support multiple networks for control node

Author: sjpb

environments/.stackhpc/tofu/LEAFCLOUD.tfvars

@@ -1,5 +1,9 @@
-cluster_net = "slurmapp-ci"
-cluster_subnet = "slurmapp-ci"
+cluster_networks = [
+    {
+        network = "slurmapp-ci"
+        subnet = "slurmapp-ci"
+    }
+]
 control_node_flavor = "ec1.medium" # small ran out of memory, medium gets down to ~100Mi mem free on deployment
 other_node_flavor = "en1.xsmall"
 state_volume_type = "unencrypted"

environments/.stackhpc/tofu/main.tf

@@ -30,12 +30,10 @@ variable "cluster_image" {
     type = map(string)
 }
 
-variable "cluster_net" {}
+variable "cluster_networks" {}
 
-variable "cluster_subnet" {}
-
-variable "vnic_type" {
-    default = "normal"
+variable "vnic_types" {
+    default = {}
 }
 
 variable "state_volume_type"{
@@ -63,9 +61,8 @@ module "cluster" {
     source = "../../skeleton/{{cookiecutter.environment}}/tofu/"
 
     cluster_name = var.cluster_name
-    cluster_net = var.cluster_net
-    cluster_subnet = var.cluster_subnet
-    vnic_type = var.vnic_type
+    cluster_networks = var.cluster_networks
+    vnic_types = var.vnic_types
     key_pair = "slurm-app-ci"
     cluster_image_id = data.openstack_images_image_v2.cluster.id
     control_node_flavor = var.control_node_flavor

environments/skeleton/{{cookiecutter.environment}}/tofu/compute.tf

@@ -9,13 +9,13 @@ module "compute" {
 
   cluster_name = var.cluster_name
   cluster_domain_suffix = var.cluster_domain_suffix
-  cluster_net_id = data.openstack_networking_network_v2.cluster_net.id
-  cluster_subnet_id = data.openstack_networking_subnet_v2.cluster_subnet.id
+  cluster_net_id = data.openstack_networking_network_v2.cluster_net[var.cluster_networks[0].network].id
+  cluster_subnet_id = data.openstack_networking_subnet_v2.cluster_subnet[var.cluster_networks[0].network].id
 
   # can be set for group, defaults to top-level value:
   image_id = lookup(each.value, "image_id", var.cluster_image_id)
-  vnic_type = lookup(each.value, "vnic_type", var.vnic_type)
-  vnic_profile = lookup(each.value, "vnic_profile", var.vnic_profile)
+  #vnic_type = lookup(each.value, "vnic_type", var.vnic_type)
+  #vnic_profile = lookup(each.value, "vnic_profile", var.vnic_profile)
   volume_backed_instances = lookup(each.value, "volume_backed_instances", var.volume_backed_instances)
   root_volume_size = lookup(each.value, "root_volume_size", var.root_volume_size)
   extra_volumes = lookup(each.value, "extra_volumes", {})

environments/skeleton/{{cookiecutter.environment}}/tofu/control.tf

@@ -4,19 +4,21 @@ locals {
 
 resource "openstack_networking_port_v2" "control" {
 
-  name = "${var.cluster_name}-control"
-  network_id = data.openstack_networking_network_v2.cluster_net.id
+  for_each = {for net in var.cluster_networks: net.network => net}
+
+  name = "${var.cluster_name}-control-${each.key}"
+  network_id = data.openstack_networking_network_v2.cluster_net[each.key].id
   admin_state_up = "true"
 
   fixed_ip {
-    subnet_id = data.openstack_networking_subnet_v2.cluster_subnet.id
+    subnet_id = data.openstack_networking_subnet_v2.cluster_subnet[each.key].id
   }
 
   security_group_ids = [for o in data.openstack_networking_secgroup_v2.nonlogin: o.id]
 
   binding {
-    vnic_type = var.vnic_type
-    profile = var.vnic_profile
+    vnic_type = lookup(var.vnic_types, each.key, "normal")
+    profile = lookup(var.vnic_profiles, each.key, "{}")
   }
 }
 
@@ -49,9 +51,12 @@ resource "openstack_compute_instance_v2" "control" {
     }
   }
 
