data "openstack_images_image_v2" "watcher" { name = var.watcher_image_name most_recent = true } data "openstack_networking_network_v2" "external" { name = var.external_network } resource "openstack_compute_keypair_v2" "primary" { name = var.ssh_key_name public_key = var.ssh_public_key } resource "openstack_networking_secgroup_v2" "watcher" { name = "watcher" description = "watcher: SSH + HTTP(S)" } # SSH in (IPv4 + IPv6) resource "openstack_networking_secgroup_rule_v2" "ssh_v4" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 22 port_range_max = 22 remote_ip_prefix = "0.0.0.0/0" security_group_id = openstack_networking_secgroup_v2.watcher.id } resource "openstack_networking_secgroup_rule_v2" "ssh_v6" { direction = "ingress" ethertype = "IPv6" protocol = "tcp" port_range_min = 22 port_range_max = 22 remote_ip_prefix = "::/0" security_group_id = openstack_networking_secgroup_v2.watcher.id } # HTTP(S) for Caddy. Open from day one so cert provisioning works the moment # we add the website module — closing again would just be churn. resource "openstack_networking_secgroup_rule_v2" "http" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 80 port_range_max = 80 remote_ip_prefix = "0.0.0.0/0" security_group_id = openstack_networking_secgroup_v2.watcher.id } resource "openstack_networking_secgroup_rule_v2" "https" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 443 port_range_max = 443 remote_ip_prefix = "0.0.0.0/0" security_group_id = openstack_networking_secgroup_v2.watcher.id } resource "openstack_compute_instance_v2" "watcher" { name = "watcher" flavor_name = var.flavor_name image_id = data.openstack_images_image_v2.watcher.id key_pair = openstack_compute_keypair_v2.primary.name security_groups = [openstack_networking_secgroup_v2.watcher.name] network { name = data.openstack_networking_network_v2.external.name } }