2f8
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/general/terraform/modules/common/volumes.tf
@@ -0,0 +1,14 @@
+# extra volume
+resource "openstack_blockstorage_volume_v3" "nodes_extra_volumes" {
+ count = var.nodes_count
+ name = "${var.infra_name}-extra-volume-${count.index+1}"
+ size = var.nodes_extra_volume_size
+ volume_type = var.nodes_extra_volume_type
+}
+
+resource "openstack_compute_volume_attach_v2" "nodes_extra_volumes_attachments" {
+ count = var.nodes_count
+ instance_id = element(openstack_compute_instance_v2.nodes.*.id, count.index)
+ volume_id = element(openstack_blockstorage_volume_v3.nodes_extra_volumes.*.id, count.index)
+ device = "/dev/sdb"
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..e3551583c9ae03528539d77247bb969a8ef6cdaf
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/README.md
@@ -0,0 +1,149 @@
+# meta-metaseminar-hands-on-2023-04-28 Infrastructure as Code demo
+
+There are presented two simple approaches:
+ * [infrastructure using terraform (best practice)](./terraform_group_project)
+ * [infrastructure using command-line openstack client](./commandline)
+
+
+## Hands-on container
+
+```sh
+docker pull registry.gitlab.ics.muni.cz:443/246254/metaseminar-hands-on-2023-04-28/hands-on-tools:latest
+```
+
+## Hands-on Horizon
+
+Using the OpenStack personal project.
+
+### 1. Generate SSH keypair
+You may need to have testing SSH key pair
+```sh
+# docker run -it --rm registry.gitlab.ics.muni.cz:443/246254/metaseminar-hands-on-2023-04-28/hands-on-tools:latest
+
+# generate in-container ssh keypair
+ssh-keygen -t rsa -b 4096
+cat ~/.ssh/id_rsa.pub
+```
+
+### 2. [Horizon UI login](https://dashboard.cloud.muni.cz)
+### 3. Register new SSH pubkey ([Compute -> Key Pairs](https://dashboard.cloud.muni.cz/project/key_pairs))
+### 4. Create VM ([Compute -> Instances -> Launch instance](https://dashboard.cloud.muni.cz/project/instances/))
+1. Details subpage: Specify Instance name.
+1. Source subpage: Select boot source image or existing bootable volume.
+1. Flavor subpage: Pick one of available (standard) flavors.
+1. Networks subpage: Pick one of the pre-created personal project networks. 147-251-115-pers-proj-net
+1. Network ports subpage: skip
+1. Security groups subpage: Pick default.
+1. Key Pair subpage: Pick created above keypair.
+1. Configuration subpage allows to define cloud-init configuration. Skip and Launch instance.
+
+### 5. VM inspection Compute -> Instances -> Pick instance
+
+* Overview
+ * Name & ID
+ * Spec i.e. flavor
+ * Security Groups, verify existing ingress rules
+ * Volumes attached
+* Interfaces
+ * selected network
+* (Console) Log
+ * inspect cloud-init modifications
+
+### 6. Associating FIP public IPv4 address
+
+### 7. Associating public IPv6 address
+
+### 8. Generating Application Credentials ([Identity -> Application Credentials](https://dashboard.cloud.muni.cz/identity/application_credentials/))
+
+
+## Hands-on command-line client in group project
+
+```sh
+# docker run -it --rm registry.gitlab.ics.muni.cz:443/246254/metaseminar-hands-on-2023-04-28/hands-on-tools:latest
+
+# read-in the openstack credentials
+source /tmp/ac/prod-metaseminar-hands-on-2023-04-28-openrc.sh.inc
+
+# test whether cloud is accessible
+openstack version show | grep identity
+
+cd openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/commandline/
+./cmdline-demo-group-project.sh freznicek-demo # use your own name as custom infrastructure prefix in the single hands-on project
+```
+
+## Hands-on terraform
+
+```sh
+# docker run -it --rm registry.gitlab.ics.muni.cz:443/246254/metaseminar-hands-on-2023-04-28/hands-on-tools:latest
+
+# generate in-container ssh keypair, if not done already
+[ -e ~/.ssh/id_rsa.pub ] || ssh-keygen -t rsa -b 4096
+cat ~/.ssh/id_rsa.pub
+...
+# read-in the openstack credentials
+source /tmp/ac/prod-metaseminar-hands-on-2023-04-28-openrc.sh.inc
+
+# test whether cloud is accessible
+openstack version show | grep identity
+
+# enter terraform workspace
+cd openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/
+
+# change infrastructure prefix
+mcedit main.tf # kusername = freznicek
+
+# initial deploy via terraform
+terraform init
+terraform validate
+terraform plan --out plan
+terraform apply plan
+
+# login to VM
+ncat -z <ip-address> 22
+ssh ubuntu@<ip-address>
+
+# doublecheck in horizon in meta-metaseminar-hands-on-2023-04-28 project
+# https://dashboard.cloud.muni.cz
+
+# scaling 1->3 VMs
+# https://gitlab.ics.muni.cz/cloud/g2/openstack-infrastructure-as-code-automation/-/blob/8c66c1502f2cba26cf9dd51e89c118966ba5e6ed/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/main.tf#L25
+mcedit main.tf # nodes_count = 3
+terraform validate
+terraform plan --out plan
+terraform apply plan
+
+# doublecheck in horizon in meta-metaseminar-hands-on-2023-04-28 project
+# https://dashboard.cloud.muni.cz
+
+# delete VM via Horizon, and re-deploy via Horizon
+# * point out idential internal IP address
+terraform validate && terraform plan --out plan && terraform apply plan
+
+# scaling 3->1 VMs
+# https://gitlab.ics.muni.cz/cloud/g2/openstack-infrastructure-as-code-automation/-/blob/8c66c1502f2cba26cf9dd51e89c118966ba5e6ed/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/main.tf#L25
+mcedit main.tf # nodes_count = 1
+terraform validate && terraform plan --out plan && terraform apply plan
+
+# doublecheck in horizon in meta-metaseminar-hands-on-2023-04-28 project
+# https://dashboard.cloud.muni.cz
+
+# two disks /dev/sd[ab]
+ssh ubuntu@<ip-address> 'lsblk'
+
+# add additional volume (not enough data)
+mcedit main.tf # sdc_volume = 1
+terraform validate && terraform plan --out plan && terraform apply plan
+
+# two disks /dev/sd[abc]
+ssh ubuntu@<ip-address> 'lsblk'
+
+# remove original volume
+mcedit main.tf # sdb_volume = 0
+terraform validate && terraform plan --out plan && terraform apply plan
+
+# two disks /dev/sd[ac]
+ssh ubuntu@<ip-address> 'lsblk'
+
+# destroy whole infrastructure
+terraform destroy
+```
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/commandline/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/commandline/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..a4aa7195653c58c1e5c64e02cab6c9438623b3b2
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/commandline/README.md
@@ -0,0 +1,16 @@
+# Build OpenStack infrastructure from command-line using openstack client
+
+## Pre-requisites
+ * Linux/Mac/WSL2 terminal
+ * installed openstack client ([how?](https://docs.fuga.cloud/how-to-use-the-openstack-cli-tools-on-linux))
+ * downloaded application credentials from OpenStack Horizon dashboard ([how?](https://docs.cloud.muni.cz/cloud/cli/#getting-credentials))
+
+
+## How to use the script
+```sh
+./cmdline-demo-group-project.sh "infrastructure-a"
+```
+
+## Infrastructure schema
+
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/commandline/cmdline-demo-group-project.sh b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/commandline/cmdline-demo-group-project.sh
new file mode 100755
index 0000000000000000000000000000000000000000..4e03c21e01a487e7d292e56335ee71a622efa7b6
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/commandline/cmdline-demo-group-project.sh
@@ -0,0 +1,100 @@
+#!/usr/bin/env bash
+# MetaCentrum MCC openstack command-line demo - group projecp
+# Usage: cmdline-demo-group-project.sh [ostack-entities-prefix]
+#
+
+SCRIPT_DIR=$(dirname $(readlink -f $0))
+#############################################################################
+# variables
+#############################################################################
+ENTITIES_PREFIX="${1:-"${USER}_$(hostname)"}"
+EXTERNAL_NETWORK_NAME="public-muni-147-251-124-GROUP"
+KEYPAIR_NAME="${ENTITIES_PREFIX}-demo-keypair"
+NETWORK_NAME="${ENTITIES_PREFIX}-demo-network"
+SUBNET_NAME="${ENTITIES_PREFIX}-demo-subnet"
+SUBNET_CIDR="192.168.0.0/24"
+SERVER_NAME="${ENTITIES_PREFIX}-demo-server"
+FLAVOR_NAME="standard.small"
+IMAGE_NAME="ubuntu-jammy-x86_64"
+VM_LOGIN="ubuntu"
+ROUTER_NAME="${ENTITIES_PREFIX}-demo-router"
+FIP_FILE="fip.txt"
+SECGROUP_NAME="${ENTITIES_PREFIX}-demo-secgroup"
+SSH_KEYPAIR_DIR="${HOME}/.ssh/generated-keypair"
+
+#############################################################################
+# functions
+#############################################################################
+source ${SCRIPT_DIR}/../../../../common/lib.sh.inc
+
+#############################################################################
+# main steps
+#############################################################################
+
+# test openstack client version
+if ! openstack --version; then
+ log "Install openstack client (yum / apt install python3-openstackclient)"
+fi
+
+# delete objects (from previous run)
+log "Delete previously created objects"
+delete_objects_group_project
+
+log "List currently allocated objects"
+list_objects
+
+log_keypress "Create (generate) locally SSH keypair, upload public SSH key to cloud"
+mkdir -p ${SSH_KEYPAIR_DIR}
+chmod 700 ${SSH_KEYPAIR_DIR}
+ssh-keygen -t rsa -b 4096 -f "${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}"
+openstack keypair create --type ssh --public-key "${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}.pub" "${KEYPAIR_NAME}"
+ls -la ${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}*
+
+log_keypress "Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22"
+openstack security group create --description "${ENTITIES_PREFIX} demo default security group" "${SECGROUP_NAME}"
+openstack security group rule create --ingress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 22 "${SECGROUP_NAME}"
+openstack security group rule create --egress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 1:65535 "${SECGROUP_NAME}"
+
+log_keypress "Create cloud private network and subnet, so far isolated (CIDR:${SUBNET_CIDR})"
+openstack network create "${NETWORK_NAME}"
+NETWORK_ID=$(openstack network show "${NETWORK_NAME}" -f value -c id)
+openstack subnet create "${SUBNET_NAME}" --network "${NETWORK_ID}" --subnet-range "${SUBNET_CIDR}"
+
+log_keypress "Create cloud VM instance \"${SERVER_NAME}\" with following configuration:\n" \
+ " flavor: ${FLAVOR_NAME}, image/os: ${IMAGE_NAME}, network: ${NETWORK_NAME}\n" \
+ " keypair: ${KEYPAIR_NAME}, sec-group/firewall: ${SECGROUP_NAME})"
+openstack server create --flavor "${FLAVOR_NAME}" --image "${IMAGE_NAME}" \
+ --network "${NETWORK_ID}" --key-name "${KEYPAIR_NAME}" \
+ --security-group "${SECGROUP_NAME}" "${SERVER_NAME}"
+SERVER_ID=$(openstack server show "${SERVER_NAME}" -f value -c id)
+
+log "Wait for VM instance \"${SERVER_NAME}\" being ACTIVE"
+vm_wait_for_status "${SERVER_NAME}" "ACTIVE"
+
+log "Route VM from internal software defined networking outside"
+log_keypress " 1] Create route, associate router with external provider network and internal subnet (${SUBNET_CIDR})"
+openstack router create "${ROUTER_NAME}"
+openstack router set "${ROUTER_NAME}" --external-gateway "${EXTERNAL_NETWORK_NAME}"
+openstack router add subnet "${ROUTER_NAME}" "${SUBNET_NAME}"
+
+log_keypress " 2] Allocate single FIP (floating ip) from external provider network"
+FIP=$(openstack floating ip create "${EXTERNAL_NETWORK_NAME}" -f value -c name)
+echo "${FIP}" > "${FIP_FILE}"
+echo "Obtained public FIP ${FIP}"
+
+log_keypress " 3] Assign selected FIP with created VM"
+openstack server add floating ip "${SERVER_NAME}" "${FIP}"
+
+log "Test access to the VM server instance"
+log_keypress " 1] TCP ping (ncat -z ${FIP} 22)"
+test_vm_access "${FIP}"
+log_keypress " 2] SSH command (ssh -i ${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME} ${VM_LOGIN}@${FIP})"
+ssh-keygen -R ${FIP} &>/dev/null
+ssh -i "${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}" "${VM_LOGIN}@${FIP}" 'echo "";uname -a;uptime'
+
+log_keypress "Object summary:"
+list_objects
+
+log_keypress "Teardown of the objects"
+delete_objects_group_project
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/commandline/obrazek.png b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/commandline/obrazek.png
new file mode 100644
index 0000000000000000000000000000000000000000..c866407bf731fac84926cb6e8e2c81ac026dc826
Binary files /dev/null and b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/commandline/obrazek.png differ
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..f525e3301bdf29e3d6ad95b9ef84a44d03505441
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/README.md
@@ -0,0 +1,41 @@
+# Build and maintain OpenStack infrastructure from command-line using terraform
+
+This Terraform module creates simple virtual infrastructure cluster in OpenStack.
+
+## Pre-requisites
+ * Linux/Mac/WSL2 terminal
+ * installed terraform ([how?](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli#install-terraform))
+ * downloaded application credentials from OpenStack Horizon dashboard ([how?](https://docs.cloud.muni.cz/cloud/cli/#getting-credentials))
+
+## Create Infrastructure
+
+1. Clone the repository.
+1. Load you OpenStack application credentials to environment variables `source ~/conf/prod-meta-cloud-new-openstack-all-roles-openrc.sh`
+1. Override any variable if needed. Every variable specified in [modules/infra/variables.tf](modules/infra/variables.tf) can be overridden in the [main.tf](main.tf) file in its *module* section.
+1. In the root folder run `terraform init`.
+1. In the root folder run `terraform validate`.
+1. Run `terraform plan -out plan1` to generate terraform plan.
+1. Run `terraform apply "plan1"` to apply the plan.
+
+## Destroy Infrastructure
+
+To delete all created resources run the following commands:
+
+```sh
+terraform plan -destroy -out plan1
+terraform apply "plan1"
+```
+
+## SSH to nodes
+
+### node with associated FIP
+Connecting to master is as easy as `ssh ubuntu@<any-master-ip>`
+
+### other nodes
+Establish SSH VPN to first head node using `sshuttle`.
+
+```sh
+sshuttle -r ubuntu@<any-master-ip> 192.168.0.0/24
+```
+
+Connection to any other node is then via SSH VPN (sshuttle) on internal network i.e. `ssh ubuntu@<vm-internal-ip-from-192.168.0.0/24>`
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/main.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..4b7cc4d2fa8f34fa817c57fee822620608556e3e
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/main.tf
@@ -0,0 +1,41 @@
+terraform {
+ backend "local" {}
+}
+
+terraform {
+ required_providers {
+ openstack = {
+ source = "terraform-provider-openstack/openstack"
+ version = "~> 1.47.0"
+ }
+ }
+}
+
+
+provider "openstack" {
+ # auth arguments are read from environment variables (sourced opestack RC file)
+ auth_url = "https://identity.cloud.muni.cz/v3"
+}
+
+
+module "demo" {
+ source = "./modules/infra"
+
+ # Example of variable override
+ nodes_count = 1
+ kusername = "metacentrum-seminar-hands-on"
+ public_key = "~/.ssh/id_rsa.pub"
+
+ nodes_flavor = "standard.small"
+ image = "ubuntu-jammy-x86_64"
+
+ int_network = "192.168.0.0/24"
+ pool = "public-muni-147-251-124-GROUP"
+
+ # attach additional single volumes
+ sdb_volume = 1 # 0/1 absent/present
+ sdb_volume_size = 1 # 1GB
+ sdc_volume = 0 # 0/1 absent/present
+ sdc_volume_size = 2 # 2GB
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/cloudinit.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b760d4eb67613269833858fb3bec83579c51d0ad
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/cloudinit.txt
@@ -0,0 +1,6 @@
+users:
+ - default
+ - name: ubuntu
+ shell: /bin/bash
+ ssh_authorized_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSS8J5AStswCnf2JQboCyue8JzX5T/Tsg68LasOT3XZkAMelVrjYBIZ/0P858WMTMW5Qc+ebSmbm0eOopuaN9FrZW2ZsaDyzPamAuxseoTkRV+7Oz5NOF0WCYspgLsbMcaQ+F+qrKzMJRLwduhL67inIJVYkgeXY6S1N2wZAEgYUE3jbZrhaGNA1kQf2dJoMtnikrtOB+vyZkLgFRfgjmq+ny5rCM277otFxwCHhm2+jrWtM8lPY6kJ6WcZfg2njdYW3Oda479jMUg28t4pjqmBygKl3MQ9MOVlJkde4Ez5LhTynXMkSPhH5PnzQrfkQMU2YozCNQ2KBiGDdB3Cd2Lqsou32zUk1/sKc+aN1+8jtm+iogpgYxAPwyCh8S/brVbDu9BerowNRMa4Nual/7YKdtwPEClFp34dgV7tvXVcnVF/TtAkJAUtd02Fh9iS2iM9IrC0gkDEBUr0HGY5U83zODf356aVGTE6hs65wsURGAT6z/DvWYZtMLWJB8Y3p7qHGV1N1OHSLDHgjzuhAHI54h8zhjQaiPsH3Yx4324D1ndtJX8DeWkKdzCNARnw8sfIUhCkwbgv0v6ZkDy8yP6jsHjBc89NjB9kNw1dZcnaDLNqGctcCy50BOeciBYC598i0hec2MieoN0Z2E7lbWZps/+0korxtIxp7TzcKfiKw== secureduser@securedhost
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/instances.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/instances.tf
new file mode 100644
index 0000000000000000000000000000000000000000..de02a10795eac09ce404c6d5e472d584582bcae3
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/instances.tf
@@ -0,0 +1,20 @@
+
+####################
+# Define instances #
+####################
+
+resource "openstack_compute_instance_v2" "nodes" {
+ count = var.nodes_count
+ name = "${var.kusername}-${var.nodes_name_prefix}-${count.index+1}"
+ image_name = var.image
+ flavor_name = var.nodes_flavor
+ key_pair = openstack_compute_keypair_v2.pubkey.name
+ security_groups = [openstack_networking_secgroup_v2.secgroup_default.name]
+ user_data = "#cloud-config\nhostname: ${var.kusername}-${var.nodes_name_prefix}-${count.index+1}.local\n${file("${path.module}/cloudinit.txt")}"
+
+ network {
+ uuid = openstack_networking_network_v2.network_default.id
+ port = element(openstack_networking_port_v2.ports.*.id, count.index)
+ }
+
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/main.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..9de28ef6fc670b7465f1440abf451ad6cccd8436
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/main.tf
@@ -0,0 +1,6 @@
+
+resource "openstack_compute_keypair_v2" "pubkey" {
+ name = "${var.kusername}-demo"
+ public_key = file("${var.public_key}")
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/networks.tf
new file mode 100644
index 0000000000000000000000000000000000000000..7f30c979a1755259a152897db21736e13b7630f2
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/networks.tf
@@ -0,0 +1,54 @@
+###############################################################
+# Define networking #
+# Security group rules are in separate file secgroup_rules.tf #
+###############################################################
+
+resource "openstack_networking_network_v2" "network_default" {
+ name = "${var.kusername}_demo"
+ admin_state_up = "true"
+}
+
+resource "openstack_networking_subnet_v2" "subnet_default" {
+ name = "${var.kusername}_demo"
+ network_id = openstack_networking_network_v2.network_default.id
+ cidr = var.int_network
+ ip_version = 4
+ dns_nameservers = ["1.1.1.1", "8.8.8.8"]
+}
+
+data "openstack_networking_network_v2" "terraform-demo-external-net" {
+ name = var.pool
+}
+
+resource "openstack_networking_router_v2" "router_default" {
+ name = "${var.kusername}_demo"
+ admin_state_up = "true"
+ external_network_id = data.openstack_networking_network_v2.terraform-demo-external-net.id
+}
+
+resource "openstack_networking_router_interface_v2" "terraform-demo-router-interface-1" {
+ router_id = openstack_networking_router_v2.router_default.id
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+}
+
+# Floating IPs (only for single (first) node)
+resource "openstack_networking_floatingip_v2" "fip" {
+ pool = var.pool
+}
+
+resource "openstack_compute_floatingip_associate_v2" "res_fip_associate" {
+ floating_ip = openstack_networking_floatingip_v2.fip.address
+ instance_id = openstack_compute_instance_v2.nodes[0].id
+}
+
+# Ports
+resource "openstack_networking_port_v2" "ports" {
+ count = var.nodes_count
+ name = "${var.kusername}_port_${count.index+1}"
+ network_id = openstack_networking_network_v2.network_default.id
+ admin_state_up = "true"
+ security_group_ids = [openstack_networking_secgroup_v2.secgroup_default.id]
+ fixed_ip {
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+ }
+}
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/output.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/output.tf
new file mode 100644
index 0000000000000000000000000000000000000000..c40645dd8c9d4b82bfeef453f4227d2f740cbd9c
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/output.tf
@@ -0,0 +1,7 @@
+output "node_instance_ip" {
+ value = openstack_compute_instance_v2.nodes[*].access_ip_v4
+}
+
+output "node_fip" {
+ value = openstack_networking_floatingip_v2.fip.address
+}
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/providers.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/providers.tf
new file mode 100644
index 0000000000000000000000000000000000000000..ef4ba65152b61ce99a5dfe96616724d08fad199b
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/providers.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_providers {
+ openstack = {
+ source = "terraform-provider-openstack/openstack"
+ version = "~> 1.47.0"
+ }
+ }
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/secgroup_rules.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/secgroup_rules.tf
new file mode 100644
index 0000000000000000000000000000000000000000..3d04ced43df7bd96881f9abcee8200898b232059
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/secgroup_rules.tf
@@ -0,0 +1,57 @@
+##################################
+# Define Network Security Groups #
+##################################
+
+
+resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ name = "${var.kusername}_demo"
+ description = "Security group for demo"
+}
+
+
+# Allow all internal TCP & UDP
+
+resource "openstack_networking_secgroup_rule_v2" "alltcp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 1
+ port_range_max = 32768
+ remote_ip_prefix = var.int_network
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "alludp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "udp"
+ port_range_min = 1
+ port_range_max = 32768
+ remote_ip_prefix = var.int_network
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+
+# External communication
+
+# ICMP
+resource "openstack_networking_secgroup_rule_v2" "icmp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "icmp"
+ port_range_min = 0
+ port_range_max = 0
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+# SSH
+resource "openstack_networking_secgroup_rule_v2" "ssh4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 22
+ port_range_max = 22
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/variables.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..24cf6b3f31ee13a13921d09b15a0a5c1f262c37d
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/variables.tf
@@ -0,0 +1,68 @@
+variable "kusername" {
+ description = "Name prefix for all resources. Use a-z, 0-9 and the hyphen (-) only."
+ default = "demo"
+}
+
+variable "public_key" {
+ default = "~/.ssh/id_rsa.pub"
+}
+
+##################
+# nodes settings #
+##################
+variable "nodes_count" {
+ default = 3
+}
+
+variable "nodes_name_prefix" {
+ description = "Use a-z, 0-9 and the hyphen (-) only."
+ default = ""
+}
+
+variable "nodes_flavor" {
+ default = "hpc.8core-32ram-ssd-ephem"
+}
+
+
+variable "int_network" {
+ description = "Internal network address, use CIDR notation"
+ default = "10.0.0.0/24"
+}
+
+variable "pool" {
+ description = "FIP pool"
+ default = "public-cesnet-195-113-167-GROUP"
+}
+
+variable "image" {
+ description = "Image used for virtual nodes"
+ default = "88f8e72a-bbf0-4ccc-8ff2-4f3188cd0d18"
+}
+
+variable "ssh_user_name" {
+ default = "ubuntu"
+}
+
+#########################
+# node volumes
+#########################
+
+variable "sdb_volume" {
+ description = "Number of volumes added to nodes as /dev/sdb (allowed values: 0 to disable attaching volumes, 1 volume to attach)"
+ default = 0
+}
+
+variable "sdb_volume_size" {
+ description = "Size of volume attached to nodes as /dev/sdb (in GB)"
+ default = 1
+}
+
+variable "sdc_volume" {
+ description = "Number of volumes added to nodes as /dev/sdc (allowed values: 0 to disable attaching volumes, 1 volume to attach)"
+ default = 0
+}
+
+variable "sdc_volume_size" {
+ description = "Size of volume attached to nodes as /dev/sdc (in GB)"
+ default = 1
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/volumes.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/volumes.tf
new file mode 100644
index 0000000000000000000000000000000000000000..26596f632fefff241d489ff7b748d125b69d0519
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/meta-metaseminar-hands-on-2023-04-28/terraform_group_project/modules/infra/volumes.tf
@@ -0,0 +1,30 @@
+
+# B volume[s]
+resource "openstack_blockstorage_volume_v3" "volumes_b" {
+ count = var.sdb_volume > 0 ? var.nodes_count : 0
+ name = "${var.kusername}-node-volume-b-${count.index+1}"
+ size = var.sdb_volume_size
+}
+
+resource "openstack_compute_volume_attach_v2" "volumes_b_attachments" {
+ count = var.sdb_volume > 0 ? var.nodes_count : 0
+ instance_id = element(openstack_compute_instance_v2.nodes.*.id, count.index)
+ volume_id = element(openstack_blockstorage_volume_v3.volumes_b.*.id, count.index)
+ device = "/dev/sdb"
+}
+
+# C volume[s]
+resource "openstack_blockstorage_volume_v3" "volumes_c" {
+ count = var.sdc_volume > 0 ? var.nodes_count : 0
+ name = "${var.kusername}-node-volume-c-${count.index+1}"
+ size = var.sdc_volume_size
+}
+
+resource "openstack_compute_volume_attach_v2" "volumes_c_attachments" {
+ count = var.sdc_volume > 0 ? var.nodes_count : 0
+ instance_id = element(openstack_compute_instance_v2.nodes.*.id, count.index)
+ volume_id = element(openstack_blockstorage_volume_v3.volumes_c.*.id, count.index)
+ device = "/dev/sdc"
+}
+
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..8968c994a39a0912d51b97bdb3ab25f011f0c071
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/README.md
@@ -0,0 +1,42 @@
+# Terraform Kubernetes Training
+
+This Terraform module creates up to 2 kind of VMs (each with different flavor) + 1 bastion with floating IP.
+
+Cloud-init add following:
+ - Add ssh keys and password settings for ubuntu user
+ - Install docker with the correct MTU and pull the image
+ - Install openstack-cli, source OpenStack application credentials, and download the file from swift
+
+## Create Infrastructure
+
+1. Clone the repository.
+1. Load you OpenStack application credentials to environment variables `source ~/conf/prod-meta-cloud-new-openstack-all-roles-openrc.sh`
+1. Override any variable if needed. Every variable specified in [modules/kube_training/variables.tf](modules/kube_training/variables.tf) can be overridden in the [main.tf](main.tf) file in its *module* section.
+1. If create infrastructure for kubespray see [this section](#kubespray)
+1. In the root folder run `terraform init`.
+1. In the root folder run `terraform validate`.
+1. Run `terraform plan -out plan1` to generate terraform plan.
+1. Run `terraform apply "plan1"` to apply the plan.
+
+## Kubespray
+
+If you want to access kube-api via HA floating IP you need create port with attached floating IP after installation kubernetes via kubespray.
+
+First, you have to apply infrastructure with `kube_fip = true` and `kube_fip_create_port = false` and after kubespray is installed, change to `kube_fip_create_port = true` and `terraform apply` again. Also, you can set `kube_vip` which has to be a free IP address in the given subnet.
+
+## Destroy Infrastructure
+
+To delete all created resources run the following commands:
+
+```
+terraform plan -destroy -out plan1
+terraform apply "plan1"
+```
+
+## SSH to Workers
+
+To connect to worker machines just use `sshuttle`.
+
+```
+sshuttle -r debian@<any-master-ip> 10.0.0.0/24 -x 147.251.62.9/32
+```
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/main.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..6d56f4dce095df7f3ef620f9acb3956b43e8b48d
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/main.tf
@@ -0,0 +1,26 @@
+terraform {
+ backend "local" {}
+}
+
+terraform {
+ required_providers {
+ openstack = {
+ source = "terraform-provider-openstack/openstack"
+ version = "~> 1.51.1"
+ }
+ }
+}
+
+module "infra_test" {
+ source = "./modules/infra_test"
+
+ public_key = "~/.ssh/klaris-tp.pub"
+
+ vm_name = "workshop"
+ nodes_a_count = 29
+ nodes_a_flavor = "hpc.8core-16ram"
+ nodes_b_count = 18
+ nodes_b_flavor = "elixir.8core-16ram"
+ volume_size = 100
+
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/cloudinit-bastion.txt b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/cloudinit-bastion.txt
new file mode 100644
index 0000000000000000000000000000000000000000..dcd6138f30d15b37a93ed6f617f8fdb80e42191c
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/cloudinit-bastion.txt
@@ -0,0 +1,18 @@
+users:
+ - default
+ - name: ubuntu
+ lock_passwd: false
+ shell: /bin/bash
+ passwd: '$6$rounds=4096$CVEJGzTk/UGHSJRO$5.gdZHaN58QZke5SKT4O6JgkSmWqlSfUvVNUBuzLt0q3HNKXrTRmSwyM1lh3BlzNiLYkC16QMJDZ83RJHpUCp1'
+ ssh_authorized_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7qrxujICTwg0TF/u/PuDkl7iPkOSUgqXzn758rMP82 brazdil@ics.muni.cz
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqqcqHexsYHlulbyGmfSj4Wmdw53fFB9rCGuaqtVOnIWZRudsQOCeJtF6aZ5Xaf5Qo8kli29aMnQJdSlK4oFJ17weLBSDTn1wvLgkvkiMhxyZ1HP/l448dEWt+ndm5T3ZMxFhe5+cLIf9YeRiv29xTkwd6jOSltbRhzbY6QB7Tpn7LlfcA2JOHSR3vs7xh3mNpYdeKdf5VvO9R0StvstUzxr7ydZtwVkl57SGI6m539040yG63U/xSYCHoR7/quLPSkDgaqzu6SrVG1LKsYY5/02C3F0VDhbiILeiacR6vB6qeOYD0UhlBtNLeR87r+HI3Gwovo3argVQ0sv5GFi/WQ4RTxng/EbTOIVbKRBGgwjfjoZ3MheOKfD4DELegsb3WnMzF1aCYdyDV3n1PbrXfw4Eko0M/qIaOHIUaqMxlLfhrDoKcdhuA9NSxCVm4ZwSXDGnSmjG3yuadco1f8+w1R2vTiqTqBIbSBAOurR0y8Eb6frSOZeHyFYQC6L2WgSgJu3QgfOBi5BydmGRhxOylXVWYmsFx5OnzFDVgOTFhLsiM0CYnWgLeqwaxdVJVoHt1OBgLyrMrYT/0GFK9Th/5QrBWwiR3RpqQPP5veNBzMw+pj6h2eIZwopYqvOC7fAtHjnqh7F0pwmEG32YBjM8THYcT16qGNW7gyQNgQRxoUw== berkas1-thinkpad
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5fFLKPzxna7fq6kh1CHaIQFnpqXybqLqGs4ZpTDbIrEn7xjCsdyxMm9dcptyS0t6BzXO56BlJyYsR1GWo4rp3g8rMmb9u6/oHmMwgn7G/GLgsaAAO5XHW0A3UEJl3JHfCQLHkN1APQ4dy7gNTG24ahH/pcyr4rV0SsjPUCqFqkSMDZxRgfllNGftxWVHR2fYfPALLrGdhR/SjNSIs3pwBIUXaSfF3aBLsjeGBj4y5YsiR9yI3y2gUmpURROofTvtE7Fp8OIgmWCVqRe70CKDbl17HFbz3FIqYwZLAQHILcp1M45zV8koSOjW5+3C/ZJYzBKOnw/a/1Cw3uHFDrZfRqKLMP/gagnoEPRHjfmUsJ3UJO0eXDCXmnH7F48xBI76CgxYl039/SMmJ2mR0KqAHGnwqVmJI3yBGyK+Z4iEwk+JVDLEB14RHiMp2/I/tYpDWFE1IOigFFNLdfaZrVFY1/fD+yGGyFUO1Wo+CKb8tpndLB4H3Yj2MLRDP/aNpLC4M7Aru7hWnUF81aE/VUAqR6CP2vsHzlAOmH08pOlP9FVITinmJqzBL15l+W7q0Rhh4WBRO4ixlrtRJDNL2wm0vf+GiJnXligFtZ7Cw8bk/LcAe37WqcTl0xLKDyPSw4SvWOC2aE6BVuJjPAhoUUcBaNzoBa7lf4eb+FS4tquTZlQ== freznicek@LenovoThinkCentreE73
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdXyv/LGi5DkOJtPwBqH7EEyXssxgdWqk2CgNx67Clc 506487@mail.muni.cz
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBakpaDhVZXXlrqo3mMQFUkvAYBeoU0fLuUHkiPyWPXeR7EhxQ+H2Gv8kMudqAa9Z+EtAcE80OEdtKJvA+oNgUoeHKtusxKshG4ipL2q9CNtNkGDm8kgwwgAPo2H8n/RGD+JMcGnUsuyroO1/Tjcg8uZJBQJaN3/WrYgYKYq9hms1nWLAg2R+STF0RZN2LLN75YbuM78ZbL+gO3fA3Nod6L17hpBFxHaTICU/P3Ho5duD7RST3YWWJ0Zt4utZ1mO6q+SxLc41ZwL/BDEKWSfRLGovqytjlf12ZYOASH3K4XlJPn22nJm/ji/rwvznDd8zMVnd72ZCgV5D4A3m6RM8EGzgxKXNbY11xIQoOWyCGBfxVi6I8mJWimFRozYZh/TuBoYYJuUCbmYkjk9bUpcrVO30oeMbPBCvtNHy8ojJMkISz/eglBXI0j1FrJZPZYd58idlXm6nWkRpG+wx70SwM0nNHQMBQS0SDWkPFxj0cpWkMZGp/OwsINZBTAX7jGbKkZj3UppAAx0zDfFLBG7TOkwDO6BLNM2cRE983Dg1OtwTEVKajqDtpOYHN9RwWezY4DjdDcnRG5IKYTYDR+Jn5viQfpJbbG4BN1fEWjzPbm8NSkXzn94HFHfizoleycmdWBoBhZT5KBKBgV5GCSv7yIEyv3ezbgV04ZhieqfBCLw== dominik.vasek@ics.muni.cz
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzqqUEiju2r72oiaQF4zMI/A/vziXSl7IuviEr2z6eh moravcova
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnjIVyeUk12qFbPPu5KvuFJ4xOVZZAp9W1q4oornrc+ klaris@klaris-tp
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDO9ap8pw3BwGTILl58FipGfDKg9Ao+Milwo/5tNzt08DbxQ9wmL9fP6nwRjJgE8vorVJ+86k+/R3lf3IGcktPgi0n3nYfu8UdVacSSw99Hs/HgfcMEnfwmvelHk1uYGFCNpo98Jrre+nWHFunGYFbTHbdM/bZT8hSB9TaKS4OxedX24aPM2L7GbP83sTXBzoLFNqwkX9s0WnYv2DUnVOKgyoUzJENs1uTfDWNQhYLrivPqrvGEbvYQ0iwaMDSM29m6yJ0I5Ibr5gafz2Cc93wqgQXgBuwZADJ7D0IS7iHinniXMTosbc4ORxhpi8LLWRTJibseOeaP4wucqfAeWkB/yuiWM3BDA5QPGklCXtydlCrropswhfdL66WSvAmVQI7iQbBepg2LPBNhr+0tQeCWfoNXtPBXEm38SG//SzFWYgKIl2eudNLNYTftlbA+++EniiA0YT1kCioW1pd/an5dogPtZimCtPIAwvnC8ukz+M9VTlwPHPG9+OLm2AbwwZjtxqluq8cdcnZN+7os+0TcXdp1hFCxQwhowV6SwyHAW5Y/UBcWpfCjRk5Tfki6RTwMmEujCmD6IzrS3N5xPbAEUB0/qYiSIcFcDejjLF41cD7MSBiowtFCtcDKcIw5iGX441DxCnF87RjAHzczVgt/S5hnHyhm7aYrsF4DY89rfw== radkin@ics.muni.cz
+ssh_pwauth: true
+runcmd:
+ - passwd -u ubuntu
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/cloudinit.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b4bc6d76f482ba0a970b029f0450f46a35db39b2
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/cloudinit.txt
@@ -0,0 +1,69 @@
+users:
+ - default
+ - name: ubuntu
+ lock_passwd: false
+ shell: /bin/bash
+ passwd: '$6$rounds=4096$CVEJGzTk/UGHSJRO$5.gdZHaN58QZke5SKT4O6JgkSmWqlSfUvVNUBuzLt0q3HNKXrTRmSwyM1lh3BlzNiLYkC16QMJDZ83RJHpUCp1'
+ ssh_authorized_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7qrxujICTwg0TF/u/PuDkl7iPkOSUgqXzn758rMP82 brazdil@ics.muni.cz
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqqcqHexsYHlulbyGmfSj4Wmdw53fFB9rCGuaqtVOnIWZRudsQOCeJtF6aZ5Xaf5Qo8kli29aMnQJdSlK4oFJ17weLBSDTn1wvLgkvkiMhxyZ1HP/l448dEWt+ndm5T3ZMxFhe5+cLIf9YeRiv29xTkwd6jOSltbRhzbY6QB7Tpn7LlfcA2JOHSR3vs7xh3mNpYdeKdf5VvO9R0StvstUzxr7ydZtwVkl57SGI6m539040yG63U/xSYCHoR7/quLPSkDgaqzu6SrVG1LKsYY5/02C3F0VDhbiILeiacR6vB6qeOYD0UhlBtNLeR87r+HI3Gwovo3argVQ0sv5GFi/WQ4RTxng/EbTOIVbKRBGgwjfjoZ3MheOKfD4DELegsb3WnMzF1aCYdyDV3n1PbrXfw4Eko0M/qIaOHIUaqMxlLfhrDoKcdhuA9NSxCVm4ZwSXDGnSmjG3yuadco1f8+w1R2vTiqTqBIbSBAOurR0y8Eb6frSOZeHyFYQC6L2WgSgJu3QgfOBi5BydmGRhxOylXVWYmsFx5OnzFDVgOTFhLsiM0CYnWgLeqwaxdVJVoHt1OBgLyrMrYT/0GFK9Th/5QrBWwiR3RpqQPP5veNBzMw+pj6h2eIZwopYqvOC7fAtHjnqh7F0pwmEG32YBjM8THYcT16qGNW7gyQNgQRxoUw== berkas1-thinkpad
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5fFLKPzxna7fq6kh1CHaIQFnpqXybqLqGs4ZpTDbIrEn7xjCsdyxMm9dcptyS0t6BzXO56BlJyYsR1GWo4rp3g8rMmb9u6/oHmMwgn7G/GLgsaAAO5XHW0A3UEJl3JHfCQLHkN1APQ4dy7gNTG24ahH/pcyr4rV0SsjPUCqFqkSMDZxRgfllNGftxWVHR2fYfPALLrGdhR/SjNSIs3pwBIUXaSfF3aBLsjeGBj4y5YsiR9yI3y2gUmpURROofTvtE7Fp8OIgmWCVqRe70CKDbl17HFbz3FIqYwZLAQHILcp1M45zV8koSOjW5+3C/ZJYzBKOnw/a/1Cw3uHFDrZfRqKLMP/gagnoEPRHjfmUsJ3UJO0eXDCXmnH7F48xBI76CgxYl039/SMmJ2mR0KqAHGnwqVmJI3yBGyK+Z4iEwk+JVDLEB14RHiMp2/I/tYpDWFE1IOigFFNLdfaZrVFY1/fD+yGGyFUO1Wo+CKb8tpndLB4H3Yj2MLRDP/aNpLC4M7Aru7hWnUF81aE/VUAqR6CP2vsHzlAOmH08pOlP9FVITinmJqzBL15l+W7q0Rhh4WBRO4ixlrtRJDNL2wm0vf+GiJnXligFtZ7Cw8bk/LcAe37WqcTl0xLKDyPSw4SvWOC2aE6BVuJjPAhoUUcBaNzoBa7lf4eb+FS4tquTZlQ== freznicek@LenovoThinkCentreE73
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdXyv/LGi5DkOJtPwBqH7EEyXssxgdWqk2CgNx67Clc 506487@mail.muni.cz
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBakpaDhVZXXlrqo3mMQFUkvAYBeoU0fLuUHkiPyWPXeR7EhxQ+H2Gv8kMudqAa9Z+EtAcE80OEdtKJvA+oNgUoeHKtusxKshG4ipL2q9CNtNkGDm8kgwwgAPo2H8n/RGD+JMcGnUsuyroO1/Tjcg8uZJBQJaN3/WrYgYKYq9hms1nWLAg2R+STF0RZN2LLN75YbuM78ZbL+gO3fA3Nod6L17hpBFxHaTICU/P3Ho5duD7RST3YWWJ0Zt4utZ1mO6q+SxLc41ZwL/BDEKWSfRLGovqytjlf12ZYOASH3K4XlJPn22nJm/ji/rwvznDd8zMVnd72ZCgV5D4A3m6RM8EGzgxKXNbY11xIQoOWyCGBfxVi6I8mJWimFRozYZh/TuBoYYJuUCbmYkjk9bUpcrVO30oeMbPBCvtNHy8ojJMkISz/eglBXI0j1FrJZPZYd58idlXm6nWkRpG+wx70SwM0nNHQMBQS0SDWkPFxj0cpWkMZGp/OwsINZBTAX7jGbKkZj3UppAAx0zDfFLBG7TOkwDO6BLNM2cRE983Dg1OtwTEVKajqDtpOYHN9RwWezY4DjdDcnRG5IKYTYDR+Jn5viQfpJbbG4BN1fEWjzPbm8NSkXzn94HFHfizoleycmdWBoBhZT5KBKBgV5GCSv7yIEyv3ezbgV04ZhieqfBCLw== dominik.vasek@ics.muni.cz
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzqqUEiju2r72oiaQF4zMI/A/vziXSl7IuviEr2z6eh moravcova
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnjIVyeUk12qFbPPu5KvuFJ4xOVZZAp9W1q4oornrc+ klaris@klaris-tp
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDO9ap8pw3BwGTILl58FipGfDKg9Ao+Milwo/5tNzt08DbxQ9wmL9fP6nwRjJgE8vorVJ+86k+/R3lf3IGcktPgi0n3nYfu8UdVacSSw99Hs/HgfcMEnfwmvelHk1uYGFCNpo98Jrre+nWHFunGYFbTHbdM/bZT8hSB9TaKS4OxedX24aPM2L7GbP83sTXBzoLFNqwkX9s0WnYv2DUnVOKgyoUzJENs1uTfDWNQhYLrivPqrvGEbvYQ0iwaMDSM29m6yJ0I5Ibr5gafz2Cc93wqgQXgBuwZADJ7D0IS7iHinniXMTosbc4ORxhpi8LLWRTJibseOeaP4wucqfAeWkB/yuiWM3BDA5QPGklCXtydlCrropswhfdL66WSvAmVQI7iQbBepg2LPBNhr+0tQeCWfoNXtPBXEm38SG//SzFWYgKIl2eudNLNYTftlbA+++EniiA0YT1kCioW1pd/an5dogPtZimCtPIAwvnC8ukz+M9VTlwPHPG9+OLm2AbwwZjtxqluq8cdcnZN+7os+0TcXdp1hFCxQwhowV6SwyHAW5Y/UBcWpfCjRk5Tfki6RTwMmEujCmD6IzrS3N5xPbAEUB0/qYiSIcFcDejjLF41cD7MSBiowtFCtcDKcIw5iGX441DxCnF87RjAHzczVgt/S5hnHyhm7aYrsF4DY89rfw== radkin@ics.muni.cz
+packages:
+ - apt-transport-https
+ - ca-certificates
+ - curl
+ - gnupg
+ - lsb-release
+ - unattended-upgrades
+ - python3-pip
+ - python3-minimal
+runcmd:
+ - /opt/script.sh
+write_files:
+ - path: /etc/docker/daemon.json
+ permissions: '0644'
+ content: |
+ {
+ "mtu": 1442
+ }
+ - path: /opt/script.sh
+ permissions: '0755'
+ content: |
+ #! /bin/bash
+ passwd -u ubuntu
+ python3 -mpip install openstackclient
+ mkdir -p /etc/apt/keyrings
+ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+ echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+ apt-get update
+ apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
+ systemctl enable docker
+ systemctl start docker
+ docker pull urgi/docker_vre_aio
+ mkdir /home/ubuntu/work_dir
+ wget -P /home/ubuntu/work_dir https://urgi.versailles.inrae.fr/download/repet/banks/REXdb/Viridiplantae_v3.0_ALL_protein-domains_repet_formated.fsa
+ source /opt/source.sh
+ openstack object save --file /home/ubuntu/work_dir/AthaChr4.fa repet-workshop AthaChr4.fa
+ chown -R ubuntu:ubuntu /home/ubuntu/work_dir
+ - path: /opt/source.sh
+ permissions: '0664'
+ content: |
+ #!/usr/bin/env bash
+
+ export OS_AUTH_TYPE=v3applicationcredential
+ export OS_AUTH_URL=https://identity.cloud.muni.cz/v3
+ export OS_IDENTITY_API_VERSION=3
+ export OS_REGION_NAME="brno1"
+ export OS_INTERFACE=public
+ export OS_APPLICATION_CREDENTIAL_ID=xxxxxxxxxxxxxxxxxxxxx
+ export OS_APPLICATION_CREDENTIAL_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+# - path: /etc/ssh/sshd_config.d/sample.conf
+# content: |
+# PasswordAuthentication yes
+# append: true
+ssh_pwauth: true
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/instances.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/instances.tf
new file mode 100644
index 0000000000000000000000000000000000000000..de81861bd3136cd561f8fd4bbcf90e9c91c02bb9
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/instances.tf
@@ -0,0 +1,65 @@
+####################
+# Define instances #
+####################
+resource "openstack_compute_instance_v2" "bastion" {
+ count = var.bastion_count ? 1 : 0
+ name = "${var.vm_name}-bastion"
+ image_id = var.image
+ flavor_name = var.bastion_flavor
+ key_pair = openstack_compute_keypair_v2.pubkey.name
+ security_groups = [openstack_networking_secgroup_v2.secgroup_default.name]
+ user_data = "#cloud-config\nhostname: ${var.vm_name}-bastion.local\n${file("${path.module}/cloudinit-bastion.txt")}"
+
+ network {
+ uuid = openstack_networking_network_v2.network_default.id
+ port = element(openstack_networking_port_v2.bastion_ports.*.id, count.index)
+ }
+}
+
+resource "openstack_compute_instance_v2" "nodes_a" {
+ count = var.nodes_a_count
+ name = "${var.vm_name}-a-${count.index+1}"
+ image_id = var.image
+ flavor_name = var.nodes_a_flavor
+ key_pair = openstack_compute_keypair_v2.pubkey.name
+ security_groups = [openstack_networking_secgroup_v2.secgroup_default.name]
+ user_data = "#cloud-config\nhostname: ${var.vm_name}-${count.index+1}.local\n${file("${path.module}/cloudinit.txt")}"
+
+ network {
+ uuid = openstack_networking_network_v2.network_default.id
+ port = element(openstack_networking_port_v2.nodes_a_ports.*.id, count.index)
+ }
+
+ block_device {
+ uuid = var.image
+ source_type = "image"
+ volume_size = var.volume_size
+ destination_type = "local"
+ boot_index = 0
+ delete_on_termination = true
+ }
+}
+
+resource "openstack_compute_instance_v2" "nodes_b" {
+ count = var.nodes_b_count
+ name = "${var.vm_name}-b-${count.index+1}"
+ image_id = var.image
+ flavor_name = var.nodes_b_flavor
+ key_pair = openstack_compute_keypair_v2.pubkey.name
+ security_groups = [openstack_networking_secgroup_v2.secgroup_default.name]
+ user_data = "#cloud-config\nhostname: ${var.vm_name}-${count.index+1}.local\n${file("${path.module}/cloudinit.txt")}"
+
+ network {
+ uuid = openstack_networking_network_v2.network_default.id
+ port = element(openstack_networking_port_v2.nodes_b_ports.*.id, count.index)
+ }
+
+ block_device {
+ uuid = var.image
+ source_type = "image"
+ volume_size = var.volume_size
+ destination_type = "local"
+ boot_index = 0
+ delete_on_termination = true
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/main.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..c5a260b205e59f287907777933654a68242c070e
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/main.tf
@@ -0,0 +1,6 @@
+
+resource "openstack_compute_keypair_v2" "pubkey" {
+ name = "${var.vm_name}-infra-test"
+ public_key = file("${var.public_key}")
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/networks.tf
new file mode 100644
index 0000000000000000000000000000000000000000..24a89f41b03932e1c68f2663d7b57b86a211385a
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/networks.tf
@@ -0,0 +1,78 @@
+###############################################################
+# Define networking #
+# Security group rules are in separate file secgroup_rules.tf #
+###############################################################
+
+resource "openstack_networking_network_v2" "network_default" {
+ name = "${var.vm_name}_infra_test"
+ admin_state_up = "true"
+}
+
+resource "openstack_networking_subnet_v2" "subnet_default" {
+ name = "${var.vm_name}_infra_test"
+ network_id = openstack_networking_network_v2.network_default.id
+ cidr = var.int_network
+ ip_version = 4
+ dns_nameservers = ["1.1.1.1", "8.8.8.8"]
+}
+
+data "openstack_networking_network_v2" "terraform-demo-external-net" {
+ name = var.pool
+}
+
+resource "openstack_networking_router_v2" "router_default" {
+ name = "${var.vm_name}_infra-test"
+ admin_state_up = "true"
+ external_network_id = data.openstack_networking_network_v2.terraform-demo-external-net.id
+}
+
+resource "openstack_networking_router_interface_v2" "terraform-demo-router-interface-1" {
+ router_id = openstack_networking_router_v2.router_default.id
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+}
+
+# Floating IPs (only for bastion node)
+resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ pool = var.pool
+}
+
+resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ count = var.bastion_count ? 1 : 0
+ floating_ip = openstack_networking_floatingip_v2.bastion_fip.address
+ instance_id = openstack_compute_instance_v2.bastion[0].id
+}
+
+# Ports
+resource "openstack_networking_port_v2" "bastion_ports" {
+ count = var.bastion_count ? 1 : 0
+ name = "${var.vm_name}_bastion_port_${count.index+1}"
+ network_id = openstack_networking_network_v2.network_default.id
+ admin_state_up = "true"
+ security_group_ids = [openstack_networking_secgroup_v2.secgroup_default.id]
+ fixed_ip {
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+ }
+}
+
+resource "openstack_networking_port_v2" "nodes_a_ports" {
+ count = var.nodes_a_count
+ name = "${var.vm_name}_nodes_a_port_${count.index+1}"
+ network_id = openstack_networking_network_v2.network_default.id
+ admin_state_up = "true"
+ security_group_ids = [openstack_networking_secgroup_v2.secgroup_default.id]
+ fixed_ip {
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+ }
+}
+
+resource "openstack_networking_port_v2" "nodes_b_ports" {
+ count = var.nodes_b_count
+ name = "${var.vm_name}_nodes_b_port_${count.index+1}"
+ network_id = openstack_networking_network_v2.network_default.id
+ admin_state_up = "true"
+ security_group_ids = [openstack_networking_secgroup_v2.secgroup_default.id]
+ fixed_ip {
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+ }
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/output.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/output.tf
new file mode 100644
index 0000000000000000000000000000000000000000..8a8a332b916121e11f92be2a46fbae9ed7c2d27a
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/output.tf
@@ -0,0 +1,23 @@
+output "bastion_instance_ip" {
+ value = openstack_compute_instance_v2.bastion[*].access_ip_v4
+}
+
+output "bastion_floating_ip" {
+ value = openstack_compute_floatingip_associate_v2.bastion_fip_associate[*].floating_ip
+}
+
+output "nodes_a_instance_ip" {
+ value = openstack_compute_instance_v2.nodes_a[*].access_ip_v4
+}
+
+output "nodes_a_name" {
+ value = openstack_compute_instance_v2.nodes_a[*].name
+}
+
+output "nodes_b_instance_ip" {
+ value = openstack_compute_instance_v2.nodes_b[*].access_ip_v4
+}
+
+output "nodes_b_name" {
+ value = openstack_compute_instance_v2.nodes_b[*].name
+}
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/providers.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/providers.tf
new file mode 100644
index 0000000000000000000000000000000000000000..411e68d2f037e32cb6c42beed58affa79a819964
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/providers.tf
@@ -0,0 +1,8 @@
+terraform {
+ required_providers {
+ openstack = {
+ source = "terraform-provider-openstack/openstack"
+ version = "~> 1.51.1"
+ }
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/secgroup_rules.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/secgroup_rules.tf
new file mode 100644
index 0000000000000000000000000000000000000000..877e39385e65d7f52767b0d810b5d30c6346c792
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/secgroup_rules.tf
@@ -0,0 +1,96 @@
+##################################
+# Define Network Security Groups #
+##################################
+
+
+resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ name = "${var.vm_name}_infra-test"
+ description = "Security group for Kubernetes demo"
+}
+
+
+# Allow all internal TCP & UDP
+
+/* resource "openstack_networking_secgroup_rule_v2" "alltcp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 1
+ port_range_max = 65535
+ remote_ip_prefix = var.int_network
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "alludp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "udp"
+ port_range_min = 1
+ port_range_max = 65535
+ remote_ip_prefix = var.int_network
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+} */
+
+
+# External communication
+# HTTP(S)
+
+resource "openstack_networking_secgroup_rule_v2" "https4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 443
+ port_range_max = 443
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "http4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 80
+ port_range_max = 80
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+
+
+# ICMP
+
+resource "openstack_networking_secgroup_rule_v2" "icmp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "icmp"
+ port_range_min = 0
+ port_range_max = 0
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+
+
+# SSH
+
+resource "openstack_networking_secgroup_rule_v2" "ssh4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 22
+ port_range_max = 22
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+# LB
+
+/* resource "openstack_networking_secgroup_rule_v2" "lb4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 6443
+ port_range_max = 6443
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+} */
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/variables.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..8274cfdd3bca0fefc513980add5f28568cf13de5
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/modules/infra_test/variables.tf
@@ -0,0 +1,67 @@
+variable "vm_name" {
+ description = "Name prefix for all resources. Use a-z, 0-9 and the hyphen (-) only."