-  network {
-    port = openstack_networking_port_v2.control.id
-    access_network = true
+  dynamic "network" {
+    for_each = {for net in var.cluster_networks: net.network => net}
+    content {
+      port = openstack_networking_port_v2.control[network.key].id
+      access_network = length(var.cluster_networks) == 1 ? true : lookup(each.value, "access_network", false)
+    }
   }
 
   metadata = {

environments/skeleton/{{cookiecutter.environment}}/tofu/login.tf

@@ -9,13 +9,13 @@ module "login" {
 
   cluster_name = var.cluster_name
   cluster_domain_suffix = var.cluster_domain_suffix
-  cluster_net_id = data.openstack_networking_network_v2.cluster_net.id
-  cluster_subnet_id = data.openstack_networking_subnet_v2.cluster_subnet.id
+  cluster_net_id = data.openstack_networking_network_v2.cluster_net[var.cluster_networks[0].network].id
+  cluster_subnet_id = data.openstack_networking_subnet_v2.cluster_subnet[var.cluster_networks[0].network].id
 
   # can be set for group, defaults to top-level value:
   image_id = lookup(each.value, "image_id", var.cluster_image_id)
-  vnic_type = lookup(each.value, "vnic_type", var.vnic_type)
-  vnic_profile = lookup(each.value, "vnic_profile", var.vnic_profile)
+  #vnic_type = lookup(each.value, "vnic_type", var.vnic_type)
+  #vnic_profile = lookup(each.value, "vnic_profile", var.vnic_profile)
   volume_backed_instances = lookup(each.value, "volume_backed_instances", var.volume_backed_instances)
   root_volume_size = lookup(each.value, "root_volume_size", var.root_volume_size)
   extra_volumes = lookup(each.value, "extra_volumes", {})

environments/skeleton/{{cookiecutter.environment}}/tofu/network.tf

@@ -1,11 +1,16 @@
 
 data "openstack_networking_network_v2" "cluster_net" {
-  name           = var.cluster_net
+
+  for_each = {for net in var.cluster_networks: net.network => net}
+
+  name = each.value.network
 }
 
 data "openstack_networking_subnet_v2" "cluster_subnet" {
 
-  name            = var.cluster_subnet
+  for_each = {for net in var.cluster_networks: net.network => net}
+
+  name = each.value.subnet
 }
 
 data "openstack_networking_secgroup_v2" "login" {

environments/skeleton/{{cookiecutter.environment}}/tofu/variables.tf

@@ -9,14 +9,16 @@ variable "cluster_domain_suffix" {
     default = "internal"
 }
 
-variable "cluster_net" {
-    type = string
-    description = "Name of existing cluster network"
-}
-
-variable "cluster_subnet" {
-    type = string
-    description = "Name of existing cluster subnet"
+variable "cluster_networks" {
+    type = list(map(string))
+    description = <<-EOT
+        List of mappings defining networks. Mapping key/values:
+            network: Name of existing network
+            subnet: Name of existing subnet
+            access_network: Bool defining whether to use network for Ansible and
+                            K3s. This network must be present on all nodes.
+                            Defaults to true if only one network is specified.
+    EOT
 }
 
 variable "key_pair" {
@@ -124,16 +126,23 @@ variable "home_volume_type" {
     description = "Type of home volume, if not default type"
 }
 
-variable "vnic_type" {
-    type = string
-    description = "Default VNIC type, see https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_port_v2#vnic_type"
-    default = "normal"
+variable "vnic_types" {
+    type = map(string)
+    description = <<-EOT
+        Default VNIC types, keyed by network name. See https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_port_v2#vnic_type
+        If not given this defaults to the "normal" type.
+    EOT
+    default = {}
 }
 
-variable "vnic_profile" {
-    type = string
-    description = "Default VNIC binding profile as json string, see https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_port_v2#profile."
-    default = "{}"
+variable "vnic_profiles" {
+    type = map(string)
+    description = <<-EOT
+    Default VNIC binding profiles, keyed by network name. Values are json strings.
+    See https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_port_v2#profile.
+    If not given this defaults to "{}"
+    EOT
+    default = {}
 }
 
 variable "login_security_groups" {