Merge branch 'main' into stats_network_public-extended

README.md

@@ -103,3 +103,4 @@ All infra IPs (without going to openstack.)
 ```console
 $ ./bin/tfinfo-to-json.sh | jq -r '.openstack_compute_instance_v2 | keys[] as $k | [$k, .[$k]."network.0.fixed_ip_v4"] | @tsv'
 ```
+

dns.tf

@@ -2,13 +2,17 @@ variable "sn06" {
   default = "132.230.223.239"
 }
 
+variable "traefik" {
+  default = "132.230.103.37"
+}
+
 resource "aws_route53_record" "usegalaxy-eu" {
   allow_overwrite = true
   zone_id         = var.zone_usegalaxy_eu
   name            = "usegalaxy.eu"
   type            = "A"
   ttl             = "7200"
-  records         = ["${var.sn06}"]
+  records         = ["${var.traefik}"]
 }
 
 resource "aws_route53_record" "galaxyproject-eu" {
@@ -62,15 +66,18 @@ variable "subdomain" {
     "microgalaxy.usegalaxy.eu",
     "spatialomics.usegalaxy.eu",
     "materials.usegalaxy.eu",
-    "phage.usegalaxy.eu"
+    "phage.usegalaxy.eu",
+    "aqua.usegalaxy.eu",
+    "earth-system.usegalaxy.eu",
+    "eirene.usegalaxy.eu"
   ]
 }
 
 resource "aws_route53_record" "subdomains" {
   allow_overwrite = true
   zone_id         = var.zone_usegalaxy_eu
 
-  count = 37
+  count = 40
   name  = element(var.subdomain, count.index)
 
   type    = "CNAME"
@@ -116,7 +123,16 @@ resource "aws_route53_record" "sn07-galaxyproject" {
   name            = "sn07.galaxyproject.eu"
   type            = "A"
   ttl             = "7200"
-  records         = ["10.5.68.237"]
+  records         = ["132.230.223.238"]
+}
+
+resource "aws_route53_record" "sn07-usegalaxy" {
+  allow_overwrite = true
+  zone_id         = var.zone_usegalaxy_eu
+  name            = "sn07.usegalaxy.eu"
+  type            = "A"
+  ttl             = "7200"
+  records         = ["132.230.223.238"]
 }
 
 resource "aws_route53_record" "sn05-galaxyproject" {
@@ -134,7 +150,7 @@ resource "aws_route53_record" "cm-galaxyproject" {
   name            = "condor-cm.galaxyproject.eu"
   type            = "CNAME"
   ttl             = "86400"
-  records         = ["sn05.galaxyproject.eu"]
+  records         = ["sn06.galaxyproject.eu"]
 }
 
 resource "aws_route53_record" "build-usegalaxy" {
@@ -148,39 +164,43 @@ resource "aws_route53_record" "build-usegalaxy" {
 
 ## ZFS server #1 (all flash)
 resource "aws_route53_record" "ssds1-galaxyproject" {
-  zone_id = var.zone_galaxyproject_eu
-  name    = "zfs0f.galaxyproject.eu"
-  type    = "A"
-  ttl     = "7200"
-  records = ["10.5.68.239"]
+  allow_overwrite = true
+  zone_id         = var.zone_galaxyproject_eu
+  name            = "zfs0f.galaxyproject.eu"
+  type            = "A"
+  ttl             = "7200"
+  records         = ["10.5.68.239"]
 }
 
 ## ZFS server #2 (spinning disks w/ flash cache)
 resource "aws_route53_record" "zfs1-galaxyproject" {
-  zone_id = var.zone_galaxyproject_eu
-  name    = "zfs1.galaxyproject.eu"
-  type    = "A"
-  ttl     = "7200"
-  records = ["10.5.68.238"]
+  allow_overwrite = true
+  zone_id         = var.zone_galaxyproject_eu
+  name            = "zfs1.galaxyproject.eu"
+  type            = "A"
+  ttl             = "7200"
+  records         = ["10.5.68.238"]
 }
 