+ default = "infra-test"
+}
+
+variable "public_key" {
+ default = "~/.ssh/id_rsa.pub"
+}
+
+#########################
+# master nodes settings #
+#########################
+variable "bastion_count" {
+ type = bool
+ default = true
+}
+
+variable "nodes_a_count" {
+ default = 3
+}
+
+variable "nodes_b_count" {
+ default = 3
+}
+
+variable "nodes_name_prefix" {
+ description = "Use a-z, 0-9 and the hyphen (-) only."
+ default = "master"
+}
+
+variable "bastion_flavor" {
+ default = "elixir.16core-64ram"
+}
+
+
+variable "nodes_a_flavor" {
+ default = "hpc.8core-16ram"
+}
+
+variable "nodes_b_flavor" {
+ default = "hpc.8core-16ram-ssd-ephem"
+}
+
+variable "int_network" {
+ description = "Internal network address, use CIDR notation"
+ default = "10.0.0.0/24"
+}
+
+variable "pool" {
+ description = "FIP pool"
+ default = "public-cesnet-195-113-167-GROUP"
+}
+
+
+variable "image" {
+ description = "Image used for both master and worker servers"
+ default = "88f8e72a-bbf0-4ccc-8ff2-4f3188cd0d18"
+}
+
+variable "ssh_user_name" {
+ default = "ubuntu"
+}
+
+variable "volume_size" {
+ description = "The size of the volume to create (in gigabytes). "
+ default = "50"
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/output.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/output.tf
new file mode 100644
index 0000000000000000000000000000000000000000..91175aefe3b635db8bc9d9c15444fe250e9b0d1d
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/output.tf
@@ -0,0 +1,23 @@
+output "b_infra_test_instance_ip_bastion" {
+ value = module.infra_test.bastion_instance_ip
+}
+
+output "a_infra_test_instance_floating_ip_bastion" {
+ value = module.infra_test.bastion_floating_ip
+}
+
+output "d_infra_test_instance_ip_a" {
+ value = module.infra_test.nodes_a_instance_ip
+}
+
+output "c_infra_test_instance_name_a" {
+ value = module.infra_test.nodes_a_name
+}
+
+output "e_infra_test_instance_name_b" {
+ value = module.infra_test.nodes_b_name
+}
+
+output "f_infra_test_instance_ip_b" {
+ value = module.infra_test.nodes_b_instance_ip
+}
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/repet_workshop/main.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/repet_workshop/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..c078674b89f3ed754e812d6c80984ecf933ca1aa
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/repet_workshop/main.tf
@@ -0,0 +1,26 @@
+terraform {
+ backend "local" {}
+}
+
+terraform {
+ required_providers {
+ openstack = {
+ source = "terraform-provider-openstack/openstack"
+ version = "~> 1.51.1"
+ }
+ }
+}
+
+module "infra_test" {
+ source = "./../modules/infra_test"
+
+ public_key = "~/.ssh/klaris-tp.pub"
+
+ vm_name = "repet-workshop"
+ nodes_a_count = 29
+ nodes_a_flavor = "hpc.8core-16ram"
+ nodes_b_count = 18
+ nodes_b_flavor = "elixir.8core-16ram"
+ volume_size = 100
+
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/repet_workshop/output.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/repet_workshop/output.tf
new file mode 100644
index 0000000000000000000000000000000000000000..a54d6073d737788907d971b269bc3853670998b3
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/repet-workshop/terraform/ost-terraform/repet_workshop/output.tf
@@ -0,0 +1,25 @@
+output "b_infra_test_instance_ip_bastion" {
+ value = module.infra_test.bastion_instance_ip
+}
+
+output "a_infra_test_instance_floating_ip_bastion" {
+ value = module.infra_test.bastion_floating_ip
+}
+
+output "d_infra_test_instance_ip_a" {
+ value = module.infra_test.nodes_a_instance_ip
+}
+
+output "c_infra_test_instance_name_a" {
+ value = module.infra_test.nodes_a_name
+}
+
+output "e_infra_test_instance_name_b" {
+ value = module.infra_test.nodes_b_name
+}
+
+output "f_infra_test_instance_ip_b" {
+ value = module.infra_test.nodes_b_instance_ip
+}
+
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..09bd0c7243e1999eb0fe110ce2918ca3ea182562
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/README.md
@@ -0,0 +1,15 @@
+# vo.enes.org IaaS infrastructure demo
+
+Project `vo.enes.org` in `egi_eu` domain is granted and users may log in to [MetaCentrum OpenStack cloud dashboard](https://cloud.metacentrum.cz/) using EGI Check-in authentication.
+
+We recommend to build custom cloud infrastructure with Terraform or openstack client rather than using [MetaCentrum OpenStack cloud Horizon UI dashboard](https://dashboard.cloud.muni.cz).
+
+To use huge amount of block and object storage reserved for the `vo.enes.org` project you need to explicitly use dedicated OpenStack volume type `ceph-extra-ec`. Below demos show in detail how to do so.
+
+## [Terraform `vo.enes.org` demo](./terraform)
+
+Terraform `vo.enes.org` demo shows how to automate building highly scalable IaaS infrastructure.
+
+## [OpenStack client `vo.enes.org` demo](./commandline)
+
+OpenStack shell script `vo.enes.org` demo shows how to automate small IaaS infrastructure which does not need additional scalability.
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/commandline/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/commandline/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..6ad766a273cdb24c3b52c58e2f1575c18eafd3d3
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/commandline/README.md
@@ -0,0 +1,28 @@
+# Build OpenStack infrastructure from command-line using openstack client
+
+## Pre-requisites
+ * Linux/Mac/WSL2 terminal
+ * BASH shell
+ * installed openstack client ([how?](https://docs.fuga.cloud/how-to-use-the-openstack-cli-tools-on-linux))
+ * MetaCentrum OpenStack cloud [group project granted](https://docs.e-infra.cz/compute/openstack/technical-reference/brno-site/get-access/#group-project).
+ * downloaded application credentials from OpenStack Horizon dashboard ([how?](https://docs.cloud.muni.cz/cloud/cli/#getting-credentials)) and store as text file `project_openrc.sh.inc`.
+
+## How to use the script
+```sh
+# in bash shell
+source project_openrc.sh.inc
+EXTRA_VOLUME_SIZE_GB=1000 ./cmdline-demo.sh enes-basic-infrastructure-1
+```
+See [linked reference execution](./cmdline-demo.sh.log).
+
+## Infrastructure schema
+How does the basic infrastructure looks like?
+* single VM (ubuntu-jammy)
+ * VM firewall opening port 22
+ * VM SSH keypair generated locally and pubkey uploaded to cloud
+ * attached additional volume from largfe pool (size 1000GB)
+* private subnet and network
+* router to external internet
+* public floating ip address
+
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/commandline/cmdline-demo.sh b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/commandline/cmdline-demo.sh
new file mode 100755
index 0000000000000000000000000000000000000000..bfaa193e0e851e7861b83183749d3a2e29e53b9c
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/commandline/cmdline-demo.sh
@@ -0,0 +1,115 @@
+#!/usr/bin/env bash
+# vo.enes.org group project command-line demo
+# Usage: cmdline-demo.sh [ostack-entities-prefix/profile-name]
+#
+
+SCRIPT_DIR=$(dirname $(readlink -f $0))
+#############################################################################
+# variables
+#############################################################################
+ENTITIES_PREFIX="${1:-"${USER}_$(hostname)"}"
+EXTERNAL_NETWORK_NAME="public-muni-147-251-124-GROUP"
+KEYPAIR_NAME="${ENTITIES_PREFIX}-demo-keypair"
+NETWORK_NAME="${ENTITIES_PREFIX}-demo-network"
+SUBNET_NAME="${ENTITIES_PREFIX}-demo-subnet"
+SUBNET_CIDR="${SUBNET_CIDR:-"192.168.0.0/24"}"
+SERVER_NAME="${ENTITIES_PREFIX}-demo-server"
+FLAVOR_NAME="${FLAVOR_NAME:-"standard.small"}"
+IMAGE_NAME="${IMAGE_NAME:-"ubuntu-jammy-x86_64"}"
+VM_LOGIN="${VM_LOGIN:-"ubuntu"}"
+ROUTER_NAME="${ENTITIES_PREFIX}-demo-router"
+FIP_FILE="${ENTITIES_PREFIX}-demo-fip.txt"
+SECGROUP_NAME="${ENTITIES_PREFIX}-demo-secgroup"
+SSH_KEYPAIR_DIR="${HOME}/.ssh/generated-keypair"
+EXTRA_VOLUME_SIZE_GB=${EXTRA_VOLUME_SIZE_GB:-"10"}
+EXTRA_VOLUME_NAME="${ENTITIES_PREFIX}-demo-volume"
+EXTRA_VOLUME_TYPE="${EXTRA_VOLUME_TYPE:-"ceph-extra-ec"}"
+
+#############################################################################
+# functions
+#############################################################################
+source ${SCRIPT_DIR}/../../../../common/lib.sh.inc
+
+#############################################################################
+# main steps
+#############################################################################
+log "Using commandline tools:"
+report_tools || myexit 1
+
+log "Using OpenStack cloud:"
+openstack version show | grep identity || myexit 1
+log "In project $(is_personal_project)"
+
+# delete objects (from previous run)
+log "Delete previously created objects in profile ${ENTITIES_PREFIX} (so we start from the nothing)"
+delete_objects_group_project
+
+log "List currently allocated objects (profile ${ENTITIES_PREFIX})"
+list_objects
+
+log_keypress "Create (generate) locally SSH keypair, upload public SSH key to cloud"
+mkdir -p ${SSH_KEYPAIR_DIR}
+chmod 700 ${SSH_KEYPAIR_DIR}
+ssh-keygen -t rsa -b 4096 -f "${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}"
+openstack keypair create --type ssh --public-key "${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}.pub" "${KEYPAIR_NAME}"
+ls -la ${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}*
+
+log_keypress "Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22"
+openstack security group create --description "${ENTITIES_PREFIX} demo default security group" "${SECGROUP_NAME}"
+openstack security group rule create --ingress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 22 "${SECGROUP_NAME}"
+openstack security group rule create --egress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 1:65535 "${SECGROUP_NAME}"
+
+log_keypress "Create cloud private network and subnet, so far isolated (CIDR:${SUBNET_CIDR})"
+openstack network create "${NETWORK_NAME}"
+NETWORK_ID=$(openstack network show "${NETWORK_NAME}" -f value -c id)
+openstack subnet create "${SUBNET_NAME}" --network "${NETWORK_ID}" --subnet-range "${SUBNET_CIDR}"
+
+if [ "${EXTRA_VOLUME_SIZE_GB}" -gt 0 ]; then
+ log_keypress "Create cloud VM extra volume \"${EXTRA_VOLUME_NAME}\" with following configuration:\n" \
+ " size: ${EXTRA_VOLUME_SIZE_GB} GB, volume type: ${EXTRA_VOLUME_TYPE}"
+ openstack volume create --type "${EXTRA_VOLUME_TYPE}" --size "${EXTRA_VOLUME_SIZE_GB}" ${EXTRA_VOLUME_NAME}
+fi
+
+log_keypress "Create cloud VM instance \"${SERVER_NAME}\" with following configuration:\n" \
+ " flavor: ${FLAVOR_NAME}, image/os: ${IMAGE_NAME}, network: ${NETWORK_NAME}\n" \
+ " keypair: ${KEYPAIR_NAME}, sec-group/firewall: ${SECGROUP_NAME})"
+openstack server create --flavor "${FLAVOR_NAME}" --image "${IMAGE_NAME}" \
+ --network "${NETWORK_ID}" --key-name "${KEYPAIR_NAME}" \
+ --security-group "${SECGROUP_NAME}" "${SERVER_NAME}"
+SERVER_ID=$(openstack server show "${SERVER_NAME}" -f value -c id)
+
+log "Wait for VM instance \"${SERVER_NAME}\" being ACTIVE"
+vm_wait_for_status "${SERVER_NAME}" "ACTIVE"
+
+if [ "${EXTRA_VOLUME_SIZE_GB}" -gt 0 ]; then
+ log_keypress "Attach extra volume \"${EXTRA_VOLUME_NAME}\" (${EXTRA_VOLUME_SIZE_GB} GB) to VM \"${SERVER_NAME}\""
+ openstack server add volume ${SERVER_NAME} ${EXTRA_VOLUME_NAME} --device /dev/sdb
+fi
+
+log "Route VM from internal software defined networking outside"
+log_keypress " 1] Create route, associate router with external provider network and internal subnet (${SUBNET_CIDR})"
+openstack router create "${ROUTER_NAME}"
+openstack router set "${ROUTER_NAME}" --external-gateway "${EXTERNAL_NETWORK_NAME}"
+openstack router add subnet "${ROUTER_NAME}" "${SUBNET_NAME}"
+
+log_keypress " 2] Allocate single FIP (floating ip) from external provider network"
+FIP=$(openstack floating ip create "${EXTERNAL_NETWORK_NAME}" -f value -c name)
+echo "${FIP}" > "${FIP_FILE}"
+echo "Obtained public FIP ${FIP}"
+
+log_keypress " 3] Assign selected FIP with created VM"
+openstack server add floating ip "${SERVER_NAME}" "${FIP}"
+
+log "Test access to the VM server instance"
+log_keypress " 1] TCP ping (ncat -z ${FIP} 22)"
+test_vm_access "${FIP}"
+log_keypress " 2] SSH command (ssh -i ${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME} ${VM_LOGIN}@${FIP})"
+ssh-keygen -R ${FIP} &>/dev/null
+ssh -i "${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}" "${VM_LOGIN}@${FIP}" 'echo "";uname -a;uptime'
+
+log_keypress "Object summary in profile ${ENTITIES_PREFIX}"
+list_objects
+
+log_keypress "Teardown of the objects " \
+ "(Interrupt with CTRL-C if you want to keep the created infrastructure and skip its destruction)"
+delete_objects_group_project
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/commandline/cmdline-demo.sh.log b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/commandline/cmdline-demo.sh.log
new file mode 100644
index 0000000000000000000000000000000000000000..e1e0a197cb52026fdb1ccf2848a97570c49eb2c6
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/commandline/cmdline-demo.sh.log
@@ -0,0 +1,440 @@
+# #####################################
+# A. Deploy of the small infrastructure
+# #####################################
+
+[freznicek@lenovo-t14 commandline 0]$ source ~/conf/prod-egi-freznicek-vo.enes.org-all-roles-openrc.sh.inc
+[freznicek@lenovo-t14 commandline 0]$ EXTRA_VOLUME_SIZE_GB=1000 ./cmdline-demo.sh enes-basic-infrastructure-1
+
+
+Using commandline tools:
+openstack --version:
+ openstack 5.5.0
+bash --version:
+ GNU bash, verze 5.2.15(1)-release (x86_64-redhat-linux-gnu)
+awk -W version:
+ GNU Awk 5.1.1, API: 3.1 (GNU MPFR 4.1.0-p13, GNU MP 6.2.1)
+ssh -V:
+ OpenSSH_8.8p1, OpenSSL 3.0.8 7 Feb 2023
+which ssh-keygen:
+ /usr/bin/ssh-keygen
+ncat --version:
+ Ncat: Version 7.93 ( https://nmap.org/ncat )
+grep --version:
+ grep (GNU grep) 3.7
+
+
+Using OpenStack cloud:
+| brno1 | identity | 3.13 | CURRENT | https://identity.cloud.muni.cz/v3/ | None | None |
+
+
+In project vo.enes.org
+
+
+Delete previously created objects in profile enes-basic-infrastructure-1 (so we start from the nothing)
+server volume keypair disconnect-router-from-subnet No Subnet found for enes-basic-infrastructure-1-demo-subnet
+router subnet network security-group
+
+
+List currently allocated objects (profile enes-basic-infrastructure-1)
+
+
+Create (generate) locally SSH keypair, upload public SSH key to cloud
+... (keypress or wait 2m)
+Generating public/private rsa key pair.
+/home/freznicek/.ssh/generated-keypair/id_rsa.enes-basic-infrastructure-1-demo-keypair already exists.
+Overwrite (y/n)? y
+Enter passphrase (empty for no passphrase):
+Enter same passphrase again:
+Your identification has been saved in /home/freznicek/.ssh/generated-keypair/id_rsa.enes-basic-infrastructure-1-demo-keypair
+Your public key has been saved in /home/freznicek/.ssh/generated-keypair/id_rsa.enes-basic-infrastructure-1-demo-keypair.pub
+The key fingerprint is:
+SHA256:J0ShkvSsXRp8OfxddaVMNEIzBOWqg8Gck4puaGwejso freznicek@lenovo-t14
+The key's randomart image is:
++---[RSA 4096]----+
+| . o..=B.+ =|
+| . = + . . * +.|
+| o * B . + |
+| * O o o . |
+| . X S + . |
+| . . + + |
+|.o. . . o |
+|==o . |
+|BE. |
++----[SHA256]-----+
++-------------+------------------------------------------------------------------+
+| Field | Value |
++-------------+------------------------------------------------------------------+
+| created_at | None |
+| fingerprint | 95:77:62:76:35:62:10:bc:ce:ba:63:9e:11:cc:8b:7d |
+| id | enes-basic-infrastructure-1-demo-keypair |
+| is_deleted | None |
+| name | enes-basic-infrastructure-1-demo-keypair |
+| type | ssh |
+| user_id | cbd97591acf3d91e3c32d20558935b4a7196589eb6c46b43879ea38355463ac6 |
++-------------+------------------------------------------------------------------+
+-rw-------. 1 freznicek freznicek 3389 22. Äen 15.59 /home/freznicek/.ssh/generated-keypair/id_rsa.enes-basic-infrastructure-1-demo-keypair
+-rw-r--r--. 1 freznicek freznicek 746 22. Äen 15.59 /home/freznicek/.ssh/generated-keypair/id_rsa.enes-basic-infrastructure-1-demo-keypair.pub
+
+
+Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22
+... (keypress or wait 2m)
++-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
+| Field | Value |
++-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
+| created_at | 2023-06-22T13:59:17Z |
+| description | enes-basic-infrastructure-1 demo default security group |
+| id | 51f19002-e17c-45f8-b58e-487dfa49850d |
+| name | enes-basic-infrastructure-1-demo-secgroup |
+| project_id | 786566209a7444f89a561172fa28e117 |
+| revision_number | 1 |
+| rules | created_at='2023-06-22T13:59:17Z', direction='egress', ethertype='IPv6', id='64c240d5-abc5-416c-a95c-3c6aaa3eea99', updated_at='2023-06-22T13:59:17Z' |
+| | created_at='2023-06-22T13:59:17Z', direction='egress', ethertype='IPv4', id='851e4855-ae9d-4eb8-aeef-ce1efef92787', updated_at='2023-06-22T13:59:17Z' |
+| stateful | None |
+| tags | [] |
+| updated_at | 2023-06-22T13:59:17Z |
++-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
++-------------------------+--------------------------------------+
+| Field | Value |
++-------------------------+--------------------------------------+
+| created_at | 2023-06-22T13:59:19Z |
+| description | |
+| direction | ingress |
+| ether_type | IPv4 |
+| id | 900acf50-d045-4ddc-a547-945bbad7d255 |
+| name | None |
+| port_range_max | 22 |
+| port_range_min | 22 |
+| project_id | 786566209a7444f89a561172fa28e117 |
+| protocol | tcp |
+| remote_address_group_id | None |
+| remote_group_id | None |
+| remote_ip_prefix | 0.0.0.0/0 |
+| revision_number | 0 |
+| security_group_id | 51f19002-e17c-45f8-b58e-487dfa49850d |
+| tags | [] |
+| updated_at | 2023-06-22T13:59:19Z |
++-------------------------+--------------------------------------+
++-------------------------+--------------------------------------+
+| Field | Value |
++-------------------------+--------------------------------------+
+| created_at | 2023-06-22T13:59:21Z |
+| description | |
+| direction | egress |
+| ether_type | IPv4 |
+| id | 81861c9f-9700-4aa0-95a1-c8be5cdf0f7e |
+| name | None |
+| port_range_max | 65535 |
+| port_range_min | 1 |
+| project_id | 786566209a7444f89a561172fa28e117 |
+| protocol | tcp |
+| remote_address_group_id | None |
+| remote_group_id | None |
+| remote_ip_prefix | 0.0.0.0/0 |
+| revision_number | 0 |
+| security_group_id | 51f19002-e17c-45f8-b58e-487dfa49850d |
+| tags | [] |
+| updated_at | 2023-06-22T13:59:21Z |
++-------------------------+--------------------------------------+
+
+
+Create cloud private network and subnet, so far isolated (CIDR:192.168.0.0/24)
+... (keypress or wait 2m)
++---------------------------+------------------------------------------+
+| Field | Value |
++---------------------------+------------------------------------------+
+| admin_state_up | UP |
+| availability_zone_hints | |
+| availability_zones | |
+| created_at | 2023-06-22T13:59:26Z |
+| description | |
+| dns_domain | None |
+| id | af3adfbb-45bd-42b2-8287-f1d4a0bbcc80 |
+| ipv4_address_scope | None |
+| ipv6_address_scope | None |
+| is_default | False |
+| is_vlan_transparent | None |
+| mtu | 1442 |
+| name | enes-basic-infrastructure-1-demo-network |
+| port_security_enabled | True |
+| project_id | 786566209a7444f89a561172fa28e117 |
+| provider:network_type | None |
+| provider:physical_network | None |
+| provider:segmentation_id | None |
+| qos_policy_id | None |
+| revision_number | 1 |
+| router:external | Internal |
+| segments | None |
+| shared | False |
+| status | ACTIVE |
+| subnets | |
+| tags | |
+| updated_at | 2023-06-22T13:59:26Z |
++---------------------------+------------------------------------------+
++----------------------+-----------------------------------------+
+| Field | Value |
++----------------------+-----------------------------------------+
+| allocation_pools | 192.168.0.2-192.168.0.254 |
+| cidr | 192.168.0.0/24 |
+| created_at | 2023-06-22T13:59:32Z |
+| description | |
+| dns_nameservers | |
+| dns_publish_fixed_ip | None |
+| enable_dhcp | True |
+| gateway_ip | 192.168.0.1 |
+| host_routes | |
+| id | 7fb3bad8-3597-464d-b903-16042190e9b7 |
+| ip_version | 4 |
+| ipv6_address_mode | None |
+| ipv6_ra_mode | None |
+| name | enes-basic-infrastructure-1-demo-subnet |
+| network_id | af3adfbb-45bd-42b2-8287-f1d4a0bbcc80 |
+| prefix_length | None |
+| project_id | 786566209a7444f89a561172fa28e117 |
+| revision_number | 0 |
+| segment_id | None |
+| service_types | |
+| subnetpool_id | None |
+| tags | |
+| updated_at | 2023-06-22T13:59:32Z |
++----------------------+-----------------------------------------+
+
+
+Create cloud VM extra volume "enes-basic-infrastructure-1-demo-volume" with following configuration:
+ size: 1000 GB, volume type: ceph-extra-ec
+... (keypress or wait 2m)
++---------------------+------------------------------------------------------------------+
+| Field | Value |
++---------------------+------------------------------------------------------------------+
+| attachments | [] |
+| availability_zone | brno1 |
+| bootable | false |
+| consistencygroup_id | None |
+| created_at | 2023-06-22T13:59:38.000000 |
+| description | None |
+| encrypted | False |
+| id | 30f15a28-fca4-4e8b-97a3-6e94a0d311aa |
+| multiattach | False |
+| name | enes-basic-infrastructure-1-demo-volume |
+| properties | |
+| replication_status | None |
+| size | 1000 |
+| snapshot_id | None |
+| source_volid | None |
+| status | creating |
+| type | ceph-extra-ec |
+| updated_at | None |
+| user_id | cbd97591acf3d91e3c32d20558935b4a7196589eb6c46b43879ea38355463ac6 |
++---------------------+------------------------------------------------------------------+
+
+
+Create cloud VM instance "enes-basic-infrastructure-1-demo-server" with following configuration:
+ flavor: standard.small, image/os: ubuntu-jammy-x86_64, network: enes-basic-infrastructure-1-demo-network
+ keypair: enes-basic-infrastructure-1-demo-keypair, sec-group/firewall: enes-basic-infrastructure-1-demo-secgroup)
+... (keypress or wait 2m)
++-----------------------------+------------------------------------------------------------------+
+| Field | Value |
++-----------------------------+------------------------------------------------------------------+
+| OS-DCF:diskConfig | MANUAL |
+| OS-EXT-AZ:availability_zone | |
+| OS-EXT-STS:power_state | NOSTATE |
+| OS-EXT-STS:task_state | scheduling |
+| OS-EXT-STS:vm_state | building |
+| OS-SRV-USG:launched_at | None |
+| OS-SRV-USG:terminated_at | None |
+| accessIPv4 | |
+| accessIPv6 | |
+| addresses | |
+| adminPass | AJg7T929n3kv |
+| config_drive | |
+| created | 2023-06-22T13:59:43Z |
+| flavor | standard.small (57bf9ed0-cd71-4c7c-b886-2a5263d52678) |
+| hostId | |
+| id | 128f83a5-1f45-4ea0-b0d3-e94adeb85ea3 |
+| image | ubuntu-jammy-x86_64 (c2c5952c-b3fa-494d-b6c3-1a6f118acaf7) |
+| key_name | enes-basic-infrastructure-1-demo-keypair |
+| name | enes-basic-infrastructure-1-demo-server |
+| progress | 0 |
+| project_id | 786566209a7444f89a561172fa28e117 |
+| properties | |
+| security_groups | name='51f19002-e17c-45f8-b58e-487dfa49850d' |
+| status | BUILD |
+| updated | 2023-06-22T13:59:43Z |
+| user_id | cbd97591acf3d91e3c32d20558935b4a7196589eb6c46b43879ea38355463ac6 |
+| volumes_attached | |
++-----------------------------+------------------------------------------------------------------+
+
+
+Wait for VM instance "enes-basic-infrastructure-1-demo-server" being ACTIVE
+BUILD ACTIVE
+
+
+Attach extra volume "enes-basic-infrastructure-1-demo-volume" (1000 GB) to VM "enes-basic-infrastructure-1-demo-server"
+... (keypress or wait 2m)
+
+
+Route VM from internal software defined networking outside
+
+
+ 1] Create route, associate router with external provider network and internal subnet (192.168.0.0/24)
+... (keypress or wait 2m)
++-------------------------+-----------------------------------------+
+| Field | Value |
++-------------------------+-----------------------------------------+
+| admin_state_up | UP |
+| availability_zone_hints | |
+| availability_zones | |
+| created_at | 2023-06-22T14:00:05Z |
+| description | |
+| external_gateway_info | null |
+| flavor_id | None |
+| id | 7d1f193c-a58c-45d7-9e07-9110df10f263 |
+| name | enes-basic-infrastructure-1-demo-router |
+| project_id | 786566209a7444f89a561172fa28e117 |
+| revision_number | 1 |
+| routes | |
+| status | ACTIVE |
+| tags | |
+| updated_at | 2023-06-22T14:00:05Z |
++-------------------------+-----------------------------------------+
+
+
+ 2] Allocate single FIP (floating ip) from external provider network
+... (keypress or wait 2m)
+Obtained public FIP 147.251.124.115
+
+
+ 3] Assign selected FIP with created VM
+... (keypress or wait 2m)
+
+
+Test access to the VM server instance
+
+
+ 1] TCP ping (ncat -z 147.251.124.115 22)
+... (keypress or wait 2m)
+.VM accessible 147.251.124.115:22
+
+
+ 2] SSH command (ssh -i /home/freznicek/.ssh/generated-keypair/id_rsa.enes-basic-infrastructure-1-demo-keypair ubuntu@147.251.124.115)
+... (keypress or wait 2m)
+The authenticity of host '147.251.124.115 (147.251.124.115)' can't be established.
+ED25519 key fingerprint is SHA256:CrPlRJWObGzDxRrdh0kalvc2ke6brEXBa4EazcMNroo.
+This key is not known by any other names
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '147.251.124.115' (ED25519) to the list of known hosts.
+
+Linux enes-basic-infrastructure-1-demo-server 5.15.0-69-generic #76-Ubuntu SMP Fri Mar 17 17:19:29 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
+ 14:00:52 up 0 min, 0 users, load average: 1.39, 0.37, 0.13
+
+
+Object summary in profile enes-basic-infrastructure-1
+... (keypress or wait 2m)
+keypairs:
+ +--------------------------------------------+-------------------------------------------------+------+
+ | Name | Fingerprint | Type |
+ +--------------------------------------------+-------------------------------------------------+------+
+ | enes-basic-infrastructure-1-demo-keypair | 95:77:62:76:35:62:10:bc:ce:ba:63:9e:11:cc:8b:7d | ssh |
+ +--------------------------------------------+-------------------------------------------------+------+
+networks:
+ +--------------------------------------+--------------------------------------------+--------------------------------------+
+ | ID | Name | Subnets |
+ +--------------------------------------+--------------------------------------------+--------------------------------------+
+ | af3adfbb-45bd-42b2-8287-f1d4a0bbcc80 | enes-basic-infrastructure-1-demo-network | 7fb3bad8-3597-464d-b903-16042190e9b7 |
+ +--------------------------------------+--------------------------------------------+--------------------------------------+
+subnets:
+ +--------------------------------------+-------------------------------------------+--------------------------------------+-----------------------+
+ | ID | Name | Network | Subnet |
+ +--------------------------------------+-------------------------------------------+--------------------------------------+-----------------------+
+ | 7fb3bad8-3597-464d-b903-16042190e9b7 | enes-basic-infrastructure-1-demo-subnet | af3adfbb-45bd-42b2-8287-f1d4a0bbcc80 | 192.168.0.0/24 |
+ +--------------------------------------+-------------------------------------------+--------------------------------------+-----------------------+
+routers:
+ +--------------------------------------+-------------------------------------------+--------+-------+----------------------------------+
+ | ID | Name | Status | State | Project |
+ +--------------------------------------+-------------------------------------------+--------+-------+----------------------------------+
+ | 7d1f193c-a58c-45d7-9e07-9110df10f263 | enes-basic-infrastructure-1-demo-router | ACTIVE | UP | 786566209a7444f89a561172fa28e117 |
+ +--------------------------------------+-------------------------------------------+--------+-------+----------------------------------+
+floating_ips:
+ +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
+ | ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+ +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
+ | 7556e3c0-6ad9-43cb-9b8d-b227c78e3fc5 | 147.251.124.115 | 192.168.0.242 | c4f6253c-6f51-45a3-9b4a-19701bd1e03b | 8d5e18ab-5d43-4fb5-83e9-eb581c4d5365 | 786566209a7444f89a561172fa28e117 |
+ +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
+security_groups:
+ +--------------------------------------+---------------------------------------------+-----------------------------------------------------------+----------------------------------+------+
+ | ID | Name | Description | Project | Tags |
+ +--------------------------------------+---------------------------------------------+-----------------------------------------------------------+----------------------------------+------+
+ | 51f19002-e17c-45f8-b58e-487dfa49850d | enes-basic-infrastructure-1-demo-secgroup | enes-basic-infrastructure-1 demo default security group | 786566209a7444f89a561172fa28e117 | [] |
+ +--------------------------------------+---------------------------------------------+-----------------------------------------------------------+----------------------------------+------+
+volumes:
+ +--------------------------------------+-------------------------------------------+-----------+------+--------------------------------------------------------------------+
+ | ID | Name | Status | Size | Attached to |
+ +--------------------------------------+-------------------------------------------+-----------+------+--------------------------------------------------------------------+
+ | 30f15a28-fca4-4e8b-97a3-6e94a0d311aa | enes-basic-infrastructure-1-demo-volume | in-use | 1000 | Attached to enes-basic-infrastructure-1-demo-server on /dev/sdb |
+ +--------------------------------------+-------------------------------------------+-----------+------+--------------------------------------------------------------------+
+servers:
+ +--------------------------------------+-------------------------------------------+--------+-------------------------------------------------------------------------+---------------------+----------------+
+ | ID | Name | Status | Networks | Image | Flavor |
+ +--------------------------------------+-------------------------------------------+--------+-------------------------------------------------------------------------+---------------------+----------------+
+ | 128f83a5-1f45-4ea0-b0d3-e94adeb85ea3 | enes-basic-infrastructure-1-demo-server | ACTIVE | enes-basic-infrastructure-1-demo-network=147.251.124.115, 192.168.0.242 | ubuntu-jammy-x86_64 | standard.small |
+ +--------------------------------------+-------------------------------------------+--------+-------------------------------------------------------------------------+---------------------+----------------+
+
+
+Teardown of the objects (Interrupt with CTRL-C if you want to keep the created infrastructure and skip its destruction)
+... (keypress or wait 2m)^C
+
+
+# ####################################################
+# B. Test SSH access and validation dists are attached
+# ####################################################
+
+[freznicek@lenovo-t14 commandline 130]$ ssh -i /home/freznicek/.ssh/generated-keypair/id_rsa.enes-basic-infrastructure-1-demo-keypair ubuntu@147.251.124.115 lsblk
+NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
+loop0 7:0 0 63.3M 1 loop /snap/core20/1852
+loop1 7:1 0 111.9M 1 loop /snap/lxd/24322
+loop2 7:2 0 49.8M 1 loop /snap/snapd/18596
+sda 8:0 0 80G 0 disk
+├─sda1 8:1 0 79.9G 0 part /
+├─sda14 8:14 0 4M 0 part
+└─sda15 8:15 0 106M 0 part /boot/efi
+sdb 8:16 0 1000G 0 disk
+
+
+# ############################
+# C. Teardown of the resources
+# ############################
+
+[freznicek@lenovo-t14 commandline 0]$ EXTRA_VOLUME_SIZE_GB=1000 ./cmdline-demo.sh enes-basic-infrastructure-1
+
+Using commandline tools:
+openstack --version:
+ openstack 5.5.0
+bash --version:
+ GNU bash, verze 5.2.15(1)-release (x86_64-redhat-linux-gnu)
+awk -W version:
+ GNU Awk 5.1.1, API: 3.1 (GNU MPFR 4.1.0-p13, GNU MP 6.2.1)
+ssh -V:
+ OpenSSH_8.8p1, OpenSSL 3.0.8 7 Feb 2023
+which ssh-keygen:
+ /usr/bin/ssh-keygen
+ncat --version:
+ Ncat: Version 7.93 ( https://nmap.org/ncat )
+grep --version:
+ grep (GNU grep) 3.7
+
+
+Using OpenStack cloud:
+| brno1 | identity | 3.13 | CURRENT | https://identity.cloud.muni.cz/v3/ | None | None |
+
+
+In project vo.enes.org
+
+
+Delete previously created objects in profile enes-basic-infrastructure-1 (so we start from the nothing)
+floating-ip server volume keypair disconnect-router-from-subnet router subnet network security-group
+
+
+List currently allocated objects (profile enes-basic-infrastructure-1)
+
+
+Create (generate) locally SSH keypair, upload public SSH key to cloud
+... (keypress or wait 2m)^C
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..5efce6ee783ab28649e493e2de939f7c08954445
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/README.md
@@ -0,0 +1,50 @@
+# Terraform demonstration
+
+This Terraform module creates up to two kind of VMs:
+ - public facing bastion VM
+ - private HPC VM farm
+
+Cloud-init add following:
+ - Add ssh keys, disable SSH password auth
+ - Create partition and filesystemand mount extra data from extra volume
+
+## Infrastructure schema
+
+### Two tier infrastructure: public bastion and private VM farm
+
+
+
+### Single tier infrastructure: public VM farm
+
+
+
+## Create Infrastructure
+
+1. Clone the repository.
+1. Load you OpenStack application credentials to environment variables `source project_openrc.sh.inc`
+1. Override any infrastructure variables in [main.tf](main.tf) file if needed. Full set of variables can be found in [modules/2tier_public_bastion_private_vm_farm/variables.tf](modules/2tier_public_bastion_private_vm_farm/variables.tf) or [modules/1tier-public-vm-farm/variables.tf](modules/1tier-public-vm-farm/variables.tf).
+1. In the [terraform root directory](/clouds/g1/brno/vo.enes.org/terraform) run following commands to initiate and validate environment
+ * `terraform init`
+ * `terraform validate`
+1. In the [same directory](/clouds/g1/brno/vo.enes.org/terraform) run commands to deploy cloud infrastructure
+ * `terraform plan --out plan`
+ * `terraform apply plan`
+1. Once you need to change the infrastructure, first modify the infrastructure declaration and repeat above steps to deploy changes.
+1. Similarly for resource teardown, once you want to clean-up cloud resources issue `terraform destroy`.
+
+
+Detailed terminal transcript can be found in [terminal-transcript.log](./terminal-transcript.log).
+
+
+## Access to the HPC nodes
+
+In single tier infrastructure you access directly the individual HPC VM nodes via SSH on public IP addresses.
+Two tier infrastructure requires the access following way:
+1. Establish the connection with bastion
+```sh
+sshuttle -r ubuntu@<bastion-ip>
+```
+1. Connect directly to HPC VM nodes via SSH on private IP addresses:
+```sh
+ssh ubuntu@<vm-node-ip-from-10.10.10.0/24>
+```
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/main.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..c3ae0ce96a75ba946aad44523a93aaf1674c161f
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/main.tf
@@ -0,0 +1,21 @@
+terraform {
+ backend "local" {}
+}
+
+module "toplevel" {
+ # two tier infrastructure (2tier_public_bastion_private_vm_farm module):
+ # * single public facing tiny bastion VM
+ # * <nodes_count> private HPC VM farm
+ source = "./modules/2tier_public_bastion_private_vm_farm"
+ # single tier infrastructure (1tier_public_vm_farm monule)
+ # * <nodes_count> public HPC VM farm
+ #source = "./modules/1tier_public_vm_farm"
+
+ infra_name = "vo-enes-org-tf-demo"
+
+ nodes_count = 3
+ nodes_extra_volume_size = 1000 # in GB
+
+ #nodes_flavor = "hpc.16core-32ram"
+ #nodes_image = "ubuntu-jammy-x86_64"
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/instances.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/instances.tf
new file mode 120000
index 0000000000000000000000000000000000000000..1b0affe75dec19d734fca77cad9c11ace98c3ed8
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/instances.tf
@@ -0,0 +1 @@
+../common/instances.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/keypair.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/keypair.tf
new file mode 120000
index 0000000000000000000000000000000000000000..77516d3e7806eb2637f74b83653fecbf63d490f9
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/keypair.tf
@@ -0,0 +1 @@
+../common/keypair.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/networks.tf
new file mode 120000
index 0000000000000000000000000000000000000000..09f02c14eabbdd83d5441fd2f735cb7cd9437258
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/networks.tf
@@ -0,0 +1 @@
+../common/networks.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/nodes-cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/nodes-cloudinit.txt
new file mode 120000
index 0000000000000000000000000000000000000000..cd96cf14a086f7a1ee2a9190b9f9379311d148f4
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/nodes-cloudinit.txt
@@ -0,0 +1 @@
+../common/nodes-cloudinit.txt
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/nodes-networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/nodes-networks.tf
new file mode 100644
index 0000000000000000000000000000000000000000..b97a8d6ef5bf6dc81f42bf42e2663024cbc5a980
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/nodes-networks.tf
@@ -0,0 +1,11 @@
+# Floating IPs
+resource "openstack_networking_floatingip_v2" "nodes_fips" {
+ count = var.nodes_count
+ pool = var.public_external_network
+}
+
+resource "openstack_compute_floatingip_associate_v2" "nodes_fips_associations" {
+ count = var.nodes_count
+ floating_ip = element(openstack_networking_floatingip_v2.nodes_fips.*.address, count.index)
+ instance_id = element(openstack_compute_instance_v2.nodes.*.id, count.index)
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/providers.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/providers.tf
new file mode 120000
index 0000000000000000000000000000000000000000..4b272fc455489e11a6b6570233567d2f234a0878
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/providers.tf
@@ -0,0 +1 @@
+../common/providers.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/secgroup_rules.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/secgroup_rules.tf
new file mode 120000
index 0000000000000000000000000000000000000000..b8efc8637cfbf34b857abcdadca20bc45f0b7430
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/secgroup_rules.tf
@@ -0,0 +1 @@
+../common/secgroup_rules.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/variables.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..ddf43a1df66ac381e1a5e9b474bd8cb8fa94a5b4
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/variables.tf
@@ -0,0 +1,81 @@
+variable "infra_name" {
+ description = "Infrastructure (profile) name. Used as a name prefix. Must match [a-zA-Z0-9-]+ regexp."
+ default = "vo-enes-org-tf-demo"
+}
+
+variable "ssh_public_key" {
+ default = "~/.ssh/id_rsa.pub"
+}
+
+
+#########################
+# master nodes settings #
+#########################
+
+variable "nodes_count" {
+ default = 1
+}
+
+variable "nodes_name" {
+ description = "Name of the nodes. Must match [a-zA-Z0-9-]+ regexp."
+ default = "server"
+}
+
+variable "bastion_name" {
+ description = "Name of the bastion VM. Must match [a-zA-Z0-9-]+ regexp."
+ default = "bastion-server"
+}
+
+variable "bastion_flavor" {
+ default = "standard.small"
+}
+
+variable "nodes_flavor" {
+ default = "hpc.16core-32ram"
+}
+
+
+variable "int_network" {
+ description = "Internal network address, use CIDR notation"
+ default = "10.10.10.0/24"
+}
+
+variable "public_external_network" {
+ description = "Cloud public external network pool"
+ default = "public-cesnet-195-113-167-GROUP"
+}
+
+
+variable "bastion_image" {
+ description = "Bastion OS: Image name"
+ default = "ubuntu-jammy-x86_64"
+}
+
+variable "nodes_image" {
+ description = "nodes OS: Image name"
+ default = "ubuntu-jammy-x86_64"
+}
+
+variable "bastion_ssh_user_name" {
+ default = "ubuntu"
+}
+
+variable "nodes_ssh_user_name" {
+ default = "ubuntu"
+}
+
+
+variable "nodes_volume_size" {
+ description = "The size of the volume to create (in gigabytes) for root filesystem. "
+ default = "10"
+}
+
+variable "nodes_extra_volume_size" {
+ description = "The size of the volume to create (in gigabytes) for extra data."
+ default = "10"
+}
+
+variable "nodes_extra_volume_type" {
+ description = "The type of extra volume."
