Updated to STACKIT provider

.gitignore

@@ -35,3 +35,4 @@ terraform.rc
 .env
 .terraform.lock.hcl
 conf.img
+pfsense.qcow2

00-provider.tf

@@ -11,20 +11,15 @@ https://opensource.org/licenses/MIT.
 terraform {
   required_version = ">= 0.14.0"
   required_providers {
-    openstack = {
-      source  = "terraform-provider-openstack/openstack"
-      version = "3.0.0"
+    stackit = {
+      source = "stackitcloud/stackit"
+      version = "0.44.0"
     }
   }
 }
 
-# Configure the OpenStack Provider
-provider "openstack" {
-  user_name         = var.USERNAME
-  tenant_id         = var.TENANTID
-  user_domain_name  = "portal_mvp"
-  project_domain_id = "portal_mvp"
-  password          = var.PASSWORD
-  auth_url          = "https://keystone.api.iaas.eu01.stackit.cloud/v3/"
-  region            = "RegionOne"
+provider "stackit" {
+  default_region                = "eu01"
+  service_account_token = var.STACKIT_SERVICE_ACCOUNT_TOKEN
+  enable_beta_resources = true
 }

01-config.tf

@@ -11,47 +11,35 @@ https://opensource.org/licenses/MIT.
 # Custom User Settings
 #
 
-# OpenStack Availability Zone
+# STACKIT Availability Zone
 variable "zone" {
   type        = string
   description = ""
   default     = "eu01-m"
 }
 
-# OpenStack VM Flavor
+# STACKIT VM Flavor
 variable "flavor" {
   type        = string
   description = ""
   default     = "c1.2"
 }
 
-# Local VPC Subnet to create OpenStack Network
+# Local VPC Subnet to create Network
 variable "LOCAL_SUBNET" {
   type        = string
   description = ""
   default     = "10.0.0.0/24"
 }
 
-############################################
-
-#
-# System Settings (do not edit)
-#
-
-# OpenStack UAT Username
-variable "USERNAME" {
+# STACKIT ProjectID
+variable "STACKIT_PROJECT_ID" {
   type        = string
   description = ""
 }
 
-# OpenStack Project ID
-variable "TENANTID" {
+# STACKIT Service Account Token
+variable "STACKIT_SERVICE_ACCOUNT_TOKEN" {
   type        = string
   description = ""
-}
-
-# OpenStack UAT Password
-variable "PASSWORD" {
-  type        = string
-  description = ""
-}
+}

02-pfsense-image.tf

@@ -7,12 +7,30 @@ license that can be found in the LICENSE file or at
 https://opensource.org/licenses/MIT.
 */
 
-# Upload VPN Appliance Image to OpenStack
-resource "openstack_images_image_v2" "pfsense_image" {
-  name             = "pfsense-2.7.2-amd64-image"
-  image_source_url = "https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2"
-  web_download     = true
-  container_format = "bare"
-  disk_format      = "qcow2"
-  visibility       = "shared"
+# Local copy of the Image 
+resource "null_resource" "pfsense_image_file" {
+    triggers = {
+    always_run = timestamp()
+  }
+
+  provisioner "local-exec" {
+    command = "curl -o pfsense.qcow2 https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2"
+  }
+}
+
+# Upload VPN Appliance Image to STACKIT
+resource "stackit_image" "pfsense_image" {
+  project_id       = var.STACKIT_PROJECT_ID
+  name             = "pfsense-2.7.2-amd64-image"
+  local_file_path  = "./pfsense.qcow2"
+  disk_format      = "qcow2"
+  depends_on       = [null_resource.pfsense_image_file]
+  min_disk_size    = 10
+  min_ram          = 2
+  config = {
+    uefi           = false
+    cdrom_bus      = "scsi"
+    disk_bus       = "scsi"
+    secure_boot    = false
+  }
 }

03-pfsense-network.tf

@@ -7,72 +7,42 @@ license that can be found in the LICENSE file or at
 https://opensource.org/licenses/MIT.
 */
 