 ## ZFS server #3 (all flash)
 resource "aws_route53_record" "zfs2f-galaxyproject" {
-  zone_id = var.zone_galaxyproject_eu
-  name    = "zfs2f.galaxyproject.eu"
-  type    = "A"
-  ttl     = "7200"
-  records = ["10.5.68.236"]
+  allow_overwrite = true
+  zone_id         = var.zone_galaxyproject_eu
+  name            = "zfs2f.galaxyproject.eu"
+  type            = "A"
+  ttl             = "7200"
+  records         = ["10.5.68.236"]
   #comment
 }
 
 ## ZFS server #4 (all flash)
 resource "aws_route53_record" "zfs3f-galaxyproject" {
-  zone_id = var.zone_galaxyproject_eu
-  name    = "zfs3f.galaxyproject.eu"
-  type    = "A"
-  ttl     = "7200"
-  records = ["10.5.68.235"]
+  allow_overwrite = true
+  zone_id         = var.zone_galaxyproject_eu
+  name            = "zfs3f.galaxyproject.eu"
+  type            = "A"
+  ttl             = "7200"
+  records         = ["10.5.68.235"]
 }
 
 ## Previous central-manager
@@ -192,59 +212,109 @@ resource "aws_route53_record" "zfs3f-galaxyproject" {
 #  records = ["10.5.68.230"]
 #}
 