+ default = "ceph-extra-ec"
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/volumes.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/volumes.tf
new file mode 120000
index 0000000000000000000000000000000000000000..cfca71e1a757c5785a365745fc26c3c1c3c038bd
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/1tier_public_vm_farm/volumes.tf
@@ -0,0 +1 @@
+../common/volumes.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-cloudinit.txt
new file mode 100644
index 0000000000000000000000000000000000000000..13818fd8f5f2c90a7cf36e7e272c4e75c72edaeb
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-cloudinit.txt
@@ -0,0 +1,7 @@
+users:
+ - default
+ - name: ubuntu
+ shell: /bin/bash
+ ssh_authorized_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5fFLKPzxna7fq6kh1CHaIQFnpqXybqLqGs4ZpTDbIrEn7xjCsdyxMm9dcptyS0t6BzXO56BlJyYsR1GWo4rp3g8rMmb9u6/oHmMwgn7G/GLgsaAAO5XHW0A3UEJl3JHfCQLHkN1APQ4dy7gNTG24ahH/pcyr4rV0SsjPUCqFqkSMDZxRgfllNGftxWVHR2fYfPALLrGdhR/SjNSIs3pwBIUXaSfF3aBLsjeGBj4y5YsiR9yI3y2gUmpURROofTvtE7Fp8OIgmWCVqRe70CKDbl17HFbz3FIqYwZLAQHILcp1M45zV8koSOjW5+3C/ZJYzBKOnw/a/1Cw3uHFDrZfRqKLMP/gagnoEPRHjfmUsJ3UJO0eXDCXmnH7F48xBI76CgxYl039/SMmJ2mR0KqAHGnwqVmJI3yBGyK+Z4iEwk+JVDLEB14RHiMp2/I/tYpDWFE1IOigFFNLdfaZrVFY1/fD+yGGyFUO1Wo+CKb8tpndLB4H3Yj2MLRDP/aNpLC4M7Aru7hWnUF81aE/VUAqR6CP2vsHzlAOmH08pOlP9FVITinmJqzBL15l+W7q0Rhh4WBRO4ixlrtRJDNL2wm0vf+GiJnXligFtZ7Cw8bk/LcAe37WqcTl0xLKDyPSw4SvWOC2aE6BVuJjPAhoUUcBaNzoBa7lf4eb+FS4tquTZlQ== freznicek@LenovoThinkCentreE73
+ssh_pwauth: false
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-instance.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-instance.tf
new file mode 100644
index 0000000000000000000000000000000000000000..4aad5371fd76a15e0567960432230daa9980482e
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-instance.tf
@@ -0,0 +1,13 @@
+resource "openstack_compute_instance_v2" "bastion" {
+ name = "${var.infra_name}-${var.bastion_name}"
+ image_name = var.bastion_image
+ flavor_name = var.bastion_flavor
+ key_pair = openstack_compute_keypair_v2.pubkey.name
+ security_groups = [openstack_networking_secgroup_v2.secgroup_default.name]
+ user_data = "#cloud-config\nhostname: ${var.infra_name}-${var.bastion_name}.local\n${file("${path.module}/bastion-cloudinit.txt")}"
+
+ network {
+ uuid = openstack_networking_network_v2.network_default.id
+ port = openstack_networking_port_v2.bastion_port.id
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-networks.tf
new file mode 100644
index 0000000000000000000000000000000000000000..c7962e107fc13a10755d1ef22494f94e05fbf205
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-networks.tf
@@ -0,0 +1,20 @@
+# Floating IPs (only for bastion node)
+resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ pool = var.public_external_network
+}
+
+resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ floating_ip = openstack_networking_floatingip_v2.bastion_fip.address
+ instance_id = openstack_compute_instance_v2.bastion.id
+}
+
+# Ports
+resource "openstack_networking_port_v2" "bastion_port" {
+ name = "${var.infra_name}-${var.bastion_name}-port"
+ network_id = openstack_networking_network_v2.network_default.id
+ admin_state_up = "true"
+ security_group_ids = [openstack_networking_secgroup_v2.secgroup_default.id]
+ fixed_ip {
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/instances.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/instances.tf
new file mode 120000
index 0000000000000000000000000000000000000000..1b0affe75dec19d734fca77cad9c11ace98c3ed8
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/instances.tf
@@ -0,0 +1 @@
+../common/instances.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/keypair.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/keypair.tf
new file mode 120000
index 0000000000000000000000000000000000000000..77516d3e7806eb2637f74b83653fecbf63d490f9
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/keypair.tf
@@ -0,0 +1 @@
+../common/keypair.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/networks.tf
new file mode 120000
index 0000000000000000000000000000000000000000..09f02c14eabbdd83d5441fd2f735cb7cd9437258
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/networks.tf
@@ -0,0 +1 @@
+../common/networks.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/nodes-cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/nodes-cloudinit.txt
new file mode 120000
index 0000000000000000000000000000000000000000..cd96cf14a086f7a1ee2a9190b9f9379311d148f4
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/nodes-cloudinit.txt
@@ -0,0 +1 @@
+../common/nodes-cloudinit.txt
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/providers.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/providers.tf
new file mode 120000
index 0000000000000000000000000000000000000000..4b272fc455489e11a6b6570233567d2f234a0878
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/providers.tf
@@ -0,0 +1 @@
+../common/providers.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/secgroup_rules.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/secgroup_rules.tf
new file mode 120000
index 0000000000000000000000000000000000000000..b8efc8637cfbf34b857abcdadca20bc45f0b7430
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/secgroup_rules.tf
@@ -0,0 +1 @@
+../common/secgroup_rules.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/variables.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..ddf43a1df66ac381e1a5e9b474bd8cb8fa94a5b4
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/variables.tf
@@ -0,0 +1,81 @@
+variable "infra_name" {
+ description = "Infrastructure (profile) name. Used as a name prefix. Must match [a-zA-Z0-9-]+ regexp."
+ default = "vo-enes-org-tf-demo"
+}
+
+variable "ssh_public_key" {
+ default = "~/.ssh/id_rsa.pub"
+}
+
+
+#########################
+# master nodes settings #
+#########################
+
+variable "nodes_count" {
+ default = 1
+}
+
+variable "nodes_name" {
+ description = "Name of the nodes. Must match [a-zA-Z0-9-]+ regexp."
+ default = "server"
+}
+
+variable "bastion_name" {
+ description = "Name of the bastion VM. Must match [a-zA-Z0-9-]+ regexp."
+ default = "bastion-server"
+}
+
+variable "bastion_flavor" {
+ default = "standard.small"
+}
+
+variable "nodes_flavor" {
+ default = "hpc.16core-32ram"
+}
+
+
+variable "int_network" {
+ description = "Internal network address, use CIDR notation"
+ default = "10.10.10.0/24"
+}
+
+variable "public_external_network" {
+ description = "Cloud public external network pool"
+ default = "public-cesnet-195-113-167-GROUP"
+}
+
+
+variable "bastion_image" {
+ description = "Bastion OS: Image name"
+ default = "ubuntu-jammy-x86_64"
+}
+
+variable "nodes_image" {
+ description = "nodes OS: Image name"
+ default = "ubuntu-jammy-x86_64"
+}
+
+variable "bastion_ssh_user_name" {
+ default = "ubuntu"
+}
+
+variable "nodes_ssh_user_name" {
+ default = "ubuntu"
+}
+
+
+variable "nodes_volume_size" {
+ description = "The size of the volume to create (in gigabytes) for root filesystem. "
+ default = "10"
+}
+
+variable "nodes_extra_volume_size" {
+ description = "The size of the volume to create (in gigabytes) for extra data."
+ default = "10"
+}
+
+variable "nodes_extra_volume_type" {
+ description = "The type of extra volume."
+ default = "ceph-extra-ec"
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/volumes.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/volumes.tf
new file mode 120000
index 0000000000000000000000000000000000000000..cfca71e1a757c5785a365745fc26c3c1c3c038bd
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/2tier_public_bastion_private_vm_farm/volumes.tf
@@ -0,0 +1 @@
+../common/volumes.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/instances.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/instances.tf
new file mode 100644
index 0000000000000000000000000000000000000000..82aa9fe251287cd0f36b4f56944e4f8768d51c55
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/instances.tf
@@ -0,0 +1,31 @@
+####################
+# Define instances #
+####################
+
+data "openstack_images_image_v2" "nodes_image" {
+ name = var.nodes_image
+}
+
+resource "openstack_compute_instance_v2" "nodes" {
+ count = var.nodes_count
+ name = "${var.infra_name}-${var.nodes_name}-${count.index+1}"
+ image_name = var.nodes_image
+ flavor_name = var.nodes_flavor
+ key_pair = openstack_compute_keypair_v2.pubkey.name
+ security_groups = [openstack_networking_secgroup_v2.secgroup_default.name]
+ user_data = "#cloud-config\nhostname: ${var.infra_name}-${var.nodes_name}-${count.index+1}.local\n${file("${path.module}/nodes-cloudinit.txt")}"
+
+ network {
+ uuid = openstack_networking_network_v2.network_default.id
+ port = element(openstack_networking_port_v2.nodes_ports.*.id, count.index)
+ }
+
+ block_device {
+ uuid = data.openstack_images_image_v2.nodes_image.id
+ source_type = "image"
+ volume_size = var.nodes_volume_size
+ destination_type = "local"
+ boot_index = 0
+ delete_on_termination = true
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/keypair.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/keypair.tf
new file mode 100644
index 0000000000000000000000000000000000000000..d52e2d66b33fa9e3410d84befbe2314a86c8f544
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/keypair.tf
@@ -0,0 +1,6 @@
+
+resource "openstack_compute_keypair_v2" "pubkey" {
+ name = "${var.infra_name}-keypair"
+ public_key = file("${var.ssh_public_key}")
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/networks.tf
new file mode 100644
index 0000000000000000000000000000000000000000..641864a441b6ac575051de8b6cc92338cec3aaaf
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/networks.tf
@@ -0,0 +1,38 @@
+resource "openstack_networking_network_v2" "network_default" {
+ name = "${var.infra_name}_network"
+ admin_state_up = "true"
+}
+
+resource "openstack_networking_subnet_v2" "subnet_default" {
+ name = "${var.infra_name}_subnet"
+ network_id = openstack_networking_network_v2.network_default.id
+ cidr = var.int_network
+ ip_version = 4
+ dns_nameservers = ["1.1.1.1", "8.8.8.8"]
+}
+
+data "openstack_networking_network_v2" "external_network" {
+ name = var.public_external_network
+}
+
+resource "openstack_networking_router_v2" "router_default" {
+ name = "${var.infra_name}_infra-test"
+ admin_state_up = "true"
+ external_network_id = data.openstack_networking_network_v2.external_network.id
+}
+
+resource "openstack_networking_router_interface_v2" "router_default_interface" {
+ router_id = openstack_networking_router_v2.router_default.id
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+}
+
+resource "openstack_networking_port_v2" "nodes_ports" {
+ count = var.nodes_count
+ name = "${var.infra_name}_${var.nodes_name}_port_${count.index+1}"
+ network_id = openstack_networking_network_v2.network_default.id
+ admin_state_up = "true"
+ security_group_ids = [openstack_networking_secgroup_v2.secgroup_default.id]
+ fixed_ip {
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/nodes-cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/nodes-cloudinit.txt
new file mode 100644
index 0000000000000000000000000000000000000000..29457ead3618aa7b77dadb1b41f054dd4280442c
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/nodes-cloudinit.txt
@@ -0,0 +1,21 @@
+users:
+ - default
+ - name: ubuntu
+ shell: /bin/bash
+ ssh_authorized_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5fFLKPzxna7fq6kh1CHaIQFnpqXybqLqGs4ZpTDbIrEn7xjCsdyxMm9dcptyS0t6BzXO56BlJyYsR1GWo4rp3g8rMmb9u6/oHmMwgn7G/GLgsaAAO5XHW0A3UEJl3JHfCQLHkN1APQ4dy7gNTG24ahH/pcyr4rV0SsjPUCqFqkSMDZxRgfllNGftxWVHR2fYfPALLrGdhR/SjNSIs3pwBIUXaSfF3aBLsjeGBj4y5YsiR9yI3y2gUmpURROofTvtE7Fp8OIgmWCVqRe70CKDbl17HFbz3FIqYwZLAQHILcp1M45zV8koSOjW5+3C/ZJYzBKOnw/a/1Cw3uHFDrZfRqKLMP/gagnoEPRHjfmUsJ3UJO0eXDCXmnH7F48xBI76CgxYl039/SMmJ2mR0KqAHGnwqVmJI3yBGyK+Z4iEwk+JVDLEB14RHiMp2/I/tYpDWFE1IOigFFNLdfaZrVFY1/fD+yGGyFUO1Wo+CKb8tpndLB4H3Yj2MLRDP/aNpLC4M7Aru7hWnUF81aE/VUAqR6CP2vsHzlAOmH08pOlP9FVITinmJqzBL15l+W7q0Rhh4WBRO4ixlrtRJDNL2wm0vf+GiJnXligFtZ7Cw8bk/LcAe37WqcTl0xLKDyPSw4SvWOC2aE6BVuJjPAhoUUcBaNzoBa7lf4eb+FS4tquTZlQ== freznicek@LenovoThinkCentreE73
+disk_setup:
+ /dev/sdb:
+ table_type: gpt
+ layout: true
+ overwrite: true
+fs_setup:
+- label: extra_data
+ filesystem: ext4
+ device: /dev/sdb1
+ cmd: mkfs -t %(filesystem)s -L %(label)s %(device)s
+runcmd:
+ - mkdir -p /mnt/data
+mounts:
+ - ["/dev/sdb1", "/mnt/data"]
+ssh_pwauth: false
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/providers.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/providers.tf
new file mode 100644
index 0000000000000000000000000000000000000000..411e68d2f037e32cb6c42beed58affa79a819964
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/providers.tf
@@ -0,0 +1,8 @@
+terraform {
+ required_providers {
+ openstack = {
+ source = "terraform-provider-openstack/openstack"
+ version = "~> 1.51.1"
+ }
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/secgroup_rules.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/secgroup_rules.tf
new file mode 100644
index 0000000000000000000000000000000000000000..1d4da810fc06110b5486ed101d67ad46671e40d7
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/secgroup_rules.tf
@@ -0,0 +1,82 @@
+##################################
+# Define Network Security Groups #
+##################################
+
+
+resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ name = "${var.infra_name}_security_group"
+ description = "${var.infra_name} Security group"
+}
+
+
+# Allow all internal TCP & UDP
+
+/* resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_alltcp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 1
+ port_range_max = 65535
+ remote_ip_prefix = var.int_network
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_alludp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "udp"
+ port_range_min = 1
+ port_range_max = 65535
+ remote_ip_prefix = var.int_network
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+} */
+
+
+# External communication
+# HTTP(S)
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 443
+ port_range_max = 443
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 80
+ port_range_max = 80
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+
+
+# ICMP
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "icmp"
+ port_range_min = 0
+ port_range_max = 0
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+# SSH
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 22
+ port_range_max = 22
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/volumes.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/volumes.tf
new file mode 100644
index 0000000000000000000000000000000000000000..d7bc3b03be84a4f8b942327e10d74adb1778a2f8
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/modules/common/volumes.tf
@@ -0,0 +1,14 @@
+# extra volume
+resource "openstack_blockstorage_volume_v3" "nodes_extra_volumes" {
+ count = var.nodes_count
+ name = "${var.infra_name}-extra-volume-${count.index+1}"
+ size = var.nodes_extra_volume_size
+ volume_type = var.nodes_extra_volume_type
+}
+
+resource "openstack_compute_volume_attach_v2" "nodes_extra_volumes_attachments" {
+ count = var.nodes_count
+ instance_id = element(openstack_compute_instance_v2.nodes.*.id, count.index)
+ volume_id = element(openstack_blockstorage_volume_v3.nodes_extra_volumes.*.id, count.index)
+ device = "/dev/sdb"
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/output.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/output.tf
new file mode 100644
index 0000000000000000000000000000000000000000..744094a36e9df34feff5b8e67adfb5a3bc7d1ed6
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/output.tf
@@ -0,0 +1,25 @@
+/*
+output "toplevel_instance_ip_bastion" {
+ value = module.toplevel.bastion_instance_ip
+}
+
+output "toplevel_instance_floating_ip_bastion" {
+ value = module.toplevel.bastion_floating_ip
+}
+
+
+output "d_infra_test_instance_ip_a" {
+ value = module.toplevel.nodes_a_instance_ip
+}
+
+output "c_infra_test_instance_name_a" {
+ value = module.toplevel.nodes_a_name
+}
+
+output "e_infra_test_instance_name_b" {
+ value = module.toplevel.nodes_b_name
+}
+
+output "f_infra_test_instance_ip_b" {
+ value = module.toplevel.nodes_b_instance_ip
+}*/
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/terminal-transcript.log b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/terminal-transcript.log
new file mode 100644
index 0000000000000000000000000000000000000000..c12674e2127aa885038732fd364a91d014e9dd38
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.enes.org/terraform/terminal-transcript.log
@@ -0,0 +1,1434 @@
+# A. Check command-line tools
+
+[freznicek@lenovo-t14 terraform 0]$ openstack --version
+openstack 5.5.0
+[freznicek@lenovo-t14 terraform 0]$ terraform version
+Terraform v1.5.0
+on linux_amd64
++ provider registry.terraform.io/terraform-provider-openstack/openstack v1.51.1
+
+Your version of Terraform is out of date! The latest version
+is 1.5.1. You can update by downloading from https://www.terraform.io/downloads.html
+[freznicek@lenovo-t14 terraform 0]$ ssh -V
+OpenSSH_8.8p1, OpenSSL 3.0.8 7 Feb 2023
+[freznicek@lenovo-t14 terraform 0]$ sshuttle --version
+1.1.0
+
+
+# B. Prepare infrastructure (main.tf)
+
+# log into vo.enes.org OpenStack project
+[freznicek@lenovo-t14 terraform 0]$ source ~/conf/prod-egi-freznicek-vo.enes.org-all-roles-openrc.sh.inc # project_openrc.sh.inc
+
+[freznicek@lenovo-t14 terraform 0]$ cat main.tf
+terraform {
+ backend "local" {}
+}
+
+module "toplevel" {
+ # two tier infrastructure (2tier_public_bastion_private_vm_farm module):
+ # * single public facing tiny bastion VM
+ # * N private HPC VM farm
+ source = "./modules/2tier_public_bastion_private_vm_farm"
+
+ infra_name = "vo-enes-org-tf-demo"
+
+ nodes_count = 3
+ nodes_extra_volume_size = 1000 # in GB
+
+ #bastion_flavor = "standard.medium"
+ #bastion_image = "ubuntu-jammy-x86_64"
+ #nodes_flavor = "hpc.16core-32ram"
+ #nodes_image = "ubuntu-jammy-x86_64"
+}
+
+# C. Validate terraform environment (init+validate)
+
+[freznicek@lenovo-t14 terraform 1]$ terraform init
+
+Initializing the backend...
+Initializing modules...
+
+Initializing provider plugins...
+- Reusing previous version of terraform-provider-openstack/openstack from the dependency lock file
+- Using previously-installed terraform-provider-openstack/openstack v1.51.1
+
+Terraform has been successfully initialized!
+
+You may now begin working with Terraform. Try running "terraform plan" to see
+any changes that are required for your infrastructure. All Terraform commands
+should now work.
+
+If you ever set or change modules or backend configuration for Terraform,
+rerun this command to reinitialize your working directory. If you forget, other
+commands will detect it and remind you to do so if necessary.
+
+[freznicek@lenovo-t14 terraform 0]$ terraform validate
+Success! The configuration is valid.
+
+
+# D. Deploy infrastructure (plan+apply)
+
+[freznicek@lenovo-t14 terraform 0]$ terraform plan --out plan
+module.toplevel.data.openstack_networking_network_v2.external_network: Reading...
+module.toplevel.data.openstack_images_image_v2.nodes_image: Reading...
+module.toplevel.data.openstack_images_image_v2.nodes_image: Read complete after 1s [id=bf08651f-047f-402a-9c9f-8fe415bffb89]
+module.toplevel.data.openstack_networking_network_v2.external_network: Read complete after 1s [id=9edb9ab8-8742-49e3-9461-528f31397672]
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ + create
+
+Terraform will perform the following actions:
+
+ # module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[0] will be created
+ + resource "openstack_blockstorage_volume_v3" "nodes_extra_volumes" {
+ + attachment = (known after apply)
+ + availability_zone = (known after apply)
+ + id = (known after apply)
+ + metadata = (known after apply)
+ + name = "vo-enes-org-tf-demo-extra-volume-1"
+ + region = (known after apply)
+ + size = 1000
+ + volume_type = "ceph-extra-rep"
+ }
+
+ # module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[1] will be created
+ + resource "openstack_blockstorage_volume_v3" "nodes_extra_volumes" {
+ + attachment = (known after apply)
+ + availability_zone = (known after apply)
+ + id = (known after apply)
+ + metadata = (known after apply)
+ + name = "vo-enes-org-tf-demo-extra-volume-2"
+ + region = (known after apply)
+ + size = 1000
+ + volume_type = "ceph-extra-rep"
+ }
+
+ # module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[2] will be created
+ + resource "openstack_blockstorage_volume_v3" "nodes_extra_volumes" {
+ + attachment = (known after apply)
+ + availability_zone = (known after apply)
+ + id = (known after apply)
+ + metadata = (known after apply)
+ + name = "vo-enes-org-tf-demo-extra-volume-3"
+ + region = (known after apply)
+ + size = 1000
+ + volume_type = "ceph-extra-rep"
+ }
+
+ # module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate will be created
+ + resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ + floating_ip = (known after apply)
+ + id = (known after apply)
+ + instance_id = (known after apply)
+ + region = (known after apply)
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.bastion will be created
+ + resource "openstack_compute_instance_v2" "bastion" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "standard.medium"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "vo-enes-org-tf-demo-keypair"
+ + name = "vo-enes-org-tf-demo-bastion-server"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "vo-enes-org-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "a3a49ba4d021dc7ea72f930700b21701d957ddd6"
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[0] will be created
+ + resource "openstack_compute_instance_v2" "nodes" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "hpc.16core-32ram"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "vo-enes-org-tf-demo-keypair"
+ + name = "vo-enes-org-tf-demo-server-1"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "vo-enes-org-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "8d4565d32104990f59352f6ea5c69e398c356e26"
+
+ + block_device {
+ + boot_index = 0
+ + delete_on_termination = true
+ + destination_type = "local"
+ + source_type = "image"
+ + uuid = "bf08651f-047f-402a-9c9f-8fe415bffb89"
+ + volume_size = 10
+ }
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[1] will be created
+ + resource "openstack_compute_instance_v2" "nodes" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "hpc.16core-32ram"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "vo-enes-org-tf-demo-keypair"
+ + name = "vo-enes-org-tf-demo-server-2"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "vo-enes-org-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "c2819c22aff3e1d7ebb2659b98724aac67590530"
+
+ + block_device {
+ + boot_index = 0
+ + delete_on_termination = true
+ + destination_type = "local"
+ + source_type = "image"
+ + uuid = "bf08651f-047f-402a-9c9f-8fe415bffb89"
+ + volume_size = 10
+ }
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[2] will be created
+ + resource "openstack_compute_instance_v2" "nodes" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "hpc.16core-32ram"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "vo-enes-org-tf-demo-keypair"
+ + name = "vo-enes-org-tf-demo-server-3"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "vo-enes-org-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "0d9eecc7260a206e8502b6403c5a1d43e7c869cf"
+
+ + block_device {
+ + boot_index = 0
+ + delete_on_termination = true
+ + destination_type = "local"
+ + source_type = "image"
+ + uuid = "bf08651f-047f-402a-9c9f-8fe415bffb89"
+ + volume_size = 10
+ }
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_compute_keypair_v2.pubkey will be created
+ + resource "openstack_compute_keypair_v2" "pubkey" {
+ + fingerprint = (known after apply)
+ + id = (known after apply)
+ + name = "vo-enes-org-tf-demo-keypair"
+ + private_key = (known after apply)
+ + public_key = <<-EOT
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCh5m8MwPW2mSXPFj0P3SSnAjukeQinvdESJfUeVqxOLozx3uAprm+ghPlun4V0mqfIfs6SmJM2wN8oDjd18yJVgCc1tfaSTDYDnVdrVPzWQYDdCqca0a3z+fXuK/sffv+9SH4LdNGqm6wA6xjJAbp8HbsnUNbcxs9bt9GJToxRjVCHjawJxlBBUemuYU7x7B8tdq3W5Fxtc9dIEcpO7NLvVujSSzbTwxVANSpOsbhroN6IQP299hB7Ggoa7P0MNaJa9VHJSU4Z6N7lYDrMG5gkm6LxL6s37ljyQS7IVDNKbhj1WrWfxAWrYtQy5alzisa7uuaxb1dOwEEWzZI5Z59T79cZActsJJPf6e4zurYo8Tqw9vpJId8ohDEQVnmb5asDGMz5G8xXa4G98McVYL1766fN1FxflYLIVRi7uPTLjN76COh/Q/ZxYuByFYl62VY+vT3CxcYInsqOkhwgfmHMbepq3ndRRIrN97IDDMutT5peTLSwpsmME+202Tg12TL7aGMyeNfcRxJkm3nHvXXKSAu1fJKXPvTQZZRxctX9GQ+2iYBhB57WnmtvfzgfcrAdZTXH3Mh08xRB+Uv/VqupLhm9Fgs/+IVUyi0AezsL6NrGItyPVcVU2HXF6xdsIFyHgb2Jhbdm2PzN/n7lcRa6lkltPBpLSWZb0N0DSHbrJw== freznicek@fedora
+ EOT
+ + region = (known after apply)
+ + user_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[0] will be created
+ + resource "openstack_compute_volume_attach_v2" "nodes_extra_volumes_attachments" {
+ + device = "/dev/sdb"
+ + id = (known after apply)
+ + instance_id = (known after apply)
+ + region = (known after apply)
+ + volume_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[1] will be created
+ + resource "openstack_compute_volume_attach_v2" "nodes_extra_volumes_attachments" {
+ + device = "/dev/sdb"
+ + id = (known after apply)
+ + instance_id = (known after apply)
+ + region = (known after apply)
+ + volume_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[2] will be created
+ + resource "openstack_compute_volume_attach_v2" "nodes_extra_volumes_attachments" {
+ + device = "/dev/sdb"
+ + id = (known after apply)
+ + instance_id = (known after apply)
+ + region = (known after apply)
+ + volume_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_floatingip_v2.bastion_fip will be created
+ + resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ + address = (known after apply)
+ + all_tags = (known after apply)
+ + dns_domain = (known after apply)
+ + dns_name = (known after apply)
+ + fixed_ip = (known after apply)
+ + id = (known after apply)
+ + pool = "public-cesnet-195-113-167-GROUP"
+ + port_id = (known after apply)
+ + region = (known after apply)
+ + subnet_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_network_v2.network_default will be created
+ + resource "openstack_networking_network_v2" "network_default" {
+ + admin_state_up = true
+ + all_tags = (known after apply)
+ + availability_zone_hints = (known after apply)
+ + dns_domain = (known after apply)
+ + external = (known after apply)
+ + id = (known after apply)
+ + mtu = (known after apply)
+ + name = "vo-enes-org-tf-demo_network"
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + shared = (known after apply)
+ + tenant_id = (known after apply)
+ + transparent_vlan = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_port_v2.bastion_port will be created
+ + resource "openstack_networking_port_v2" "bastion_port" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "vo-enes-org-tf-demo-bastion-server-port"
+ + network_id = (known after apply)
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[0] will be created
+ + resource "openstack_networking_port_v2" "nodes_ports" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "vo-enes-org-tf-demo_server_port_1"
+ + network_id = (known after apply)
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[1] will be created
+ + resource "openstack_networking_port_v2" "nodes_ports" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "vo-enes-org-tf-demo_server_port_2"
+ + network_id = (known after apply)
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[2] will be created
+ + resource "openstack_networking_port_v2" "nodes_ports" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "vo-enes-org-tf-demo_server_port_3"
+ + network_id = (known after apply)
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_networking_router_interface_v2.router_default_interface will be created
+ + resource "openstack_networking_router_interface_v2" "router_default_interface" {
+ + force_destroy = false
+ + id = (known after apply)
+ + port_id = (known after apply)
+ + region = (known after apply)
+ + router_id = (known after apply)
+ + subnet_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_router_v2.router_default will be created
+ + resource "openstack_networking_router_v2" "router_default" {
+ + admin_state_up = true
+ + all_tags = (known after apply)
+ + availability_zone_hints = (known after apply)
+ + distributed = (known after apply)
+ + enable_snat = (known after apply)
+ + external_gateway = (known after apply)
+ + external_network_id = "9edb9ab8-8742-49e3-9461-528f31397672"
+ + id = (known after apply)
+ + name = "vo-enes-org-tf-demo_infra-test"
+ + region = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 80
+ + port_range_min = 80
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 443
+ + port_range_min = 443
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 0
+ + port_range_min = 0
+ + protocol = "icmp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 22
+ + port_range_min = 22
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_v2.secgroup_default will be created
+ + resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ + all_tags = (known after apply)
+ + description = "vo-enes-org-tf-demo Security group"
+ + id = (known after apply)
+ + name = "vo-enes-org-tf-demo_security_group"
+ + region = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_subnet_v2.subnet_default will be created
+ + resource "openstack_networking_subnet_v2" "subnet_default" {
+ + all_tags = (known after apply)
+ + cidr = "10.10.10.0/24"
+ + dns_nameservers = [
+ + "1.1.1.1",
+ + "8.8.8.8",
+ ]
+ + enable_dhcp = true
+ + gateway_ip = (known after apply)
+ + id = (known after apply)
+ + ip_version = 4
+ + ipv6_address_mode = (known after apply)
+ + ipv6_ra_mode = (known after apply)
+ + name = "vo-enes-org-tf-demo_subnet"
+ + network_id = (known after apply)
+ + no_gateway = false
+ + region = (known after apply)
+ + service_types = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+Plan: 26 to add, 0 to change, 0 to destroy.
+
+──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+
+Saved the plan to: plan
+
+To perform exactly these actions, run the following command to apply:
+ terraform apply "plan"
+[freznicek@lenovo-t14 terraform 0]$ terraform apply "plan"
+module.toplevel.openstack_compute_keypair_v2.pubkey: Creating...
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Creating...
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Creating...
+module.toplevel.openstack_networking_network_v2.network_default: Creating...
+module.toplevel.openstack_networking_router_v2.router_default: Creating...
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[1]: Creating...
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[2]: Creating...
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[0]: Creating...
+module.toplevel.openstack_compute_keypair_v2.pubkey: Creation complete after 1s [id=vo-enes-org-tf-demo-keypair]
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Creation complete after 1s [id=ed3f6682-e6c9-46b5-983d-3baf25131142]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Creation complete after 0s [id=f56e25f7-21c1-4337-b6be-7e8def76bfff]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Creation complete after 1s [id=3e4a6d33-f68e-4c8c-8408-9594c6e41e61]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Creation complete after 2s [id=9df51e87-e30c-46f4-ae9a-a6d833759b9c]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Creation complete after 2s [id=5f6519c2-ed4a-445d-b63c-7c030eab581d]
+module.toplevel.openstack_networking_network_v2.network_default: Creation complete after 7s [id=ba35e97d-7f04-47b4-a82c-0130a1f217a7]
+module.toplevel.openstack_networking_subnet_v2.subnet_default: Creating...
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Creation complete after 9s [id=ec66ce9d-c8ca-490f-a249-043b55230f22]
+module.toplevel.openstack_networking_router_v2.router_default: Creation complete after 9s [id=c2747273-6f7b-4733-a919-96701ea0a153]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[2]: Still creating... [10s elapsed]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[0]: Still creating... [10s elapsed]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[1]: Still creating... [10s elapsed]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[0]: Creation complete after 11s [id=a527bff6-6a80-469b-89d1-71fcf3f7d0b1]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[1]: Creation complete after 11s [id=58ed3694-5141-4db1-b156-3c46a9f5654b]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[2]: Creation complete after 11s [id=adbd2ddc-600e-4d77-aa3f-ed66d94ae2dd]
+module.toplevel.openstack_networking_subnet_v2.subnet_default: Creation complete after 6s [id=a0dfc195-fa9d-4df1-aa6d-7e6ca842e899]
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface: Creating...
+module.toplevel.openstack_networking_port_v2.bastion_port: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[2]: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Creating...
+module.toplevel.openstack_networking_port_v2.bastion_port: Creation complete after 7s [id=e8dafeed-a6eb-44de-af9b-d5d19844512f]
+module.toplevel.openstack_compute_instance_v2.bastion: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[2]: Creation complete after 7s [id=d4bb617c-bce7-4572-9a07-1f638e482da2]
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Creation complete after 7s [id=41fa4b8b-5096-4699-94b6-735afc88ba35]
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Creation complete after 7s [id=9749a231-94db-4c0c-a86f-d5c378bbc9e6]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Creating...
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Creating...
+module.toplevel.openstack_compute_instance_v2.nodes[2]: Creating...
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface: Creation complete after 9s [id=8ea9c9cf-be4e-429a-8e1c-ae3b562f69d2]
+module.toplevel.openstack_compute_instance_v2.bastion: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[2]: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Creation complete after 15s [id=66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c]
+module.toplevel.openstack_compute_instance_v2.bastion: Creation complete after 16s [id=749623e7-7010-4a09-ac69-400baa610042]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Creating...
+module.toplevel.openstack_compute_instance_v2.nodes[2]: Creation complete after 16s [id=e1f199f5-b57a-4ca0-bc8e-7e675fdfae13]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Creation complete after 16s [id=809eda35-291a-46e1-a0ae-6d0c954bb7a0]
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[0]: Creating...
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[2]: Creating...
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[1]: Creating...
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Creation complete after 2s [id=195.113.167.75/749623e7-7010-4a09-ac69-400baa610042/]
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[1]: Creation complete after 6s [id=66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c/58ed3694-5141-4db1-b156-3c46a9f5654b]
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[0]: Creation complete after 6s [id=809eda35-291a-46e1-a0ae-6d0c954bb7a0/a527bff6-6a80-469b-89d1-71fcf3f7d0b1]
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[2]: Creation complete after 6s [id=e1f199f5-b57a-4ca0-bc8e-7e675fdfae13/adbd2ddc-600e-4d77-aa3f-ed66d94ae2dd]
+
+Apply complete! Resources: 26 added, 0 changed, 0 destroyed.
+
+
+# E. Verify the objects with openstack client
+
+[freznicek@lenovo-t14 terraform 0]$ openstack server list
++--------------------------------------+-------------------------------------------+--------+-----------------------------------------------------------------------+--------------------------------+------------------+
+| ID | Name | Status | Networks | Image | Flavor |
++--------------------------------------+-------------------------------------------+--------+-----------------------------------------------------------------------+--------------------------------+------------------+
+| 66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c | vo-enes-org-tf-demo-server-2 | ACTIVE | vo-enes-org-tf-demo_network=10.10.10.247 | ubuntu-jammy-x86_64 | hpc.16core-32ram |
+| 749623e7-7010-4a09-ac69-400baa610042 | vo-enes-org-tf-demo-bastion-server | ACTIVE | vo-enes-org-tf-demo_network=10.10.10.39, 195.113.167.75 | ubuntu-jammy-x86_64 | standard.medium |
+| 809eda35-291a-46e1-a0ae-6d0c954bb7a0 | vo-enes-org-tf-demo-server-1 | ACTIVE | vo-enes-org-tf-demo_network=10.10.10.201 | ubuntu-jammy-x86_64 | hpc.16core-32ram |
+| e1f199f5-b57a-4ca0-bc8e-7e675fdfae13 | vo-enes-org-tf-demo-server-3 | ACTIVE | vo-enes-org-tf-demo_network=10.10.10.32 | ubuntu-jammy-x86_64 | hpc.16core-32ram |
++--------------------------------------+-------------------------------------------+--------+-----------------------------------------------------------------------+--------------------------------+------------------+
+[freznicek@lenovo-t14 terraform 0]$ openstack volume list
++--------------------------------------+-------------------------------------------+--------+------+----------------------------------------------------------------+
+| ID | Name | Status | Size | Attached to |
++--------------------------------------+-------------------------------------------+--------+------+----------------------------------------------------------------+
+| adbd2ddc-600e-4d77-aa3f-ed66d94ae2dd | vo-enes-org-tf-demo-extra-volume-3 | in-use | 1000 | Attached to vo-enes-org-tf-demo-server-3 on /dev/sdb |
+| a527bff6-6a80-469b-89d1-71fcf3f7d0b1 | vo-enes-org-tf-demo-extra-volume-1 | in-use | 1000 | Attached to vo-enes-org-tf-demo-server-1 on /dev/sdb |
+| 58ed3694-5141-4db1-b156-3c46a9f5654b | vo-enes-org-tf-demo-extra-volume-2 | in-use | 1000 | Attached to vo-enes-org-tf-demo-server-2 on /dev/sdb |
++--------------------------------------+-------------------------------------------+--------+------+----------------------------------------------------------------+
+
+[freznicek@lenovo-t14 terraform 0]$ openstack volume show vo-enes-org-tf-demo-extra-volume-1 -fjson
+{
+ "attachments": [
+ {
+ "id": "a527bff6-6a80-469b-89d1-71fcf3f7d0b1",
+ "attachment_id": "efbcd175-90cb-4698-9510-16318200a3b3",
+ "volume_id": "a527bff6-6a80-469b-89d1-71fcf3f7d0b1",
+ "server_id": "809eda35-291a-46e1-a0ae-6d0c954bb7a0",
+ "host_name": "eli-hda2-055-ostack.priv.cloud.muni.cz",
+ "device": "/dev/sdb",
+ "attached_at": "2023-06-23T12:18:57.000000"
+ }
+ ],
+ "availability_zone": "brno1",
+ "bootable": "false",
+ "consistencygroup_id": null,
+ "created_at": "2023-06-23T12:18:19.000000",
+ "description": null,
+ "encrypted": false,
+ "id": "a527bff6-6a80-469b-89d1-71fcf3f7d0b1",
+ "multiattach": false,
+ "name": "vo-enes-org-tf-demo-extra-volume-1",
+ "os-vol-tenant-attr:tenant_id": "786566209a7444f89a561172fa28e117",
+ "properties": {},
+ "replication_status": null,
+ "size": 1000,
+ "snapshot_id": null,
+ "source_volid": null,
+ "status": "in-use",
+ "updated_at": "2023-06-23T12:18:57.000000",
+ "user_id": "cbd97591acf3d91e3c32d20558935b4a7196589eb6c46b43879ea38355463ac6"
+}
+
+
+# F. Access the VM via the bastion
+
+## F1. Connect to public bastion (terminal 1)
+
+[freznicek@lenovo-t14 terraform 99]$ sshuttle -e "ssh -i ~/.ssh/id_rsa.LenovoThinkCentreE73" -r ubuntu@195.113.167.75 10.10.10.0/24
+The authenticity of host '195.113.167.75 (195.113.167.75)' can't be established.
+ED25519 key fingerprint is SHA256:hjyrJDdt5unjForvHCbk1pSZTWBGI+jSrgrber4Opdg.
+This key is not known by any other names
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '195.113.167.75' (ED25519) to the list of known hosts.
+c : Connected to server.
+
+
+## F2. Connect to HPC nodes (on private addresses, terminal 2)
+
+[freznicek@lenovo-t14 terraform 0]$ assh ubuntu@10.10.10.201
+...
+To run a command as administrator (user "root"), use "sudo <command>".
+See "man sudo_root" for details.
+
+ubuntu@vo-enes-org-tf-demo-server-1:~$ lsblk
+NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
+loop0 7:0 0 63.5M 1 loop /snap/core20/1891
+loop1 7:1 0 111.9M 1 loop /snap/lxd/24322
+loop2 7:2 0 53.3M 1 loop /snap/snapd/19361
+sda 8:0 0 80G 0 disk
+├─sda1 8:1 0 79.9G 0 part /
+├─sda14 8:14 0 4M 0 part
+└─sda15 8:15 0 106M 0 part /boot/efi
+sdb 8:16 0 1000G 0 disk
+└─sdb1 8:17 0 1000G 0 part /mnt/data
+ubuntu@vo-enes-org-tf-demo-server-1:~$ df -ah /mnt/data
+Filesystem Size Used Avail Use% Mounted on
+/dev/sdb1 984G 28K 934G 1% /mnt/data
+
+
+# G. Destroy the infrastructure
+
+[freznicek@lenovo-t14 terraform 0]$ terraform destroy
+module.toplevel.data.openstack_networking_network_v2.external_network: Reading...
+module.toplevel.openstack_compute_keypair_v2.pubkey: Refreshing state... [id=vo-enes-org-tf-demo-keypair]
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Refreshing state... [id=ed3f6682-e6c9-46b5-983d-3baf25131142]
+module.toplevel.data.openstack_images_image_v2.nodes_image: Reading...
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Refreshing state... [id=ec66ce9d-c8ca-490f-a249-043b55230f22]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[0]: Refreshing state... [id=a527bff6-6a80-469b-89d1-71fcf3f7d0b1]
+module.toplevel.openstack_networking_network_v2.network_default: Refreshing state... [id=ba35e97d-7f04-47b4-a82c-0130a1f217a7]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[2]: Refreshing state... [id=adbd2ddc-600e-4d77-aa3f-ed66d94ae2dd]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[1]: Refreshing state... [id=58ed3694-5141-4db1-b156-3c46a9f5654b]
+module.toplevel.data.openstack_images_image_v2.nodes_image: Read complete after 1s [id=bf08651f-047f-402a-9c9f-8fe415bffb89]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Refreshing state... [id=f56e25f7-21c1-4337-b6be-7e8def76bfff]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Refreshing state... [id=9df51e87-e30c-46f4-ae9a-a6d833759b9c]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Refreshing state... [id=5f6519c2-ed4a-445d-b63c-7c030eab581d]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Refreshing state... [id=3e4a6d33-f68e-4c8c-8408-9594c6e41e61]
+module.toplevel.openstack_networking_subnet_v2.subnet_default: Refreshing state... [id=a0dfc195-fa9d-4df1-aa6d-7e6ca842e899]
+module.toplevel.data.openstack_networking_network_v2.external_network: Read complete after 1s [id=9edb9ab8-8742-49e3-9461-528f31397672]
+module.toplevel.openstack_networking_router_v2.router_default: Refreshing state... [id=c2747273-6f7b-4733-a919-96701ea0a153]
+module.toplevel.openstack_networking_port_v2.bastion_port: Refreshing state... [id=e8dafeed-a6eb-44de-af9b-d5d19844512f]
+module.toplevel.openstack_networking_port_v2.nodes_ports[2]: Refreshing state... [id=d4bb617c-bce7-4572-9a07-1f638e482da2]
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Refreshing state... [id=41fa4b8b-5096-4699-94b6-735afc88ba35]
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Refreshing state... [id=9749a231-94db-4c0c-a86f-d5c378bbc9e6]
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface: Refreshing state... [id=8ea9c9cf-be4e-429a-8e1c-ae3b562f69d2]
+module.toplevel.openstack_compute_instance_v2.bastion: Refreshing state... [id=749623e7-7010-4a09-ac69-400baa610042]
+module.toplevel.openstack_compute_instance_v2.nodes[2]: Refreshing state... [id=e1f199f5-b57a-4ca0-bc8e-7e675fdfae13]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Refreshing state... [id=809eda35-291a-46e1-a0ae-6d0c954bb7a0]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Refreshing state... [id=66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Refreshing state... [id=195.113.167.75/749623e7-7010-4a09-ac69-400baa610042/]
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[0]: Refreshing state... [id=809eda35-291a-46e1-a0ae-6d0c954bb7a0/a527bff6-6a80-469b-89d1-71fcf3f7d0b1]
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[2]: Refreshing state... [id=e1f199f5-b57a-4ca0-bc8e-7e675fdfae13/adbd2ddc-600e-4d77-aa3f-ed66d94ae2dd]
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[1]: Refreshing state... [id=66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c/58ed3694-5141-4db1-b156-3c46a9f5654b]
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ - destroy
+
+Terraform will perform the following actions:
+
+ # module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[0] will be destroyed
+ - resource "openstack_blockstorage_volume_v3" "nodes_extra_volumes" {
+ - attachment = [
+ - {
+ - device = "/dev/sdb"
+ - id = "a527bff6-6a80-469b-89d1-71fcf3f7d0b1"
+ - instance_id = "809eda35-291a-46e1-a0ae-6d0c954bb7a0"
+ },
+ ] -> null
+ - availability_zone = "brno1" -> null
+ - id = "a527bff6-6a80-469b-89d1-71fcf3f7d0b1" -> null
+ - metadata = {} -> null
+ - name = "vo-enes-org-tf-demo-extra-volume-1" -> null
+ - region = "brno1" -> null
+ - size = 1000 -> null
+ - volume_type = "ceph-extra-rep" -> null
+ }
+
+ # module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[1] will be destroyed
+ - resource "openstack_blockstorage_volume_v3" "nodes_extra_volumes" {
+ - attachment = [
+ - {
+ - device = "/dev/sdb"
+ - id = "58ed3694-5141-4db1-b156-3c46a9f5654b"
+ - instance_id = "66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c"
+ },
+ ] -> null
+ - availability_zone = "brno1" -> null
+ - id = "58ed3694-5141-4db1-b156-3c46a9f5654b" -> null
+ - metadata = {} -> null
+ - name = "vo-enes-org-tf-demo-extra-volume-2" -> null
+ - region = "brno1" -> null
+ - size = 1000 -> null
+ - volume_type = "ceph-extra-rep" -> null
+ }
+
+ # module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[2] will be destroyed
+ - resource "openstack_blockstorage_volume_v3" "nodes_extra_volumes" {
+ - attachment = [
+ - {
+ - device = "/dev/sdb"
+ - id = "adbd2ddc-600e-4d77-aa3f-ed66d94ae2dd"
+ - instance_id = "e1f199f5-b57a-4ca0-bc8e-7e675fdfae13"
+ },
+ ] -> null
+ - availability_zone = "brno1" -> null
+ - id = "adbd2ddc-600e-4d77-aa3f-ed66d94ae2dd" -> null
+ - metadata = {} -> null
+ - name = "vo-enes-org-tf-demo-extra-volume-3" -> null
+ - region = "brno1" -> null
+ - size = 1000 -> null
+ - volume_type = "ceph-extra-rep" -> null
+ }
+
+ # module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate will be destroyed
+ - resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ - floating_ip = "195.113.167.75" -> null
+ - id = "195.113.167.75/749623e7-7010-4a09-ac69-400baa610042/" -> null
+ - instance_id = "749623e7-7010-4a09-ac69-400baa610042" -> null
+ - region = "brno1" -> null
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.bastion will be destroyed
+ - resource "openstack_compute_instance_v2" "bastion" {
+ - access_ip_v4 = "10.10.10.39" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "brno1" -> null
+ - created = "2023-06-23 12:18:41 +0000 UTC" -> null
+ - flavor_id = "4c153ce3-a163-4668-baa7-2cbcb57e2dd8" -> null
+ - flavor_name = "standard.medium" -> null
+ - force_delete = false -> null
+ - id = "749623e7-7010-4a09-ac69-400baa610042" -> null
+ - image_id = "bf08651f-047f-402a-9c9f-8fe415bffb89" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "vo-enes-org-tf-demo-keypair" -> null
+ - name = "vo-enes-org-tf-demo-bastion-server" -> null
+ - power_state = "active" -> null
+ - region = "brno1" -> null
+ - security_groups = [
+ - "vo-enes-org-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-06-23 12:18:53 +0000 UTC" -> null
+ - user_data = "a3a49ba4d021dc7ea72f930700b21701d957ddd6" -> null
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "10.10.10.39" -> null
+ - mac = "fa:16:3e:c1:2b:43" -> null
+ - name = "vo-enes-org-tf-demo_network" -> null
+ - port = "e8dafeed-a6eb-44de-af9b-d5d19844512f" -> null
+ - uuid = "ba35e97d-7f04-47b4-a82c-0130a1f217a7" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[0] will be destroyed
+ - resource "openstack_compute_instance_v2" "nodes" {
+ - access_ip_v4 = "10.10.10.201" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "brno1" -> null
+ - created = "2023-06-23 12:18:41 +0000 UTC" -> null
+ - flavor_id = "fd5b2a18-30c7-427f-84b1-23194346f20c" -> null
+ - flavor_name = "hpc.16core-32ram" -> null
+ - force_delete = false -> null
+ - id = "809eda35-291a-46e1-a0ae-6d0c954bb7a0" -> null
+ - image_id = "bf08651f-047f-402a-9c9f-8fe415bffb89" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "vo-enes-org-tf-demo-keypair" -> null
+ - name = "vo-enes-org-tf-demo-server-1" -> null
+ - power_state = "active" -> null
+ - region = "brno1" -> null
+ - security_groups = [
+ - "vo-enes-org-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-06-23 12:18:53 +0000 UTC" -> null
+ - user_data = "8d4565d32104990f59352f6ea5c69e398c356e26" -> null
+
+ - block_device {
+ - boot_index = 0 -> null
+ - delete_on_termination = true -> null
+ - destination_type = "local" -> null
+ - source_type = "image" -> null
+ - uuid = "bf08651f-047f-402a-9c9f-8fe415bffb89" -> null
+ - volume_size = 10 -> null
+ }
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "10.10.10.201" -> null
+ - mac = "fa:16:3e:bb:93:3b" -> null
+ - name = "vo-enes-org-tf-demo_network" -> null
+ - port = "41fa4b8b-5096-4699-94b6-735afc88ba35" -> null
+ - uuid = "ba35e97d-7f04-47b4-a82c-0130a1f217a7" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[1] will be destroyed
+ - resource "openstack_compute_instance_v2" "nodes" {
+ - access_ip_v4 = "10.10.10.247" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "brno1" -> null
+ - created = "2023-06-23 12:18:41 +0000 UTC" -> null
+ - flavor_id = "fd5b2a18-30c7-427f-84b1-23194346f20c" -> null
+ - flavor_name = "hpc.16core-32ram" -> null
+ - force_delete = false -> null
+ - id = "66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c" -> null
+ - image_id = "bf08651f-047f-402a-9c9f-8fe415bffb89" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "vo-enes-org-tf-demo-keypair" -> null
+ - name = "vo-enes-org-tf-demo-server-2" -> null
+ - power_state = "active" -> null
+ - region = "brno1" -> null
+ - security_groups = [
+ - "vo-enes-org-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-06-23 12:18:51 +0000 UTC" -> null
+ - user_data = "c2819c22aff3e1d7ebb2659b98724aac67590530" -> null
+
+ - block_device {
+ - boot_index = 0 -> null
+ - delete_on_termination = true -> null
+ - destination_type = "local" -> null
+ - source_type = "image" -> null
+ - uuid = "bf08651f-047f-402a-9c9f-8fe415bffb89" -> null
+ - volume_size = 10 -> null
+ }
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "10.10.10.247" -> null
+ - mac = "fa:16:3e:8d:24:c1" -> null
+ - name = "vo-enes-org-tf-demo_network" -> null
+ - port = "9749a231-94db-4c0c-a86f-d5c378bbc9e6" -> null
+ - uuid = "ba35e97d-7f04-47b4-a82c-0130a1f217a7" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[2] will be destroyed
+ - resource "openstack_compute_instance_v2" "nodes" {
+ - access_ip_v4 = "10.10.10.32" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "brno1" -> null
+ - created = "2023-06-23 12:18:41 +0000 UTC" -> null
+ - flavor_id = "fd5b2a18-30c7-427f-84b1-23194346f20c" -> null
+ - flavor_name = "hpc.16core-32ram" -> null
+ - force_delete = false -> null
+ - id = "e1f199f5-b57a-4ca0-bc8e-7e675fdfae13" -> null
+ - image_id = "bf08651f-047f-402a-9c9f-8fe415bffb89" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "vo-enes-org-tf-demo-keypair" -> null
+ - name = "vo-enes-org-tf-demo-server-3" -> null
+ - power_state = "active" -> null
+ - region = "brno1" -> null
+ - security_groups = [
+ - "vo-enes-org-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-06-23 12:18:52 +0000 UTC" -> null
+ - user_data = "0d9eecc7260a206e8502b6403c5a1d43e7c869cf" -> null
+
+ - block_device {
+ - boot_index = 0 -> null
+ - delete_on_termination = true -> null
+ - destination_type = "local" -> null
+ - source_type = "image" -> null
+ - uuid = "bf08651f-047f-402a-9c9f-8fe415bffb89" -> null
+ - volume_size = 10 -> null
+ }
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "10.10.10.32" -> null
+ - mac = "fa:16:3e:b3:c2:fe" -> null
+ - name = "vo-enes-org-tf-demo_network" -> null
+ - port = "d4bb617c-bce7-4572-9a07-1f638e482da2" -> null
+ - uuid = "ba35e97d-7f04-47b4-a82c-0130a1f217a7" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_keypair_v2.pubkey will be destroyed
+ - resource "openstack_compute_keypair_v2" "pubkey" {
+ - fingerprint = "75:e0:a4:d6:4c:76:ba:21:f1:d1:75:c8:75:22:93:4f" -> null
+ - id = "vo-enes-org-tf-demo-keypair" -> null
+ - name = "vo-enes-org-tf-demo-keypair" -> null
+ - public_key = <<-EOT
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCh5m8MwPW2mSXPFj0P3SSnAjukeQinvdESJfUeVqxOLozx3uAprm+ghPlun4V0mqfIfs6SmJM2wN8oDjd18yJVgCc1tfaSTDYDnVdrVPzWQYDdCqca0a3z+fXuK/sffv+9SH4LdNGqm6wA6xjJAbp8HbsnUNbcxs9bt9GJToxRjVCHjawJxlBBUemuYU7x7B8tdq3W5Fxtc9dIEcpO7NLvVujSSzbTwxVANSpOsbhroN6IQP299hB7Ggoa7P0MNaJa9VHJSU4Z6N7lYDrMG5gkm6LxL6s37ljyQS7IVDNKbhj1WrWfxAWrYtQy5alzisa7uuaxb1dOwEEWzZI5Z59T79cZActsJJPf6e4zurYo8Tqw9vpJId8ohDEQVnmb5asDGMz5G8xXa4G98McVYL1766fN1FxflYLIVRi7uPTLjN76COh/Q/ZxYuByFYl62VY+vT3CxcYInsqOkhwgfmHMbepq3ndRRIrN97IDDMutT5peTLSwpsmME+202Tg12TL7aGMyeNfcRxJkm3nHvXXKSAu1fJKXPvTQZZRxctX9GQ+2iYBhB57WnmtvfzgfcrAdZTXH3Mh08xRB+Uv/VqupLhm9Fgs/+IVUyi0AezsL6NrGItyPVcVU2HXF6xdsIFyHgb2Jhbdm2PzN/n7lcRa6lkltPBpLSWZb0N0DSHbrJw== freznicek@fedora
+ EOT -> null
+ - region = "brno1" -> null
+ }
+
+ # module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[0] will be destroyed
+ - resource "openstack_compute_volume_attach_v2" "nodes_extra_volumes_attachments" {
+ - device = "/dev/sdb" -> null
+ - id = "809eda35-291a-46e1-a0ae-6d0c954bb7a0/a527bff6-6a80-469b-89d1-71fcf3f7d0b1" -> null
+ - instance_id = "809eda35-291a-46e1-a0ae-6d0c954bb7a0" -> null
+ - region = "brno1" -> null
+ - volume_id = "a527bff6-6a80-469b-89d1-71fcf3f7d0b1" -> null
+ }
+
+ # module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[1] will be destroyed
+ - resource "openstack_compute_volume_attach_v2" "nodes_extra_volumes_attachments" {
+ - device = "/dev/sdb" -> null
+ - id = "66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c/58ed3694-5141-4db1-b156-3c46a9f5654b" -> null
+ - instance_id = "66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c" -> null
+ - region = "brno1" -> null
+ - volume_id = "58ed3694-5141-4db1-b156-3c46a9f5654b" -> null
+ }
+
+ # module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[2] will be destroyed
+ - resource "openstack_compute_volume_attach_v2" "nodes_extra_volumes_attachments" {
+ - device = "/dev/sdb" -> null
+ - id = "e1f199f5-b57a-4ca0-bc8e-7e675fdfae13/adbd2ddc-600e-4d77-aa3f-ed66d94ae2dd" -> null
+ - instance_id = "e1f199f5-b57a-4ca0-bc8e-7e675fdfae13" -> null
+ - region = "brno1" -> null
+ - volume_id = "adbd2ddc-600e-4d77-aa3f-ed66d94ae2dd" -> null
+ }
+
+ # module.toplevel.openstack_networking_floatingip_v2.bastion_fip will be destroyed
+ - resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ - address = "195.113.167.75" -> null
+ - all_tags = [] -> null
+ - fixed_ip = "10.10.10.39" -> null
+ - id = "ec66ce9d-c8ca-490f-a249-043b55230f22" -> null
+ - pool = "public-cesnet-195-113-167-GROUP" -> null
+ - port_id = "e8dafeed-a6eb-44de-af9b-d5d19844512f" -> null
+ - region = "brno1" -> null
+ - tags = [] -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+ }
+
+ # module.toplevel.openstack_networking_network_v2.network_default will be destroyed
+ - resource "openstack_networking_network_v2" "network_default" {
+ - admin_state_up = true -> null
+ - all_tags = [] -> null
+ - availability_zone_hints = [] -> null
+ - external = false -> null
+ - id = "ba35e97d-7f04-47b4-a82c-0130a1f217a7" -> null
+ - mtu = 1442 -> null
+ - name = "vo-enes-org-tf-demo_network" -> null
+ - port_security_enabled = true -> null
+ - region = "brno1" -> null
+ - shared = false -> null
+ - tags = [] -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+ - transparent_vlan = false -> null
+ }
+
+ # module.toplevel.openstack_networking_port_v2.bastion_port will be destroyed
+ - resource "openstack_networking_port_v2" "bastion_port" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "10.10.10.39",
+ ] -> null
+ - all_security_group_ids = [
+ - "ed3f6682-e6c9-46b5-983d-3baf25131142",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "749623e7-7010-4a09-ac69-400baa610042" -> null
+ - device_owner = "compute:brno1" -> null
+ - dns_assignment = [] -> null
+ - id = "e8dafeed-a6eb-44de-af9b-d5d19844512f" -> null
+ - mac_address = "fa:16:3e:c1:2b:43" -> null
+ - name = "vo-enes-org-tf-demo-bastion-server-port" -> null
+ - network_id = "ba35e97d-7f04-47b4-a82c-0130a1f217a7" -> null
+ - port_security_enabled = true -> null
+ - region = "brno1" -> null
+ - security_group_ids = [
+ - "ed3f6682-e6c9-46b5-983d-3baf25131142",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "a0dfc195-fa9d-4df1-aa6d-7e6ca842e899" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[0] will be destroyed
+ - resource "openstack_networking_port_v2" "nodes_ports" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "10.10.10.201",
+ ] -> null
+ - all_security_group_ids = [
+ - "ed3f6682-e6c9-46b5-983d-3baf25131142",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "809eda35-291a-46e1-a0ae-6d0c954bb7a0" -> null
+ - device_owner = "compute:brno1" -> null
+ - dns_assignment = [] -> null
+ - id = "41fa4b8b-5096-4699-94b6-735afc88ba35" -> null
+ - mac_address = "fa:16:3e:bb:93:3b" -> null
+ - name = "vo-enes-org-tf-demo_server_port_1" -> null
+ - network_id = "ba35e97d-7f04-47b4-a82c-0130a1f217a7" -> null
+ - port_security_enabled = true -> null
+ - region = "brno1" -> null
+ - security_group_ids = [
+ - "ed3f6682-e6c9-46b5-983d-3baf25131142",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "a0dfc195-fa9d-4df1-aa6d-7e6ca842e899" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[1] will be destroyed
+ - resource "openstack_networking_port_v2" "nodes_ports" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "10.10.10.247",
+ ] -> null
+ - all_security_group_ids = [
+ - "ed3f6682-e6c9-46b5-983d-3baf25131142",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c" -> null
+ - device_owner = "compute:brno1" -> null
+ - dns_assignment = [] -> null
+ - id = "9749a231-94db-4c0c-a86f-d5c378bbc9e6" -> null
+ - mac_address = "fa:16:3e:8d:24:c1" -> null
+ - name = "vo-enes-org-tf-demo_server_port_2" -> null
+ - network_id = "ba35e97d-7f04-47b4-a82c-0130a1f217a7" -> null
+ - port_security_enabled = true -> null
+ - region = "brno1" -> null
+ - security_group_ids = [
+ - "ed3f6682-e6c9-46b5-983d-3baf25131142",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "a0dfc195-fa9d-4df1-aa6d-7e6ca842e899" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[2] will be destroyed
+ - resource "openstack_networking_port_v2" "nodes_ports" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "10.10.10.32",
+ ] -> null
+ - all_security_group_ids = [
+ - "ed3f6682-e6c9-46b5-983d-3baf25131142",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "e1f199f5-b57a-4ca0-bc8e-7e675fdfae13" -> null
+ - device_owner = "compute:brno1" -> null
+ - dns_assignment = [] -> null
+ - id = "d4bb617c-bce7-4572-9a07-1f638e482da2" -> null
+ - mac_address = "fa:16:3e:b3:c2:fe" -> null
+ - name = "vo-enes-org-tf-demo_server_port_3" -> null
+ - network_id = "ba35e97d-7f04-47b4-a82c-0130a1f217a7" -> null
+ - port_security_enabled = true -> null
+ - region = "brno1" -> null
+ - security_group_ids = [
+ - "ed3f6682-e6c9-46b5-983d-3baf25131142",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "a0dfc195-fa9d-4df1-aa6d-7e6ca842e899" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_router_interface_v2.router_default_interface will be destroyed
+ - resource "openstack_networking_router_interface_v2" "router_default_interface" {
+ - force_destroy = false -> null
+ - id = "8ea9c9cf-be4e-429a-8e1c-ae3b562f69d2" -> null
+ - port_id = "8ea9c9cf-be4e-429a-8e1c-ae3b562f69d2" -> null
+ - region = "brno1" -> null
+ - router_id = "c2747273-6f7b-4733-a919-96701ea0a153" -> null
+ - subnet_id = "a0dfc195-fa9d-4df1-aa6d-7e6ca842e899" -> null
+ }
+
+ # module.toplevel.openstack_networking_router_v2.router_default will be destroyed
+ - resource "openstack_networking_router_v2" "router_default" {
+ - admin_state_up = true -> null
+ - all_tags = [] -> null
+ - availability_zone_hints = [] -> null
+ - distributed = false -> null
+ - enable_snat = true -> null
+ - external_gateway = "9edb9ab8-8742-49e3-9461-528f31397672" -> null
+ - external_network_id = "9edb9ab8-8742-49e3-9461-528f31397672" -> null
+ - id = "c2747273-6f7b-4733-a919-96701ea0a153" -> null
+ - name = "vo-enes-org-tf-demo_infra-test" -> null
+ - region = "brno1" -> null
+ - tags = [] -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+
+ - external_fixed_ip {
+ - ip_address = "195.113.167.204" -> null
+ - subnet_id = "6c6803e7-bc74-4e74-ad7a-581ad3943c04" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "9df51e87-e30c-46f4-ae9a-a6d833759b9c" -> null
+ - port_range_max = 80 -> null
+ - port_range_min = 80 -> null
+ - protocol = "tcp" -> null
+ - region = "brno1" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "ed3f6682-e6c9-46b5-983d-3baf25131142" -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "3e4a6d33-f68e-4c8c-8408-9594c6e41e61" -> null
+ - port_range_max = 443 -> null
+ - port_range_min = 443 -> null
+ - protocol = "tcp" -> null
+ - region = "brno1" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "ed3f6682-e6c9-46b5-983d-3baf25131142" -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "5f6519c2-ed4a-445d-b63c-7c030eab581d" -> null
+ - port_range_max = 0 -> null
+ - port_range_min = 0 -> null
+ - protocol = "icmp" -> null
+ - region = "brno1" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "ed3f6682-e6c9-46b5-983d-3baf25131142" -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "f56e25f7-21c1-4337-b6be-7e8def76bfff" -> null
+ - port_range_max = 22 -> null
+ - port_range_min = 22 -> null
+ - protocol = "tcp" -> null
+ - region = "brno1" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "ed3f6682-e6c9-46b5-983d-3baf25131142" -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_v2.secgroup_default will be destroyed
+ - resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ - all_tags = [] -> null
+ - description = "vo-enes-org-tf-demo Security group" -> null
+ - id = "ed3f6682-e6c9-46b5-983d-3baf25131142" -> null
+ - name = "vo-enes-org-tf-demo_security_group" -> null
+ - region = "brno1" -> null
+ - tags = [] -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+ }
+
+ # module.toplevel.openstack_networking_subnet_v2.subnet_default will be destroyed
+ - resource "openstack_networking_subnet_v2" "subnet_default" {
+ - all_tags = [] -> null
+ - cidr = "10.10.10.0/24" -> null
+ - dns_nameservers = [
+ - "1.1.1.1",
+ - "8.8.8.8",
+ ] -> null
+ - enable_dhcp = true -> null
+ - gateway_ip = "10.10.10.1" -> null
+ - id = "a0dfc195-fa9d-4df1-aa6d-7e6ca842e899" -> null
+ - ip_version = 4 -> null
+ - name = "vo-enes-org-tf-demo_subnet" -> null
+ - network_id = "ba35e97d-7f04-47b4-a82c-0130a1f217a7" -> null
+ - no_gateway = false -> null
+ - region = "brno1" -> null
+ - service_types = [] -> null
+ - tags = [] -> null
+ - tenant_id = "786566209a7444f89a561172fa28e117" -> null
+
+ - allocation_pool {
+ - end = "10.10.10.254" -> null
+ - start = "10.10.10.2" -> null
+ }
+
+ - allocation_pools {
+ - end = "10.10.10.254" -> null
+ - start = "10.10.10.2" -> null
+ }
+ }
+
+Plan: 0 to add, 0 to change, 26 to destroy.
+
+Do you really want to destroy all resources?
+ Terraform will destroy all your managed infrastructure, as shown above.
+ There is no undo. Only 'yes' will be accepted to confirm.
+
+ Enter a value: yes
+
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[1]: Destroying... [id=66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c/58ed3694-5141-4db1-b156-3c46a9f5654b]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Destroying... [id=195.113.167.75/749623e7-7010-4a09-ac69-400baa610042/]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Destroying... [id=5f6519c2-ed4a-445d-b63c-7c030eab581d]
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[2]: Destroying... [id=e1f199f5-b57a-4ca0-bc8e-7e675fdfae13/adbd2ddc-600e-4d77-aa3f-ed66d94ae2dd]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Destroying... [id=3e4a6d33-f68e-4c8c-8408-9594c6e41e61]
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[0]: Destroying... [id=809eda35-291a-46e1-a0ae-6d0c954bb7a0/a527bff6-6a80-469b-89d1-71fcf3f7d0b1]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Destroying... [id=9df51e87-e30c-46f4-ae9a-a6d833759b9c]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Destroying... [id=f56e25f7-21c1-4337-b6be-7e8def76bfff]
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface: Destroying... [id=8ea9c9cf-be4e-429a-8e1c-ae3b562f69d2]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Destruction complete after 3s
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Destroying... [id=ec66ce9d-c8ca-490f-a249-043b55230f22]
+module.toplevel.openstack_compute_instance_v2.bastion: Destroying... [id=749623e7-7010-4a09-ac69-400baa610042]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Destruction complete after 6s
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[2]: Destruction complete after 9s
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[1]: Destruction complete after 9s
+module.toplevel.openstack_compute_volume_attach_v2.nodes_extra_volumes_attachments[0]: Destruction complete after 9s
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[1]: Destroying... [id=58ed3694-5141-4db1-b156-3c46a9f5654b]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[2]: Destroying... [id=adbd2ddc-600e-4d77-aa3f-ed66d94ae2dd]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Destroying... [id=66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Destroying... [id=809eda35-291a-46e1-a0ae-6d0c954bb7a0]
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Destruction complete after 6s
+module.toplevel.openstack_compute_instance_v2.nodes[2]: Destroying... [id=e1f199f5-b57a-4ca0-bc8e-7e675fdfae13]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Still destroying... [id=9df51e87-e30c-46f4-ae9a-a6d833759b9c, 10s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Still destroying... [id=f56e25f7-21c1-4337-b6be-7e8def76bfff, 10s elapsed]
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface: Still destroying... [id=8ea9c9cf-be4e-429a-8e1c-ae3b562f69d2, 10s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Still destroying... [id=3e4a6d33-f68e-4c8c-8408-9594c6e41e61, 10s elapsed]
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface: Destruction complete after 11s
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[0]: Destroying... [id=a527bff6-6a80-469b-89d1-71fcf3f7d0b1]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Destruction complete after 11s
+module.toplevel.openstack_networking_router_v2.router_default: Destroying... [id=c2747273-6f7b-4733-a919-96701ea0a153]
+module.toplevel.openstack_compute_instance_v2.bastion: Still destroying... [id=749623e7-7010-4a09-ac69-400baa610042, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.bastion: Destruction complete after 10s
+module.toplevel.openstack_networking_port_v2.bastion_port: Destroying... [id=e8dafeed-a6eb-44de-af9b-d5d19844512f]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Destruction complete after 16s
+module.toplevel.openstack_networking_router_v2.router_default: Destruction complete after 7s
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[1]: Still destroying... [id=58ed3694-5141-4db1-b156-3c46a9f5654b, 10s elapsed]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[2]: Still destroying... [id=adbd2ddc-600e-4d77-aa3f-ed66d94ae2dd, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Still destroying... [id=66ae2ce7-2d0e-42b2-bdec-e4a704c69c6c, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Still destroying... [id=809eda35-291a-46e1-a0ae-6d0c954bb7a0, 10s elapsed]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[2]: Destruction complete after 10s
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[1]: Destruction complete after 10s
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Destruction complete after 10s
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Destruction complete after 10s
+module.toplevel.openstack_compute_instance_v2.nodes[2]: Still destroying... [id=e1f199f5-b57a-4ca0-bc8e-7e675fdfae13, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[2]: Destruction complete after 10s
+module.toplevel.openstack_compute_keypair_v2.pubkey: Destroying... [id=vo-enes-org-tf-demo-keypair]
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Destroying... [id=41fa4b8b-5096-4699-94b6-735afc88ba35]
+module.toplevel.openstack_networking_port_v2.nodes_ports[2]: Destroying... [id=d4bb617c-bce7-4572-9a07-1f638e482da2]
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Destroying... [id=9749a231-94db-4c0c-a86f-d5c378bbc9e6]
+module.toplevel.openstack_compute_keypair_v2.pubkey: Destruction complete after 1s
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Still destroying... [id=f56e25f7-21c1-4337-b6be-7e8def76bfff, 20s elapsed]
+module.toplevel.openstack_networking_port_v2.bastion_port: Destruction complete after 7s
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[0]: Still destroying... [id=a527bff6-6a80-469b-89d1-71fcf3f7d0b1, 10s elapsed]
+module.toplevel.openstack_blockstorage_volume_v3.nodes_extra_volumes[0]: Destruction complete after 10s
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Destruction complete after 21s
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Destruction complete after 6s
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Destruction complete after 6s
+module.toplevel.openstack_networking_port_v2.nodes_ports[2]: Destruction complete after 6s
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Destroying... [id=ed3f6682-e6c9-46b5-983d-3baf25131142]
+module.toplevel.openstack_networking_subnet_v2.subnet_default: Destroying... [id=a0dfc195-fa9d-4df1-aa6d-7e6ca842e899]
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Destruction complete after 9s
+module.toplevel.openstack_networking_subnet_v2.subnet_default: Destruction complete after 10s
+module.toplevel.openstack_networking_network_v2.network_default: Destroying... [id=ba35e97d-7f04-47b4-a82c-0130a1f217a7]
+module.toplevel.openstack_networking_network_v2.network_default: Destruction complete after 6s
+
+Destroy complete! Resources: 26 destroyed.
+[freznicek@lenovo-t14 terraform 0]$
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..417021f98367e25324f661bb0c7b57de30659cda
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/README.md
@@ -0,0 +1,5 @@
+# vo.thepund.it Infrastructure as Code demo
+
+There are presented two simple approaches:
+ * [infrastructure using terraform (best practice)](./terraform)
+ * [infrastructure using command-line openstack client](./commandline)
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/commandline/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/commandline/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..a4aa7195653c58c1e5c64e02cab6c9438623b3b2
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/commandline/README.md
@@ -0,0 +1,16 @@
+# Build OpenStack infrastructure from command-line using openstack client
+
+## Pre-requisites
+ * Linux/Mac/WSL2 terminal
+ * installed openstack client ([how?](https://docs.fuga.cloud/how-to-use-the-openstack-cli-tools-on-linux))
+ * downloaded application credentials from OpenStack Horizon dashboard ([how?](https://docs.cloud.muni.cz/cloud/cli/#getting-credentials))
+
+
+## How to use the script
+```sh
+./cmdline-demo-group-project.sh "infrastructure-a"
+```
+
+## Infrastructure schema
+
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/commandline/cmdline-demo-group-project.sh b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/commandline/cmdline-demo-group-project.sh
new file mode 100755
index 0000000000000000000000000000000000000000..3445b0b2ac7f0a0a07c442cae7c412631700791e
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/commandline/cmdline-demo-group-project.sh
@@ -0,0 +1,100 @@
+#!/usr/bin/env bash
+# MetaCentrum MCC openstack command-line demo - group projecp
+# Usage: cmdline-demo-group-project.sh [ostack-entities-prefix]
+#
+
+SCRIPT_DIR=$(dirname $(readlink -f $0))
+#############################################################################
+# variables
+#############################################################################
+ENTITIES_PREFIX="${1:-"the-pund-it"}"
+EXTERNAL_NETWORK_NAME="public-muni-147-251-124-GROUP"
+KEYPAIR_NAME="${ENTITIES_PREFIX}-demo-keypair"
+NETWORK_NAME="${ENTITIES_PREFIX}-demo-network"
+SUBNET_NAME="${ENTITIES_PREFIX}-demo-subnet"
+SUBNET_CIDR="192.168.0.0/24"
+SERVER_NAME="${ENTITIES_PREFIX}-demo-server"
+FLAVOR_NAME="standard.2core-16ram"
+IMAGE_NAME="ubuntu-jammy-x86_64"
+VM_LOGIN="ubuntu"
+ROUTER_NAME="${ENTITIES_PREFIX}-demo-router"
+FIP_FILE="fip.txt"
+SECGROUP_NAME="${ENTITIES_PREFIX}-demo-secgroup"
+SSH_KEYPAIR_DIR="${HOME}/.ssh/generated-keypair"
+
+#############################################################################
+# functions
+#############################################################################
+source ${SCRIPT_DIR}/../../../../common/lib.sh.inc
+
+#############################################################################
+# main steps
+#############################################################################
+
+# test openstack client version
+if ! openstack --version; then
+ log "Install openstack client (yum / apt install python3-openstackclient)"
+fi
+
+# delete objects (from previous run)
+log "Delete previously created objects"
+delete_objects_group_project
+
+log "List currently allocated objects"
+list_objects
+
+log_keypress "Create (generate) locally SSH keypair, upload public SSH key to cloud"
+mkdir -p ${SSH_KEYPAIR_DIR}
+chmod 700 ${SSH_KEYPAIR_DIR}
+ssh-keygen -t rsa -b 4096 -f "${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}"
+openstack keypair create --type ssh --public-key "${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}.pub" "${KEYPAIR_NAME}"
+ls -la ${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}*
+
+log_keypress "Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22"
+openstack security group create --description "${ENTITIES_PREFIX} demo default security group" "${SECGROUP_NAME}"
+openstack security group rule create --ingress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 22 "${SECGROUP_NAME}"
+openstack security group rule create --egress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 1:65535 "${SECGROUP_NAME}"
+
+log_keypress "Create cloud private network and subnet, so far isolated (CIDR:${SUBNET_CIDR})"
+openstack network create "${NETWORK_NAME}"
+NETWORK_ID=$(openstack network show "${NETWORK_NAME}" -f value -c id)
+openstack subnet create "${SUBNET_NAME}" --network "${NETWORK_ID}" --subnet-range "${SUBNET_CIDR}"
+
+log_keypress "Create cloud VM instance \"${SERVER_NAME}\" with following configuration:\n" \
+ " flavor: ${FLAVOR_NAME}, image/os: ${IMAGE_NAME}, network: ${NETWORK_NAME}\n" \
+ " keypair: ${KEYPAIR_NAME}, sec-group/firewall: ${SECGROUP_NAME})"
+openstack server create --flavor "${FLAVOR_NAME}" --image "${IMAGE_NAME}" \
+ --network "${NETWORK_ID}" --key-name "${KEYPAIR_NAME}" \
+ --security-group "${SECGROUP_NAME}" "${SERVER_NAME}"
+SERVER_ID=$(openstack server show "${SERVER_NAME}" -f value -c id)
+
+log "Wait for VM instance \"${SERVER_NAME}\" being ACTIVE"
+vm_wait_for_status "${SERVER_NAME}" "ACTIVE"
+
+log "Route VM from internal software defined networking outside"
+log_keypress " 1] Create route, associate router with external provider network and internal subnet (${SUBNET_CIDR})"
+openstack router create "${ROUTER_NAME}"
+openstack router set "${ROUTER_NAME}" --external-gateway "${EXTERNAL_NETWORK_NAME}"
+openstack router add subnet "${ROUTER_NAME}" "${SUBNET_NAME}"
+
+log_keypress " 2] Allocate single FIP (floating ip) from external provider network"
+FIP=$(openstack floating ip create "${EXTERNAL_NETWORK_NAME}" -f value -c name)
+echo "${FIP}" > "${FIP_FILE}"
+echo "Obtained public FIP ${FIP}"
+
+log_keypress " 3] Assign selected FIP with created VM"
+openstack server add floating ip "${SERVER_NAME}" "${FIP}"
+
+log "Test access to the VM server instance"
+log_keypress " 1] TCP ping (ncat -z ${FIP} 22)"
+test_vm_access "${FIP}"
+log_keypress " 2] SSH command (ssh -i ${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME} ${VM_LOGIN}@${FIP})"
+ssh-keygen -R ${FIP} &>/dev/null
+ssh -i "${SSH_KEYPAIR_DIR}/id_rsa.${KEYPAIR_NAME}" "${VM_LOGIN}@${FIP}" 'echo "";uname -a;uptime'
+
+log_keypress "Object summary:"
+list_objects
+
+log_keypress "Teardown of the objects"
+delete_objects_group_project
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/commandline/obrazek.png b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/commandline/obrazek.png
new file mode 100644
index 0000000000000000000000000000000000000000..c866407bf731fac84926cb6e8e2c81ac026dc826
Binary files /dev/null and b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/commandline/obrazek.png differ
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/README.md b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..f525e3301bdf29e3d6ad95b9ef84a44d03505441
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/README.md
@@ -0,0 +1,41 @@
+# Build and maintain OpenStack infrastructure from command-line using terraform
+
+This Terraform module creates simple virtual infrastructure cluster in OpenStack.
+
+## Pre-requisites
+ * Linux/Mac/WSL2 terminal
+ * installed terraform ([how?](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli#install-terraform))
+ * downloaded application credentials from OpenStack Horizon dashboard ([how?](https://docs.cloud.muni.cz/cloud/cli/#getting-credentials))
+
+## Create Infrastructure
+
+1. Clone the repository.
+1. Load you OpenStack application credentials to environment variables `source ~/conf/prod-meta-cloud-new-openstack-all-roles-openrc.sh`
+1. Override any variable if needed. Every variable specified in [modules/infra/variables.tf](modules/infra/variables.tf) can be overridden in the [main.tf](main.tf) file in its *module* section.
+1. In the root folder run `terraform init`.
+1. In the root folder run `terraform validate`.
+1. Run `terraform plan -out plan1` to generate terraform plan.
+1. Run `terraform apply "plan1"` to apply the plan.
+
+## Destroy Infrastructure
+
+To delete all created resources run the following commands:
+
+```sh
+terraform plan -destroy -out plan1
+terraform apply "plan1"
+```
+
+## SSH to nodes
+
+### node with associated FIP
+Connecting to master is as easy as `ssh ubuntu@<any-master-ip>`
+
+### other nodes
+Establish SSH VPN to first head node using `sshuttle`.
+
+```sh
+sshuttle -r ubuntu@<any-master-ip> 192.168.0.0/24
+```
+
+Connection to any other node is then via SSH VPN (sshuttle) on internal network i.e. `ssh ubuntu@<vm-internal-ip-from-192.168.0.0/24>`
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/main.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..8371b68fd078b9fe5c4172bab8f021f6a165b6ca
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/main.tf
@@ -0,0 +1,39 @@
+terraform {
+ backend "local" {}
+}
+
+terraform {
+ required_providers {
+ openstack = {
+ source = "terraform-provider-openstack/openstack"
+ version = "~> 1.47.0"
+ }
+ }
+}
+
+
+provider "openstack" {
+ # auth arguments are read from environment variables (sourced opestack RC file)
+ auth_url = "https://identity.cloud.muni.cz/v3"
+}
+
+
+module "demo" {
+ source = "./modules/infra"
+
+ # Example of variable override
+ nodes_count = 1
+ kusername = "thepundit"
+ public_key = "~/.ssh/id_rsa.pub"
+
+ nodes_flavor = "standard.2core-16ram"
+ image = "ubuntu-jammy-x86_64"
+
+ int_network = "192.168.0.0/24"
+ pool = "public-muni-147-251-124-GROUP"
+
+ # attach additional single volume 500GB
+ node_volumes_count = 1
+ node_volume_size = 500
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/cloudinit.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b760d4eb67613269833858fb3bec83579c51d0ad
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/cloudinit.txt
@@ -0,0 +1,6 @@
+users:
+ - default
+ - name: ubuntu
+ shell: /bin/bash
+ ssh_authorized_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSS8J5AStswCnf2JQboCyue8JzX5T/Tsg68LasOT3XZkAMelVrjYBIZ/0P858WMTMW5Qc+ebSmbm0eOopuaN9FrZW2ZsaDyzPamAuxseoTkRV+7Oz5NOF0WCYspgLsbMcaQ+F+qrKzMJRLwduhL67inIJVYkgeXY6S1N2wZAEgYUE3jbZrhaGNA1kQf2dJoMtnikrtOB+vyZkLgFRfgjmq+ny5rCM277otFxwCHhm2+jrWtM8lPY6kJ6WcZfg2njdYW3Oda479jMUg28t4pjqmBygKl3MQ9MOVlJkde4Ez5LhTynXMkSPhH5PnzQrfkQMU2YozCNQ2KBiGDdB3Cd2Lqsou32zUk1/sKc+aN1+8jtm+iogpgYxAPwyCh8S/brVbDu9BerowNRMa4Nual/7YKdtwPEClFp34dgV7tvXVcnVF/TtAkJAUtd02Fh9iS2iM9IrC0gkDEBUr0HGY5U83zODf356aVGTE6hs65wsURGAT6z/DvWYZtMLWJB8Y3p7qHGV1N1OHSLDHgjzuhAHI54h8zhjQaiPsH3Yx4324D1ndtJX8DeWkKdzCNARnw8sfIUhCkwbgv0v6ZkDy8yP6jsHjBc89NjB9kNw1dZcnaDLNqGctcCy50BOeciBYC598i0hec2MieoN0Z2E7lbWZps/+0korxtIxp7TzcKfiKw== secureduser@securedhost
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/instances.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/instances.tf
new file mode 100644
index 0000000000000000000000000000000000000000..de02a10795eac09ce404c6d5e472d584582bcae3
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/instances.tf
@@ -0,0 +1,20 @@
+
+####################
+# Define instances #
+####################
+
+resource "openstack_compute_instance_v2" "nodes" {
+ count = var.nodes_count
+ name = "${var.kusername}-${var.nodes_name_prefix}-${count.index+1}"
+ image_name = var.image
+ flavor_name = var.nodes_flavor
+ key_pair = openstack_compute_keypair_v2.pubkey.name
+ security_groups = [openstack_networking_secgroup_v2.secgroup_default.name]
+ user_data = "#cloud-config\nhostname: ${var.kusername}-${var.nodes_name_prefix}-${count.index+1}.local\n${file("${path.module}/cloudinit.txt")}"
+
+ network {
+ uuid = openstack_networking_network_v2.network_default.id
+ port = element(openstack_networking_port_v2.ports.*.id, count.index)
+ }
+
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/main.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..9de28ef6fc670b7465f1440abf451ad6cccd8436
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/main.tf
@@ -0,0 +1,6 @@
+
+resource "openstack_compute_keypair_v2" "pubkey" {
+ name = "${var.kusername}-demo"
+ public_key = file("${var.public_key}")
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/networks.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/networks.tf
new file mode 100644
index 0000000000000000000000000000000000000000..7f30c979a1755259a152897db21736e13b7630f2
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/networks.tf
@@ -0,0 +1,54 @@
+###############################################################
+# Define networking #
+# Security group rules are in separate file secgroup_rules.tf #
+###############################################################
+
+resource "openstack_networking_network_v2" "network_default" {
+ name = "${var.kusername}_demo"
+ admin_state_up = "true"
+}
+
+resource "openstack_networking_subnet_v2" "subnet_default" {
+ name = "${var.kusername}_demo"
+ network_id = openstack_networking_network_v2.network_default.id
+ cidr = var.int_network
+ ip_version = 4
+ dns_nameservers = ["1.1.1.1", "8.8.8.8"]
+}
+
+data "openstack_networking_network_v2" "terraform-demo-external-net" {
+ name = var.pool
+}
+
+resource "openstack_networking_router_v2" "router_default" {
+ name = "${var.kusername}_demo"
+ admin_state_up = "true"
+ external_network_id = data.openstack_networking_network_v2.terraform-demo-external-net.id
+}
+
+resource "openstack_networking_router_interface_v2" "terraform-demo-router-interface-1" {
+ router_id = openstack_networking_router_v2.router_default.id
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+}
+
+# Floating IPs (only for single (first) node)
+resource "openstack_networking_floatingip_v2" "fip" {
+ pool = var.pool
+}
+
+resource "openstack_compute_floatingip_associate_v2" "res_fip_associate" {
+ floating_ip = openstack_networking_floatingip_v2.fip.address
+ instance_id = openstack_compute_instance_v2.nodes[0].id
+}
+
+# Ports
+resource "openstack_networking_port_v2" "ports" {
+ count = var.nodes_count
+ name = "${var.kusername}_port_${count.index+1}"
+ network_id = openstack_networking_network_v2.network_default.id
+ admin_state_up = "true"
+ security_group_ids = [openstack_networking_secgroup_v2.secgroup_default.id]
+ fixed_ip {
+ subnet_id = openstack_networking_subnet_v2.subnet_default.id
+ }
+}
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/output.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/output.tf
new file mode 100644
index 0000000000000000000000000000000000000000..c40645dd8c9d4b82bfeef453f4227d2f740cbd9c
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/output.tf
@@ -0,0 +1,7 @@
+output "node_instance_ip" {
+ value = openstack_compute_instance_v2.nodes[*].access_ip_v4
+}
+
+output "node_fip" {
+ value = openstack_networking_floatingip_v2.fip.address
+}
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/providers.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/providers.tf
new file mode 100644
index 0000000000000000000000000000000000000000..ef4ba65152b61ce99a5dfe96616724d08fad199b
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/providers.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_providers {
+ openstack = {
+ source = "terraform-provider-openstack/openstack"
+ version = "~> 1.47.0"
+ }
+ }
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/secgroup_rules.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/secgroup_rules.tf
new file mode 100644
index 0000000000000000000000000000000000000000..3d04ced43df7bd96881f9abcee8200898b232059
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/secgroup_rules.tf
@@ -0,0 +1,57 @@
+##################################
+# Define Network Security Groups #
+##################################
+
+
+resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ name = "${var.kusername}_demo"
+ description = "Security group for demo"
+}
+
+
+# Allow all internal TCP & UDP
+
+resource "openstack_networking_secgroup_rule_v2" "alltcp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 1
+ port_range_max = 32768
+ remote_ip_prefix = var.int_network
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "alludp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "udp"
+ port_range_min = 1
+ port_range_max = 32768
+ remote_ip_prefix = var.int_network
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+
+# External communication
+
+# ICMP
+resource "openstack_networking_secgroup_rule_v2" "icmp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "icmp"
+ port_range_min = 0
+ port_range_max = 0
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+# SSH
+resource "openstack_networking_secgroup_rule_v2" "ssh4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 22
+ port_range_max = 22
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/variables.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..8c1ed8f15f9f3d4893cb6c3da51069744e7813fc
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/variables.tf
@@ -0,0 +1,58 @@
+variable "kusername" {
+ description = "Name prefix for all resources. Use a-z, 0-9 and the hyphen (-) only."
+ default = "demo"
+}
+
+variable "public_key" {
+ default = "~/.ssh/id_rsa.pub"
+}
+
+##################
+# nodes settings #
+##################
+variable "nodes_count" {
+ default = 3
+}
+
+variable "nodes_name_prefix" {
+ description = "Use a-z, 0-9 and the hyphen (-) only."
+ default = ""
+}
+
+variable "nodes_flavor" {
+ default = "hpc.8core-32ram-ssd-ephem"
+}
+
+
+variable "int_network" {
+ description = "Internal network address, use CIDR notation"
+ default = "10.0.0.0/24"
+}
+
+variable "pool" {
+ description = "FIP pool"
+ default = "public-cesnet-195-113-167-GROUP"
+}
+
+variable "image" {
+ description = "Image used for virtual nodes"
+ default = "88f8e72a-bbf0-4ccc-8ff2-4f3188cd0d18"
+}
+
+variable "ssh_user_name" {
+ default = "ubuntu"
+}
+
+#########################
+# node volumes
+#########################
+
+variable "node_volumes_count" {
+ description = "Number of volumes added to nodes (allowed values: 0 to disable attaching volumes, 1 single volume to attach)"
+ default = ""
+}
+
+variable "node_volume_size" {
+ description = "Size of volume attached to nodes (in GB)"
+ default = 500
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/volumes.tf b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/volumes.tf
new file mode 100644
index 0000000000000000000000000000000000000000..8e5c9f12df0d1d3cfb7565af22f2ac9c9c528c0a
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g1/brno/vo.thepund.it/terraform/modules/infra/volumes.tf
@@ -0,0 +1,14 @@
+
+resource "openstack_blockstorage_volume_v3" "volumes_b" {
+ count = var.node_volumes_count != "" ? var.node_volumes_count : var.nodes_count
+ name = "${var.kusername}-node-volume-b-${count.index+1}"
+ size = var.node_volume_size
+}
+
+resource "openstack_compute_volume_attach_v2" "volumes_b_attachments" {
+ count = var.node_volumes_count != "" ? var.node_volumes_count : var.nodes_count
+ instance_id = element(openstack_compute_instance_v2.nodes.*.id, count.index)
+ volume_id = element(openstack_blockstorage_volume_v3.volumes_b.*.id, count.index)
+ #device = "/dev/sdb"
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/README.md b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..5f9480ccb83395976c5d8f336a5461a8900e492a
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/README.md
@@ -0,0 +1,15 @@
+# General IaaS infrastructure demo
+
+Assuming you are allowed to use e-INFRA CZ OpenStack cloud in Ostrava and you can log in via [e-INFRA CZ OpenStack cloud dashboard](https://ostrava.openstack.cloud.e-infra.cz/) using one of supported federations (e-INFRA CZ, ...).
+
+We recommend to build custom cloud infrastructure with Terraform or openstack client rather than using [e-INFRA CZ OpenStack cloud Horizon UI dashboard](https://horizon.ostrava.openstack.cloud.e-infra.cz).
+
+Below demos show in detail how to do so.
+
+## [Terraform `general` demo](./terraform)
+
+Terraform demo shows how to automate building highly scalable IaaS infrastructure.
+
+## [OpenStack client `general` demo](./commandline)
+
+OpenStack shell script demo shows how to automate small IaaS infrastructure which does not need additional scalability.
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/README.md b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..4595d77b72e2fa7345fa0af9f72746961c940767
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/README.md
@@ -0,0 +1,15 @@
+# general IaaS infrastructure demo
+
+Assuming you are added ato a group project and you can log in via [e-INFRA CZ OpenStack cloud dashboard](https://horizon.ostrava.openstack.cloud.e-infra.cz/) using one of supported federations (e-INFRA CZ, ...).
+
+We recommend to build custom cloud infrastructure with Terraform or openstack client rather than using [e-INFRA CZ OpenStack cloud dashboard](https://horizon.ostrava.openstack.cloud.e-infra.cz/).
+
+Below demos show in detail how to do so.
+
+## [Terraform `general` demo](./terraform)
+
+Terraform demo shows how to automate building highly scalable IaaS infrastructure.
+
+## [OpenStack client `general` demo](./commandline)
+
+OpenStack shell script demo shows how to automate small IaaS infrastructure which does not need additional scalability.
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/commandline/README.md b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/commandline/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..aec29ac05aee0fcf05f884e606fcca0f22755559
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/commandline/README.md
@@ -0,0 +1,27 @@
+# Build OpenStack infrastructure from command-line using openstack client
+
+## Pre-requisites
+ * Linux/Mac/WSL2 terminal
+ * BASH shell
+ * installed openstack client ([how?](https://docs.fuga.cloud/how-to-use-the-openstack-cli-tools-on-linux))
+ * e-INFRA OpenStack cloud personal/group project granted.
+ * downloaded application credentials from OpenStack Horizon dashboard ([how?](https://docs.e-infra.cz/compute/openstack/how-to-guides/obtaining-api-key/)) and store as text file `project_openrc.sh.inc`.
+
+## How to use the script
+```sh
+# in bash shell
+source project_openrc.sh.inc
+./cmdline-demo.sh basic-infrastructure-1
+```
+See linked reference executions for [personal](./cmdline-demo.sh.personal.log) and [group project](./cmdline-demo.sh.group.log).
+
+## Infrastructure schema
+How does the basic infrastructure looks like?