-
-# VMs
-resource "aws_route53_record" "plausible" {
-  allow_overwrite = true
-  zone_id         = var.zone_galaxyproject_eu
-  name            = "plausible.galaxyproject.eu"
-  type            = "A"
-  ttl             = "600"
-  records         = ["192.52.44.75"]
-}
-
-resource "aws_route53_record" "apollo-main" {
-  allow_overwrite = true
-  zone_id         = var.zone_galaxyproject_eu
-  name            = "apollo.internal.galaxyproject.eu"
-  type            = "A"
-  ttl             = "600"
-  records         = ["10.5.68.7"]
-}
-
-resource "aws_route53_record" "ftp" {
-  allow_overwrite = true
-  zone_id         = var.zone_usegalaxy_eu
-  name            = "ftp.usegalaxy.eu"
-  type            = "A"
-  ttl             = "600"
-  records         = ["132.230.223.213"]
-}
-
-
 ## Interactive Tools
 ## We redirect all subdomains planning for URLs like
 ## https://727a121642ce1f94-3a20d7fa7b014959af58c7f6a47d1af.interactivetoolentrypoint.interactivetool.{some-subdomain}.usegalaxy.eu/
 #resource "aws_route53_record" "it-subdomain-main-really" {
 #  zone_id = var.zone_usegalaxy_eu
 #
 #  # Guess new domains won't get this for now, but whatever.
-#  name    = "*.interactivetoolentrypoint.interactivetool.usegalaxy.eu"
+#  name    = "*.ep.interactivetool.usegalaxy.eu"
 #  type    = "CNAME"
 #  ttl     = "7200"
 #  records = ["usegalaxy.eu"]
 #}
 #
-#resource "aws_route53_record" "it-subdomain-main" {
-#  zone_id = var.zone_usegalaxy_eu
-#
-#  # Guess new domains won't get this for now, but whatever.
-#  count   = 23
-#  name    = "*.interactivetoolentrypoint.interactivetool.${element(var.subdomain, count.index)}"
-#  type    = "CNAME"
-#  ttl     = "7200"
-#  records = ["usegalaxy.eu"]
-#}
+
+# If your subdomain needs GxIT privileges please place your subdomain at the end of the list and increase the counter `count` in the `it-subdomain-main` resource
+variable "it-subdomain" {
+  type = list(string)
+
+  default = [
+    "annotation.usegalaxy.eu",
+    "aqua.usegalaxy.eu",
+    "beta.usegalaxy.eu",
+    "build.usegalaxy.eu",
+    "cheminformatics.usegalaxy.eu",
+    "climate.usegalaxy.eu",
+    "clipseq.usegalaxy.eu",
+    "ecology.usegalaxy.eu",
+    "erasmusmc.usegalaxy.eu",
+    "graphclust.usegalaxy.eu",
+    "hicexplorer.usegalaxy.eu",
+    "humancellatlas.usegalaxy.eu",
+    "imaging.usegalaxy.eu",
+    "usegalaxy.eu",
+    "live.usegalaxy.eu",
+    "metabolomics.usegalaxy.eu",
+    "metagenomics.usegalaxy.eu",
+    "nanopore.usegalaxy.eu",
+    "proteomics.usegalaxy.eu",
+    "rna.usegalaxy.eu",
+    "singlecell.usegalaxy.eu",
+    "stats.usegalaxy.eu",
+    "streetscience.usegalaxy.eu",
+    "test.usegalaxy.eu",
+    "earth-system.usegalaxy.eu",
+    "eirene.usegalaxy.eu"
+  ]
+}
+
+resource "aws_route53_record" "it-subdomain-main" {
+  allow_overwrite = true
+  zone_id         = var.zone_usegalaxy_eu
+  count           = 26
+  name            = "*.ep.interactivetool.${element(var.it-subdomain, count.index)}"
+  type            = "CNAME"
+  ttl             = "7200"
+  records         = ["usegalaxy.eu"]
+}
+
+# SPF and DMARC records
+resource "aws_route53_record" "usegalaxy_eu_dmarc_txt" {
+  allow_overwrite = true
+  zone_id         = var.zone_usegalaxy_eu
+  name            = "_dmarc.usegalaxy.eu"
+  type            = "TXT"
+  ttl             = "300"
+  records = [
+    "v=DMARC1;p=reject;pct=100;ruf=mailto:[email protected];aspf=r"
+  ]
+}
+
+resource "aws_route53_record" "usegalaxy_eu_spf_txt" {
+  allow_overwrite = true
+  zone_id         = var.zone_usegalaxy_eu
+  name            = ""
+  type            = "TXT"
+  ttl             = "300"
+  records = [
+    "v=spf1 include:mailgun.org -all"
+  ]
+}
+
+resource "aws_route53_record" "galaxyproject_eu_dmarc_txt" {
+  allow_overwrite = true
+  zone_id         = var.zone_galaxyproject_eu
+  name            = "_dmarc.galaxyproject.eu"
+  type            = "TXT"
+  ttl             = "300"
+  records = [
+    "v=DMARC1;p=reject;pct=100;ruf=mailto:[email protected];aspf=r"
+  ]
+}
+
+resource "aws_route53_record" "galaxyproject_eu_spf_txt" {
+  allow_overwrite = true
+  zone_id         = var.zone_galaxyproject_eu
+  name            = ""
+  type            = "TXT"
+  ttl             = "300"
+  records = [
+    "v=spf1 -all"
+  ]
+}
+
 #
 ## https://727a121642ce1f94-3a20d7fa7b014959af58c7f6a47d1af.interactivetoolentrypoint.interactivetool.test.internal.usegalaxy.eu/
 ##resource "aws_route53_record" "it-subdomain-test" {