+* single VM (ubuntu-jammy)
+ * VM firewall opening port 22
+ * VM SSH keypair generated locally and pubkey uploaded to cloud
+* private subnet and network (skipped for personal projects where shared entities are used)
+* router to external internet (skipped for personal projects where shared entities are used)
+* public floating ip address
+
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/commandline/cmdline-demo.sh b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/commandline/cmdline-demo.sh
new file mode 100755
index 0000000000000000000000000000000000000000..d9ee9f4b0f2e08abdb9b226c39d6d7aadd3d0391
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/commandline/cmdline-demo.sh
@@ -0,0 +1,168 @@
+#!/usr/bin/env bash
+# e-INFRA CZ G2 openstack command-line demo - personal/group project
+# Usage: cmdline-demo-group-project.sh [ostack-entities-prefix]
+#
+
+SCRIPT_DIR=$(dirname $(readlink -f $0))
+#############################################################################
+# variables
+#############################################################################
+ENTITIES_PREFIX="${1:-"${USER}_$(hostname)"}"
+EXTERNAL_NETWORK_NAME="external-ipv4-general-public"
+KEYPAIR_NAME="${ENTITIES_PREFIX}-demo-keypair"
+##NETWORK_NAME="${ENTITIES_PREFIX}-demo-network"
+##SUBNET_NAME="${ENTITIES_PREFIX}-demo-subnet"
+SUBNET_CIDR="192.168.222.0/24"
+SERVER_NAME="${ENTITIES_PREFIX}-demo-server"
+FLAVOR_NAME="${FLAVOR_NAME:-"e1.medium"}"
+IMAGE_NAME="${IMAGE_NAME:-"ubuntu-jammy-x86_64"}"
+VM_LOGIN="${VM_LOGIN:-"ubuntu"}"
+##ROUTER_NAME="${ENTITIES_PREFIX}-demo-router"
+FIP_FILE="${ENTITIES_PREFIX}-fip.txt"
+SECGROUP_NAME="${ENTITIES_PREFIX}-demo-secgroup"
+EXTRA_VOLUME_SIZE_GB=${EXTRA_VOLUME_SIZE_GB:-"0"}
+EXTRA_VOLUME_NAME="${ENTITIES_PREFIX}-demo-volume"
+EXTRA_VOLUME_TYPE="${EXTRA_VOLUME_TYPE:-""}"
+SERVER_CREATE_ADDITIONAL_ARGS="${SERVER_CREATE_ADDITIONAL_ARGS:-""}"
+SERVER_EPHEMERAL_DISK_SIZE="${SERVER_EPHEMERAL_DISK_SIZE:-"0"}"
+
+declare -A ROUTER_NAME_ARR
+ROUTER_NAME_ARR[personal]="${ROUTER_NAME:-"internal-ipv4-general-private"}"
+ROUTER_NAME_ARR[group]="${ROUTER_NAME:-"${ENTITIES_PREFIX}-demo-router"}"
+declare -A NETWORK_NAME_ARR
+NETWORK_NAME_ARR[personal]="${NETWORK_NAME:-"internal-ipv4-general-private"}"
+NETWORK_NAME_ARR[group]="${NETWORK_NAME:-"${ENTITIES_PREFIX}-demo-network"}"
+declare -A SUBNET_NAME_ARR
+SUBNET_NAME_ARR[personal]="${SUBNET_NAME:-"internal-ipv4-general-private-172-22-0-0"}"
+SUBNET_NAME_ARR[group]="${SUBNET_NAME:-"${ENTITIES_PREFIX}-demo-subnet"}"
+CLOUD_ENV_NAME="prod-ostrava"
+
+#############################################################################
+# functions
+#############################################################################
+source ${SCRIPT_DIR}/../../../../common/lib.sh.inc
+
+#############################################################################
+# main steps
+#############################################################################
+log_section "Using commandline tools:"
+report_tools || myexit 1
+
+log_section "Using OpenStack cloud:"
+openstack version show -fcsv | grep identity || myexit 1
+
+# detect project type (group/personal) --------------------------------------
+project_type=group
+if prj_name=$(is_personal_project); then
+ project_type=personal
+fi
+NETWORK_NAME="${NETWORK_NAME_ARR[${project_type}]}"
+SUBNET_NAME="${SUBNET_NAME_ARR[${project_type}]}"
+ROUTER_NAME="${ROUTER_NAME_ARR[${project_type}]}"
+log "Using OpenStack ${project_type} project named: ${prj_name}"
+
+# delete objects (from previous run) ----------------------------------------
+log_section "Delete previously created objects (delete_objects_${project_type}_project)"
+delete_objects_${project_type}_project
+# ---------------------------------------------------------------------------
+
+log_section "List currently allocated objects"
+list_objects
+# ---------------------------------------------------------------------------
+
+log_section_keypress "Create (generate) locally SSH keypair, upload public SSH key to cloud"
+ssh_keypair_dir="${HOME}/.ssh/${CLOUD_ENV_NAME}"
+mkdir -p "${ssh_keypair_dir}"
+chmod 700 "${ssh_keypair_dir}"
+if [ -s "${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}" -a -s "${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}.pub" ]; then
+ log "Reusing already existing SSH keypair at ${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}"
+else
+ ssh-keygen -t rsa -b 4096 -f "${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}"
+fi
+openstack keypair create --type ssh --public-key "${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}.pub" "${KEYPAIR_NAME}"
+ls -la ${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}*
+# ---------------------------------------------------------------------------
+
+log_section_keypress "Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22"
+openstack security group create --description "${ENTITIES_PREFIX} demo default security group" "${SECGROUP_NAME}"
+openstack security group rule create --ingress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 22 "${SECGROUP_NAME}"
+openstack security group rule create --egress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 1:65535 "${SECGROUP_NAME}"
+# ---------------------------------------------------------------------------
+
+if [ "${project_type}" == "group" ]; then
+ log_section_keypress "Create cloud private network and subnet, so far isolated (CIDR:${SUBNET_CIDR})"
+ openstack network create "${NETWORK_NAME}"
+ NETWORK_ID=$(openstack network show "${NETWORK_NAME}" -f value -c id)
+ openstack subnet create "${SUBNET_NAME}" --network "${NETWORK_ID}" --subnet-range "${SUBNET_CIDR}" --dns-nameserver 8.8.4.4 --dns-nameserver 8.8.8.8
+else
+ NETWORK_ID=$(openstack network show "${NETWORK_NAME}" -f value -c id)
+ log_section_keypress "Re-use existing network (${NETWORK_NAME}) and subnet (${SUBNET_NAME})"
+fi
+# ---------------------------------------------------------------------------
+
+if [ "${EXTRA_VOLUME_SIZE_GB}" -gt 0 ]; then
+ log_keypress "Create cloud VM extra volume \"${EXTRA_VOLUME_NAME}\" with following configuration:\n" \
+ " size: ${EXTRA_VOLUME_SIZE_GB} GB, volume type: ${EXTRA_VOLUME_TYPE}"
+ openstack volume create ${EXTRA_VOLUME_TYPE:+--type=${EXTRA_VOLUME_TYPE}} --size "${EXTRA_VOLUME_SIZE_GB}" ${EXTRA_VOLUME_NAME}
+fi
+# ---------------------------------------------------------------------------
+
+if [ -n "${SERVER_EPHEMERAL_DISK_SIZE}" -a "${SERVER_EPHEMERAL_DISK_SIZE}" -gt "0" ]; then
+ SERVER_CREATE_ADDITIONAL_ARGS="${SERVER_CREATE_ADDITIONAL_ARGS} --ephemeral=size=${SERVER_EPHEMERAL_DISK_SIZE}"
+fi
+log_section_keypress "Create cloud VM instance \"${SERVER_NAME}\" with following configuration:\n" \
+ " flavor: ${FLAVOR_NAME}, image/os: ${IMAGE_NAME}, network: ${NETWORK_NAME}\n" \
+ " keypair: ${KEYPAIR_NAME}, sec-group/firewall: ${SECGROUP_NAME})" \
+ " additional arguments: ${SERVER_CREATE_ADDITIONAL_ARGS}"
+openstack server create --flavor "${FLAVOR_NAME}" --image "${IMAGE_NAME}" \
+ --network "${NETWORK_ID}" --key-name "${KEYPAIR_NAME}" \
+ --security-group "${SECGROUP_NAME}" ${SERVER_CREATE_ADDITIONAL_ARGS} "${SERVER_NAME}"
+SERVER_ID=$(openstack server show "${SERVER_NAME}" -f value -c id)
+
+log_section "Wait for VM instance \"${SERVER_NAME}\" being ACTIVE"
+vm_wait_for_status "${SERVER_NAME}" "ACTIVE"
+
+if [ "${EXTRA_VOLUME_SIZE_GB}" -gt 0 ]; then
+ log_section_keypress "Attach extra volume \"${EXTRA_VOLUME_NAME}\" (${EXTRA_VOLUME_SIZE_GB} GB) to VM \"${SERVER_NAME}\""
+ openstack server add volume ${SERVER_NAME} ${EXTRA_VOLUME_NAME} --device /dev/sdb
+fi
+# ---------------------------------------------------------------------------
+
+if [ "${project_type}" == "group" ]; then
+ log_section "Route VM from internal software defined networking outside"
+ log_keypress " 1] Create route, associate router with external provider network and internal subnet (${SUBNET_CIDR})"
+ openstack router create "${ROUTER_NAME}"
+ openstack router set "${ROUTER_NAME}" --external-gateway "${EXTERNAL_NETWORK_NAME}"
+ openstack router add subnet "${ROUTER_NAME}" "${SUBNET_NAME}"
+else
+ log " 1] Reuse existing router ${ROUTER_NAME} (may not be visible from personal projects)"
+fi
+# ---------------------------------------------------------------------------
+
+log_keypress " 2] Allocate single FIP (floating ip) from external provider network"
+FIP=$(openstack floating ip create "${EXTERNAL_NETWORK_NAME}" -f value -c name)
+if [ -n "${FIP}" ]; then
+ echo "${FIP}" > "${FIP_FILE}"
+ echo "Successfully obtained public ipv4 floating IP adress (FIP): ${FIP}"
+
+ log " 3] Associate selected FIP with created VM"
+ openstack server add floating ip "${SERVER_NAME}" "${FIP}"
+
+ log_section "VM server instance access tests"
+ log_keypress " 1] TCP access (ncat -z ${FIP} 22)"
+ test_vm_access_ncat "${FIP}"
+ log_keypress " 2] SSH access (ssh -i ${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME} ${VM_LOGIN}@${FIP})"
+ ssh-keygen -R ${FIP} &>/dev/null
+ ssh -o StrictHostKeyChecking=no -i "${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}" "${VM_LOGIN}@${FIP}" 'echo "";uname -a;uptime; echo "VM access succeeded!"'
+else
+ log "Unable to allocate FIP address, VM is created but not accessible from internet."
+fi
+# ---------------------------------------------------------------------------
+
+log_section_keypress "Object summary in profile ${ENTITIES_PREFIX}"
+list_objects
+# ---------------------------------------------------------------------------
+
+log_section_keypress "Teardown of the objects (delete_objects_${project_type}_project)" \
+ "(Interrupt with CTRL-C if you want to keep the created infrastructure and skip its destruction)"
+delete_objects_${project_type}_project
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/commandline/cmdline-demo.sh.group.log b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/commandline/cmdline-demo.sh.group.log
new file mode 100644
index 0000000000000000000000000000000000000000..eae0063f184f7f0b1da41e11c51bcd382e75c6dc
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/commandline/cmdline-demo.sh.group.log
@@ -0,0 +1,320 @@
+[freznicek@lenovo-t14 commandline 0]$ source ~/conf/g2-prod-ostrava-meta-cloud-training-all-roles-openrc.sh
+[freznicek@lenovo-t14 commandline 0]$ ./cmdline-demo.sh group-project-infra | tee -a ./cmdline-demo.sh.group.log
+
+Using commandline tools: ==================================================================================
+openstack --version:
+ openstack 5.5.0
+bash --version:
+ GNU bash, verze 5.2.15(1)-release (x86_64-redhat-linux-gnu)
+awk -W version:
+ GNU Awk 5.1.1, API: 3.1 (GNU MPFR 4.1.0-p13, GNU MP 6.2.1)
+ssh -V:
+ OpenSSH_8.8p1, OpenSSL 3.0.8 7 Feb 2023
+which ssh-keygen:
+ /usr/bin/ssh-keygen
+ncat --version:
+ Ncat: Version 7.93 ( https://nmap.org/ncat )
+grep --version:
+ grep (GNU grep) 3.7
+
+Using OpenStack cloud: ====================================================================================
+"Ostrava","identity","3.14","CURRENT","https://identity.ostrava.openstack.cloud.e-infra.cz/v3/","",""
+
+Using OpenStack group project named: meta-cloud-training
+
+Delete previously created objects (delete_objects_group_project) ==========================================
+server volume keypair router subnet network security-group
+
+List currently allocated objects ==========================================================================
+
+Create (generate) locally SSH keypair, upload public SSH key to cloud =====================================
+... (press Enter or wait 2m) [keyboard input timed out]
+Enter passphrase (empty for no passphrase):
+Enter same passphrase again:
+Generating public/private rsa key pair.
+Your identification has been saved in /home/freznicek/.ssh/prod-ostrava/id_rsa.group-project-infra-demo-keypair
+Your public key has been saved in /home/freznicek/.ssh/prod-ostrava/id_rsa.group-project-infra-demo-keypair.pub
+The key fingerprint is:
+SHA256:0rDmjE2hNNVMoQFWgjlBj4qYBo2KdIh5f1JSpSLtqTw freznicek@lenovo-t14
+The key's randomart image is:
++---[RSA 4096]----+
+| .o++o==+. |
+|.+== + +o |
+|=o=oB * |
+|B+.= B = |
+|B. * * S |
+|.. . X . |
+| E . + |
+| . |
+| |
++----[SHA256]-----+
++-------------+------------------------------------------------------------------+
+| Field | Value |
++-------------+------------------------------------------------------------------+
+| created_at | None |
+| fingerprint | 73:5e:1c:02:bd:78:84:5f:86:48:a0:a3:10:b8:48:88 |
+| id | group-project-infra-demo-keypair |
+| is_deleted | None |
+| name | group-project-infra-demo-keypair |
+| type | ssh |
+| user_id | bc28a25a73e89b176d4b9bb181cd7842a9101472a3117c689560d4858be0c191 |
++-------------+------------------------------------------------------------------+
+-rw-------. 1 freznicek freznicek 3389 30. Äec 19.50 /home/freznicek/.ssh/prod-ostrava/id_rsa.group-project-infra-demo-keypair
+-rw-r--r--. 1 freznicek freznicek 746 30. Äec 19.50 /home/freznicek/.ssh/prod-ostrava/id_rsa.group-project-infra-demo-keypair.pub
+
+Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22 =
+... (press Enter or wait 2m) [keyboard input timed out]
++-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| Field | Value |
++-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| created_at | 2023-07-30T17:50:44Z |
+| description | group-project-infra demo default security group |
+| id | 04d9f7d1-48bd-44e3-bec2-0213ab2971a5 |
+| name | group-project-infra-demo-secgroup |
+| project_id | 7587d86892f449c3b11fdedb05976007 |
+| revision_number | 1 |
+| rules | created_at='2023-07-30T17:50:44Z', direction='egress', ethertype='IPv4', id='078691bb-2ade-4311-9c05-3ec1d2f5f7c1', standard_attr_id='69083', updated_at='2023-07-30T17:50:44Z' |
+| | created_at='2023-07-30T17:50:44Z', direction='egress', ethertype='IPv6', id='288be142-3143-4977-aeac-8543b6de26fb', standard_attr_id='69086', updated_at='2023-07-30T17:50:44Z' |
+| stateful | True |
+| tags | [] |
+| updated_at | 2023-07-30T17:50:44Z |
++-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
++-------------------------+--------------------------------------+
+| Field | Value |
++-------------------------+--------------------------------------+
+| created_at | 2023-07-30T17:50:46Z |
+| description | |
+| direction | ingress |
+| ether_type | IPv4 |
+| id | 8ffe0827-37e5-48b1-9645-984ed558a87f |
+| name | None |
+| port_range_max | 22 |
+| port_range_min | 22 |
+| project_id | 7587d86892f449c3b11fdedb05976007 |
+| protocol | tcp |
+| remote_address_group_id | None |
+| remote_group_id | None |
+| remote_ip_prefix | 0.0.0.0/0 |
+| revision_number | 0 |
+| security_group_id | 04d9f7d1-48bd-44e3-bec2-0213ab2971a5 |
+| tags | [] |
+| updated_at | 2023-07-30T17:50:46Z |
++-------------------------+--------------------------------------+
++-------------------------+--------------------------------------+
+| Field | Value |
++-------------------------+--------------------------------------+
+| created_at | 2023-07-30T17:50:47Z |
+| description | |
+| direction | egress |
+| ether_type | IPv4 |
+| id | b4051757-5575-4bb4-a78b-39ad86b51bca |
+| name | None |
+| port_range_max | None |
+| port_range_min | None |
+| project_id | 7587d86892f449c3b11fdedb05976007 |
+| protocol | tcp |
+| remote_address_group_id | None |
+| remote_group_id | None |
+| remote_ip_prefix | 0.0.0.0/0 |
+| revision_number | 0 |
+| security_group_id | 04d9f7d1-48bd-44e3-bec2-0213ab2971a5 |
+| tags | [] |
+| updated_at | 2023-07-30T17:50:47Z |
++-------------------------+--------------------------------------+
+
+Create cloud private network and subnet, so far isolated (CIDR:192.168.222.0/24) ==========================
+... (press Enter or wait 2m) [keyboard input timed out]
++---------------------------+--------------------------------------+
+| Field | Value |
++---------------------------+--------------------------------------+
+| admin_state_up | UP |
+| availability_zone_hints | nova |
+| availability_zones | |
+| created_at | 2023-07-30T17:50:50Z |
+| description | |
+| dns_domain | None |
+| id | da572ed6-0f65-44f6-8024-3d1f2b8ea64e |
+| ipv4_address_scope | None |
+| ipv6_address_scope | None |
+| is_default | False |
+| is_vlan_transparent | None |
+| mtu | 8950 |
+| name | group-project-infra-demo-network |
+| port_security_enabled | True |
+| project_id | 7587d86892f449c3b11fdedb05976007 |
+| provider:network_type | None |
+| provider:physical_network | None |
+| provider:segmentation_id | None |
+| qos_policy_id | None |
+| revision_number | 1 |
+| router:external | Internal |
+| segments | None |
+| shared | False |
+| status | ACTIVE |
+| subnets | |
+| tags | |
+| updated_at | 2023-07-30T17:50:50Z |
++---------------------------+--------------------------------------+
++----------------------+--------------------------------------+
+| Field | Value |
++----------------------+--------------------------------------+
+| allocation_pools | 192.168.222.2-192.168.222.254 |
+| cidr | 192.168.222.0/24 |
+| created_at | 2023-07-30T17:50:53Z |
+| description | |
+| dns_nameservers | 8.8.4.4, 8.8.8.8 |
+| dns_publish_fixed_ip | None |
+| enable_dhcp | True |
+| gateway_ip | 192.168.222.1 |
+| host_routes | |
+| id | 4cf944c3-7fc8-4d94-8e3e-32982d71a135 |
+| ip_version | 4 |
+| ipv6_address_mode | None |
+| ipv6_ra_mode | None |
+| name | group-project-infra-demo-subnet |
+| network_id | da572ed6-0f65-44f6-8024-3d1f2b8ea64e |
+| prefix_length | None |
+| project_id | 7587d86892f449c3b11fdedb05976007 |
+| revision_number | 0 |
+| segment_id | None |
+| service_types | |
+| subnetpool_id | None |
+| tags | |
+| updated_at | 2023-07-30T17:50:53Z |
++----------------------+--------------------------------------+
+
+Create cloud VM instance "group-project-infra-demo-server" with following configuration:
+ flavor: e1.medium, image/os: ubuntu-jammy-x86_64, network: group-project-infra-demo-network
+ keypair: group-project-infra-demo-keypair, sec-group/firewall: group-project-infra-demo-secgroup) additional arguments: =
+... (press Enter or wait 2m) [keyboard input timed out]
++-------------------------------------+------------------------------------------------------------------+
+| Field | Value |
++-------------------------------------+------------------------------------------------------------------+
+| OS-DCF:diskConfig | MANUAL |
+| OS-EXT-AZ:availability_zone | |
+| OS-EXT-SRV-ATTR:host | None |
+| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
+| OS-EXT-SRV-ATTR:instance_name | |
+| OS-EXT-STS:power_state | NOSTATE |
+| OS-EXT-STS:task_state | scheduling |
+| OS-EXT-STS:vm_state | building |
+| OS-SRV-USG:launched_at | None |
+| OS-SRV-USG:terminated_at | None |
+| accessIPv4 | |
+| accessIPv6 | |
+| addresses | |
+| adminPass | P2F7CuwBuQdb |
+| config_drive | |
+| created | 2023-07-30T17:50:56Z |
+| flavor | e1.medium (eaf0fbe1-c099-4cd6-b782-67e1ba9b1654) |
+| hostId | |
+| id | b494a8eb-2f3c-4536-b31f-43e56af8bee1 |
+| image | ubuntu-jammy-x86_64 (9a071dba-67d5-445f-9d32-0f56360fb10f) |
+| key_name | group-project-infra-demo-keypair |
+| name | group-project-infra-demo-server |
+| progress | 0 |
+| project_id | 7587d86892f449c3b11fdedb05976007 |
+| properties | |
+| security_groups | name='04d9f7d1-48bd-44e3-bec2-0213ab2971a5' |
+| status | BUILD |
+| updated | 2023-07-30T17:50:56Z |
+| user_id | bc28a25a73e89b176d4b9bb181cd7842a9101472a3117c689560d4858be0c191 |
+| volumes_attached | |
++-------------------------------------+------------------------------------------------------------------+
+
+Wait for VM instance "group-project-infra-demo-server" being ACTIVE =======================================
+BUILD ACTIVE
+
+Route VM from internal software defined networking outside ================================================
+
+ 1] Create route, associate router with external provider network and internal subnet (192.168.222.0/24)
+... (press Enter or wait 2m) [keyboard input timed out]
++-------------------------+--------------------------------------+
+| Field | Value |
++-------------------------+--------------------------------------+
+| admin_state_up | UP |
+| availability_zone_hints | nova |
+| availability_zones | |
+| created_at | 2023-07-30T17:51:06Z |
+| description | |
+| external_gateway_info | null |
+| flavor_id | None |
+| id | a36a839d-6b0f-452d-a762-4c3fb6585da6 |
+| name | group-project-infra-demo-router |
+| project_id | 7587d86892f449c3b11fdedb05976007 |
+| revision_number | 1 |
+| routes | |
+| status | ACTIVE |
+| tags | |
+| updated_at | 2023-07-30T17:51:06Z |
++-------------------------+--------------------------------------+
+
+ 2] Allocate single FIP (floating ip) from external provider network
+... (press Enter or wait 2m) [keyboard input timed out]
+Successfully obtained public ipv4 floating IP adress (FIP): 195.113.243.74
+
+ 3] Associate selected FIP with created VM
+
+VM server instance access tests ===========================================================================
+
+ 1] TCP access (ncat -z 195.113.243.74 22)
+... (press Enter or wait 2m) [keyboard input timed out]
+..VM is accessible at 195.113.243.74:22
+
+ 2] SSH access (ssh -i /home/freznicek/.ssh/prod-ostrava/id_rsa.group-project-infra-demo-keypair ubuntu@195.113.243.74)
+... (press Enter or wait 2m) [keyboard input timed out]
+Warning: Permanently added '195.113.243.74' (ED25519) to the list of known hosts.
+
+Linux group-project-infra-demo-server 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
+ 17:51:58 up 0 min, 0 users, load average: 0.82, 0.24, 0.08
+VM access succeeded!
+
+Object summary in profile group-project-infra =============================================================
+... (press Enter or wait 2m) [keyboard input timed out]
+keypairs:
+ +----------------------------------+-------------------------------------------------+------+
+ | Name | Fingerprint | Type |
+ +----------------------------------+-------------------------------------------------+------+
+ | group-project-infra-demo-keypair | 73:5e:1c:02:bd:78:84:5f:86:48:a0:a3:10:b8:48:88 | ssh |
+ +----------------------------------+-------------------------------------------------+------+
+networks:
+ +--------------------------------------+----------------------------------+--------------------------------------+
+ | ID | Name | Subnets |
+ +--------------------------------------+----------------------------------+--------------------------------------+
+ | da572ed6-0f65-44f6-8024-3d1f2b8ea64e | group-project-infra-demo-network | 4cf944c3-7fc8-4d94-8e3e-32982d71a135 |
+ +--------------------------------------+----------------------------------+--------------------------------------+
+subnets:
+ +--------------------------------------+------------------------------------------+--------------------------------------+------------------+
+ | ID | Name | Network | Subnet |
+ +--------------------------------------+------------------------------------------+--------------------------------------+------------------+
+ | 4cf944c3-7fc8-4d94-8e3e-32982d71a135 | group-project-infra-demo-subnet | da572ed6-0f65-44f6-8024-3d1f2b8ea64e | 192.168.222.0/24 |
+ +--------------------------------------+------------------------------------------+--------------------------------------+------------------+
+routers:
+ +--------------------------------------+---------------------------------+--------+-------+----------------------------------+
+ | ID | Name | Status | State | Project |
+ +--------------------------------------+---------------------------------+--------+-------+----------------------------------+
+ | a36a839d-6b0f-452d-a762-4c3fb6585da6 | group-project-infra-demo-router | ACTIVE | UP | 7587d86892f449c3b11fdedb05976007 |
+ +--------------------------------------+---------------------------------+--------+-------+----------------------------------+
+floating_ips:
+ +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
+ | ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+ +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
+ | bf3c9f36-8a05-42af-a7d3-05e3adeb51d4 | 195.113.243.74 | 192.168.222.102 | 9a5cfd85-ef27-4298-b6f8-b61a7cf7f06d | 5a778b8d-4194-48fd-880d-181aaf7222c2 | 7587d86892f449c3b11fdedb05976007 |
+ +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
+security_groups:
+ +--------------------------------------+-----------------------------------+-------------------------------------------------+----------------------------------+------+
+ | ID | Name | Description | Project | Tags |
+ +--------------------------------------+-----------------------------------+-------------------------------------------------+----------------------------------+------+
+ | 04d9f7d1-48bd-44e3-bec2-0213ab2971a5 | group-project-infra-demo-secgroup | group-project-infra demo default security group | 7587d86892f449c3b11fdedb05976007 | [] |
+ +--------------------------------------+-----------------------------------+-------------------------------------------------+----------------------------------+------+
+servers:
+ +--------------------------------------+---------------------------------+--------+------------------------------------------------------------------+---------------------+-----------+
+ | ID | Name | Status | Networks | Image | Flavor |
+ +--------------------------------------+---------------------------------+--------+------------------------------------------------------------------+---------------------+-----------+
+ | b494a8eb-2f3c-4536-b31f-43e56af8bee1 | group-project-infra-demo-server | ACTIVE | group-project-infra-demo-network=192.168.222.102, 195.113.243.74 | ubuntu-jammy-x86_64 | e1.medium |
+ +--------------------------------------+---------------------------------+--------+------------------------------------------------------------------+---------------------+-----------+
+
+Teardown of the objects (delete_objects_group_project) (Interrupt with CTRL-C if you want to keep the created infrastructure and skip its destruction) =
+... (press Enter or wait 2m) [keyboard input timed out]
+floating-ip server volume keypair disconnect-router-from-subnet router subnet network security-group
+[freznicek@lenovo-t14 commandline 0]$
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/commandline/cmdline-demo.sh.personal.log b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/commandline/cmdline-demo.sh.personal.log
new file mode 100644
index 0000000000000000000000000000000000000000..cd8256237ee20fc73f32fccd91beabc33317d9f6
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/commandline/cmdline-demo.sh.personal.log
@@ -0,0 +1,246 @@
+[freznicek@lenovo-t14 commandline 0]$ source ~/conf/g2-prod-ostrava-freznicek-all-roles.sh.inc
+[freznicek@lenovo-t14 commandline 0]$ ./cmdline-demo.sh personal-project-infra
+
+Using commandline tools: =========================================================================================================================================
+openstack --version:
+ openstack 5.5.0
+bash --version:
+ GNU bash, verze 5.2.15(1)-release (x86_64-redhat-linux-gnu)
+awk -W version:
+ GNU Awk 5.1.1, API: 3.1 (GNU MPFR 4.1.0-p13, GNU MP 6.2.1)
+ssh -V:
+ OpenSSH_8.8p1, OpenSSL 3.0.8 7 Feb 2023
+which ssh-keygen:
+ /usr/bin/ssh-keygen
+ncat --version:
+ Ncat: Version 7.93 ( https://nmap.org/ncat )
+grep --version:
+ grep (GNU grep) 3.7
+
+Using OpenStack cloud: ===========================================================================================================================================
+"Ostrava","identity","3.14","CURRENT","https://identity.ostrava.openstack.cloud.e-infra.cz/v3/","",""
+
+Using OpenStack personal project named: c2bf29961b887b399a456269bbcb7aedd3127a26@einfra.cesnet.cz
+
+Delete previously created objects (delete_objects_personal_project) ==============================================================================================
+server volume keypair security-group
+
+List currently allocated objects =================================================================================================================================
+networks:
+ +--------------------------------------+-------------------------------+--------------------------------------+
+ | ID | Name | Subnets |
+ +--------------------------------------+-------------------------------+--------------------------------------+
+ | 968fe5cf-e7b3-4d47-8239-d6f3ea2edd16 | internal-ipv4-general-private | 3170bacf-72e9-418f-8b0c-72f2e67eefd1 |
+ +--------------------------------------+-------------------------------+--------------------------------------+
+subnets:
+ +--------------------------------------+------------------------------------------+--------------------------------------+---------------+
+ | ID | Name | Network | Subnet |
+ +--------------------------------------+------------------------------------------+--------------------------------------+---------------+
+ | 3170bacf-72e9-418f-8b0c-72f2e67eefd1 | internal-ipv4-general-private-172-22-0-0 | 968fe5cf-e7b3-4d47-8239-d6f3ea2edd16 | 172.22.0.0/16 |
+ +--------------------------------------+------------------------------------------+--------------------------------------+---------------+
+
+Create (generate) locally SSH keypair, upload public SSH key to cloud =====================================================
+... (press Enter or wait 2m) [keyboard input timed out]
+Enter passphrase (empty for no passphrase):
+Enter same passphrase again:
+Generating public/private rsa key pair.
+Your identification has been saved in /home/freznicek/.ssh/prod-ostrava/id_rsa.personal-project-infra-demo-keypair
+Your public key has been saved in /home/freznicek/.ssh/prod-ostrava/id_rsa.personal-project-infra-demo-keypair.pub
+The key fingerprint is:
+SHA256:er9CpFZqTqVue764L02is3v9c5GzdWAdvKbTfE4zDPQ freznicek@lenovo-t14
+The key's randomart image is:
++---[RSA 4096]----+
+| . |
+| . o |
+| . ..o|
+| + .oE.|
+| BS oB. |
+| O.o +o.*+|
+| B.*. =.++|
+| o *o=.. o .|
+| o*+B++++ |
++----[SHA256]-----+
++-------------+------------------------------------------------------------------+
+| Field | Value |
++-------------+------------------------------------------------------------------+
+| created_at | None |
+| fingerprint | 7c:e9:d5:74:a4:48:c5:55:cb:a6:1c:26:03:e8:d6:0a |
+| id | personal-project-infra-demo-keypair |
+| is_deleted | None |
+| name | personal-project-infra-demo-keypair |
+| type | ssh |
+| user_id | bc28a25a73e89b176d4b9bb181cd7842a9101472a3117c689560d4858be0c191 |
++-------------+------------------------------------------------------------------+
+-rw-------. 1 freznicek freznicek 3389 30. Äec 19.49 /home/freznicek/.ssh/prod-ostrava/id_rsa.personal-project-infra-demo-keypair
+-rw-r--r--. 1 freznicek freznicek 746 30. Äec 19.49 /home/freznicek/.ssh/prod-ostrava/id_rsa.personal-project-infra-demo-keypair.pub
+
+Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22 ==========
+... (press Enter or wait 2m) [keyboard input timed out]
++-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| Field | Value |
++-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| created_at | 2023-07-30T17:49:36Z |
+| description | personal-project-infra demo default security group |
+| id | cb447523-4f3c-4561-8c3e-2977502e3d3d |
+| name | personal-project-infra-demo-secgroup |
+| project_id | 1b20bb11afbe41c1bd681d2e319ab9a0 |
+| revision_number | 1 |
+| rules | created_at='2023-07-30T17:49:36Z', direction='egress', ethertype='IPv4', id='2faa5355-4645-4300-9272-252121c49c3c', standard_attr_id='69059', updated_at='2023-07-30T17:49:36Z' |
+| | created_at='2023-07-30T17:49:36Z', direction='egress', ethertype='IPv6', id='f2ea2665-077e-4191-84db-9b2994928015', standard_attr_id='69062', updated_at='2023-07-30T17:49:36Z' |
+| stateful | True |
+| tags | [] |
+| updated_at | 2023-07-30T17:49:36Z |
++-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
++-------------------------+--------------------------------------+
+| Field | Value |
++-------------------------+--------------------------------------+
+| created_at | 2023-07-30T17:49:38Z |
+| description | |
+| direction | ingress |
+| ether_type | IPv4 |
+| id | ede41c2d-53e5-4686-a125-03bb702a0a8b |
+| name | None |
+| port_range_max | 22 |
+| port_range_min | 22 |
+| project_id | 1b20bb11afbe41c1bd681d2e319ab9a0 |
+| protocol | tcp |
+| remote_address_group_id | None |
+| remote_group_id | None |
+| remote_ip_prefix | 0.0.0.0/0 |
+| revision_number | 0 |
+| security_group_id | cb447523-4f3c-4561-8c3e-2977502e3d3d |
+| tags | [] |
+| updated_at | 2023-07-30T17:49:38Z |
++-------------------------+--------------------------------------+
++-------------------------+--------------------------------------+
+| Field | Value |
++-------------------------+--------------------------------------+
+| created_at | 2023-07-30T17:49:40Z |
+| description | |
+| direction | egress |
+| ether_type | IPv4 |
+| id | 02a516ba-ef9f-4750-bacf-3df7b2250017 |
+| name | None |
+| port_range_max | None |
+| port_range_min | None |
+| project_id | 1b20bb11afbe41c1bd681d2e319ab9a0 |
+| protocol | tcp |
+| remote_address_group_id | None |
+| remote_group_id | None |
+| remote_ip_prefix | 0.0.0.0/0 |
+| revision_number | 0 |
+| security_group_id | cb447523-4f3c-4561-8c3e-2977502e3d3d |
+| tags | [] |
+| updated_at | 2023-07-30T17:49:40Z |
++-------------------------+--------------------------------------+
+
+Re-use existing network (internal-ipv4-general-private) and subnet (internal-ipv4-general-private-172-22-0-0) =============
+... (press Enter or wait 2m) [keyboard input timed out]
+
+Create cloud VM instance "personal-project-infra-demo-server" with following configuration:
+ flavor: e1.medium, image/os: ubuntu-jammy-x86_64, network: internal-ipv4-general-private
+ keypair: personal-project-infra-demo-keypair, sec-group/firewall: personal-project-infra-demo-secgroup) additional arguments: =
+... (press Enter or wait 2m) [keyboard input timed out]
++-------------------------------------+------------------------------------------------------------------+
+| Field | Value |
++-------------------------------------+------------------------------------------------------------------+
+| OS-DCF:diskConfig | MANUAL |
+| OS-EXT-AZ:availability_zone | |
+| OS-EXT-SRV-ATTR:host | None |
+| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
+| OS-EXT-SRV-ATTR:instance_name | |
+| OS-EXT-STS:power_state | NOSTATE |
+| OS-EXT-STS:task_state | scheduling |
+| OS-EXT-STS:vm_state | building |
+| OS-SRV-USG:launched_at | None |
+| OS-SRV-USG:terminated_at | None |
+| accessIPv4 | |
+| accessIPv6 | |
+| addresses | |
+| adminPass | Sxh4saKRLm87 |
+| config_drive | |
+| created | 2023-07-30T17:49:46Z |
+| flavor | e1.medium (eaf0fbe1-c099-4cd6-b782-67e1ba9b1654) |
+| hostId | |
+| id | 576e7581-7852-40d7-953f-cd1b76fee7be |
+| image | ubuntu-jammy-x86_64 (9a071dba-67d5-445f-9d32-0f56360fb10f) |
+| key_name | personal-project-infra-demo-keypair |
+| name | personal-project-infra-demo-server |
+| progress | 0 |
+| project_id | 1b20bb11afbe41c1bd681d2e319ab9a0 |
+| properties | |
+| security_groups | name='cb447523-4f3c-4561-8c3e-2977502e3d3d' |
+| status | BUILD |
+| updated | 2023-07-30T17:49:46Z |
+| user_id | bc28a25a73e89b176d4b9bb181cd7842a9101472a3117c689560d4858be0c191 |
+| volumes_attached | |
++-------------------------------------+------------------------------------------------------------------+
+
+Wait for VM instance "personal-project-infra-demo-server" being ACTIVE ====================================================
+BUILD ACTIVE
+
+ 1] Reuse existing router internal-ipv4-general-private (may not be visible from personal projects)
+
+ 2] Allocate single FIP (floating ip) from external provider network
+... (press Enter or wait 2m) [keyboard input timed out]
+Successfully obtained public ipv4 floating IP adress (FIP): 195.113.243.132
+
+ 3] Associate selected FIP with created VM
+
+VM server instance access tests ===========================================================================================
+
+ 1] TCP access (ncat -z 195.113.243.132 22)
+... (press Enter or wait 2m) [keyboard input timed out]
+.VM is accessible at 195.113.243.132:22
+
+ 2] SSH access (ssh -i /home/freznicek/.ssh/prod-ostrava/id_rsa.personal-project-infra-demo-keypair ubuntu@195.113.243.132)
+... (press Enter or wait 2m) [keyboard input timed out]
+Warning: Permanently added '195.113.243.132' (ED25519) to the list of known hosts.
+
+Linux personal-project-infra-demo-server 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
+ 17:50:26 up 0 min, 0 users, load average: 0.93, 0.21, 0.07
+VM access succeeded!
+
+Object summary in profile personal-project-infra ==========================================================================
+... (press Enter or wait 2m) [keyboard input timed out]
+keypairs:
+ +-------------------------------------+-------------------------------------------------+------+
+ | Name | Fingerprint | Type |
+ +-------------------------------------+-------------------------------------------------+------+
+ | personal-project-infra-demo-keypair | 7c:e9:d5:74:a4:48:c5:55:cb:a6:1c:26:03:e8:d6:0a | ssh |
+ +-------------------------------------+-------------------------------------------------+------+
+networks:
+ +--------------------------------------+-------------------------------+--------------------------------------+
+ | ID | Name | Subnets |
+ +--------------------------------------+-------------------------------+--------------------------------------+
+ | 968fe5cf-e7b3-4d47-8239-d6f3ea2edd16 | internal-ipv4-general-private | 3170bacf-72e9-418f-8b0c-72f2e67eefd1 |
+ +--------------------------------------+-------------------------------+--------------------------------------+
+subnets:
+ +--------------------------------------+------------------------------------------+--------------------------------------+---------------+
+ | ID | Name | Network | Subnet |
+ +--------------------------------------+------------------------------------------+--------------------------------------+---------------+
+ | 3170bacf-72e9-418f-8b0c-72f2e67eefd1 | internal-ipv4-general-private-172-22-0-0 | 968fe5cf-e7b3-4d47-8239-d6f3ea2edd16 | 172.22.0.0/16 |
+ +--------------------------------------+------------------------------------------+--------------------------------------+---------------+
+floating_ips:
+ +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
+ | ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+ +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
+ | 3dc64a05-fac7-493f-8779-6e38d036675b | 195.113.243.132 | 172.22.1.73 | 3c53172e-9454-4c4d-ae0b-a494d5ff9c01 | 5a778b8d-4194-48fd-880d-181aaf7222c2 | 1b20bb11afbe41c1bd681d2e319ab9a0 |
+ +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
+security_groups:
+ +--------------------------------------+--------------------------------------+----------------------------------------------------+----------------------------------+------+
+ | ID | Name | Description | Project | Tags |
+ +--------------------------------------+--------------------------------------+----------------------------------------------------+----------------------------------+------+
+ | cb447523-4f3c-4561-8c3e-2977502e3d3d | personal-project-infra-demo-secgroup | personal-project-infra demo default security group | 1b20bb11afbe41c1bd681d2e319ab9a0 | [] |
+ +--------------------------------------+--------------------------------------+----------------------------------------------------+----------------------------------+------+
+servers:
+ +--------------------------------------+------------------------------------+--------+------------------------------------------------------------+---------------------+-----------+
+ | ID | Name | Status | Networks | Image | Flavor |
+ +--------------------------------------+------------------------------------+--------+------------------------------------------------------------+---------------------+-----------+
+ | 576e7581-7852-40d7-953f-cd1b76fee7be | personal-project-infra-demo-server | ACTIVE | internal-ipv4-general-private=172.22.1.73, 195.113.243.132 | ubuntu-jammy-x86_64 | e1.medium |
+ +--------------------------------------+------------------------------------+--------+------------------------------------------------------------+---------------------+-----------+
+
+Teardown of the objects (delete_objects_personal_project) (Interrupt with CTRL-C if you want to keep the created infrastructure and skip its destruction) =
+... (press Enter or wait 2m) [keyboard input timed out]
+floating-ip server volume keypair security-group
+[freznicek@lenovo-t14 commandline 0]$
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/README.md b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..a69aac4e7c67d10a3e0b6aa1545256c60462f6ab
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/README.md
@@ -0,0 +1,67 @@
+# Terraform demonstration
+
+This Terraform module is able to demonstrate creation of two most used cloud infrastructure patterns:
+
+## Two tier infrastructure: public bastion and private VM farm
+
+Infrastructure consist of:
+ - public facing small bastion VM (sometimes called as jump VM)
+ - private VM farm
+
+
+
+## Single tier infrastructure i.e. public facing VM farm
+
+Infrastructure consist of:
+ - public facing VM farm
+
+
+
+
+## Cloud VM configuration during system boot using cloud-init
+Terraform demonstrates [how to configure VM servers on creation with cloud-init](modules/common/nodes-cloudinit.txt):
+ - Add ssh keys, disable SSH password auth
+ - Create partition and filesystemand mount extra data from extra volume
+
+## Handling different project restrictions (quotas, shared networks, ...)
+
+e-INFRA.CZ OpenStack cloud distinguishes between two project types: personal and group
+([more the topic](https://docs.e-infra.cz/compute/openstack/technical-reference/brno-site/get-access/#personal-project)).
+Terraform demo code with additional variable file [`personal-projects.tfvars`](./personal-projects.tfvars) shows how to support both project types i.e. how to parametrize infrastructure definition with minimal code duplications.
+
+There is thin terraform wrapper [`terraform.sh`](./terraform.sh) abstracting the fact which project type you are on. It is not necessary to use the [`terraform.sh`](./terraform.sh) wrapper when you keep in mind that additional terraform variables file [`personal-projects.tfvars`](./personal-projects.tfvars) has to be passed at plan step when you are on personal project.
+
+## Using the terraform demo
+
+1. Clone the repository.
+1. Load you OpenStack application credentials to environment variables `source project_openrc.sh.inc`
+1. Override any infrastructure variables in [main.tf](main.tf) file if needed. Full set of variables can be found in [modules/common/variables.tf](modules/common/variables.tf).
+1. In the [terraform root directory](/clouds/g2/ostrava/general/terraform) run following commands to initiate and validate environment
+ * `./terraform.sh validate-tools`
+ * `./terraform.sh detect-cloud`
+ * `./terraform.sh detect-project`
+ * `./terraform.sh init`
+ * `./terraform.sh validate`
+1. In the [same directory](/clouds/g2/ostrava/general/terraform) run commands to deploy cloud infrastructure
+ * `./terraform.sh plan --out plan`
+ * `./terraform.sh apply plan`
+1. Once you need to change the infrastructure, first modify the infrastructure declaration and repeat above steps to deploy changes.
+1. Cloud resources can be deleted with `./terraform.sh destroy`.
+
+> You may use terraform directly without the [`terraform.sh`](./terraform.sh) wrapper, but then keep in your mind that just for personal project type you should pass additional variable file [`personal-projects.tfvars`](./personal-projects.tfvars) at plan step (i.e. `terraform plan --out personal-project.plan --var-file=personal-projects.tfvars`)
+
+Detailed terminal transcripts show how to run terraform demo inside personal project ([with](./terraform-2tier_public_bastion_private_vm_farm-personal-project-wrapper.log) / [without the wrapper](./terraform-2tier_public_bastion_private_vm_farm-personal-project-no-wrapper.log)) as well as under group project([with](./terraform-2tier_public_bastion_private_vm_farm-group-project-wrapper.log) / [without the wrapper](./terraform-2tier_public_bastion_private_vm_farm-group-project-no-wrapper.log)).
+
+
+## Access to the VM nodes
+
+In single tier infrastructure you access directly the individual VM nodes via SSH on public IP addresses.