gat-eu.tf

@@ -1,5 +1,5 @@
 variable "gat-count-eu" {
-  default = 40
+  default = 0
 }
 
 data "openstack_images_image_v2" "gat-image-eu" {

instance_core_apollo.tf

@@ -0,0 +1,26 @@
+resource "openstack_compute_instance_v2" "apollo-usegalaxy" {
+  name            = "apollo.internal.galaxyproject.eu"
+  image_name      = "apollo_16_04_2024"
+  flavor_name     = "m1.large"
+  key_pair        = "cloud2"
+  security_groups = ["egress", "public-web2", "public-ssh", "default", "public-ping"]
+
+  network {
+    name = "bioinf"
+  }
+
+  user_data = <<-EOF
+    #cloud-config
+    package_update: true
+    package_upgrade: true
+  EOF
+}
+
+resource "aws_route53_record" "apollo-usegalaxy-internal" {
+  allow_overwrite = true
+  zone_id         = var.zone_galaxyproject_eu
+  name            = "apollo.internal.galaxyproject.eu"
+  type            = "A"
+  ttl             = "600"
+  records         = ["${openstack_compute_instance_v2.apollo-usegalaxy.access_ip_v4}"]
+}

instance_core_celery.tf

@@ -9,10 +9,10 @@ data "openstack_images_image_v2" "celery-image" {
 resource "openstack_compute_instance_v2" "celery" {
   name            = "celery-${count.index}.galaxyproject.eu"
   image_id        = data.openstack_images_image_v2.celery-image.id
-  flavor_name     = "c1.c36m100"
+  flavor_name     = "m1.xxlarge"
   key_pair        = "cloud2"
   tags            = []
-  security_groups = ["default"]
+  security_groups = ["default", "ingress-from-proxy"]
 
   network {
     name = "bioinf"

instance_core_cvmfs0_eu.tf

@@ -4,7 +4,7 @@ variable "cvmfs-stratum0-eu-dns" {
 
 resource "openstack_compute_instance_v2" "cvmfs-stratum0-eu" {
   name            = var.cvmfs-stratum0-eu-dns
-  image_name      = "generic-rockylinux8-v60-j168-5333625af7b2-main"
+  image_name      = "cvmfs-stratum0_22_04_2024"
   flavor_name     = "m1.small"
   key_pair        = "cloud2"
   security_groups = ["egress", "public-ssh", "public-ping", "public-web2"]
@@ -22,15 +22,18 @@ resource "openstack_compute_instance_v2" "cvmfs-stratum0-eu" {
   EOF
 }
 
-resource "openstack_blockstorage_volume_v2" "cvmfs-data-eu" {
-  name        = "cvmfs stratum 0 EU"
-  description = "spool space for cvmfs"
-  size        = 500
-}
+# 22.4.2024: This resource creation is commented out because the volume
+# from the old cloud is being attached to the instance in the new cloud.
+# resource "openstack_blockstorage_volume_v2" "cvmfs-data-eu" {
+#   name        = "cvmfs stratum 0 EU"
+#   description = "spool space for cvmfs"
+#   size        = 500
+# }
 
-resource "openstack_compute_volume_attach_v2" "cvmfs-va-eu" {
-  instance_id = "${openstack_compute_instance_v2.cvmfs-stratum0-eu.id}"
-  volume_id   = "${openstack_blockstorage_volume_v2.cvmfs-data-eu.id}"
+resource "openstack_compute_volume_attach_v2" "cvmfs-stratum0-va-eu" {
+  instance_id = openstack_compute_instance_v2.cvmfs-stratum0-eu.id
+  volume_id   = "b637697c-5227-4b0c-a300-7afdd2256cc4"
+  device      = "/dev/vdb"
 }
 
 resource "aws_route53_record" "cvmfs-stratum0-eu" {

instance_core_cvmfs1-ufr0.tf

@@ -4,7 +4,7 @@ variable "cvmfs1-ufr0-eu-dns" {
 
 resource "openstack_compute_instance_v2" "cvmfs1-ufr0-eu" {
   name            = var.cvmfs1-ufr0-eu-dns
-  image_name      = "generic-rockylinux8-v60-j168-5333625af7b2-main"
+  image_name      = "cvmfs1-ufr0-internal_22_04_2024"
   flavor_name     = "m1.small"
   key_pair        = "cloud2"
   security_groups = ["egress", "public-ssh", "public-ping", "public-web2"]