+Two tier infrastructure requires the access following way:
+1. Establish the connection with bastion
+```sh
+sshuttle -r ubuntu@<bastion-ip>
+```
+1. Connect directly to VM nodes via SSH on private IP addresses:
+```sh
+ssh ubuntu@<vm-node-ip-from-10.10.10.0/24>
+```
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/main.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..08a4e6741d260b529be1621c3cff814fb528f79d
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/main.tf
@@ -0,0 +1,33 @@
+terraform {
+ backend "local" {}
+}
+
+module "toplevel" {
+ # infrastructure type:
+ # -------------------------------------------------------------------------
+ # two tier infrastructure (2tier_public_bastion_private_vm_farm module):
+ # * single public facing tiny bastion VM
+ # * <nodes_count> private HPC VM farm
+ source = "./modules/2tier_public_bastion_private_vm_farm"
+ # single tier infrastructure (1tier_public_vm_farm monule)
+ # * <nodes_count> public HPC VM farm
+ #source = "./modules/1tier_public_vm_farm"
+
+ infra_name = "general-tf-demo"
+
+ nodes_count = 2
+ nodes_flavor = "e1.small"
+ nodes_image = "ubuntu-jammy-x86_64"
+ public_external_network = "external-ipv4-general-public"
+ nodes_extra_volume_size = 0 # extra volume size in GB
+
+ # OpenStack project type:
+ # -------------------------------------------------------------------------
+ # root variables wired 1:1 to "toplevel" module to be able to toggle between
+ # group and personal project infrastructure
+ router_creation_enable = var.router_creation_enable
+ internal_network_creation_enable = var.internal_network_creation_enable
+ internal_network_name = var.internal_network_name
+ internal_subnet_creation_enable = var.internal_subnet_creation_enable
+ internal_subnet_name = var.internal_subnet_name
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/instances.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/instances.tf
new file mode 120000
index 0000000000000000000000000000000000000000..1b0affe75dec19d734fca77cad9c11ace98c3ed8
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/instances.tf
@@ -0,0 +1 @@
+../common/instances.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/keypair.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/keypair.tf
new file mode 120000
index 0000000000000000000000000000000000000000..77516d3e7806eb2637f74b83653fecbf63d490f9
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/keypair.tf
@@ -0,0 +1 @@
+../common/keypair.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/networks.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/networks.tf
new file mode 120000
index 0000000000000000000000000000000000000000..09f02c14eabbdd83d5441fd2f735cb7cd9437258
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/networks.tf
@@ -0,0 +1 @@
+../common/networks.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/nodes-cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/nodes-cloudinit.txt
new file mode 120000
index 0000000000000000000000000000000000000000..cd96cf14a086f7a1ee2a9190b9f9379311d148f4
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/nodes-cloudinit.txt
@@ -0,0 +1 @@
+../common/nodes-cloudinit.txt
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/nodes-networks.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/nodes-networks.tf
new file mode 100644
index 0000000000000000000000000000000000000000..b97a8d6ef5bf6dc81f42bf42e2663024cbc5a980
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/nodes-networks.tf
@@ -0,0 +1,11 @@
+# Floating IPs
+resource "openstack_networking_floatingip_v2" "nodes_fips" {
+ count = var.nodes_count
+ pool = var.public_external_network
+}
+
+resource "openstack_compute_floatingip_associate_v2" "nodes_fips_associations" {
+ count = var.nodes_count
+ floating_ip = element(openstack_networking_floatingip_v2.nodes_fips.*.address, count.index)
+ instance_id = element(openstack_compute_instance_v2.nodes.*.id, count.index)
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/providers.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/providers.tf
new file mode 120000
index 0000000000000000000000000000000000000000..4b272fc455489e11a6b6570233567d2f234a0878
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/providers.tf
@@ -0,0 +1 @@
+../common/providers.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/secgroup_rules.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/secgroup_rules.tf
new file mode 120000
index 0000000000000000000000000000000000000000..b8efc8637cfbf34b857abcdadca20bc45f0b7430
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/secgroup_rules.tf
@@ -0,0 +1 @@
+../common/secgroup_rules.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/variables.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/variables.tf
new file mode 120000
index 0000000000000000000000000000000000000000..72202b3e76544e476d963b935ac4b724149c5504
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/variables.tf
@@ -0,0 +1 @@
+../common/variables.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/volumes.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/volumes.tf
new file mode 120000
index 0000000000000000000000000000000000000000..cfca71e1a757c5785a365745fc26c3c1c3c038bd
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/1tier_public_vm_farm/volumes.tf
@@ -0,0 +1 @@
+../common/volumes.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-cloudinit.txt
new file mode 100644
index 0000000000000000000000000000000000000000..13818fd8f5f2c90a7cf36e7e272c4e75c72edaeb
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-cloudinit.txt
@@ -0,0 +1,7 @@
+users:
+ - default
+ - name: ubuntu
+ shell: /bin/bash
+ ssh_authorized_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5fFLKPzxna7fq6kh1CHaIQFnpqXybqLqGs4ZpTDbIrEn7xjCsdyxMm9dcptyS0t6BzXO56BlJyYsR1GWo4rp3g8rMmb9u6/oHmMwgn7G/GLgsaAAO5XHW0A3UEJl3JHfCQLHkN1APQ4dy7gNTG24ahH/pcyr4rV0SsjPUCqFqkSMDZxRgfllNGftxWVHR2fYfPALLrGdhR/SjNSIs3pwBIUXaSfF3aBLsjeGBj4y5YsiR9yI3y2gUmpURROofTvtE7Fp8OIgmWCVqRe70CKDbl17HFbz3FIqYwZLAQHILcp1M45zV8koSOjW5+3C/ZJYzBKOnw/a/1Cw3uHFDrZfRqKLMP/gagnoEPRHjfmUsJ3UJO0eXDCXmnH7F48xBI76CgxYl039/SMmJ2mR0KqAHGnwqVmJI3yBGyK+Z4iEwk+JVDLEB14RHiMp2/I/tYpDWFE1IOigFFNLdfaZrVFY1/fD+yGGyFUO1Wo+CKb8tpndLB4H3Yj2MLRDP/aNpLC4M7Aru7hWnUF81aE/VUAqR6CP2vsHzlAOmH08pOlP9FVITinmJqzBL15l+W7q0Rhh4WBRO4ixlrtRJDNL2wm0vf+GiJnXligFtZ7Cw8bk/LcAe37WqcTl0xLKDyPSw4SvWOC2aE6BVuJjPAhoUUcBaNzoBa7lf4eb+FS4tquTZlQ== freznicek@LenovoThinkCentreE73
+ssh_pwauth: false
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-instance.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-instance.tf
new file mode 100644
index 0000000000000000000000000000000000000000..66920b6f84312fdfeee8f96f31d301f3d715f9a7
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-instance.tf
@@ -0,0 +1,13 @@
+resource "openstack_compute_instance_v2" "bastion" {
+ name = "${var.infra_name}-${var.bastion_name}"
+ image_name = var.bastion_image
+ flavor_name = var.bastion_flavor
+ key_pair = openstack_compute_keypair_v2.pubkey.name
+ security_groups = [openstack_networking_secgroup_v2.secgroup_default.name]
+ user_data = "#cloud-config\nhostname: ${var.infra_name}-${var.bastion_name}.local\n${file("${path.module}/bastion-cloudinit.txt")}"
+
+ network {
+ uuid = var.internal_network_creation_enable ? openstack_networking_network_v2.network_default[0].id : data.openstack_networking_network_v2.internal_shared_personal_network[0].id
+ port = openstack_networking_port_v2.bastion_port.id
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-networks.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-networks.tf
new file mode 100644
index 0000000000000000000000000000000000000000..bca943b25f13fee8e6ed4e15e66491eb9f9d2989
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/bastion-networks.tf
@@ -0,0 +1,20 @@
+# Floating IPs (only for bastion node)
+resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ pool = var.public_external_network
+}
+
+resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ floating_ip = openstack_networking_floatingip_v2.bastion_fip.address
+ instance_id = openstack_compute_instance_v2.bastion.id
+}
+
+# Ports
+resource "openstack_networking_port_v2" "bastion_port" {
+ name = "${var.infra_name}-${var.bastion_name}-port"
+ network_id = var.internal_network_creation_enable ? openstack_networking_network_v2.network_default[0].id : data.openstack_networking_network_v2.internal_shared_personal_network[0].id
+ admin_state_up = "true"
+ security_group_ids = [openstack_networking_secgroup_v2.secgroup_default.id]
+ fixed_ip {
+ subnet_id = var.internal_subnet_creation_enable ? openstack_networking_subnet_v2.subnet_default[0].id : data.openstack_networking_subnet_v2.internal_shared_personal_subnet[0].id
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/instances.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/instances.tf
new file mode 120000
index 0000000000000000000000000000000000000000..1b0affe75dec19d734fca77cad9c11ace98c3ed8
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/instances.tf
@@ -0,0 +1 @@
+../common/instances.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/keypair.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/keypair.tf
new file mode 120000
index 0000000000000000000000000000000000000000..77516d3e7806eb2637f74b83653fecbf63d490f9
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/keypair.tf
@@ -0,0 +1 @@
+../common/keypair.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/networks.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/networks.tf
new file mode 120000
index 0000000000000000000000000000000000000000..09f02c14eabbdd83d5441fd2f735cb7cd9437258
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/networks.tf
@@ -0,0 +1 @@
+../common/networks.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/nodes-cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/nodes-cloudinit.txt
new file mode 120000
index 0000000000000000000000000000000000000000..cd96cf14a086f7a1ee2a9190b9f9379311d148f4
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/nodes-cloudinit.txt
@@ -0,0 +1 @@
+../common/nodes-cloudinit.txt
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/providers.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/providers.tf
new file mode 120000
index 0000000000000000000000000000000000000000..4b272fc455489e11a6b6570233567d2f234a0878
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/providers.tf
@@ -0,0 +1 @@
+../common/providers.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/secgroup_rules.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/secgroup_rules.tf
new file mode 120000
index 0000000000000000000000000000000000000000..b8efc8637cfbf34b857abcdadca20bc45f0b7430
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/secgroup_rules.tf
@@ -0,0 +1 @@
+../common/secgroup_rules.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/variables.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/variables.tf
new file mode 120000
index 0000000000000000000000000000000000000000..72202b3e76544e476d963b935ac4b724149c5504
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/variables.tf
@@ -0,0 +1 @@
+../common/variables.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/volumes.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/volumes.tf
new file mode 120000
index 0000000000000000000000000000000000000000..cfca71e1a757c5785a365745fc26c3c1c3c038bd
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/2tier_public_bastion_private_vm_farm/volumes.tf
@@ -0,0 +1 @@
+../common/volumes.tf
\ No newline at end of file
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/instances.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/instances.tf
new file mode 100644
index 0000000000000000000000000000000000000000..1e93d03e7298014f15629bb29ffc33c79acf7f0d
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/instances.tf
@@ -0,0 +1,31 @@
+####################
+# Define instances #
+####################
+
+data "openstack_images_image_v2" "nodes_image" {
+ name = var.nodes_image
+}
+
+resource "openstack_compute_instance_v2" "nodes" {
+ count = var.nodes_count
+ name = "${var.infra_name}-${var.nodes_name}-${count.index+1}"
+ image_name = var.nodes_image
+ flavor_name = var.nodes_flavor
+ key_pair = openstack_compute_keypair_v2.pubkey.name
+ security_groups = [openstack_networking_secgroup_v2.secgroup_default.name]
+ user_data = "#cloud-config\nhostname: ${var.infra_name}-${var.nodes_name}-${count.index+1}.local\n${file("${path.module}/nodes-cloudinit.txt")}"
+
+ network {
+ uuid = var.internal_network_creation_enable ? openstack_networking_network_v2.network_default[0].id : data.openstack_networking_network_v2.internal_shared_personal_network[0].id
+ port = element(openstack_networking_port_v2.nodes_ports.*.id, count.index)
+ }
+
+ block_device {
+ uuid = data.openstack_images_image_v2.nodes_image.id
+ source_type = "image"
+ volume_size = var.nodes_volume_size
+ destination_type = "local"
+ boot_index = 0
+ delete_on_termination = true
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/keypair.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/keypair.tf
new file mode 100644
index 0000000000000000000000000000000000000000..d52e2d66b33fa9e3410d84befbe2314a86c8f544
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/keypair.tf
@@ -0,0 +1,6 @@
+
+resource "openstack_compute_keypair_v2" "pubkey" {
+ name = "${var.infra_name}-keypair"
+ public_key = file("${var.ssh_public_key}")
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/networks.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/networks.tf
new file mode 100644
index 0000000000000000000000000000000000000000..0ea32e1ea70ad712c299da7e5d7f16d54b6836f3
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/networks.tf
@@ -0,0 +1,52 @@
+resource "openstack_networking_network_v2" "network_default" {
+ count = var.internal_network_creation_enable ? 1 : 0
+ name = "${var.infra_name}_network"
+ admin_state_up = "true"
+}
+
+resource "openstack_networking_subnet_v2" "subnet_default" {
+ count = var.internal_subnet_creation_enable ? 1 : 0
+ name = "${var.infra_name}_subnet"
+ network_id = openstack_networking_network_v2.network_default[0].id
+ cidr = var.internal_network_cidr
+ ip_version = 4
+ dns_nameservers = ["1.1.1.1", "8.8.8.8"]
+}
+
+data "openstack_networking_network_v2" "external_network" {
+ name = var.public_external_network
+}
+
+data "openstack_networking_network_v2" "internal_shared_personal_network" {
+ count = var.internal_network_creation_enable == false ? 1 : 0
+ name = var.internal_network_name
+}
+
+data "openstack_networking_subnet_v2" "internal_shared_personal_subnet" {
+ count = var.internal_subnet_creation_enable == false ? 1 : 0
+ name = var.internal_subnet_name
+}
+
+resource "openstack_networking_router_v2" "router_default" {
+ count = var.router_creation_enable ? 1 : 0
+ name = "${var.infra_name}_infra-test"
+ admin_state_up = "true"
+ external_network_id = data.openstack_networking_network_v2.external_network.id
+}
+
+resource "openstack_networking_router_interface_v2" "router_default_interface" {
+ count = var.router_creation_enable ? 1 : 0
+ router_id = openstack_networking_router_v2.router_default[0].id
+ subnet_id = openstack_networking_subnet_v2.subnet_default[0].id
+}
+
+resource "openstack_networking_port_v2" "nodes_ports" {
+ count = var.nodes_count
+ name = "${var.infra_name}_${var.nodes_name}_port_${count.index+1}"
+ network_id = var.internal_network_creation_enable ? openstack_networking_network_v2.network_default[0].id : data.openstack_networking_network_v2.internal_shared_personal_network[0].id
+ admin_state_up = "true"
+ security_group_ids = [openstack_networking_secgroup_v2.secgroup_default.id]
+ fixed_ip {
+ subnet_id = var.internal_subnet_creation_enable ? openstack_networking_subnet_v2.subnet_default[0].id : data.openstack_networking_subnet_v2.internal_shared_personal_subnet[0].id
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/nodes-cloudinit.txt b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/nodes-cloudinit.txt
new file mode 100644
index 0000000000000000000000000000000000000000..29457ead3618aa7b77dadb1b41f054dd4280442c
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/nodes-cloudinit.txt
@@ -0,0 +1,21 @@
+users:
+ - default
+ - name: ubuntu
+ shell: /bin/bash
+ ssh_authorized_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5fFLKPzxna7fq6kh1CHaIQFnpqXybqLqGs4ZpTDbIrEn7xjCsdyxMm9dcptyS0t6BzXO56BlJyYsR1GWo4rp3g8rMmb9u6/oHmMwgn7G/GLgsaAAO5XHW0A3UEJl3JHfCQLHkN1APQ4dy7gNTG24ahH/pcyr4rV0SsjPUCqFqkSMDZxRgfllNGftxWVHR2fYfPALLrGdhR/SjNSIs3pwBIUXaSfF3aBLsjeGBj4y5YsiR9yI3y2gUmpURROofTvtE7Fp8OIgmWCVqRe70CKDbl17HFbz3FIqYwZLAQHILcp1M45zV8koSOjW5+3C/ZJYzBKOnw/a/1Cw3uHFDrZfRqKLMP/gagnoEPRHjfmUsJ3UJO0eXDCXmnH7F48xBI76CgxYl039/SMmJ2mR0KqAHGnwqVmJI3yBGyK+Z4iEwk+JVDLEB14RHiMp2/I/tYpDWFE1IOigFFNLdfaZrVFY1/fD+yGGyFUO1Wo+CKb8tpndLB4H3Yj2MLRDP/aNpLC4M7Aru7hWnUF81aE/VUAqR6CP2vsHzlAOmH08pOlP9FVITinmJqzBL15l+W7q0Rhh4WBRO4ixlrtRJDNL2wm0vf+GiJnXligFtZ7Cw8bk/LcAe37WqcTl0xLKDyPSw4SvWOC2aE6BVuJjPAhoUUcBaNzoBa7lf4eb+FS4tquTZlQ== freznicek@LenovoThinkCentreE73
+disk_setup:
+ /dev/sdb:
+ table_type: gpt
+ layout: true
+ overwrite: true
+fs_setup:
+- label: extra_data
+ filesystem: ext4
+ device: /dev/sdb1
+ cmd: mkfs -t %(filesystem)s -L %(label)s %(device)s
+runcmd:
+ - mkdir -p /mnt/data
+mounts:
+ - ["/dev/sdb1", "/mnt/data"]
+ssh_pwauth: false
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/providers.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/providers.tf
new file mode 100644
index 0000000000000000000000000000000000000000..94a7048da394e7d883ea417cee3aded73cf12520
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/providers.tf
@@ -0,0 +1,8 @@
+terraform {
+ required_providers {
+ openstack = {
+ source = "terraform-provider-openstack/openstack"
+ version = "~> 1.52.1"
+ }
+ }
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/secgroup_rules.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/secgroup_rules.tf
new file mode 100644
index 0000000000000000000000000000000000000000..a722fd76af025a896a93d8e3c665c4d5de9ad547
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/secgroup_rules.tf
@@ -0,0 +1,82 @@
+##################################
+# Define Network Security Groups #
+##################################
+
+
+resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ name = "${var.infra_name}_security_group"
+ description = "${var.infra_name} Security group"
+}
+
+
+# Allow all internal TCP & UDP
+
+/* resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_alltcp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 1
+ port_range_max = 65535
+ remote_ip_prefix = var.internal_network_cidr
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_alludp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "udp"
+ port_range_min = 1
+ port_range_max = 65535
+ remote_ip_prefix = var.internal_network_cidr
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+} */
+
+
+# External communication
+# HTTP(S)
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 443
+ port_range_max = 443
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 80
+ port_range_max = 80
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+
+
+# ICMP
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "icmp"
+ port_range_min = 0
+ port_range_max = 0
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
+
+# SSH
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ direction = "ingress"
+ ethertype = "IPv4"
+ protocol = "tcp"
+ port_range_min = 22
+ port_range_max = 22
+ remote_ip_prefix = "0.0.0.0/0"
+ security_group_id = openstack_networking_secgroup_v2.secgroup_default.id
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/variables.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..c7674a82399679b7d0213674681c59119546f5b1
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/variables.tf
@@ -0,0 +1,109 @@
+#########################
+# general configuration #
+#########################
+variable "infra_name" {
+ description = "Infrastructure (profile) name. Used as a name prefix. Must match [a-zA-Z0-9-]+ regexp."
+ default = "general-tf-demo"
+}
+
+variable "ssh_public_key" {
+ default = "~/.ssh/id_rsa.pub"
+}
+
+variable "internal_network_cidr" {
+ description = "Internal network address, use CIDR notation"
+ default = "10.10.10.0/24"
+}
+
+variable "public_external_network" {
+ description = "Cloud public external network pool"
+ default = "public-cesnet-195-113-167-GROUP"
+}
+
+variable "router_creation_enable" {
+ description = "Create dedicated router instance. true/false ~ create new / reuse existing personal router"
+ default = true
+}
+
+variable "internal_network_creation_enable" {
+ description = "Create dedicated internal network. true/false ~ create new / reuse existing personal network"
+ default = true
+}
+
+variable "internal_network_name" {
+ description = "Internal network name. Either dedicated new network or existing personal network name"
+ default = "<var.infra_name>_network"
+}
+
+variable "internal_subnet_creation_enable" {
+ description = "Create dedicated subnet instance. true/false ~ create new / reuse existing personal subnet"
+ default = true
+}
+
+variable "internal_subnet_name" {
+ description = "Internal network subnet name. Either dedicated new subnet or existing personal subnet name"
+ default = "<var.infra_name>_subnet"
+}
+
+####################
+# bastion settings #
+####################
+variable "bastion_name" {
+ description = "Name of the bastion VM. Must match [a-zA-Z0-9-]+ regexp."
+ default = "bastion-server"
+}
+
+variable "bastion_flavor" {
+ default = "standard.small"
+}
+
+variable "bastion_image" {
+ description = "Bastion OS: Image name"
+ default = "ubuntu-jammy-x86_64"
+}
+
+variable "bastion_ssh_user_name" {
+ default = "ubuntu"
+}
+
+#########################
+# master nodes settings #
+#########################
+
+variable "nodes_count" {
+ default = 1
+}
+
+variable "nodes_name" {
+ description = "Name of the nodes. Must match [a-zA-Z0-9-]+ regexp."
+ default = "server"
+}
+
+variable "nodes_flavor" {
+ default = "standard.large"
+}
+
+variable "nodes_image" {
+ description = "nodes OS: Image name"
+ default = "ubuntu-jammy-x86_64"
+}
+
+variable "nodes_ssh_user_name" {
+ default = "ubuntu"
+}
+
+variable "nodes_volume_size" {
+ description = "The size of the volume to create (in gigabytes) for root filesystem. "
+ default = "10"
+}
+
+variable "nodes_extra_volume_size" {
+ description = "The size of the volume to create (in gigabytes) for extra data. 0 to disable extra volume."
+ default = "10"
+}
+
+variable "nodes_extra_volume_type" {
+ description = "The type of extra volume."
+ default = null
+}
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/volumes.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/volumes.tf
new file mode 100644
index 0000000000000000000000000000000000000000..1d0a55b1b7f151b2a87f619e3f633352059502c2
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/modules/common/volumes.tf
@@ -0,0 +1,14 @@
+# extra volume
+resource "openstack_blockstorage_volume_v3" "nodes_extra_volumes" {
+ count = var.nodes_extra_volume_size > 0 ? var.nodes_count : 0
+ name = "${var.infra_name}-extra-volume-${count.index+1}"
+ size = var.nodes_extra_volume_size
+ volume_type = var.nodes_extra_volume_type
+}
+
+resource "openstack_compute_volume_attach_v2" "nodes_extra_volumes_attachments" {
+ count = var.nodes_extra_volume_size > 0 ? var.nodes_count : 0
+ instance_id = element(openstack_compute_instance_v2.nodes.*.id, count.index)
+ volume_id = element(openstack_blockstorage_volume_v3.nodes_extra_volumes.*.id, count.index)
+ device = "/dev/sdb"
+}
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/personal-projects.tfvars b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/personal-projects.tfvars
new file mode 100644
index 0000000000000000000000000000000000000000..7472fcf1efb855836f0c0d326712d954703fb402
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/personal-projects.tfvars
@@ -0,0 +1,6 @@
+# extra variabes for an OpenStack personal project
+router_creation_enable = false
+internal_network_creation_enable = false
+internal_network_name = "internal-ipv4-general-private"
+internal_subnet_creation_enable = false
+internal_subnet_name = "internal-ipv4-general-private-172-22-0-0"
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform-2tier_public_bastion_private_vm_farm-group-project-no-wrapper.log b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform-2tier_public_bastion_private_vm_farm-group-project-no-wrapper.log
new file mode 100644
index 0000000000000000000000000000000000000000..8fdf927416c837e8edf5782dadb27c498d25363b
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform-2tier_public_bastion_private_vm_farm-group-project-no-wrapper.log
@@ -0,0 +1,1008 @@
+# ###########################################################################
+# terminal A
+# ###########################################################################
+[freznicek@lenovo-t14 terraform 0]$ source ~/conf/g2-prod-ostrava-meta-cloud-training-all-roles-openrc.sh
+[freznicek@lenovo-t14 terraform 0]$ terraform init
+
+Initializing the backend...
+Initializing modules...
+
+Initializing provider plugins...
+- Reusing previous version of terraform-provider-openstack/openstack from the dependency lock file
+- Using previously-installed terraform-provider-openstack/openstack v1.52.1
+
+Terraform has been successfully initialized!
+
+You may now begin working with Terraform. Try running "terraform plan" to see
+any changes that are required for your infrastructure. All Terraform commands
+should now work.
+
+If you ever set or change modules or backend configuration for Terraform,
+rerun this command to reinitialize your working directory. If you forget, other
+commands will detect it and remind you to do so if necessary.
+[freznicek@lenovo-t14 terraform 0]$ terraform validate
+Success! The configuration is valid.
+
+[freznicek@lenovo-t14 terraform 0]$ terraform plan --out group-project.plan
+module.toplevel.data.openstack_images_image_v2.nodes_image: Reading...
+module.toplevel.data.openstack_networking_network_v2.external_network: Reading...
+module.toplevel.data.openstack_images_image_v2.nodes_image: Read complete after 1s [id=9a071dba-67d5-445f-9d32-0f56360fb10f]
+module.toplevel.data.openstack_networking_network_v2.external_network: Read complete after 1s [id=5a778b8d-4194-48fd-880d-181aaf7222c2]
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with
+the following symbols:
+ + create
+
+Terraform will perform the following actions:
+
+ # module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate will be created
+ + resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ + floating_ip = (known after apply)
+ + id = (known after apply)
+ + instance_id = (known after apply)
+ + region = (known after apply)
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.bastion will be created
+ + resource "openstack_compute_instance_v2" "bastion" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "standard.small"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "general-tf-demo-keypair"
+ + name = "general-tf-demo-bastion-server"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "general-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "c875cd218164c30103ab9399e7237ce0745df6ef"
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[0] will be created
+ + resource "openstack_compute_instance_v2" "nodes" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "e1.small"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "general-tf-demo-keypair"
+ + name = "general-tf-demo-server-1"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "general-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "4f71dc6cb6cef198c6b7be755b918c12ed196042"
+
+ + block_device {
+ + boot_index = 0
+ + delete_on_termination = true
+ + destination_type = "local"
+ + multiattach = false
+ + source_type = "image"
+ + uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f"
+ + volume_size = 10
+ }
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[1] will be created
+ + resource "openstack_compute_instance_v2" "nodes" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "e1.small"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "general-tf-demo-keypair"
+ + name = "general-tf-demo-server-2"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "general-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "02ba299fe90493a6657b8efdc54727f3ceceb1eb"
+
+ + block_device {
+ + boot_index = 0
+ + delete_on_termination = true
+ + destination_type = "local"
+ + multiattach = false
+ + source_type = "image"
+ + uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f"
+ + volume_size = 10
+ }
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_compute_keypair_v2.pubkey will be created
+ + resource "openstack_compute_keypair_v2" "pubkey" {
+ + fingerprint = (known after apply)
+ + id = (known after apply)
+ + name = "general-tf-demo-keypair"
+ + private_key = (sensitive value)
+ + public_key = <<-EOT
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCh5m8MwPW2mSXPFj0P3SSnAjukeQinvdESJfUeVqxOLozx3uAprm+ghPlun4V0mqfIfs6SmJM2wN8oDjd18yJVgCc1tfaSTDYDnVdrVPzWQYDdCqca0a3z+fXuK/sffv+9SH4LdNGqm6wA6xjJAbp8HbsnUNbcxs9bt9GJToxRjVCHjawJxlBBUemuYU7x7B8tdq3W5Fxtc9dIEcpO7NLvVujSSzbTwxVANSpOsbhroN6IQP299hB7Ggoa7P0MNaJa9VHJSU4Z6N7lYDrMG5gkm6LxL6s37ljyQS7IVDNKbhj1WrWfxAWrYtQy5alzisa7uuaxb1dOwEEWzZI5Z59T79cZActsJJPf6e4zurYo8Tqw9vpJId8ohDEQVnmb5asDGMz5G8xXa4G98McVYL1766fN1FxflYLIVRi7uPTLjN76COh/Q/ZxYuByFYl62VY+vT3CxcYInsqOkhwgfmHMbepq3ndRRIrN97IDDMutT5peTLSwpsmME+202Tg12TL7aGMyeNfcRxJkm3nHvXXKSAu1fJKXPvTQZZRxctX9GQ+2iYBhB57WnmtvfzgfcrAdZTXH3Mh08xRB+Uv/VqupLhm9Fgs/+IVUyi0AezsL6NrGItyPVcVU2HXF6xdsIFyHgb2Jhbdm2PzN/n7lcRa6lkltPBpLSWZb0N0DSHbrJw== freznicek@fedora
+ EOT
+ + region = (known after apply)
+ + user_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_floatingip_v2.bastion_fip will be created
+ + resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ + address = (known after apply)
+ + all_tags = (known after apply)
+ + dns_domain = (known after apply)
+ + dns_name = (known after apply)
+ + fixed_ip = (known after apply)
+ + id = (known after apply)
+ + pool = "external-ipv4-general-public"
+ + port_id = (known after apply)
+ + region = (known after apply)
+ + subnet_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_network_v2.network_default[0] will be created
+ + resource "openstack_networking_network_v2" "network_default" {
+ + admin_state_up = true
+ + all_tags = (known after apply)
+ + availability_zone_hints = (known after apply)
+ + dns_domain = (known after apply)
+ + external = (known after apply)
+ + id = (known after apply)
+ + mtu = (known after apply)
+ + name = "general-tf-demo_network"
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + shared = (known after apply)
+ + tenant_id = (known after apply)
+ + transparent_vlan = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_port_v2.bastion_port will be created
+ + resource "openstack_networking_port_v2" "bastion_port" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "general-tf-demo-bastion-server-port"
+ + network_id = (known after apply)
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[0] will be created
+ + resource "openstack_networking_port_v2" "nodes_ports" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "general-tf-demo_server_port_1"
+ + network_id = (known after apply)
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[1] will be created
+ + resource "openstack_networking_port_v2" "nodes_ports" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "general-tf-demo_server_port_2"
+ + network_id = (known after apply)
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0] will be created
+ + resource "openstack_networking_router_interface_v2" "router_default_interface" {
+ + force_destroy = false
+ + id = (known after apply)
+ + port_id = (known after apply)
+ + region = (known after apply)
+ + router_id = (known after apply)
+ + subnet_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_router_v2.router_default[0] will be created
+ + resource "openstack_networking_router_v2" "router_default" {
+ + admin_state_up = true
+ + all_tags = (known after apply)
+ + availability_zone_hints = (known after apply)
+ + distributed = (known after apply)
+ + enable_snat = (known after apply)
+ + external_gateway = (known after apply)
+ + external_network_id = "5a778b8d-4194-48fd-880d-181aaf7222c2"
+ + id = (known after apply)
+ + name = "general-tf-demo_infra-test"
+ + region = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 80
+ + port_range_min = 80
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 443
+ + port_range_min = 443
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 0
+ + port_range_min = 0
+ + protocol = "icmp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 22
+ + port_range_min = 22
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_v2.secgroup_default will be created
+ + resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ + all_tags = (known after apply)
+ + description = "general-tf-demo Security group"
+ + id = (known after apply)
+ + name = "general-tf-demo_security_group"
+ + region = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_subnet_v2.subnet_default[0] will be created
+ + resource "openstack_networking_subnet_v2" "subnet_default" {
+ + all_tags = (known after apply)
+ + cidr = "10.10.10.0/24"
+ + dns_nameservers = [
+ + "1.1.1.1",
+ + "8.8.8.8",
+ ]
+ + enable_dhcp = true
+ + gateway_ip = (known after apply)
+ + id = (known after apply)
+ + ip_version = 4
+ + ipv6_address_mode = (known after apply)
+ + ipv6_ra_mode = (known after apply)
+ + name = "general-tf-demo_subnet"
+ + network_id = (known after apply)
+ + no_gateway = false
+ + region = (known after apply)
+ + service_types = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+Plan: 18 to add, 0 to change, 0 to destroy.
+
+───────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+
+Saved the plan to: group-project.plan
+
+To perform exactly these actions, run the following command to apply:
+ terraform apply "group-project.plan"
+[freznicek@lenovo-t14 terraform 0]$ terraform apply "group-project.plan"
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Creating...
+module.toplevel.openstack_networking_router_v2.router_default[0]: Creating...
+module.toplevel.openstack_compute_keypair_v2.pubkey: Creating...
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Creating...
+module.toplevel.openstack_networking_network_v2.network_default[0]: Creating...
+module.toplevel.openstack_compute_keypair_v2.pubkey: Creation complete after 1s [id=general-tf-demo-keypair]
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Creation complete after 1s [id=30bc1a97-d150-4d52-9e5e-b54f46e85caa]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Creation complete after 0s [id=663be34f-2171-4999-9f79-7f3a9d985106]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Creation complete after 1s [id=b0bbf3bb-e071-464e-8998-e615e9637ee4]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Creation complete after 1s [id=ba11b2f0-4a09-4774-a185-6b29980591e2]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Creation complete after 1s [id=7404a85d-9bb9-41c9-9f78-5a225f03012f]
+module.toplevel.openstack_networking_network_v2.network_default[0]: Creation complete after 7s [id=52a1637a-9950-46c5-8044-99c02fd608dd]
+module.toplevel.openstack_networking_subnet_v2.subnet_default[0]: Creating...
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Creation complete after 7s [id=c8ea0ba8-4c69-45ac-96dd-d08270d53e39]
+module.toplevel.openstack_networking_router_v2.router_default[0]: Creation complete after 8s [id=7e061d3c-90c6-488c-9e8a-78d122fc0088]
+module.toplevel.openstack_networking_subnet_v2.subnet_default[0]: Creation complete after 5s [id=8be2ddeb-bf42-465f-a828-af67beafea23]
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0]: Creating...
+module.toplevel.openstack_networking_port_v2.bastion_port: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Creating...
+module.toplevel.openstack_networking_port_v2.bastion_port: Creation complete after 6s [id=43c96551-3600-4244-b6d9-35a5ff4f5363]
+module.toplevel.openstack_compute_instance_v2.bastion: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Creation complete after 6s [id=31851ec6-83ae-40f6-b108-c6742b5bdd42]
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Creation complete after 6s [id=d8144013-bf87-427b-b546-6bd17f4b749c]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Creating...
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Creating...
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0]: Creation complete after 7s [id=1fbc50d1-50e7-4de8-8e0b-e919d12685b9]
+module.toplevel.openstack_compute_instance_v2.bastion: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.bastion: Creation complete after 11s [id=b4621741-7b87-4d4f-af14-c8764be41209]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Creating...
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Creation complete after 11s [id=f3d1409a-3dc6-48a8-916b-088bc3c967ab]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Creation complete after 11s [id=505d5414-53e4-4736-a886-992e16ab7a13]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Creation complete after 1s [id=195.113.243.33/b4621741-7b87-4d4f-af14-c8764be41209/]
+
+Apply complete! Resources: 18 added, 0 changed, 0 destroyed.
+[freznicek@lenovo-t14 terraform 0]$ openstack server list
++--------------------------------------+--------------------------------+--------+-----------------------------------------------------------+---------------------+----------------+
+| ID | Name | Status | Networks | Image | Flavor |
++--------------------------------------+--------------------------------+--------+-----------------------------------------------------------+---------------------+----------------+
+| 505d5414-53e4-4736-a886-992e16ab7a13 | general-tf-demo-server-1 | ACTIVE | general-tf-demo_network=10.10.10.116 | ubuntu-jammy-x86_64 | e1.small |
+| b4621741-7b87-4d4f-af14-c8764be41209 | general-tf-demo-bastion-server | ACTIVE | general-tf-demo_network=10.10.10.171, 195.113.243.33 | ubuntu-jammy-x86_64 | standard.small |
+| f3d1409a-3dc6-48a8-916b-088bc3c967ab | general-tf-demo-server-2 | ACTIVE | general-tf-demo_network=10.10.10.210 | ubuntu-jammy-x86_64 | e1.small |
++--------------------------------------+--------------------------------+--------+-----------------------------------------------------------+---------------------+----------------+
+
+# ###########################################################################
+# in terminal B
+# ###########################################################################
+[freznicek@lenovo-t14 terraform 0]$ sshuttle -r ubuntu@195.113.243.33 10.10.10.0/24
+[local sudo] Password:
+The authenticity of host '195.113.243.33 (195.113.243.33)' can't be established.
+ED25519 key fingerprint is SHA256:e1D3sQga3lEGh85d3GkFvM8nCkQNLGGWS6MRZgF2U7I.
+This key is not known by any other names
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '195.113.243.33' (ED25519) to the list of known hosts.
+c : Connected to server.
+^Cc :
+c : Keyboard interrupt: exiting.
+
+# ###########################################################################
+# terminal A continues
+# ###########################################################################
+[freznicek@lenovo-t14 terraform 0]$ for i_ip in 10.10.10.{171,116,210}; do ssh ubuntu@$i_ip 'uname -a;uptime'; doneThe authenticity of host '10.10.10.171 (10.10.10.171)' can't be established.
+ED25519 key fingerprint is SHA256:e1D3sQga3lEGh85d3GkFvM8nCkQNLGGWS6MRZgF2U7I.
+This host key is known by the following other names/addresses:
+ ~/.ssh/known_hosts:1296: 195.113.243.33
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '10.10.10.171' (ED25519) to the list of known hosts.
+Linux general-tf-demo-bastion-server 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
+ 17:40:38 up 1 min, 0 users, load average: 0.24, 0.17, 0.07
+The authenticity of host '10.10.10.116 (10.10.10.116)' can't be established.
+ED25519 key fingerprint is SHA256:76kTPJmYHOhA/EtqUA2C2pW2DF4FyF81J2x/k0P/DII.
+This key is not known by any other names
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '10.10.10.116' (ED25519) to the list of known hosts.
+Linux general-tf-demo-server-1 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
+ 17:40:44 up 1 min, 0 users, load average: 0.19, 0.12, 0.05
+The authenticity of host '10.10.10.210 (10.10.10.210)' can't be established.
+ED25519 key fingerprint is SHA256:oH7tIMZLj6MtZuMYqoc3SOIGJFsSHn5oF2KDNishmsk.
+This key is not known by any other names
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '10.10.10.210' (ED25519) to the list of known hosts.
+Linux general-tf-demo-server-2 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
+ 17:40:48 up 2 min, 0 users, load average: 0.34, 0.26, 0.10
+[freznicek@lenovo-t14 terraform 0]$ terraform destroy
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Refreshing state... [id=30bc1a97-d150-4d52-9e5e-b54f46e85caa]
+module.toplevel.data.openstack_networking_network_v2.external_network: Reading...
+module.toplevel.data.openstack_images_image_v2.nodes_image: Reading...
+module.toplevel.openstack_compute_keypair_v2.pubkey: Refreshing state... [id=general-tf-demo-keypair]
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Refreshing state... [id=c8ea0ba8-4c69-45ac-96dd-d08270d53e39]
+module.toplevel.openstack_networking_network_v2.network_default[0]: Refreshing state... [id=52a1637a-9950-46c5-8044-99c02fd608dd]
+module.toplevel.data.openstack_images_image_v2.nodes_image: Read complete after 0s [id=9a071dba-67d5-445f-9d32-0f56360fb10f]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Refreshing state... [id=b0bbf3bb-e071-464e-8998-e615e9637ee4]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Refreshing state... [id=7404a85d-9bb9-41c9-9f78-5a225f03012f]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Refreshing state... [id=663be34f-2171-4999-9f79-7f3a9d985106]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Refreshing state... [id=ba11b2f0-4a09-4774-a185-6b29980591e2]
+module.toplevel.openstack_networking_subnet_v2.subnet_default[0]: Refreshing state... [id=8be2ddeb-bf42-465f-a828-af67beafea23]
+module.toplevel.data.openstack_networking_network_v2.external_network: Read complete after 0s [id=5a778b8d-4194-48fd-880d-181aaf7222c2]
+module.toplevel.openstack_networking_router_v2.router_default[0]: Refreshing state... [id=7e061d3c-90c6-488c-9e8a-78d122fc0088]
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0]: Refreshing state... [id=1fbc50d1-50e7-4de8-8e0b-e919d12685b9]
+module.toplevel.openstack_networking_port_v2.bastion_port: Refreshing state... [id=43c96551-3600-4244-b6d9-35a5ff4f5363]
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Refreshing state... [id=31851ec6-83ae-40f6-b108-c6742b5bdd42]
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Refreshing state... [id=d8144013-bf87-427b-b546-6bd17f4b749c]
+module.toplevel.openstack_compute_instance_v2.bastion: Refreshing state... [id=b4621741-7b87-4d4f-af14-c8764be41209]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Refreshing state... [id=505d5414-53e4-4736-a886-992e16ab7a13]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Refreshing state... [id=f3d1409a-3dc6-48a8-916b-088bc3c967ab]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Refreshing state... [id=195.113.243.33/b4621741-7b87-4d4f-af14-c8764be41209/]
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with
+the following symbols:
+ - destroy
+
+Terraform will perform the following actions:
+
+ # module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate will be destroyed
+ - resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ - floating_ip = "195.113.243.33" -> null
+ - id = "195.113.243.33/b4621741-7b87-4d4f-af14-c8764be41209/" -> null
+ - instance_id = "b4621741-7b87-4d4f-af14-c8764be41209" -> null
+ - region = "Ostrava" -> null
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.bastion will be destroyed
+ - resource "openstack_compute_instance_v2" "bastion" {
+ - access_ip_v4 = "10.10.10.171" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "nova" -> null
+ - created = "2023-08-06 17:38:32 +0000 UTC" -> null
+ - flavor_id = "f5bb56cc-297d-4f1b-bf17-202fa0a8e9a3" -> null
+ - flavor_name = "standard.small" -> null
+ - force_delete = false -> null
+ - id = "b4621741-7b87-4d4f-af14-c8764be41209" -> null
+ - image_id = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-bastion-server" -> null
+ - power_state = "active" -> null
+ - region = "Ostrava" -> null
+ - security_groups = [
+ - "general-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-08-06 17:38:38 +0000 UTC" -> null
+ - user_data = "c875cd218164c30103ab9399e7237ce0745df6ef" -> null
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "10.10.10.171" -> null
+ - mac = "fa:16:3e:71:5e:be" -> null
+ - name = "general-tf-demo_network" -> null
+ - port = "43c96551-3600-4244-b6d9-35a5ff4f5363" -> null
+ - uuid = "52a1637a-9950-46c5-8044-99c02fd608dd" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[0] will be destroyed
+ - resource "openstack_compute_instance_v2" "nodes" {
+ - access_ip_v4 = "10.10.10.116" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "nova" -> null
+ - created = "2023-08-06 17:38:32 +0000 UTC" -> null
+ - flavor_id = "77f5fa9b-255a-4bff-af57-be0bcf0dba03" -> null
+ - flavor_name = "e1.small" -> null
+ - force_delete = false -> null
+ - id = "505d5414-53e4-4736-a886-992e16ab7a13" -> null
+ - image_id = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-server-1" -> null
+ - power_state = "active" -> null
+ - region = "Ostrava" -> null
+ - security_groups = [
+ - "general-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-08-06 17:38:38 +0000 UTC" -> null
+ - user_data = "4f71dc6cb6cef198c6b7be755b918c12ed196042" -> null
+
+ - block_device {
+ - boot_index = 0 -> null
+ - delete_on_termination = true -> null
+ - destination_type = "local" -> null
+ - multiattach = false -> null
+ - source_type = "image" -> null
+ - uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - volume_size = 10 -> null
+ }
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "10.10.10.116" -> null
+ - mac = "fa:16:3e:26:94:51" -> null
+ - name = "general-tf-demo_network" -> null
+ - port = "31851ec6-83ae-40f6-b108-c6742b5bdd42" -> null
+ - uuid = "52a1637a-9950-46c5-8044-99c02fd608dd" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[1] will be destroyed
+ - resource "openstack_compute_instance_v2" "nodes" {
+ - access_ip_v4 = "10.10.10.210" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "nova" -> null
+ - created = "2023-08-06 17:38:32 +0000 UTC" -> null
+ - flavor_id = "77f5fa9b-255a-4bff-af57-be0bcf0dba03" -> null
+ - flavor_name = "e1.small" -> null
+ - force_delete = false -> null
+ - id = "f3d1409a-3dc6-48a8-916b-088bc3c967ab" -> null
+ - image_id = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-server-2" -> null
+ - power_state = "active" -> null
+ - region = "Ostrava" -> null
+ - security_groups = [
+ - "general-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-08-06 17:38:36 +0000 UTC" -> null
+ - user_data = "02ba299fe90493a6657b8efdc54727f3ceceb1eb" -> null
+
+ - block_device {
+ - boot_index = 0 -> null
+ - delete_on_termination = true -> null
+ - destination_type = "local" -> null
+ - multiattach = false -> null
+ - source_type = "image" -> null
+ - uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - volume_size = 10 -> null
+ }
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "10.10.10.210" -> null
+ - mac = "fa:16:3e:0d:26:c1" -> null
+ - name = "general-tf-demo_network" -> null
+ - port = "d8144013-bf87-427b-b546-6bd17f4b749c" -> null
+ - uuid = "52a1637a-9950-46c5-8044-99c02fd608dd" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_keypair_v2.pubkey will be destroyed
+ - resource "openstack_compute_keypair_v2" "pubkey" {
+ - fingerprint = "75:e0:a4:d6:4c:76:ba:21:f1:d1:75:c8:75:22:93:4f" -> null
+ - id = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-keypair" -> null
+ - public_key = <<-EOT
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCh5m8MwPW2mSXPFj0P3SSnAjukeQinvdESJfUeVqxOLozx3uAprm+ghPlun4V0mqfIfs6SmJM2wN8oDjd18yJVgCc1tfaSTDYDnVdrVPzWQYDdCqca0a3z+fXuK/sffv+9SH4LdNGqm6wA6xjJAbp8HbsnUNbcxs9bt9GJToxRjVCHjawJxlBBUemuYU7x7B8tdq3W5Fxtc9dIEcpO7NLvVujSSzbTwxVANSpOsbhroN6IQP299hB7Ggoa7P0MNaJa9VHJSU4Z6N7lYDrMG5gkm6LxL6s37ljyQS7IVDNKbhj1WrWfxAWrYtQy5alzisa7uuaxb1dOwEEWzZI5Z59T79cZActsJJPf6e4zurYo8Tqw9vpJId8ohDEQVnmb5asDGMz5G8xXa4G98McVYL1766fN1FxflYLIVRi7uPTLjN76COh/Q/ZxYuByFYl62VY+vT3CxcYInsqOkhwgfmHMbepq3ndRRIrN97IDDMutT5peTLSwpsmME+202Tg12TL7aGMyeNfcRxJkm3nHvXXKSAu1fJKXPvTQZZRxctX9GQ+2iYBhB57WnmtvfzgfcrAdZTXH3Mh08xRB+Uv/VqupLhm9Fgs/+IVUyi0AezsL6NrGItyPVcVU2HXF6xdsIFyHgb2Jhbdm2PzN/n7lcRa6lkltPBpLSWZb0N0DSHbrJw== freznicek@fedora
+ EOT -> null
+ - region = "Ostrava" -> null
+ }
+
+ # module.toplevel.openstack_networking_floatingip_v2.bastion_fip will be destroyed
+ - resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ - address = "195.113.243.33" -> null
+ - all_tags = [] -> null
+ - fixed_ip = "10.10.10.171" -> null
+ - id = "c8ea0ba8-4c69-45ac-96dd-d08270d53e39" -> null
+ - pool = "external-ipv4-general-public" -> null
+ - port_id = "43c96551-3600-4244-b6d9-35a5ff4f5363" -> null
+ - region = "Ostrava" -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ }
+
+ # module.toplevel.openstack_networking_network_v2.network_default[0] will be destroyed
+ - resource "openstack_networking_network_v2" "network_default" {
+ - admin_state_up = true -> null
+ - all_tags = [] -> null
+ - availability_zone_hints = [
+ - "nova",
+ ] -> null
+ - external = false -> null
+ - id = "52a1637a-9950-46c5-8044-99c02fd608dd" -> null
+ - mtu = 8950 -> null
+ - name = "general-tf-demo_network" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - shared = false -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ - transparent_vlan = false -> null
+ }
+
+ # module.toplevel.openstack_networking_port_v2.bastion_port will be destroyed
+ - resource "openstack_networking_port_v2" "bastion_port" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "10.10.10.171",
+ ] -> null
+ - all_security_group_ids = [
+ - "30bc1a97-d150-4d52-9e5e-b54f46e85caa",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "b4621741-7b87-4d4f-af14-c8764be41209" -> null
+ - device_owner = "compute:nova" -> null
+ - dns_assignment = [] -> null
+ - id = "43c96551-3600-4244-b6d9-35a5ff4f5363" -> null
+ - mac_address = "fa:16:3e:71:5e:be" -> null
+ - name = "general-tf-demo-bastion-server-port" -> null
+ - network_id = "52a1637a-9950-46c5-8044-99c02fd608dd" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - security_group_ids = [
+ - "30bc1a97-d150-4d52-9e5e-b54f46e85caa",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "8be2ddeb-bf42-465f-a828-af67beafea23" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[0] will be destroyed
+ - resource "openstack_networking_port_v2" "nodes_ports" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "10.10.10.116",
+ ] -> null
+ - all_security_group_ids = [
+ - "30bc1a97-d150-4d52-9e5e-b54f46e85caa",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "505d5414-53e4-4736-a886-992e16ab7a13" -> null
+ - device_owner = "compute:nova" -> null
+ - dns_assignment = [] -> null
+ - id = "31851ec6-83ae-40f6-b108-c6742b5bdd42" -> null
+ - mac_address = "fa:16:3e:26:94:51" -> null
+ - name = "general-tf-demo_server_port_1" -> null
+ - network_id = "52a1637a-9950-46c5-8044-99c02fd608dd" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - security_group_ids = [
+ - "30bc1a97-d150-4d52-9e5e-b54f46e85caa",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "8be2ddeb-bf42-465f-a828-af67beafea23" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[1] will be destroyed
+ - resource "openstack_networking_port_v2" "nodes_ports" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "10.10.10.210",
+ ] -> null
+ - all_security_group_ids = [
+ - "30bc1a97-d150-4d52-9e5e-b54f46e85caa",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "f3d1409a-3dc6-48a8-916b-088bc3c967ab" -> null
+ - device_owner = "compute:nova" -> null
+ - dns_assignment = [] -> null
+ - id = "d8144013-bf87-427b-b546-6bd17f4b749c" -> null
+ - mac_address = "fa:16:3e:0d:26:c1" -> null
+ - name = "general-tf-demo_server_port_2" -> null
+ - network_id = "52a1637a-9950-46c5-8044-99c02fd608dd" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - security_group_ids = [
+ - "30bc1a97-d150-4d52-9e5e-b54f46e85caa",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "8be2ddeb-bf42-465f-a828-af67beafea23" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0] will be destroyed
+ - resource "openstack_networking_router_interface_v2" "router_default_interface" {
+ - force_destroy = false -> null
+ - id = "1fbc50d1-50e7-4de8-8e0b-e919d12685b9" -> null
+ - port_id = "1fbc50d1-50e7-4de8-8e0b-e919d12685b9" -> null
+ - region = "Ostrava" -> null
+ - router_id = "7e061d3c-90c6-488c-9e8a-78d122fc0088" -> null
+ - subnet_id = "8be2ddeb-bf42-465f-a828-af67beafea23" -> null
+ }
+
+ # module.toplevel.openstack_networking_router_v2.router_default[0] will be destroyed
+ - resource "openstack_networking_router_v2" "router_default" {
+ - admin_state_up = true -> null
+ - all_tags = [] -> null
+ - availability_zone_hints = [
+ - "nova",
+ ] -> null
+ - distributed = false -> null
+ - enable_snat = true -> null
+ - external_gateway = "5a778b8d-4194-48fd-880d-181aaf7222c2" -> null
+ - external_network_id = "5a778b8d-4194-48fd-880d-181aaf7222c2" -> null
+ - id = "7e061d3c-90c6-488c-9e8a-78d122fc0088" -> null
+ - name = "general-tf-demo_infra-test" -> null
+ - region = "Ostrava" -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+
+ - external_fixed_ip {
+ - ip_address = "195.113.243.241" -> null
+ - subnet_id = "a8843622-1b54-414a-918a-1861434135ce" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "b0bbf3bb-e071-464e-8998-e615e9637ee4" -> null
+ - port_range_max = 80 -> null
+ - port_range_min = 80 -> null
+ - protocol = "tcp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "30bc1a97-d150-4d52-9e5e-b54f46e85caa" -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "7404a85d-9bb9-41c9-9f78-5a225f03012f" -> null
+ - port_range_max = 443 -> null
+ - port_range_min = 443 -> null
+ - protocol = "tcp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "30bc1a97-d150-4d52-9e5e-b54f46e85caa" -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "663be34f-2171-4999-9f79-7f3a9d985106" -> null
+ - port_range_max = 0 -> null
+ - port_range_min = 0 -> null
+ - protocol = "icmp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "30bc1a97-d150-4d52-9e5e-b54f46e85caa" -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "ba11b2f0-4a09-4774-a185-6b29980591e2" -> null
+ - port_range_max = 22 -> null
+ - port_range_min = 22 -> null
+ - protocol = "tcp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "30bc1a97-d150-4d52-9e5e-b54f46e85caa" -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_v2.secgroup_default will be destroyed
+ - resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ - all_tags = [] -> null
+ - description = "general-tf-demo Security group" -> null
+ - id = "30bc1a97-d150-4d52-9e5e-b54f46e85caa" -> null
+ - name = "general-tf-demo_security_group" -> null
+ - region = "Ostrava" -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ }
+
+ # module.toplevel.openstack_networking_subnet_v2.subnet_default[0] will be destroyed
+ - resource "openstack_networking_subnet_v2" "subnet_default" {
+ - all_tags = [] -> null
+ - cidr = "10.10.10.0/24" -> null
+ - dns_nameservers = [
+ - "1.1.1.1",
+ - "8.8.8.8",
+ ] -> null
+ - enable_dhcp = true -> null
+ - gateway_ip = "10.10.10.1" -> null
+ - id = "8be2ddeb-bf42-465f-a828-af67beafea23" -> null
+ - ip_version = 4 -> null
+ - name = "general-tf-demo_subnet" -> null
+ - network_id = "52a1637a-9950-46c5-8044-99c02fd608dd" -> null
+ - no_gateway = false -> null
+ - region = "Ostrava" -> null
+ - service_types = [] -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+
+ - allocation_pool {
+ - end = "10.10.10.254" -> null
+ - start = "10.10.10.2" -> null
+ }
+
+ - allocation_pools {
+ - end = "10.10.10.254" -> null
+ - start = "10.10.10.2" -> null
+ }
+ }
+
+Plan: 0 to add, 0 to change, 18 to destroy.
+
+Do you really want to destroy all resources?
+ Terraform will destroy all your managed infrastructure, as shown above.
+ There is no undo. Only 'yes' will be accepted to confirm.
+
+ Enter a value: yes
+
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Destroying... [id=195.113.243.33/b4621741-7b87-4d4f-af14-c8764be41209/]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Destroying... [id=ba11b2f0-4a09-4774-a185-6b29980591e2]
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0]: Destroying... [id=1fbc50d1-50e7-4de8-8e0b-e919d12685b9]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Destroying... [id=7404a85d-9bb9-41c9-9f78-5a225f03012f]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Destroying... [id=663be34f-2171-4999-9f79-7f3a9d985106]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Destroying... [id=b0bbf3bb-e071-464e-8998-e615e9637ee4]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Destroying... [id=505d5414-53e4-4736-a886-992e16ab7a13]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Destroying... [id=f3d1409a-3dc6-48a8-916b-088bc3c967ab]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Destruction complete after 1s
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Destroying... [id=c8ea0ba8-4c69-45ac-96dd-d08270d53e39]
+module.toplevel.openstack_compute_instance_v2.bastion: Destroying... [id=b4621741-7b87-4d4f-af14-c8764be41209]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Destruction complete after 6s
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Destruction complete after 6s
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0]: Destruction complete after 9s
+module.toplevel.openstack_networking_router_v2.router_default[0]: Destroying... [id=7e061d3c-90c6-488c-9e8a-78d122fc0088]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Still destroying... [id=b0bbf3bb-e071-464e-8998-e615e9637ee4, 10s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Still destroying... [id=663be34f-2171-4999-9f79-7f3a9d985106, 10s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Still destroying... [id=7404a85d-9bb9-41c9-9f78-5a225f03012f, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Still destroying... [id=505d5414-53e4-4736-a886-992e16ab7a13, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Still destroying... [id=f3d1409a-3dc6-48a8-916b-088bc3c967ab, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Destruction complete after 11s
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Destruction complete after 11s
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Destroying... [id=d8144013-bf87-427b-b546-6bd17f4b749c]
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Destroying... [id=31851ec6-83ae-40f6-b108-c6742b5bdd42]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Destruction complete after 11s
+module.toplevel.openstack_compute_instance_v2.bastion: Still destroying... [id=b4621741-7b87-4d4f-af14-c8764be41209, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.bastion: Destruction complete after 10s
+module.toplevel.openstack_compute_keypair_v2.pubkey: Destroying... [id=general-tf-demo-keypair]
+module.toplevel.openstack_networking_port_v2.bastion_port: Destroying... [id=43c96551-3600-4244-b6d9-35a5ff4f5363]
+module.toplevel.openstack_compute_keypair_v2.pubkey: Destruction complete after 1s
+module.toplevel.openstack_networking_router_v2.router_default[0]: Destruction complete after 5s
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Destruction complete after 16s
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Destruction complete after 5s
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Destruction complete after 5s
+module.toplevel.openstack_networking_port_v2.bastion_port: Destruction complete after 6s
+module.toplevel.openstack_networking_subnet_v2.subnet_default[0]: Destroying... [id=8be2ddeb-bf42-465f-a828-af67beafea23]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Still destroying... [id=b0bbf3bb-e071-464e-8998-e615e9637ee4, 20s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Destruction complete after 21s
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Destroying... [id=30bc1a97-d150-4d52-9e5e-b54f46e85caa]
+module.toplevel.openstack_networking_subnet_v2.subnet_default[0]: Destruction complete after 8s
+module.toplevel.openstack_networking_network_v2.network_default[0]: Destroying... [id=52a1637a-9950-46c5-8044-99c02fd608dd]
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Destruction complete after 8s
+module.toplevel.openstack_networking_network_v2.network_default[0]: Destruction complete after 5s
+
+Destroy complete! Resources: 18 destroyed.
+[freznicek@lenovo-t14 terraform 0]$
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform-2tier_public_bastion_private_vm_farm-group-project-wrapper.log b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform-2tier_public_bastion_private_vm_farm-group-project-wrapper.log
new file mode 100644
index 0000000000000000000000000000000000000000..a0444929924ef844e186992a4d4aef5823ab4b09
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform-2tier_public_bastion_private_vm_farm-group-project-wrapper.log
@@ -0,0 +1,994 @@
+[freznicek@lenovo-t14 terraform 0]$ source ~/conf/g2-prod-ostrava-meta-cloud-training-all-roles-openrc.sh
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh detect-cloud
+
+Using OpenStack cloud:
+"Ostrava","identity","3.14","CURRENT","https://identity.ostrava.openstack.cloud.e-infra.cz/v3/","",""
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh detect-project
+
+Using OpenStack group project named: meta-cloud-training
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh validate-tools
+
+Using commandline tools:
+openstack --version:
+ openstack 5.5.0
+bash --version:
+ GNU bash, verze 5.2.15(1)-release (x86_64-redhat-linux-gnu)
+awk -W version:
+ GNU Awk 5.1.1, API: 3.1 (GNU MPFR 4.1.0-p13, GNU MP 6.2.1)
+ssh -V:
+ OpenSSH_8.8p1, OpenSSL 3.0.8 7 Feb 2023
+which ssh-keygen:
+ /usr/bin/ssh-keygen
+ncat --version:
+ Ncat: Version 7.93 ( https://nmap.org/ncat )
+grep --version:
+ grep (GNU grep) 3.7
+terraform version:
+ Terraform v1.5.2
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh init
+
+Initializing the backend...
+Initializing modules...
+
+Initializing provider plugins...
+- Reusing previous version of terraform-provider-openstack/openstack from the dependency lock file
+- Using previously-installed terraform-provider-openstack/openstack v1.52.1
+
+Terraform has been successfully initialized!
+
+You may now begin working with Terraform. Try running "terraform plan" to see
+any changes that are required for your infrastructure. All Terraform commands
+should now work.
+
+If you ever set or change modules or backend configuration for Terraform,
+rerun this command to reinitialize your working directory. If you forget, other
+commands will detect it and remind you to do so if necessary.
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh validate
+Success! The configuration is valid.
+
+
+[freznicek@lenovo-t14 terraform 127]$ ./terraform.sh plan --out group-project.plan
+module.toplevel.data.openstack_networking_network_v2.external_network: Reading...
+module.toplevel.data.openstack_images_image_v2.nodes_image: Reading...
+module.toplevel.data.openstack_networking_network_v2.external_network: Read complete after 1s [id=5a778b8d-4194-48fd-880d-181aaf7222c2]
+module.toplevel.data.openstack_images_image_v2.nodes_image: Read complete after 1s [id=9a071dba-67d5-445f-9d32-0f56360fb10f]
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with
+the following symbols:
+ + create
+
+Terraform will perform the following actions:
+
+ # module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate will be created
+ + resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ + floating_ip = (known after apply)
+ + id = (known after apply)
+ + instance_id = (known after apply)
+ + region = (known after apply)
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.bastion will be created
+ + resource "openstack_compute_instance_v2" "bastion" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "standard.small"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "general-tf-demo-keypair"
+ + name = "general-tf-demo-bastion-server"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "general-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "c875cd218164c30103ab9399e7237ce0745df6ef"
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[0] will be created
+ + resource "openstack_compute_instance_v2" "nodes" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "e1.small"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "general-tf-demo-keypair"
+ + name = "general-tf-demo-server-1"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "general-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "4f71dc6cb6cef198c6b7be755b918c12ed196042"
+
+ + block_device {
+ + boot_index = 0
+ + delete_on_termination = true
+ + destination_type = "local"
+ + multiattach = false
+ + source_type = "image"
+ + uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f"
+ + volume_size = 10
+ }
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[1] will be created
+ + resource "openstack_compute_instance_v2" "nodes" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "e1.small"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "general-tf-demo-keypair"
+ + name = "general-tf-demo-server-2"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "general-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "02ba299fe90493a6657b8efdc54727f3ceceb1eb"
+
+ + block_device {
+ + boot_index = 0
+ + delete_on_termination = true
+ + destination_type = "local"
+ + multiattach = false
+ + source_type = "image"
+ + uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f"
+ + volume_size = 10
+ }
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_compute_keypair_v2.pubkey will be created
+ + resource "openstack_compute_keypair_v2" "pubkey" {
+ + fingerprint = (known after apply)
+ + id = (known after apply)
+ + name = "general-tf-demo-keypair"
+ + private_key = (sensitive value)
+ + public_key = <<-EOT
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCh5m8MwPW2mSXPFj0P3SSnAjukeQinvdESJfUeVqxOLozx3uAprm+ghPlun4V0mqfIfs6SmJM2wN8oDjd18yJVgCc1tfaSTDYDnVdrVPzWQYDdCqca0a3z+fXuK/sffv+9SH4LdNGqm6wA6xjJAbp8HbsnUNbcxs9bt9GJToxRjVCHjawJxlBBUemuYU7x7B8tdq3W5Fxtc9dIEcpO7NLvVujSSzbTwxVANSpOsbhroN6IQP299hB7Ggoa7P0MNaJa9VHJSU4Z6N7lYDrMG5gkm6LxL6s37ljyQS7IVDNKbhj1WrWfxAWrYtQy5alzisa7uuaxb1dOwEEWzZI5Z59T79cZActsJJPf6e4zurYo8Tqw9vpJId8ohDEQVnmb5asDGMz5G8xXa4G98McVYL1766fN1FxflYLIVRi7uPTLjN76COh/Q/ZxYuByFYl62VY+vT3CxcYInsqOkhwgfmHMbepq3ndRRIrN97IDDMutT5peTLSwpsmME+202Tg12TL7aGMyeNfcRxJkm3nHvXXKSAu1fJKXPvTQZZRxctX9GQ+2iYBhB57WnmtvfzgfcrAdZTXH3Mh08xRB+Uv/VqupLhm9Fgs/+IVUyi0AezsL6NrGItyPVcVU2HXF6xdsIFyHgb2Jhbdm2PzN/n7lcRa6lkltPBpLSWZb0N0DSHbrJw== freznicek@fedora
+ EOT
+ + region = (known after apply)
+ + user_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_floatingip_v2.bastion_fip will be created
+ + resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ + address = (known after apply)
+ + all_tags = (known after apply)
+ + dns_domain = (known after apply)
+ + dns_name = (known after apply)
+ + fixed_ip = (known after apply)
+ + id = (known after apply)
+ + pool = "external-ipv4-general-public"
+ + port_id = (known after apply)
+ + region = (known after apply)
+ + subnet_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_network_v2.network_default[0] will be created
+ + resource "openstack_networking_network_v2" "network_default" {
+ + admin_state_up = true
+ + all_tags = (known after apply)
+ + availability_zone_hints = (known after apply)
+ + dns_domain = (known after apply)
+ + external = (known after apply)
+ + id = (known after apply)
+ + mtu = (known after apply)
+ + name = "general-tf-demo_network"
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + shared = (known after apply)
+ + tenant_id = (known after apply)
+ + transparent_vlan = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_port_v2.bastion_port will be created
+ + resource "openstack_networking_port_v2" "bastion_port" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "general-tf-demo-bastion-server-port"
+ + network_id = (known after apply)
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[0] will be created
+ + resource "openstack_networking_port_v2" "nodes_ports" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "general-tf-demo_server_port_1"
+ + network_id = (known after apply)
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[1] will be created
+ + resource "openstack_networking_port_v2" "nodes_ports" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "general-tf-demo_server_port_2"
+ + network_id = (known after apply)
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = (known after apply)
+ }
+ }
+
+ # module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0] will be created
+ + resource "openstack_networking_router_interface_v2" "router_default_interface" {
+ + force_destroy = false
+ + id = (known after apply)
+ + port_id = (known after apply)
+ + region = (known after apply)
+ + router_id = (known after apply)
+ + subnet_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_router_v2.router_default[0] will be created
+ + resource "openstack_networking_router_v2" "router_default" {
+ + admin_state_up = true
+ + all_tags = (known after apply)
+ + availability_zone_hints = (known after apply)
+ + distributed = (known after apply)
+ + enable_snat = (known after apply)
+ + external_gateway = (known after apply)
+ + external_network_id = "5a778b8d-4194-48fd-880d-181aaf7222c2"
+ + id = (known after apply)
+ + name = "general-tf-demo_infra-test"
+ + region = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 80
+ + port_range_min = 80
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 443
+ + port_range_min = 443
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 0
+ + port_range_min = 0
+ + protocol = "icmp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 22
+ + port_range_min = 22
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_v2.secgroup_default will be created
+ + resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ + all_tags = (known after apply)
+ + description = "general-tf-demo Security group"
+ + id = (known after apply)
+ + name = "general-tf-demo_security_group"
+ + region = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_subnet_v2.subnet_default[0] will be created
+ + resource "openstack_networking_subnet_v2" "subnet_default" {
+ + all_tags = (known after apply)
+ + cidr = "10.10.10.0/24"
+ + dns_nameservers = [
+ + "1.1.1.1",
+ + "8.8.8.8",
+ ]
+ + enable_dhcp = true
+ + gateway_ip = (known after apply)
+ + id = (known after apply)
+ + ip_version = 4
+ + ipv6_address_mode = (known after apply)
+ + ipv6_ra_mode = (known after apply)
+ + name = "general-tf-demo_subnet"
+ + network_id = (known after apply)
+ + no_gateway = false
+ + region = (known after apply)
+ + service_types = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+Plan: 18 to add, 0 to change, 0 to destroy.
+
+───────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+
+Saved the plan to: group-project.plan
+
+To perform exactly these actions, run the following command to apply:
+ terraform apply "group-project.plan"
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh apply "group-project.plan"
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Creating...
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Creating...
+module.toplevel.openstack_compute_keypair_v2.pubkey: Creating...
+module.toplevel.openstack_networking_router_v2.router_default[0]: Creating...
+module.toplevel.openstack_networking_network_v2.network_default[0]: Creating...
+module.toplevel.openstack_compute_keypair_v2.pubkey: Creation complete after 1s [id=general-tf-demo-keypair]
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Creation complete after 1s [id=fe4f760c-52a4-4b9c-863a-be2a00ac49be]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Creation complete after 0s [id=ce5f3e79-ffcb-44e5-8d45-b12940d25361]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Creation complete after 1s [id=379d9e7c-d0d6-4a0d-bafc-6607a0e520b0]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Creation complete after 1s [id=e48033a1-7849-4968-a50f-6f80bd2a3f3c]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Creation complete after 1s [id=083d26d5-718b-4196-8baa-57357bf8deab]
+module.toplevel.openstack_networking_network_v2.network_default[0]: Creation complete after 6s [id=dcf3f972-4e43-47ae-8aa3-709d065e523a]
+module.toplevel.openstack_networking_subnet_v2.subnet_default[0]: Creating...
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Creation complete after 7s [id=af08b5cd-ee05-460d-b388-5dc450bb34b6]
+module.toplevel.openstack_networking_router_v2.router_default[0]: Creation complete after 9s [id=0c3d769c-ba0a-4eb2-9d7b-3d3728145996]
+module.toplevel.openstack_networking_subnet_v2.subnet_default[0]: Creation complete after 6s [id=54bc4d20-d0bf-4fd5-9467-5586a67a72f9]
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0]: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Creating...
+module.toplevel.openstack_networking_port_v2.bastion_port: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Creating...
+module.toplevel.openstack_networking_port_v2.bastion_port: Creation complete after 5s [id=b89c3de0-8ec8-469e-963c-7abb9ad4e1af]
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Creation complete after 5s [id=9e517aee-1ad8-478c-8db8-0f7f86be42c2]
+module.toplevel.openstack_compute_instance_v2.bastion: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Creation complete after 6s [id=8fd0aac2-e57a-41d9-827c-ceae90718ef3]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Creating...
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Creating...
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0]: Creation complete after 6s [id=699e1c6f-3c53-435a-bb03-ab4a35e4b494]
+module.toplevel.openstack_compute_instance_v2.bastion: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.bastion: Creation complete after 11s [id=f20f7683-4457-40c9-bac7-3b684a7c3d6f]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Creating...
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Creation complete after 11s [id=79c4c4e0-5237-43d1-8e13-0c1c1428b606]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Creation complete after 11s [id=a1ee4124-acb9-4f15-803e-fb6daa6dd654]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Creation complete after 1s [id=195.113.243.197/f20f7683-4457-40c9-bac7-3b684a7c3d6f/]
+
+Apply complete! Resources: 18 added, 0 changed, 0 destroyed.
+[freznicek@lenovo-t14 terraform 0]$ openstack server list | grep bastion
+| f20f7683-4457-40c9-bac7-3b684a7c3d6f | general-tf-demo-bastion-server | ACTIVE | general-tf-demo_network=10.10.10.56, 195.113.243.197 | ubuntu-jammy-x86_64 | standard.small |
+[freznicek@lenovo-t14 terraform 0]$ ssh ubuntu@195.113.243.197 'uname -a;uptime'
+The authenticity of host '195.113.243.197 (195.113.243.197)' can't be established.
+ED25519 key fingerprint is SHA256:aJ/LVBbadgLD84ksuXwOhubxXXHgildqSTq5jRFg+x8.
+This key is not known by any other names
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '195.113.243.197' (ED25519) to the list of known hosts.
+Linux general-tf-demo-bastion-server 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
+ 17:13:02 up 0 min, 0 users, load average: 0.39, 0.12, 0.04
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh destroy
+module.toplevel.openstack_compute_keypair_v2.pubkey: Refreshing state... [id=general-tf-demo-keypair]
+module.toplevel.data.openstack_images_image_v2.nodes_image: Reading...
+module.toplevel.data.openstack_networking_network_v2.external_network: Reading...
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Refreshing state... [id=fe4f760c-52a4-4b9c-863a-be2a00ac49be]
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Refreshing state... [id=af08b5cd-ee05-460d-b388-5dc450bb34b6]
+module.toplevel.openstack_networking_network_v2.network_default[0]: Refreshing state... [id=dcf3f972-4e43-47ae-8aa3-709d065e523a]
+module.toplevel.data.openstack_images_image_v2.nodes_image: Read complete after 1s [id=9a071dba-67d5-445f-9d32-0f56360fb10f]
+module.toplevel.data.openstack_networking_network_v2.external_network: Read complete after 1s [id=5a778b8d-4194-48fd-880d-181aaf7222c2]
+module.toplevel.openstack_networking_router_v2.router_default[0]: Refreshing state... [id=0c3d769c-ba0a-4eb2-9d7b-3d3728145996]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Refreshing state... [id=ce5f3e79-ffcb-44e5-8d45-b12940d25361]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Refreshing state... [id=083d26d5-718b-4196-8baa-57357bf8deab]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Refreshing state... [id=379d9e7c-d0d6-4a0d-bafc-6607a0e520b0]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Refreshing state... [id=e48033a1-7849-4968-a50f-6f80bd2a3f3c]
+module.toplevel.openstack_networking_subnet_v2.subnet_default[0]: Refreshing state... [id=54bc4d20-d0bf-4fd5-9467-5586a67a72f9]
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0]: Refreshing state... [id=699e1c6f-3c53-435a-bb03-ab4a35e4b494]
+module.toplevel.openstack_networking_port_v2.bastion_port: Refreshing state... [id=b89c3de0-8ec8-469e-963c-7abb9ad4e1af]
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Refreshing state... [id=9e517aee-1ad8-478c-8db8-0f7f86be42c2]
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Refreshing state... [id=8fd0aac2-e57a-41d9-827c-ceae90718ef3]
+module.toplevel.openstack_compute_instance_v2.bastion: Refreshing state... [id=f20f7683-4457-40c9-bac7-3b684a7c3d6f]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Refreshing state... [id=a1ee4124-acb9-4f15-803e-fb6daa6dd654]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Refreshing state... [id=79c4c4e0-5237-43d1-8e13-0c1c1428b606]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Refreshing state... [id=195.113.243.197/f20f7683-4457-40c9-bac7-3b684a7c3d6f/]
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with
+the following symbols:
+ - destroy
+
+Terraform will perform the following actions:
+
+ # module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate will be destroyed
+ - resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ - floating_ip = "195.113.243.197" -> null
+ - id = "195.113.243.197/f20f7683-4457-40c9-bac7-3b684a7c3d6f/" -> null
+ - instance_id = "f20f7683-4457-40c9-bac7-3b684a7c3d6f" -> null
+ - region = "Ostrava" -> null
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.bastion will be destroyed
+ - resource "openstack_compute_instance_v2" "bastion" {
+ - access_ip_v4 = "10.10.10.56" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "nova" -> null
+ - created = "2023-08-06 17:12:05 +0000 UTC" -> null
+ - flavor_id = "f5bb56cc-297d-4f1b-bf17-202fa0a8e9a3" -> null
+ - flavor_name = "standard.small" -> null
+ - force_delete = false -> null
+ - id = "f20f7683-4457-40c9-bac7-3b684a7c3d6f" -> null
+ - image_id = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-bastion-server" -> null
+ - power_state = "active" -> null
+ - region = "Ostrava" -> null
+ - security_groups = [
+ - "general-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-08-06 17:12:09 +0000 UTC" -> null
+ - user_data = "c875cd218164c30103ab9399e7237ce0745df6ef" -> null
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "10.10.10.56" -> null
+ - mac = "fa:16:3e:80:2d:4a" -> null
+ - name = "general-tf-demo_network" -> null
+ - port = "b89c3de0-8ec8-469e-963c-7abb9ad4e1af" -> null
+ - uuid = "dcf3f972-4e43-47ae-8aa3-709d065e523a" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[0] will be destroyed
+ - resource "openstack_compute_instance_v2" "nodes" {
+ - access_ip_v4 = "10.10.10.171" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "nova" -> null
+ - created = "2023-08-06 17:12:06 +0000 UTC" -> null
+ - flavor_id = "77f5fa9b-255a-4bff-af57-be0bcf0dba03" -> null
+ - flavor_name = "e1.small" -> null
+ - force_delete = false -> null
+ - id = "a1ee4124-acb9-4f15-803e-fb6daa6dd654" -> null
+ - image_id = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-server-1" -> null
+ - power_state = "active" -> null
+ - region = "Ostrava" -> null
+ - security_groups = [
+ - "general-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-08-06 17:12:11 +0000 UTC" -> null
+ - user_data = "4f71dc6cb6cef198c6b7be755b918c12ed196042" -> null
+
+ - block_device {
+ - boot_index = 0 -> null
+ - delete_on_termination = true -> null
+ - destination_type = "local" -> null
+ - multiattach = false -> null
+ - source_type = "image" -> null
+ - uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - volume_size = 10 -> null
+ }
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "10.10.10.171" -> null
+ - mac = "fa:16:3e:e9:8d:1c" -> null
+ - name = "general-tf-demo_network" -> null
+ - port = "8fd0aac2-e57a-41d9-827c-ceae90718ef3" -> null
+ - uuid = "dcf3f972-4e43-47ae-8aa3-709d065e523a" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[1] will be destroyed
+ - resource "openstack_compute_instance_v2" "nodes" {
+ - access_ip_v4 = "10.10.10.36" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "nova" -> null
+ - created = "2023-08-06 17:12:06 +0000 UTC" -> null
+ - flavor_id = "77f5fa9b-255a-4bff-af57-be0bcf0dba03" -> null
+ - flavor_name = "e1.small" -> null
+ - force_delete = false -> null
+ - id = "79c4c4e0-5237-43d1-8e13-0c1c1428b606" -> null
+ - image_id = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-server-2" -> null
+ - power_state = "active" -> null
+ - region = "Ostrava" -> null
+ - security_groups = [
+ - "general-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-08-06 17:12:11 +0000 UTC" -> null
+ - user_data = "02ba299fe90493a6657b8efdc54727f3ceceb1eb" -> null
+
+ - block_device {
+ - boot_index = 0 -> null
+ - delete_on_termination = true -> null
+ - destination_type = "local" -> null
+ - multiattach = false -> null
+ - source_type = "image" -> null
+ - uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - volume_size = 10 -> null
+ }
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "10.10.10.36" -> null
+ - mac = "fa:16:3e:fb:4f:fc" -> null
+ - name = "general-tf-demo_network" -> null
+ - port = "9e517aee-1ad8-478c-8db8-0f7f86be42c2" -> null
+ - uuid = "dcf3f972-4e43-47ae-8aa3-709d065e523a" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_keypair_v2.pubkey will be destroyed
+ - resource "openstack_compute_keypair_v2" "pubkey" {
+ - fingerprint = "75:e0:a4:d6:4c:76:ba:21:f1:d1:75:c8:75:22:93:4f" -> null
+ - id = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-keypair" -> null
+ - public_key = <<-EOT
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCh5m8MwPW2mSXPFj0P3SSnAjukeQinvdESJfUeVqxOLozx3uAprm+ghPlun4V0mqfIfs6SmJM2wN8oDjd18yJVgCc1tfaSTDYDnVdrVPzWQYDdCqca0a3z+fXuK/sffv+9SH4LdNGqm6wA6xjJAbp8HbsnUNbcxs9bt9GJToxRjVCHjawJxlBBUemuYU7x7B8tdq3W5Fxtc9dIEcpO7NLvVujSSzbTwxVANSpOsbhroN6IQP299hB7Ggoa7P0MNaJa9VHJSU4Z6N7lYDrMG5gkm6LxL6s37ljyQS7IVDNKbhj1WrWfxAWrYtQy5alzisa7uuaxb1dOwEEWzZI5Z59T79cZActsJJPf6e4zurYo8Tqw9vpJId8ohDEQVnmb5asDGMz5G8xXa4G98McVYL1766fN1FxflYLIVRi7uPTLjN76COh/Q/ZxYuByFYl62VY+vT3CxcYInsqOkhwgfmHMbepq3ndRRIrN97IDDMutT5peTLSwpsmME+202Tg12TL7aGMyeNfcRxJkm3nHvXXKSAu1fJKXPvTQZZRxctX9GQ+2iYBhB57WnmtvfzgfcrAdZTXH3Mh08xRB+Uv/VqupLhm9Fgs/+IVUyi0AezsL6NrGItyPVcVU2HXF6xdsIFyHgb2Jhbdm2PzN/n7lcRa6lkltPBpLSWZb0N0DSHbrJw== freznicek@fedora
+ EOT -> null
+ - region = "Ostrava" -> null
+ }
+
+ # module.toplevel.openstack_networking_floatingip_v2.bastion_fip will be destroyed
+ - resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ - address = "195.113.243.197" -> null
+ - all_tags = [] -> null
+ - fixed_ip = "10.10.10.56" -> null
+ - id = "af08b5cd-ee05-460d-b388-5dc450bb34b6" -> null
+ - pool = "external-ipv4-general-public" -> null
+ - port_id = "b89c3de0-8ec8-469e-963c-7abb9ad4e1af" -> null
+ - region = "Ostrava" -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ }
+
+ # module.toplevel.openstack_networking_network_v2.network_default[0] will be destroyed
+ - resource "openstack_networking_network_v2" "network_default" {
+ - admin_state_up = true -> null
+ - all_tags = [] -> null
+ - availability_zone_hints = [
+ - "nova",
+ ] -> null
+ - external = false -> null
+ - id = "dcf3f972-4e43-47ae-8aa3-709d065e523a" -> null
+ - mtu = 8950 -> null
+ - name = "general-tf-demo_network" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - shared = false -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ - transparent_vlan = false -> null
+ }
+
+ # module.toplevel.openstack_networking_port_v2.bastion_port will be destroyed
+ - resource "openstack_networking_port_v2" "bastion_port" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "10.10.10.56",
+ ] -> null
+ - all_security_group_ids = [
+ - "fe4f760c-52a4-4b9c-863a-be2a00ac49be",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "f20f7683-4457-40c9-bac7-3b684a7c3d6f" -> null
+ - device_owner = "compute:nova" -> null
+ - dns_assignment = [] -> null
+ - id = "b89c3de0-8ec8-469e-963c-7abb9ad4e1af" -> null
+ - mac_address = "fa:16:3e:80:2d:4a" -> null
+ - name = "general-tf-demo-bastion-server-port" -> null
+ - network_id = "dcf3f972-4e43-47ae-8aa3-709d065e523a" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - security_group_ids = [
+ - "fe4f760c-52a4-4b9c-863a-be2a00ac49be",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "54bc4d20-d0bf-4fd5-9467-5586a67a72f9" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[0] will be destroyed
+ - resource "openstack_networking_port_v2" "nodes_ports" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "10.10.10.171",
+ ] -> null
+ - all_security_group_ids = [
+ - "fe4f760c-52a4-4b9c-863a-be2a00ac49be",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "a1ee4124-acb9-4f15-803e-fb6daa6dd654" -> null
+ - device_owner = "compute:nova" -> null
+ - dns_assignment = [] -> null
+ - id = "8fd0aac2-e57a-41d9-827c-ceae90718ef3" -> null
+ - mac_address = "fa:16:3e:e9:8d:1c" -> null
+ - name = "general-tf-demo_server_port_1" -> null
+ - network_id = "dcf3f972-4e43-47ae-8aa3-709d065e523a" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - security_group_ids = [
+ - "fe4f760c-52a4-4b9c-863a-be2a00ac49be",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "54bc4d20-d0bf-4fd5-9467-5586a67a72f9" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[1] will be destroyed
+ - resource "openstack_networking_port_v2" "nodes_ports" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "10.10.10.36",
+ ] -> null
+ - all_security_group_ids = [
+ - "fe4f760c-52a4-4b9c-863a-be2a00ac49be",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "79c4c4e0-5237-43d1-8e13-0c1c1428b606" -> null
+ - device_owner = "compute:nova" -> null
+ - dns_assignment = [] -> null
+ - id = "9e517aee-1ad8-478c-8db8-0f7f86be42c2" -> null
+ - mac_address = "fa:16:3e:fb:4f:fc" -> null
+ - name = "general-tf-demo_server_port_2" -> null
+ - network_id = "dcf3f972-4e43-47ae-8aa3-709d065e523a" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - security_group_ids = [
+ - "fe4f760c-52a4-4b9c-863a-be2a00ac49be",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "54bc4d20-d0bf-4fd5-9467-5586a67a72f9" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0] will be destroyed
+ - resource "openstack_networking_router_interface_v2" "router_default_interface" {
+ - force_destroy = false -> null
+ - id = "699e1c6f-3c53-435a-bb03-ab4a35e4b494" -> null
+ - port_id = "699e1c6f-3c53-435a-bb03-ab4a35e4b494" -> null
+ - region = "Ostrava" -> null
+ - router_id = "0c3d769c-ba0a-4eb2-9d7b-3d3728145996" -> null
+ - subnet_id = "54bc4d20-d0bf-4fd5-9467-5586a67a72f9" -> null
+ }
+
+ # module.toplevel.openstack_networking_router_v2.router_default[0] will be destroyed
+ - resource "openstack_networking_router_v2" "router_default" {
+ - admin_state_up = true -> null
+ - all_tags = [] -> null
+ - availability_zone_hints = [
+ - "nova",
+ ] -> null
+ - distributed = false -> null
+ - enable_snat = true -> null
+ - external_gateway = "5a778b8d-4194-48fd-880d-181aaf7222c2" -> null
+ - external_network_id = "5a778b8d-4194-48fd-880d-181aaf7222c2" -> null
+ - id = "0c3d769c-ba0a-4eb2-9d7b-3d3728145996" -> null
+ - name = "general-tf-demo_infra-test" -> null
+ - region = "Ostrava" -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+
+ - external_fixed_ip {
+ - ip_address = "195.113.243.169" -> null
+ - subnet_id = "a8843622-1b54-414a-918a-1861434135ce" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "083d26d5-718b-4196-8baa-57357bf8deab" -> null
+ - port_range_max = 80 -> null
+ - port_range_min = 80 -> null
+ - protocol = "tcp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "fe4f760c-52a4-4b9c-863a-be2a00ac49be" -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "e48033a1-7849-4968-a50f-6f80bd2a3f3c" -> null
+ - port_range_max = 443 -> null
+ - port_range_min = 443 -> null
+ - protocol = "tcp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "fe4f760c-52a4-4b9c-863a-be2a00ac49be" -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "ce5f3e79-ffcb-44e5-8d45-b12940d25361" -> null
+ - port_range_max = 0 -> null
+ - port_range_min = 0 -> null
+ - protocol = "icmp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "fe4f760c-52a4-4b9c-863a-be2a00ac49be" -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "379d9e7c-d0d6-4a0d-bafc-6607a0e520b0" -> null
+ - port_range_max = 22 -> null
+ - port_range_min = 22 -> null
+ - protocol = "tcp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "fe4f760c-52a4-4b9c-863a-be2a00ac49be" -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_v2.secgroup_default will be destroyed
+ - resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ - all_tags = [] -> null
+ - description = "general-tf-demo Security group" -> null
+ - id = "fe4f760c-52a4-4b9c-863a-be2a00ac49be" -> null
+ - name = "general-tf-demo_security_group" -> null
+ - region = "Ostrava" -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+ }
+
+ # module.toplevel.openstack_networking_subnet_v2.subnet_default[0] will be destroyed
+ - resource "openstack_networking_subnet_v2" "subnet_default" {
+ - all_tags = [] -> null
+ - cidr = "10.10.10.0/24" -> null
+ - dns_nameservers = [
+ - "1.1.1.1",
+ - "8.8.8.8",
+ ] -> null
+ - enable_dhcp = true -> null
+ - gateway_ip = "10.10.10.1" -> null
+ - id = "54bc4d20-d0bf-4fd5-9467-5586a67a72f9" -> null
+ - ip_version = 4 -> null
+ - name = "general-tf-demo_subnet" -> null
+ - network_id = "dcf3f972-4e43-47ae-8aa3-709d065e523a" -> null
+ - no_gateway = false -> null
+ - region = "Ostrava" -> null
+ - service_types = [] -> null
+ - tags = [] -> null
+ - tenant_id = "7587d86892f449c3b11fdedb05976007" -> null
+
+ - allocation_pool {
+ - end = "10.10.10.254" -> null
+ - start = "10.10.10.2" -> null
+ }
+
+ - allocation_pools {
+ - end = "10.10.10.254" -> null
+ - start = "10.10.10.2" -> null
+ }
+ }
+
+Plan: 0 to add, 0 to change, 18 to destroy.
+
+Do you really want to destroy all resources?
+ Terraform will destroy all your managed infrastructure, as shown above.
+ There is no undo. Only 'yes' will be accepted to confirm.
+
+ Enter a value: yes
+
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Destroying... [id=195.113.243.197/f20f7683-4457-40c9-bac7-3b684a7c3d6f/]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Destroying... [id=379d9e7c-d0d6-4a0d-bafc-6607a0e520b0]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Destroying... [id=ce5f3e79-ffcb-44e5-8d45-b12940d25361]
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0]: Destroying... [id=699e1c6f-3c53-435a-bb03-ab4a35e4b494]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Destroying... [id=e48033a1-7849-4968-a50f-6f80bd2a3f3c]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Destroying... [id=083d26d5-718b-4196-8baa-57357bf8deab]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Destroying... [id=79c4c4e0-5237-43d1-8e13-0c1c1428b606]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Destroying... [id=a1ee4124-acb9-4f15-803e-fb6daa6dd654]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Destruction complete after 2s
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Destroying... [id=af08b5cd-ee05-460d-b388-5dc450bb34b6]
+module.toplevel.openstack_compute_instance_v2.bastion: Destroying... [id=f20f7683-4457-40c9-bac7-3b684a7c3d6f]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Destruction complete after 6s
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Destruction complete after 5s
+module.toplevel.openstack_networking_router_interface_v2.router_default_interface[0]: Destruction complete after 10s
+module.toplevel.openstack_networking_router_v2.router_default[0]: Destroying... [id=0c3d769c-ba0a-4eb2-9d7b-3d3728145996]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Still destroying... [id=379d9e7c-d0d6-4a0d-bafc-6607a0e520b0, 10s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Still destroying... [id=e48033a1-7849-4968-a50f-6f80bd2a3f3c, 10s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Still destroying... [id=083d26d5-718b-4196-8baa-57357bf8deab, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Still destroying... [id=a1ee4124-acb9-4f15-803e-fb6daa6dd654, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Still destroying... [id=79c4c4e0-5237-43d1-8e13-0c1c1428b606, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Destruction complete after 11s
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Destruction complete after 11s
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Destroying... [id=8fd0aac2-e57a-41d9-827c-ceae90718ef3]
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Destroying... [id=9e517aee-1ad8-478c-8db8-0f7f86be42c2]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Destruction complete after 11s
+module.toplevel.openstack_compute_instance_v2.bastion: Still destroying... [id=f20f7683-4457-40c9-bac7-3b684a7c3d6f, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.bastion: Destruction complete after 10s
+module.toplevel.openstack_compute_keypair_v2.pubkey: Destroying... [id=general-tf-demo-keypair]
+module.toplevel.openstack_networking_port_v2.bastion_port: Destroying... [id=b89c3de0-8ec8-469e-963c-7abb9ad4e1af]
+module.toplevel.openstack_compute_keypair_v2.pubkey: Destruction complete after 0s
+module.toplevel.openstack_networking_router_v2.router_default[0]: Destruction complete after 6s
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Destruction complete after 16s
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Destruction complete after 5s
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Destruction complete after 5s
+module.toplevel.openstack_networking_port_v2.bastion_port: Destruction complete after 6s
+module.toplevel.openstack_networking_subnet_v2.subnet_default[0]: Destroying... [id=54bc4d20-d0bf-4fd5-9467-5586a67a72f9]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Still destroying... [id=379d9e7c-d0d6-4a0d-bafc-6607a0e520b0, 20s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Destruction complete after 21s
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Destroying... [id=fe4f760c-52a4-4b9c-863a-be2a00ac49be]
+module.toplevel.openstack_networking_subnet_v2.subnet_default[0]: Destruction complete after 8s
+module.toplevel.openstack_networking_network_v2.network_default[0]: Destroying... [id=dcf3f972-4e43-47ae-8aa3-709d065e523a]
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Destruction complete after 8s
+module.toplevel.openstack_networking_network_v2.network_default[0]: Destruction complete after 5s
+
+Destroy complete! Resources: 18 destroyed.
+[freznicek@lenovo-t14 terraform 0]$
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform-2tier_public_bastion_private_vm_farm-personal-project-no-wrapper.log b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform-2tier_public_bastion_private_vm_farm-personal-project-no-wrapper.log
new file mode 100644
index 0000000000000000000000000000000000000000..45e343abac20b8d7c1f6cf8f0fe8b08a4a56a980
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform-2tier_public_bastion_private_vm_farm-personal-project-no-wrapper.log
@@ -0,0 +1,809 @@
+[freznicek@lenovo-t14 terraform 0]$ source ~/conf/g2-prod-ostrava-freznicek-all-roles.sh.inc
+[freznicek@lenovo-t14 terraform 0]$ terraform init
+
+Initializing the backend...
+Initializing modules...
+
+Initializing provider plugins...
+- Reusing previous version of terraform-provider-openstack/openstack from the dependency lock file
+- Using previously-installed terraform-provider-openstack/openstack v1.52.1
+
+Terraform has been successfully initialized!
+
+You may now begin working with Terraform. Try running "terraform plan" to see
+any changes that are required for your infrastructure. All Terraform commands
+should now work.
+
+If you ever set or change modules or backend configuration for Terraform,
+rerun this command to reinitialize your working directory. If you forget, other
+commands will detect it and remind you to do so if necessary.
+[freznicek@lenovo-t14 terraform 0]$ terraform validate
+Success! The configuration is valid.
+
+[freznicek@lenovo-t14 terraform 0]$ terraform plan --out personal-project.plan --var-file=personal-projects.tfvars
+module.toplevel.data.openstack_networking_network_v2.external_network: Reading...
+module.toplevel.data.openstack_networking_network_v2.internal_shared_personal_network[0]: Reading...
+module.toplevel.data.openstack_images_image_v2.nodes_image: Reading...
+module.toplevel.data.openstack_networking_subnet_v2.internal_shared_personal_subnet[0]: Reading...
+module.toplevel.data.openstack_networking_subnet_v2.internal_shared_personal_subnet[0]: Read complete after 1s [id=3170bacf-72e9-418f-8b0c-72f2e67eefd1]
+module.toplevel.data.openstack_networking_network_v2.internal_shared_personal_network[0]: Read complete after 1s [id=968fe5cf-e7b3-4d47-8239-d6f3ea2edd16]
+module.toplevel.data.openstack_networking_network_v2.external_network: Read complete after 1s [id=5a778b8d-4194-48fd-880d-181aaf7222c2]
+module.toplevel.data.openstack_images_image_v2.nodes_image: Read complete after 1s [id=9a071dba-67d5-445f-9d32-0f56360fb10f]
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with
+the following symbols:
+ + create
+
+Terraform will perform the following actions:
+
+ # module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate will be created
+ + resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ + floating_ip = (known after apply)
+ + id = (known after apply)
+ + instance_id = (known after apply)
+ + region = (known after apply)
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.bastion will be created
+ + resource "openstack_compute_instance_v2" "bastion" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "standard.small"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "general-tf-demo-keypair"
+ + name = "general-tf-demo-bastion-server"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "general-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "c875cd218164c30103ab9399e7237ce0745df6ef"
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16"
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[0] will be created
+ + resource "openstack_compute_instance_v2" "nodes" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "e1.small"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "general-tf-demo-keypair"
+ + name = "general-tf-demo-server-1"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "general-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "4f71dc6cb6cef198c6b7be755b918c12ed196042"
+
+ + block_device {
+ + boot_index = 0
+ + delete_on_termination = true
+ + destination_type = "local"
+ + multiattach = false
+ + source_type = "image"
+ + uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f"
+ + volume_size = 10
+ }
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16"
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[1] will be created
+ + resource "openstack_compute_instance_v2" "nodes" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "e1.small"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "general-tf-demo-keypair"
+ + name = "general-tf-demo-server-2"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "general-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "02ba299fe90493a6657b8efdc54727f3ceceb1eb"
+
+ + block_device {
+ + boot_index = 0
+ + delete_on_termination = true
+ + destination_type = "local"
+ + multiattach = false
+ + source_type = "image"
+ + uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f"
+ + volume_size = 10
+ }
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16"
+ }
+ }
+
+ # module.toplevel.openstack_compute_keypair_v2.pubkey will be created
+ + resource "openstack_compute_keypair_v2" "pubkey" {
+ + fingerprint = (known after apply)
+ + id = (known after apply)
+ + name = "general-tf-demo-keypair"
+ + private_key = (sensitive value)
+ + public_key = <<-EOT
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCh5m8MwPW2mSXPFj0P3SSnAjukeQinvdESJfUeVqxOLozx3uAprm+ghPlun4V0mqfIfs6SmJM2wN8oDjd18yJVgCc1tfaSTDYDnVdrVPzWQYDdCqca0a3z+fXuK/sffv+9SH4LdNGqm6wA6xjJAbp8HbsnUNbcxs9bt9GJToxRjVCHjawJxlBBUemuYU7x7B8tdq3W5Fxtc9dIEcpO7NLvVujSSzbTwxVANSpOsbhroN6IQP299hB7Ggoa7P0MNaJa9VHJSU4Z6N7lYDrMG5gkm6LxL6s37ljyQS7IVDNKbhj1WrWfxAWrYtQy5alzisa7uuaxb1dOwEEWzZI5Z59T79cZActsJJPf6e4zurYo8Tqw9vpJId8ohDEQVnmb5asDGMz5G8xXa4G98McVYL1766fN1FxflYLIVRi7uPTLjN76COh/Q/ZxYuByFYl62VY+vT3CxcYInsqOkhwgfmHMbepq3ndRRIrN97IDDMutT5peTLSwpsmME+202Tg12TL7aGMyeNfcRxJkm3nHvXXKSAu1fJKXPvTQZZRxctX9GQ+2iYBhB57WnmtvfzgfcrAdZTXH3Mh08xRB+Uv/VqupLhm9Fgs/+IVUyi0AezsL6NrGItyPVcVU2HXF6xdsIFyHgb2Jhbdm2PzN/n7lcRa6lkltPBpLSWZb0N0DSHbrJw== freznicek@fedora
+ EOT
+ + region = (known after apply)
+ + user_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_floatingip_v2.bastion_fip will be created
+ + resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ + address = (known after apply)
+ + all_tags = (known after apply)
+ + dns_domain = (known after apply)
+ + dns_name = (known after apply)
+ + fixed_ip = (known after apply)
+ + id = (known after apply)
+ + pool = "external-ipv4-general-public"
+ + port_id = (known after apply)
+ + region = (known after apply)
+ + subnet_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_port_v2.bastion_port will be created
+ + resource "openstack_networking_port_v2" "bastion_port" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "general-tf-demo-bastion-server-port"
+ + network_id = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16"
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = "3170bacf-72e9-418f-8b0c-72f2e67eefd1"
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[0] will be created
+ + resource "openstack_networking_port_v2" "nodes_ports" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "general-tf-demo_server_port_1"
+ + network_id = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16"
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = "3170bacf-72e9-418f-8b0c-72f2e67eefd1"
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[1] will be created
+ + resource "openstack_networking_port_v2" "nodes_ports" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "general-tf-demo_server_port_2"
+ + network_id = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16"
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = "3170bacf-72e9-418f-8b0c-72f2e67eefd1"
+ }
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 80
+ + port_range_min = 80
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 443
+ + port_range_min = 443
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 0
+ + port_range_min = 0
+ + protocol = "icmp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 22
+ + port_range_min = 22
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_v2.secgroup_default will be created
+ + resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ + all_tags = (known after apply)
+ + description = "general-tf-demo Security group"
+ + id = (known after apply)
+ + name = "general-tf-demo_security_group"
+ + region = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+Plan: 14 to add, 0 to change, 0 to destroy.
+
+───────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+
+Saved the plan to: personal-project.plan
+
+To perform exactly these actions, run the following command to apply:
+ terraform apply "personal-project.plan"
+[freznicek@lenovo-t14 terraform 0]$ terraform apply "personal-project.plan"
+module.toplevel.openstack_compute_keypair_v2.pubkey: Creating...
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Creating...
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Creating...
+module.toplevel.openstack_compute_keypair_v2.pubkey: Creation complete after 1s [id=general-tf-demo-keypair]
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Creation complete after 1s [id=1a3db219-cb03-4e1a-9418-8a638bb3a4cf]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Creating...
+module.toplevel.openstack_networking_port_v2.bastion_port: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Creation complete after 0s [id=7a02eeb5-8022-45b4-991b-289f46a255a9]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Creation complete after 1s [id=6a84e08f-c025-4d31-8a58-a982edc594ca]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Creation complete after 1s [id=915f5422-1869-4c82-aa73-29fd5f9b90a0]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Creation complete after 1s [id=6fd4e03e-1f8b-4c9d-b70b-395767545498]
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Creation complete after 7s [id=4bf848b8-867c-422f-8701-0c253b2a7b56]
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Creation complete after 6s [id=e5b9583a-aae4-4d14-ad58-85298c9a6697]
+module.toplevel.openstack_networking_port_v2.bastion_port: Creation complete after 6s [id=38802910-0f68-405b-b1ae-232297ff6a26]
+module.toplevel.openstack_compute_instance_v2.bastion: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Creation complete after 6s [id=cc27a165-09bc-493a-a028-2a1e9f06c5b1]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Creating...
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Creating...
+module.toplevel.openstack_compute_instance_v2.bastion: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.bastion: Creation complete after 11s [id=c7f8f0ba-915a-40e6-8645-2542673351fb]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Creating...
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Creation complete after 11s [id=38da3e58-0638-4115-a0d5-f7721e12df85]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Creation complete after 12s [id=f96f232b-03e8-45d7-adf7-258f9337a500]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Creation complete after 2s [id=195.113.243.117/c7f8f0ba-915a-40e6-8645-2542673351fb/]
+
+Apply complete! Resources: 14 added, 0 changed, 0 destroyed.
+[freznicek@lenovo-t14 terraform 0]$ openstack server list
++--------------------------------------+--------------------------------+--------+------------------------------------------------------------+---------------------+----------------+
+| ID | Name | Status | Networks | Image | Flavor |
++--------------------------------------+--------------------------------+--------+------------------------------------------------------------+---------------------+----------------+
+| 38da3e58-0638-4115-a0d5-f7721e12df85 | general-tf-demo-server-1 | ACTIVE | internal-ipv4-general-private=172.22.3.30 | ubuntu-jammy-x86_64 | e1.small |
+| c7f8f0ba-915a-40e6-8645-2542673351fb | general-tf-demo-bastion-server | ACTIVE | internal-ipv4-general-private=172.22.2.46, 195.113.243.117 | ubuntu-jammy-x86_64 | standard.small |
+| f96f232b-03e8-45d7-adf7-258f9337a500 | general-tf-demo-server-2 | ACTIVE | internal-ipv4-general-private=172.22.2.180 | ubuntu-jammy-x86_64 | e1.small |
++--------------------------------------+--------------------------------+--------+------------------------------------------------------------+---------------------+----------------+
+[freznicek@lenovo-t14 terraform 0]$ ssh ubuntu@195.113.243.117 'uname -a;uptime'
+The authenticity of host '195.113.243.117 (195.113.243.117)' can't be established.
+ED25519 key fingerprint is SHA256:mtll/X2XfIO5QginmB06RQmqNpOnPFEYHCZKgW111r4.
+This key is not known by any other names
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '195.113.243.117' (ED25519) to the list of known hosts.
+Linux general-tf-demo-bastion-server 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
+ 17:33:13 up 2 min, 0 users, load average: 0.22, 0.20, 0.08
+[freznicek@lenovo-t14 terraform 255]$ terraform destroy
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Refreshing state... [id=1a3db219-cb03-4e1a-9418-8a638bb3a4cf]
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Refreshing state... [id=4bf848b8-867c-422f-8701-0c253b2a7b56]
+module.toplevel.data.openstack_networking_network_v2.external_network: Reading...
+module.toplevel.data.openstack_images_image_v2.nodes_image: Reading...
+module.toplevel.openstack_compute_keypair_v2.pubkey: Refreshing state... [id=general-tf-demo-keypair]
+module.toplevel.data.openstack_images_image_v2.nodes_image: Read complete after 1s [id=9a071dba-67d5-445f-9d32-0f56360fb10f]
+module.toplevel.data.openstack_networking_network_v2.external_network: Read complete after 1s [id=5a778b8d-4194-48fd-880d-181aaf7222c2]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Refreshing state... [id=915f5422-1869-4c82-aa73-29fd5f9b90a0]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Refreshing state... [id=6fd4e03e-1f8b-4c9d-b70b-395767545498]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Refreshing state... [id=7a02eeb5-8022-45b4-991b-289f46a255a9]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Refreshing state... [id=6a84e08f-c025-4d31-8a58-a982edc594ca]
+module.toplevel.openstack_networking_port_v2.bastion_port: Refreshing state... [id=38802910-0f68-405b-b1ae-232297ff6a26]
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Refreshing state... [id=e5b9583a-aae4-4d14-ad58-85298c9a6697]
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Refreshing state... [id=cc27a165-09bc-493a-a028-2a1e9f06c5b1]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Refreshing state... [id=38da3e58-0638-4115-a0d5-f7721e12df85]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Refreshing state... [id=f96f232b-03e8-45d7-adf7-258f9337a500]
+module.toplevel.openstack_compute_instance_v2.bastion: Refreshing state... [id=c7f8f0ba-915a-40e6-8645-2542673351fb]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Refreshing state... [id=195.113.243.117/c7f8f0ba-915a-40e6-8645-2542673351fb/]
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with
+the following symbols:
+ - destroy
+
+Terraform will perform the following actions:
+
+ # module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate will be destroyed
+ - resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ - floating_ip = "195.113.243.117" -> null
+ - id = "195.113.243.117/c7f8f0ba-915a-40e6-8645-2542673351fb/" -> null
+ - instance_id = "c7f8f0ba-915a-40e6-8645-2542673351fb" -> null
+ - region = "Ostrava" -> null
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.bastion will be destroyed
+ - resource "openstack_compute_instance_v2" "bastion" {
+ - access_ip_v4 = "172.22.2.46" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "nova" -> null
+ - created = "2023-08-06 17:30:42 +0000 UTC" -> null
+ - flavor_id = "f5bb56cc-297d-4f1b-bf17-202fa0a8e9a3" -> null
+ - flavor_name = "standard.small" -> null
+ - force_delete = false -> null
+ - id = "c7f8f0ba-915a-40e6-8645-2542673351fb" -> null
+ - image_id = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-bastion-server" -> null
+ - power_state = "active" -> null
+ - region = "Ostrava" -> null
+ - security_groups = [
+ - "general-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-08-06 17:30:47 +0000 UTC" -> null
+ - user_data = "c875cd218164c30103ab9399e7237ce0745df6ef" -> null
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "172.22.2.46" -> null
+ - mac = "fa:16:3e:e2:e1:79" -> null
+ - name = "internal-ipv4-general-private" -> null
+ - port = "38802910-0f68-405b-b1ae-232297ff6a26" -> null
+ - uuid = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[0] will be destroyed
+ - resource "openstack_compute_instance_v2" "nodes" {
+ - access_ip_v4 = "172.22.3.30" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "nova" -> null
+ - created = "2023-08-06 17:30:42 +0000 UTC" -> null
+ - flavor_id = "77f5fa9b-255a-4bff-af57-be0bcf0dba03" -> null
+ - flavor_name = "e1.small" -> null
+ - force_delete = false -> null
+ - id = "38da3e58-0638-4115-a0d5-f7721e12df85" -> null
+ - image_id = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-server-1" -> null
+ - power_state = "active" -> null
+ - region = "Ostrava" -> null
+ - security_groups = [
+ - "general-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-08-06 17:30:47 +0000 UTC" -> null
+ - user_data = "4f71dc6cb6cef198c6b7be755b918c12ed196042" -> null
+
+ - block_device {
+ - boot_index = 0 -> null
+ - delete_on_termination = true -> null
+ - destination_type = "local" -> null
+ - multiattach = false -> null
+ - source_type = "image" -> null
+ - uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - volume_size = 10 -> null
+ }
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "172.22.3.30" -> null
+ - mac = "fa:16:3e:3f:75:61" -> null
+ - name = "internal-ipv4-general-private" -> null
+ - port = "e5b9583a-aae4-4d14-ad58-85298c9a6697" -> null
+ - uuid = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[1] will be destroyed
+ - resource "openstack_compute_instance_v2" "nodes" {
+ - access_ip_v4 = "172.22.2.180" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "nova" -> null
+ - created = "2023-08-06 17:30:42 +0000 UTC" -> null
+ - flavor_id = "77f5fa9b-255a-4bff-af57-be0bcf0dba03" -> null
+ - flavor_name = "e1.small" -> null
+ - force_delete = false -> null
+ - id = "f96f232b-03e8-45d7-adf7-258f9337a500" -> null
+ - image_id = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-server-2" -> null
+ - power_state = "active" -> null
+ - region = "Ostrava" -> null
+ - security_groups = [
+ - "general-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-08-06 17:30:46 +0000 UTC" -> null
+ - user_data = "02ba299fe90493a6657b8efdc54727f3ceceb1eb" -> null
+
+ - block_device {
+ - boot_index = 0 -> null
+ - delete_on_termination = true -> null
+ - destination_type = "local" -> null
+ - multiattach = false -> null
+ - source_type = "image" -> null
+ - uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - volume_size = 10 -> null
+ }
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "172.22.2.180" -> null
+ - mac = "fa:16:3e:61:55:31" -> null
+ - name = "internal-ipv4-general-private" -> null
+ - port = "cc27a165-09bc-493a-a028-2a1e9f06c5b1" -> null
+ - uuid = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_keypair_v2.pubkey will be destroyed
+ - resource "openstack_compute_keypair_v2" "pubkey" {
+ - fingerprint = "75:e0:a4:d6:4c:76:ba:21:f1:d1:75:c8:75:22:93:4f" -> null
+ - id = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-keypair" -> null
+ - public_key = <<-EOT
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCh5m8MwPW2mSXPFj0P3SSnAjukeQinvdESJfUeVqxOLozx3uAprm+ghPlun4V0mqfIfs6SmJM2wN8oDjd18yJVgCc1tfaSTDYDnVdrVPzWQYDdCqca0a3z+fXuK/sffv+9SH4LdNGqm6wA6xjJAbp8HbsnUNbcxs9bt9GJToxRjVCHjawJxlBBUemuYU7x7B8tdq3W5Fxtc9dIEcpO7NLvVujSSzbTwxVANSpOsbhroN6IQP299hB7Ggoa7P0MNaJa9VHJSU4Z6N7lYDrMG5gkm6LxL6s37ljyQS7IVDNKbhj1WrWfxAWrYtQy5alzisa7uuaxb1dOwEEWzZI5Z59T79cZActsJJPf6e4zurYo8Tqw9vpJId8ohDEQVnmb5asDGMz5G8xXa4G98McVYL1766fN1FxflYLIVRi7uPTLjN76COh/Q/ZxYuByFYl62VY+vT3CxcYInsqOkhwgfmHMbepq3ndRRIrN97IDDMutT5peTLSwpsmME+202Tg12TL7aGMyeNfcRxJkm3nHvXXKSAu1fJKXPvTQZZRxctX9GQ+2iYBhB57WnmtvfzgfcrAdZTXH3Mh08xRB+Uv/VqupLhm9Fgs/+IVUyi0AezsL6NrGItyPVcVU2HXF6xdsIFyHgb2Jhbdm2PzN/n7lcRa6lkltPBpLSWZb0N0DSHbrJw== freznicek@fedora
+ EOT -> null
+ - region = "Ostrava" -> null
+ }
+
+ # module.toplevel.openstack_networking_floatingip_v2.bastion_fip will be destroyed
+ - resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ - address = "195.113.243.117" -> null
+ - all_tags = [] -> null
+ - fixed_ip = "172.22.2.46" -> null
+ - id = "4bf848b8-867c-422f-8701-0c253b2a7b56" -> null
+ - pool = "external-ipv4-general-public" -> null
+ - port_id = "38802910-0f68-405b-b1ae-232297ff6a26" -> null
+ - region = "Ostrava" -> null
+ - tags = [] -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+ }
+
+ # module.toplevel.openstack_networking_port_v2.bastion_port will be destroyed
+ - resource "openstack_networking_port_v2" "bastion_port" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "172.22.2.46",
+ ] -> null
+ - all_security_group_ids = [
+ - "1a3db219-cb03-4e1a-9418-8a638bb3a4cf",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "c7f8f0ba-915a-40e6-8645-2542673351fb" -> null
+ - device_owner = "compute:nova" -> null
+ - dns_assignment = [] -> null
+ - id = "38802910-0f68-405b-b1ae-232297ff6a26" -> null
+ - mac_address = "fa:16:3e:e2:e1:79" -> null
+ - name = "general-tf-demo-bastion-server-port" -> null
+ - network_id = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - security_group_ids = [
+ - "1a3db219-cb03-4e1a-9418-8a638bb3a4cf",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "3170bacf-72e9-418f-8b0c-72f2e67eefd1" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[0] will be destroyed
+ - resource "openstack_networking_port_v2" "nodes_ports" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "172.22.3.30",
+ ] -> null
+ - all_security_group_ids = [
+ - "1a3db219-cb03-4e1a-9418-8a638bb3a4cf",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "38da3e58-0638-4115-a0d5-f7721e12df85" -> null
+ - device_owner = "compute:nova" -> null
+ - dns_assignment = [] -> null
+ - id = "e5b9583a-aae4-4d14-ad58-85298c9a6697" -> null
+ - mac_address = "fa:16:3e:3f:75:61" -> null
+ - name = "general-tf-demo_server_port_1" -> null
+ - network_id = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - security_group_ids = [
+ - "1a3db219-cb03-4e1a-9418-8a638bb3a4cf",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "3170bacf-72e9-418f-8b0c-72f2e67eefd1" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[1] will be destroyed
+ - resource "openstack_networking_port_v2" "nodes_ports" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "172.22.2.180",
+ ] -> null
+ - all_security_group_ids = [
+ - "1a3db219-cb03-4e1a-9418-8a638bb3a4cf",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "f96f232b-03e8-45d7-adf7-258f9337a500" -> null
+ - device_owner = "compute:nova" -> null
+ - dns_assignment = [] -> null
+ - id = "cc27a165-09bc-493a-a028-2a1e9f06c5b1" -> null
+ - mac_address = "fa:16:3e:61:55:31" -> null
+ - name = "general-tf-demo_server_port_2" -> null
+ - network_id = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - security_group_ids = [
+ - "1a3db219-cb03-4e1a-9418-8a638bb3a4cf",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "3170bacf-72e9-418f-8b0c-72f2e67eefd1" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "6a84e08f-c025-4d31-8a58-a982edc594ca" -> null
+ - port_range_max = 80 -> null
+ - port_range_min = 80 -> null
+ - protocol = "tcp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "1a3db219-cb03-4e1a-9418-8a638bb3a4cf" -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "915f5422-1869-4c82-aa73-29fd5f9b90a0" -> null
+ - port_range_max = 443 -> null
+ - port_range_min = 443 -> null
+ - protocol = "tcp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "1a3db219-cb03-4e1a-9418-8a638bb3a4cf" -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "6fd4e03e-1f8b-4c9d-b70b-395767545498" -> null
+ - port_range_max = 0 -> null
+ - port_range_min = 0 -> null
+ - protocol = "icmp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "1a3db219-cb03-4e1a-9418-8a638bb3a4cf" -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "7a02eeb5-8022-45b4-991b-289f46a255a9" -> null
+ - port_range_max = 22 -> null
+ - port_range_min = 22 -> null
+ - protocol = "tcp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "1a3db219-cb03-4e1a-9418-8a638bb3a4cf" -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_v2.secgroup_default will be destroyed
+ - resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ - all_tags = [] -> null
+ - description = "general-tf-demo Security group" -> null
+ - id = "1a3db219-cb03-4e1a-9418-8a638bb3a4cf" -> null
+ - name = "general-tf-demo_security_group" -> null
+ - region = "Ostrava" -> null
+ - tags = [] -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+ }
+
+Plan: 0 to add, 0 to change, 14 to destroy.
+
+Do you really want to destroy all resources?
+ Terraform will destroy all your managed infrastructure, as shown above.
+ There is no undo. Only 'yes' will be accepted to confirm.
+
+ Enter a value: yes
+
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Destroying... [id=195.113.243.117/c7f8f0ba-915a-40e6-8645-2542673351fb/]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Destroying... [id=6a84e08f-c025-4d31-8a58-a982edc594ca]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Destroying... [id=915f5422-1869-4c82-aa73-29fd5f9b90a0]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Destroying... [id=7a02eeb5-8022-45b4-991b-289f46a255a9]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Destroying... [id=38da3e58-0638-4115-a0d5-f7721e12df85]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Destroying... [id=6fd4e03e-1f8b-4c9d-b70b-395767545498]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Destroying... [id=f96f232b-03e8-45d7-adf7-258f9337a500]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Destruction complete after 2s
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Destroying... [id=4bf848b8-867c-422f-8701-0c253b2a7b56]
+module.toplevel.openstack_compute_instance_v2.bastion: Destroying... [id=c7f8f0ba-915a-40e6-8645-2542673351fb]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Destruction complete after 6s
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Destruction complete after 6s
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Still destroying... [id=7a02eeb5-8022-45b4-991b-289f46a255a9, 10s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Still destroying... [id=915f5422-1869-4c82-aa73-29fd5f9b90a0, 10s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Still destroying... [id=6fd4e03e-1f8b-4c9d-b70b-395767545498, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Still destroying... [id=38da3e58-0638-4115-a0d5-f7721e12df85, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Still destroying... [id=f96f232b-03e8-45d7-adf7-258f9337a500, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Destruction complete after 11s
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Destruction complete after 11s
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Destroying... [id=cc27a165-09bc-493a-a028-2a1e9f06c5b1]
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Destroying... [id=e5b9583a-aae4-4d14-ad58-85298c9a6697]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Destruction complete after 11s
+module.toplevel.openstack_compute_instance_v2.bastion: Still destroying... [id=c7f8f0ba-915a-40e6-8645-2542673351fb, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.bastion: Destruction complete after 11s
+module.toplevel.openstack_compute_keypair_v2.pubkey: Destroying... [id=general-tf-demo-keypair]
+module.toplevel.openstack_networking_port_v2.bastion_port: Destroying... [id=38802910-0f68-405b-b1ae-232297ff6a26]
+module.toplevel.openstack_compute_keypair_v2.pubkey: Destruction complete after 0s
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Destruction complete after 16s
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Destruction complete after 5s
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Destruction complete after 6s
+module.toplevel.openstack_networking_port_v2.bastion_port: Destruction complete after 5s
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Still destroying... [id=6fd4e03e-1f8b-4c9d-b70b-395767545498, 20s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Destruction complete after 21s
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Destroying... [id=1a3db219-cb03-4e1a-9418-8a638bb3a4cf]
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Destruction complete after 9s
+
+Destroy complete! Resources: 14 destroyed.
+[freznicek@lenovo-t14 terraform 0]$
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform-2tier_public_bastion_private_vm_farm-personal-project-wrapper.log b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform-2tier_public_bastion_private_vm_farm-personal-project-wrapper.log
new file mode 100644
index 0000000000000000000000000000000000000000..8efa0392a987033ad350766556829fafe5e00b67
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform-2tier_public_bastion_private_vm_farm-personal-project-wrapper.log
@@ -0,0 +1,835 @@
+[freznicek@lenovo-t14 terraform 0]$ source ~/conf/g2-prod-ostrava-freznicek-all-roles.sh.inc
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh detect-cloud
+
+Using OpenStack cloud:
+"Ostrava","identity","3.14","CURRENT","https://identity.ostrava.openstack.cloud.e-infra.cz/v3/","",""
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh detect-project
+
+Using OpenStack personal project named: c2bf29961b887b399a456269bbcb7aedd3127a26@einfra.cesnet.cz
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh validate-tools
+
+Using commandline tools:
+openstack --version:
+ openstack 5.5.0
+bash --version:
+ GNU bash, verze 5.2.15(1)-release (x86_64-redhat-linux-gnu)
+awk -W version:
+ GNU Awk 5.1.1, API: 3.1 (GNU MPFR 4.1.0-p13, GNU MP 6.2.1)
+ssh -V:
+ OpenSSH_8.8p1, OpenSSL 3.0.8 7 Feb 2023
+which ssh-keygen:
+ /usr/bin/ssh-keygen
+ncat --version:
+ Ncat: Version 7.93 ( https://nmap.org/ncat )
+grep --version:
+ grep (GNU grep) 3.7
+terraform version:
+ Terraform v1.5.2
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh init
+
+Initializing the backend...
+Initializing modules...
+
+Initializing provider plugins...
+- Reusing previous version of terraform-provider-openstack/openstack from the dependency lock file
+- Using previously-installed terraform-provider-openstack/openstack v1.52.1
+
+Terraform has been successfully initialized!
+
+You may now begin working with Terraform. Try running "terraform plan" to see
+any changes that are required for your infrastructure. All Terraform commands
+should now work.
+
+If you ever set or change modules or backend configuration for Terraform,
+rerun this command to reinitialize your working directory. If you forget, other
+commands will detect it and remind you to do so if necessary.
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh validate
+Success! The configuration is valid.
+
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh plan --out personal-project.plan
+module.toplevel.data.openstack_networking_network_v2.external_network: Reading...
+module.toplevel.data.openstack_networking_network_v2.internal_shared_personal_network[0]: Reading...
+module.toplevel.data.openstack_images_image_v2.nodes_image: Reading...
+module.toplevel.data.openstack_networking_subnet_v2.internal_shared_personal_subnet[0]: Reading...
+module.toplevel.data.openstack_networking_network_v2.external_network: Read complete after 0s [id=5a778b8d-4194-48fd-880d-181aaf7222c2]
+module.toplevel.data.openstack_networking_subnet_v2.internal_shared_personal_subnet[0]: Read complete after 0s [id=3170bacf-72e9-418f-8b0c-72f2e67eefd1]
+module.toplevel.data.openstack_networking_network_v2.internal_shared_personal_network[0]: Read complete after 0s [id=968fe5cf-e7b3-4d47-8239-d6f3ea2edd16]
+module.toplevel.data.openstack_images_image_v2.nodes_image: Read complete after 0s [id=9a071dba-67d5-445f-9d32-0f56360fb10f]
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with
+the following symbols:
+ + create
+
+Terraform will perform the following actions:
+
+ # module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate will be created
+ + resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ + floating_ip = (known after apply)
+ + id = (known after apply)
+ + instance_id = (known after apply)
+ + region = (known after apply)
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.bastion will be created
+ + resource "openstack_compute_instance_v2" "bastion" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "standard.small"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "general-tf-demo-keypair"
+ + name = "general-tf-demo-bastion-server"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "general-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "c875cd218164c30103ab9399e7237ce0745df6ef"
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16"
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[0] will be created
+ + resource "openstack_compute_instance_v2" "nodes" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "e1.small"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "general-tf-demo-keypair"
+ + name = "general-tf-demo-server-1"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "general-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "4f71dc6cb6cef198c6b7be755b918c12ed196042"
+
+ + block_device {
+ + boot_index = 0
+ + delete_on_termination = true
+ + destination_type = "local"
+ + multiattach = false
+ + source_type = "image"
+ + uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f"
+ + volume_size = 10
+ }
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16"
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[1] will be created
+ + resource "openstack_compute_instance_v2" "nodes" {
+ + access_ip_v4 = (known after apply)
+ + access_ip_v6 = (known after apply)
+ + all_metadata = (known after apply)
+ + all_tags = (known after apply)
+ + availability_zone = (known after apply)
+ + created = (known after apply)
+ + flavor_id = (known after apply)
+ + flavor_name = "e1.small"
+ + force_delete = false
+ + id = (known after apply)
+ + image_id = (known after apply)
+ + image_name = "ubuntu-jammy-x86_64"
+ + key_pair = "general-tf-demo-keypair"
+ + name = "general-tf-demo-server-2"
+ + power_state = "active"
+ + region = (known after apply)
+ + security_groups = [
+ + "general-tf-demo_security_group",
+ ]
+ + stop_before_destroy = false
+ + updated = (known after apply)
+ + user_data = "02ba299fe90493a6657b8efdc54727f3ceceb1eb"
+
+ + block_device {
+ + boot_index = 0
+ + delete_on_termination = true
+ + destination_type = "local"
+ + multiattach = false
+ + source_type = "image"
+ + uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f"
+ + volume_size = 10
+ }
+
+ + network {
+ + access_network = false
+ + fixed_ip_v4 = (known after apply)
+ + fixed_ip_v6 = (known after apply)
+ + floating_ip = (known after apply)
+ + mac = (known after apply)
+ + name = (known after apply)
+ + port = (known after apply)
+ + uuid = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16"
+ }
+ }
+
+ # module.toplevel.openstack_compute_keypair_v2.pubkey will be created
+ + resource "openstack_compute_keypair_v2" "pubkey" {
+ + fingerprint = (known after apply)
+ + id = (known after apply)
+ + name = "general-tf-demo-keypair"
+ + private_key = (sensitive value)
+ + public_key = <<-EOT
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCh5m8MwPW2mSXPFj0P3SSnAjukeQinvdESJfUeVqxOLozx3uAprm+ghPlun4V0mqfIfs6SmJM2wN8oDjd18yJVgCc1tfaSTDYDnVdrVPzWQYDdCqca0a3z+fXuK/sffv+9SH4LdNGqm6wA6xjJAbp8HbsnUNbcxs9bt9GJToxRjVCHjawJxlBBUemuYU7x7B8tdq3W5Fxtc9dIEcpO7NLvVujSSzbTwxVANSpOsbhroN6IQP299hB7Ggoa7P0MNaJa9VHJSU4Z6N7lYDrMG5gkm6LxL6s37ljyQS7IVDNKbhj1WrWfxAWrYtQy5alzisa7uuaxb1dOwEEWzZI5Z59T79cZActsJJPf6e4zurYo8Tqw9vpJId8ohDEQVnmb5asDGMz5G8xXa4G98McVYL1766fN1FxflYLIVRi7uPTLjN76COh/Q/ZxYuByFYl62VY+vT3CxcYInsqOkhwgfmHMbepq3ndRRIrN97IDDMutT5peTLSwpsmME+202Tg12TL7aGMyeNfcRxJkm3nHvXXKSAu1fJKXPvTQZZRxctX9GQ+2iYBhB57WnmtvfzgfcrAdZTXH3Mh08xRB+Uv/VqupLhm9Fgs/+IVUyi0AezsL6NrGItyPVcVU2HXF6xdsIFyHgb2Jhbdm2PzN/n7lcRa6lkltPBpLSWZb0N0DSHbrJw== freznicek@fedora
+ EOT
+ + region = (known after apply)
+ + user_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_floatingip_v2.bastion_fip will be created
+ + resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ + address = (known after apply)
+ + all_tags = (known after apply)
+ + dns_domain = (known after apply)
+ + dns_name = (known after apply)
+ + fixed_ip = (known after apply)
+ + id = (known after apply)
+ + pool = "external-ipv4-general-public"
+ + port_id = (known after apply)
+ + region = (known after apply)
+ + subnet_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_port_v2.bastion_port will be created
+ + resource "openstack_networking_port_v2" "bastion_port" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "general-tf-demo-bastion-server-port"
+ + network_id = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16"
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = "3170bacf-72e9-418f-8b0c-72f2e67eefd1"
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[0] will be created
+ + resource "openstack_networking_port_v2" "nodes_ports" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "general-tf-demo_server_port_1"
+ + network_id = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16"
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = "3170bacf-72e9-418f-8b0c-72f2e67eefd1"
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[1] will be created
+ + resource "openstack_networking_port_v2" "nodes_ports" {
+ + admin_state_up = true
+ + all_fixed_ips = (known after apply)
+ + all_security_group_ids = (known after apply)
+ + all_tags = (known after apply)
+ + device_id = (known after apply)
+ + device_owner = (known after apply)
+ + dns_assignment = (known after apply)
+ + dns_name = (known after apply)
+ + id = (known after apply)
+ + mac_address = (known after apply)
+ + name = "general-tf-demo_server_port_2"
+ + network_id = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16"
+ + port_security_enabled = (known after apply)
+ + qos_policy_id = (known after apply)
+ + region = (known after apply)
+ + security_group_ids = (known after apply)
+ + tenant_id = (known after apply)
+
+ + fixed_ip {
+ + subnet_id = "3170bacf-72e9-418f-8b0c-72f2e67eefd1"
+ }
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 80
+ + port_range_min = 80
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 443
+ + port_range_min = 443
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 0
+ + port_range_min = 0
+ + protocol = "icmp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4 will be created
+ + resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ + direction = "ingress"
+ + ethertype = "IPv4"
+ + id = (known after apply)
+ + port_range_max = 22
+ + port_range_min = 22
+ + protocol = "tcp"
+ + region = (known after apply)
+ + remote_group_id = (known after apply)
+ + remote_ip_prefix = "0.0.0.0/0"
+ + security_group_id = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+ # module.toplevel.openstack_networking_secgroup_v2.secgroup_default will be created
+ + resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ + all_tags = (known after apply)
+ + description = "general-tf-demo Security group"
+ + id = (known after apply)
+ + name = "general-tf-demo_security_group"
+ + region = (known after apply)
+ + tenant_id = (known after apply)
+ }
+
+Plan: 14 to add, 0 to change, 0 to destroy.
+
+───────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+
+Saved the plan to: personal-project.plan
+
+To perform exactly these actions, run the following command to apply:
+ terraform apply "personal-project.plan"
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh apply "personal-project.plan"
+module.toplevel.openstack_compute_keypair_v2.pubkey: Creating...
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Creating...
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Creating...
+module.toplevel.openstack_compute_keypair_v2.pubkey: Creation complete after 1s [id=general-tf-demo-keypair]
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Creation complete after 1s [id=e4684b28-ae66-4451-9f33-db447363c7c0]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Creating...
+module.toplevel.openstack_networking_port_v2.bastion_port: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Creating...
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Creation complete after 0s [id=3579549a-7fb3-4422-95d2-89dd2040fcbc]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Creation complete after 0s [id=0a0e1719-ebd9-4e7c-9642-1419a3410a9f]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Creation complete after 0s [id=640ed715-5d0f-4489-893d-b1cf61048034]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Creation complete after 0s [id=f8d7179a-9110-46f7-a297-df570a02378e]
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Creation complete after 5s [id=e15542db-193a-48dd-bacc-5f64b479121b]
+module.toplevel.openstack_networking_port_v2.bastion_port: Creation complete after 5s [id=e37bfaea-1b7e-415f-a49d-efb1ba212b17]
+module.toplevel.openstack_compute_instance_v2.bastion: Creating...
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Creation complete after 6s [id=d211bac5-ba75-412e-9ca6-84284ca7a72d]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Creating...
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Creating...
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Creation complete after 7s [id=04af2bfb-fbb1-4ad4-9c60-aa37fea9b8c6]
+module.toplevel.openstack_compute_instance_v2.bastion: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Still creating... [10s elapsed]
+module.toplevel.openstack_compute_instance_v2.bastion: Creation complete after 12s [id=044e75f2-81ae-4186-95e0-409b186c06f1]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Creating...
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Creation complete after 11s [id=228a7292-8ec0-4a4b-b25a-06f4b4917aef]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Creation complete after 11s [id=2c811c7a-d075-4186-b143-79ac3a06eaeb]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Creation complete after 1s [id=195.113.243.143/044e75f2-81ae-4186-95e0-409b186c06f1/]
+
+Apply complete! Resources: 14 added, 0 changed, 0 destroyed.
+[freznicek@lenovo-t14 terraform 0]$ openstack server list
++--------------------------------------+--------------------------------+--------+-----------------------------------------------------------+---------------------+----------------+
+| ID | Name | Status | Networks | Image | Flavor |
++--------------------------------------+--------------------------------+--------+-----------------------------------------------------------+---------------------+----------------+
+| 228a7292-8ec0-4a4b-b25a-06f4b4917aef | general-tf-demo-server-1 | ACTIVE | internal-ipv4-general-private=172.22.1.47 | ubuntu-jammy-x86_64 | e1.small |
+| 2c811c7a-d075-4186-b143-79ac3a06eaeb | general-tf-demo-server-2 | ACTIVE | internal-ipv4-general-private=172.22.3.35 | ubuntu-jammy-x86_64 | e1.small |
+| 044e75f2-81ae-4186-95e0-409b186c06f1 | general-tf-demo-bastion-server | ACTIVE | internal-ipv4-general-private=172.22.1.8, 195.113.243.143 | ubuntu-jammy-x86_64 | standard.small |
++--------------------------------------+--------------------------------+--------+-----------------------------------------------------------+---------------------+----------------+
+[freznicek@lenovo-t14 terraform 0]$ ssh ubuntu@195.113.243.143 'uname -a;uptime'
+The authenticity of host '195.113.243.143 (195.113.243.143)' can't be established.
+ED25519 key fingerprint is SHA256:xlVZc/zsjI6Eko98QVy5V6nuBaublIyOa7xmClqdCXQ.
+This key is not known by any other names
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '195.113.243.143' (ED25519) to the list of known hosts.
+Linux general-tf-demo-bastion-server 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
+ 17:18:44 up 0 min, 0 users, load average: 0.79, 0.22, 0.07
+[freznicek@lenovo-t14 terraform 0]$ ./terraform.sh destroy
+module.toplevel.data.openstack_networking_network_v2.external_network: Reading...
+module.toplevel.openstack_compute_keypair_v2.pubkey: Refreshing state... [id=general-tf-demo-keypair]
+module.toplevel.data.openstack_images_image_v2.nodes_image: Reading...
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Refreshing state... [id=e4684b28-ae66-4451-9f33-db447363c7c0]
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Refreshing state... [id=04af2bfb-fbb1-4ad4-9c60-aa37fea9b8c6]
+module.toplevel.data.openstack_images_image_v2.nodes_image: Read complete after 1s [id=9a071dba-67d5-445f-9d32-0f56360fb10f]
+module.toplevel.data.openstack_networking_network_v2.external_network: Read complete after 1s [id=5a778b8d-4194-48fd-880d-181aaf7222c2]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Refreshing state... [id=0a0e1719-ebd9-4e7c-9642-1419a3410a9f]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Refreshing state... [id=3579549a-7fb3-4422-95d2-89dd2040fcbc]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Refreshing state... [id=640ed715-5d0f-4489-893d-b1cf61048034]
+module.toplevel.openstack_networking_port_v2.bastion_port: Refreshing state... [id=e37bfaea-1b7e-415f-a49d-efb1ba212b17]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Refreshing state... [id=f8d7179a-9110-46f7-a297-df570a02378e]
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Refreshing state... [id=d211bac5-ba75-412e-9ca6-84284ca7a72d]
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Refreshing state... [id=e15542db-193a-48dd-bacc-5f64b479121b]
+module.toplevel.openstack_compute_instance_v2.bastion: Refreshing state... [id=044e75f2-81ae-4186-95e0-409b186c06f1]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Refreshing state... [id=228a7292-8ec0-4a4b-b25a-06f4b4917aef]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Refreshing state... [id=2c811c7a-d075-4186-b143-79ac3a06eaeb]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Refreshing state... [id=195.113.243.143/044e75f2-81ae-4186-95e0-409b186c06f1/]
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with
+the following symbols:
+ - destroy
+
+Terraform will perform the following actions:
+
+ # module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate will be destroyed
+ - resource "openstack_compute_floatingip_associate_v2" "bastion_fip_associate" {
+ - floating_ip = "195.113.243.143" -> null
+ - id = "195.113.243.143/044e75f2-81ae-4186-95e0-409b186c06f1/" -> null
+ - instance_id = "044e75f2-81ae-4186-95e0-409b186c06f1" -> null
+ - region = "Ostrava" -> null
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.bastion will be destroyed
+ - resource "openstack_compute_instance_v2" "bastion" {
+ - access_ip_v4 = "172.22.1.8" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "nova" -> null
+ - created = "2023-08-06 17:17:56 +0000 UTC" -> null
+ - flavor_id = "f5bb56cc-297d-4f1b-bf17-202fa0a8e9a3" -> null
+ - flavor_name = "standard.small" -> null
+ - force_delete = false -> null
+ - id = "044e75f2-81ae-4186-95e0-409b186c06f1" -> null
+ - image_id = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-bastion-server" -> null
+ - power_state = "active" -> null
+ - region = "Ostrava" -> null
+ - security_groups = [
+ - "general-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-08-06 17:18:00 +0000 UTC" -> null
+ - user_data = "c875cd218164c30103ab9399e7237ce0745df6ef" -> null
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "172.22.1.8" -> null
+ - mac = "fa:16:3e:18:ca:b5" -> null
+ - name = "internal-ipv4-general-private" -> null
+ - port = "e37bfaea-1b7e-415f-a49d-efb1ba212b17" -> null
+ - uuid = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[0] will be destroyed
+ - resource "openstack_compute_instance_v2" "nodes" {
+ - access_ip_v4 = "172.22.1.47" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "nova" -> null
+ - created = "2023-08-06 17:17:57 +0000 UTC" -> null
+ - flavor_id = "77f5fa9b-255a-4bff-af57-be0bcf0dba03" -> null
+ - flavor_name = "e1.small" -> null
+ - force_delete = false -> null
+ - id = "228a7292-8ec0-4a4b-b25a-06f4b4917aef" -> null
+ - image_id = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-server-1" -> null
+ - power_state = "active" -> null
+ - region = "Ostrava" -> null
+ - security_groups = [
+ - "general-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-08-06 17:18:02 +0000 UTC" -> null
+ - user_data = "4f71dc6cb6cef198c6b7be755b918c12ed196042" -> null
+
+ - block_device {
+ - boot_index = 0 -> null
+ - delete_on_termination = true -> null
+ - destination_type = "local" -> null
+ - multiattach = false -> null
+ - source_type = "image" -> null
+ - uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - volume_size = 10 -> null
+ }
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "172.22.1.47" -> null
+ - mac = "fa:16:3e:60:49:ec" -> null
+ - name = "internal-ipv4-general-private" -> null
+ - port = "e15542db-193a-48dd-bacc-5f64b479121b" -> null
+ - uuid = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_instance_v2.nodes[1] will be destroyed
+ - resource "openstack_compute_instance_v2" "nodes" {
+ - access_ip_v4 = "172.22.3.35" -> null
+ - all_metadata = {} -> null
+ - all_tags = [] -> null
+ - availability_zone = "nova" -> null
+ - created = "2023-08-06 17:17:57 +0000 UTC" -> null
+ - flavor_id = "77f5fa9b-255a-4bff-af57-be0bcf0dba03" -> null
+ - flavor_name = "e1.small" -> null
+ - force_delete = false -> null
+ - id = "2c811c7a-d075-4186-b143-79ac3a06eaeb" -> null
+ - image_id = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - image_name = "ubuntu-jammy-x86_64" -> null
+ - key_pair = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-server-2" -> null
+ - power_state = "active" -> null
+ - region = "Ostrava" -> null
+ - security_groups = [
+ - "general-tf-demo_security_group",
+ ] -> null
+ - stop_before_destroy = false -> null
+ - tags = [] -> null
+ - updated = "2023-08-06 17:18:00 +0000 UTC" -> null
+ - user_data = "02ba299fe90493a6657b8efdc54727f3ceceb1eb" -> null
+
+ - block_device {
+ - boot_index = 0 -> null
+ - delete_on_termination = true -> null
+ - destination_type = "local" -> null
+ - multiattach = false -> null
+ - source_type = "image" -> null
+ - uuid = "9a071dba-67d5-445f-9d32-0f56360fb10f" -> null
+ - volume_size = 10 -> null
+ }
+
+ - network {
+ - access_network = false -> null
+ - fixed_ip_v4 = "172.22.3.35" -> null
+ - mac = "fa:16:3e:23:b4:4d" -> null
+ - name = "internal-ipv4-general-private" -> null
+ - port = "d211bac5-ba75-412e-9ca6-84284ca7a72d" -> null
+ - uuid = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16" -> null
+ }
+ }
+
+ # module.toplevel.openstack_compute_keypair_v2.pubkey will be destroyed
+ - resource "openstack_compute_keypair_v2" "pubkey" {
+ - fingerprint = "75:e0:a4:d6:4c:76:ba:21:f1:d1:75:c8:75:22:93:4f" -> null
+ - id = "general-tf-demo-keypair" -> null
+ - name = "general-tf-demo-keypair" -> null
+ - public_key = <<-EOT
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCh5m8MwPW2mSXPFj0P3SSnAjukeQinvdESJfUeVqxOLozx3uAprm+ghPlun4V0mqfIfs6SmJM2wN8oDjd18yJVgCc1tfaSTDYDnVdrVPzWQYDdCqca0a3z+fXuK/sffv+9SH4LdNGqm6wA6xjJAbp8HbsnUNbcxs9bt9GJToxRjVCHjawJxlBBUemuYU7x7B8tdq3W5Fxtc9dIEcpO7NLvVujSSzbTwxVANSpOsbhroN6IQP299hB7Ggoa7P0MNaJa9VHJSU4Z6N7lYDrMG5gkm6LxL6s37ljyQS7IVDNKbhj1WrWfxAWrYtQy5alzisa7uuaxb1dOwEEWzZI5Z59T79cZActsJJPf6e4zurYo8Tqw9vpJId8ohDEQVnmb5asDGMz5G8xXa4G98McVYL1766fN1FxflYLIVRi7uPTLjN76COh/Q/ZxYuByFYl62VY+vT3CxcYInsqOkhwgfmHMbepq3ndRRIrN97IDDMutT5peTLSwpsmME+202Tg12TL7aGMyeNfcRxJkm3nHvXXKSAu1fJKXPvTQZZRxctX9GQ+2iYBhB57WnmtvfzgfcrAdZTXH3Mh08xRB+Uv/VqupLhm9Fgs/+IVUyi0AezsL6NrGItyPVcVU2HXF6xdsIFyHgb2Jhbdm2PzN/n7lcRa6lkltPBpLSWZb0N0DSHbrJw== freznicek@fedora
+ EOT -> null
+ - region = "Ostrava" -> null
+ }
+
+ # module.toplevel.openstack_networking_floatingip_v2.bastion_fip will be destroyed
+ - resource "openstack_networking_floatingip_v2" "bastion_fip" {
+ - address = "195.113.243.143" -> null
+ - all_tags = [] -> null
+ - fixed_ip = "172.22.1.8" -> null
+ - id = "04af2bfb-fbb1-4ad4-9c60-aa37fea9b8c6" -> null
+ - pool = "external-ipv4-general-public" -> null
+ - port_id = "e37bfaea-1b7e-415f-a49d-efb1ba212b17" -> null
+ - region = "Ostrava" -> null
+ - tags = [] -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+ }
+
+ # module.toplevel.openstack_networking_port_v2.bastion_port will be destroyed
+ - resource "openstack_networking_port_v2" "bastion_port" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "172.22.1.8",
+ ] -> null
+ - all_security_group_ids = [
+ - "e4684b28-ae66-4451-9f33-db447363c7c0",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "044e75f2-81ae-4186-95e0-409b186c06f1" -> null
+ - device_owner = "compute:nova" -> null
+ - dns_assignment = [] -> null
+ - id = "e37bfaea-1b7e-415f-a49d-efb1ba212b17" -> null
+ - mac_address = "fa:16:3e:18:ca:b5" -> null
+ - name = "general-tf-demo-bastion-server-port" -> null
+ - network_id = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - security_group_ids = [
+ - "e4684b28-ae66-4451-9f33-db447363c7c0",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "3170bacf-72e9-418f-8b0c-72f2e67eefd1" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[0] will be destroyed
+ - resource "openstack_networking_port_v2" "nodes_ports" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "172.22.1.47",
+ ] -> null
+ - all_security_group_ids = [
+ - "e4684b28-ae66-4451-9f33-db447363c7c0",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "228a7292-8ec0-4a4b-b25a-06f4b4917aef" -> null
+ - device_owner = "compute:nova" -> null
+ - dns_assignment = [] -> null
+ - id = "e15542db-193a-48dd-bacc-5f64b479121b" -> null
+ - mac_address = "fa:16:3e:60:49:ec" -> null
+ - name = "general-tf-demo_server_port_1" -> null
+ - network_id = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - security_group_ids = [
+ - "e4684b28-ae66-4451-9f33-db447363c7c0",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "3170bacf-72e9-418f-8b0c-72f2e67eefd1" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_port_v2.nodes_ports[1] will be destroyed
+ - resource "openstack_networking_port_v2" "nodes_ports" {
+ - admin_state_up = true -> null
+ - all_fixed_ips = [
+ - "172.22.3.35",
+ ] -> null
+ - all_security_group_ids = [
+ - "e4684b28-ae66-4451-9f33-db447363c7c0",
+ ] -> null
+ - all_tags = [] -> null
+ - device_id = "2c811c7a-d075-4186-b143-79ac3a06eaeb" -> null
+ - device_owner = "compute:nova" -> null
+ - dns_assignment = [] -> null
+ - id = "d211bac5-ba75-412e-9ca6-84284ca7a72d" -> null
+ - mac_address = "fa:16:3e:23:b4:4d" -> null
+ - name = "general-tf-demo_server_port_2" -> null
+ - network_id = "968fe5cf-e7b3-4d47-8239-d6f3ea2edd16" -> null
+ - port_security_enabled = true -> null
+ - region = "Ostrava" -> null
+ - security_group_ids = [
+ - "e4684b28-ae66-4451-9f33-db447363c7c0",
+ ] -> null
+ - tags = [] -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+
+ - binding {
+ - vif_details = {} -> null
+ - vnic_type = "normal" -> null
+ }
+
+ - fixed_ip {
+ - subnet_id = "3170bacf-72e9-418f-8b0c-72f2e67eefd1" -> null
+ }
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "0a0e1719-ebd9-4e7c-9642-1419a3410a9f" -> null
+ - port_range_max = 80 -> null
+ - port_range_min = 80 -> null
+ - protocol = "tcp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "e4684b28-ae66-4451-9f33-db447363c7c0" -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_https4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "f8d7179a-9110-46f7-a297-df570a02378e" -> null
+ - port_range_max = 443 -> null
+ - port_range_min = 443 -> null
+ - protocol = "tcp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "e4684b28-ae66-4451-9f33-db447363c7c0" -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "3579549a-7fb3-4422-95d2-89dd2040fcbc" -> null
+ - port_range_max = 0 -> null
+ - port_range_min = 0 -> null
+ - protocol = "icmp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "e4684b28-ae66-4451-9f33-db447363c7c0" -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4 will be destroyed
+ - resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ssh4" {
+ - direction = "ingress" -> null
+ - ethertype = "IPv4" -> null
+ - id = "640ed715-5d0f-4489-893d-b1cf61048034" -> null
+ - port_range_max = 22 -> null
+ - port_range_min = 22 -> null
+ - protocol = "tcp" -> null
+ - region = "Ostrava" -> null
+ - remote_ip_prefix = "0.0.0.0/0" -> null
+ - security_group_id = "e4684b28-ae66-4451-9f33-db447363c7c0" -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+ }
+
+ # module.toplevel.openstack_networking_secgroup_v2.secgroup_default will be destroyed
+ - resource "openstack_networking_secgroup_v2" "secgroup_default" {
+ - all_tags = [] -> null
+ - description = "general-tf-demo Security group" -> null
+ - id = "e4684b28-ae66-4451-9f33-db447363c7c0" -> null
+ - name = "general-tf-demo_security_group" -> null
+ - region = "Ostrava" -> null
+ - tags = [] -> null
+ - tenant_id = "1b20bb11afbe41c1bd681d2e319ab9a0" -> null
+ }
+
+Plan: 0 to add, 0 to change, 14 to destroy.
+
+Do you really want to destroy all resources?
+ Terraform will destroy all your managed infrastructure, as shown above.
+ There is no undo. Only 'yes' will be accepted to confirm.
+
+ Enter a value: yes
+
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Destroying... [id=3579549a-7fb3-4422-95d2-89dd2040fcbc]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Destroying... [id=640ed715-5d0f-4489-893d-b1cf61048034]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Destroying... [id=195.113.243.143/044e75f2-81ae-4186-95e0-409b186c06f1/]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Destroying... [id=0a0e1719-ebd9-4e7c-9642-1419a3410a9f]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Destroying... [id=f8d7179a-9110-46f7-a297-df570a02378e]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Destroying... [id=228a7292-8ec0-4a4b-b25a-06f4b4917aef]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Destroying... [id=2c811c7a-d075-4186-b143-79ac3a06eaeb]
+module.toplevel.openstack_compute_floatingip_associate_v2.bastion_fip_associate: Destruction complete after 2s
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Destroying... [id=04af2bfb-fbb1-4ad4-9c60-aa37fea9b8c6]
+module.toplevel.openstack_compute_instance_v2.bastion: Destroying... [id=044e75f2-81ae-4186-95e0-409b186c06f1]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_ssh4: Destruction complete after 6s
+module.toplevel.openstack_networking_floatingip_v2.bastion_fip: Destruction complete after 5s
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Still destroying... [id=0a0e1719-ebd9-4e7c-9642-1419a3410a9f, 10s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Still destroying... [id=f8d7179a-9110-46f7-a297-df570a02378e, 10s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Still destroying... [id=3579549a-7fb3-4422-95d2-89dd2040fcbc, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Still destroying... [id=228a7292-8ec0-4a4b-b25a-06f4b4917aef, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Still destroying... [id=2c811c7a-d075-4186-b143-79ac3a06eaeb, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.nodes[0]: Destruction complete after 11s
+module.toplevel.openstack_compute_instance_v2.nodes[1]: Destruction complete after 11s
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Destroying... [id=d211bac5-ba75-412e-9ca6-84284ca7a72d]
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Destroying... [id=e15542db-193a-48dd-bacc-5f64b479121b]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_icmp4: Destruction complete after 11s
+module.toplevel.openstack_compute_instance_v2.bastion: Still destroying... [id=044e75f2-81ae-4186-95e0-409b186c06f1, 10s elapsed]
+module.toplevel.openstack_compute_instance_v2.bastion: Destruction complete after 10s
+module.toplevel.openstack_compute_keypair_v2.pubkey: Destroying... [id=general-tf-demo-keypair]
+module.toplevel.openstack_networking_port_v2.bastion_port: Destroying... [id=e37bfaea-1b7e-415f-a49d-efb1ba212b17]
+module.toplevel.openstack_compute_keypair_v2.pubkey: Destruction complete after 0s
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_https4: Destruction complete after 16s
+module.toplevel.openstack_networking_port_v2.nodes_ports[0]: Destruction complete after 5s
+module.toplevel.openstack_networking_port_v2.nodes_ports[1]: Destruction complete after 5s
+module.toplevel.openstack_networking_port_v2.bastion_port: Destruction complete after 5s
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Still destroying... [id=0a0e1719-ebd9-4e7c-9642-1419a3410a9f, 20s elapsed]
+module.toplevel.openstack_networking_secgroup_rule_v2.secgroup_rule_http4: Destruction complete after 21s
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Destroying... [id=e4684b28-ae66-4451-9f33-db447363c7c0]
+module.toplevel.openstack_networking_secgroup_v2.secgroup_default: Destruction complete after 8s
+
+Destroy complete! Resources: 14 destroyed.
+[freznicek@lenovo-t14 terraform 0]$
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform.sh b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform.sh
new file mode 100755
index 0000000000000000000000000000000000000000..a36b8f9eb1e4cffcaeea378ba1bdab0fa2494f5f
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/terraform.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+# terraform wrapper for automatic personal/group project reconfiguration
+# terraform.sh <arguments>
+#
+# <arguments> are:
+# * detect-cloud
+# * detect-project
+# * validate-tools
+# * or any valid terraform arguments
+
+# functions
+SCRIPT_DIR=$(dirname $(readlink -f $0))
+source ${SCRIPT_DIR}/../../../../common/lib.sh.inc
+
+
+if [[ "$1" =~ (detect-(cloud|project)|validate-tools) ]]; then
+ if [ "$1" == "detect-cloud" ]; then
+ log "Using OpenStack cloud:"
+ openstack version show -fcsv | grep identity
+ elif [ "$1" == "detect-project" ]; then
+ project_type=group
+ if prj_name=$(is_personal_project); then
+ project_type=personal
+ fi
+ log "Using OpenStack ${project_type} project named: ${prj_name}"
+ elif [ "$1" == "validate-tools" ]; then
+ log "Using commandline tools:"
+ report_tools "terraform version"
+ fi
+ exit $?
+else
+ project_type=group
+ if prj_name=$(is_personal_project); then
+ project_type=personal
+ if [ "$1" == "plan" ]; then
+ terraform "$@" --var-file=personal-projects.tfvars
+ else
+ terraform "$@"
+ fi
+ else
+ terraform "$@"
+ fi
+fi
+
+
+
+
+
diff --git a/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/variables.tf b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..bddb30b20d0752b54ec63bd458ed804d3dbcc1b1
--- /dev/null
+++ b/openstack-infrastructure-as-code-automation/clouds/g2/ostrava/general/terraform/variables.tf
@@ -0,0 +1,24 @@
+variable "router_creation_enable" {
+ description = "Create dedicated router instance. true/false ~ create new / reuse existing personal router"
+ default = true
+}
+
+variable "internal_network_creation_enable" {
+ description = "Create dedicated internal network. true/false ~ create new / reuse existing personal network"
+ default = true
+}
+
+variable "internal_network_name" {
+ description = "Internal network name. Either dedicated new network or existing personal network name"
+ default = "<var.infra_name>_network"
+}
+
+variable "internal_subnet_creation_enable" {
+ description = "Create dedicated subnet instance. true/false ~ create new / reuse existing personal subnet"
+ default = true
+}
+
+variable "internal_subnet_name" {
+ description = "Internal network subnet name. Either dedicated new subnet or existing personal subnet name"
+ default = "<var.infra_name>_subnet"
+}