-# Create vNET Networks
-resource "openstack_networking_network_v2" "vpc_network" {
-  name           = "VPC Network"
-  description    = "Local Peering VPC Network"
-  admin_state_up = "true"
+# Get vNET Networks
+resource "stackit_network" "lan_network" {
+  project_id         = var.STACKIT_PROJECT_ID
+  name               = "lan_network"
+  ipv4_nameservers        = ["208.67.222.222", "9.9.9.9"]
+  ipv4_prefix_length = 24
 }
 
-resource "openstack_networking_network_v2" "wan_network" {
-  name           = "WAN Network"
-  description    = "Transfer Net for binding FloatingIPs"
-  admin_state_up = "true"
+resource "stackit_network" "wan_network" {
+  project_id         = var.STACKIT_PROJECT_ID
+  name               = "wan_network"
+  ipv4_nameservers        = ["208.67.222.222", "9.9.9.9"]
+  ipv4_prefix_length = 28
 }
 
-# Create Subnets
-resource "openstack_networking_subnet_v2" "vpc_subnet_1" {
-  name        = "vpc_subnet"
-  description = "Local VPC Network"
-  network_id  = openstack_networking_network_v2.vpc_network.id
-  cidr        = var.LOCAL_SUBNET
-  ip_version  = 4
-  dns_nameservers = [
-    "208.67.222.222",
-    "9.9.9.9",
-  ]
+resource "stackit_network_interface" "nic_lan" {
+  project_id         = var.STACKIT_PROJECT_ID
+  network_id         = stackit_network.lan_network.network_id
 }
 
-resource "openstack_networking_subnet_v2" "wan_subnet_1" {
-  name        = "wan_subnet"
-  description = "WAN Network"
-  network_id  = openstack_networking_network_v2.wan_network.id
-  cidr        = "100.96.96.0/25"
-  ip_version  = 4
-  dns_nameservers = [
-    "208.67.222.222",
-    "9.9.9.9",
-  ]
+resource "stackit_network_interface" "nic_wan" {
+  project_id         = var.STACKIT_PROJECT_ID
+  network_id         = stackit_network.wan_network.network_id
 }
 
-# Create OpenStack Router
-
-resource "openstack_networking_router_v2" "vpc_router" {
-  name        = "vpc_router"
-  description = "VPC Router"
+resource "stackit_public_ip" "example" {
+  project_id           = var.STACKIT_PROJECT_ID
+  network_interface_id = stackit_network_interface.nic_wan.network_interface_id
 }
 
-resource "openstack_networking_router_interface_v2" "vpc_router_interface_1" {
-  router_id = openstack_networking_router_v2.vpc_router.id
-  subnet_id = openstack_networking_subnet_v2.vpc_subnet_1.id
-}
 
-resource "openstack_networking_router_v2" "wan_router" {
-  name                = "wan_router"
-  description         = "WAN Router"
-  external_network_id = "970ace5c-458f-484a-a660-0903bcfd91ad"
-}
+# Get Subents
+#data "openstack_networking_subnet_v2" "vpc_subnet_1" {
+#  network_id  = stackit_network.lan_network.network_id
+#}
 
-# Create Router interfaces
-resource "openstack_networking_router_interface_v2" "wan_router_interface_1" {
-  router_id = openstack_networking_router_v2.wan_router.id
-  subnet_id = openstack_networking_subnet_v2.wan_subnet_1.id
-}
-
-# Create static routing entry for VPC Traffic to hit the pfSense instead of the default gateway
-resource "openstack_networking_router_route_v2" "vpc_router_route_1" {
-  depends_on       = [openstack_networking_router_interface_v2.vpc_router_interface_1]
-  router_id        = openstack_networking_router_v2.vpc_router.id
-  destination_cidr = "0.0.0.0/0"
-  next_hop         = openstack_compute_instance_v2.instance_fw.network.1.fixed_ip_v4
-}
+#data "openstack_networking_subnet_v2" "wan_subnet_1" {
+#  network_id  = stackit_network.wan_network.network_id
+#}

04-pfsense-appliance.tf

@@ -7,68 +7,36 @@ license that can be found in the LICENSE file or at
 https://opensource.org/licenses/MIT.
 */
 
-# Create root Volume
-resource "openstack_blockstorage_volume_v3" "fw_root_volume" {
+resource "stackit_volume" "pfsense_vol" {
+  project_id        = var.STACKIT_PROJECT_ID
   name              = "pfsense-2.7.2-root"
-  description       = "Root Volume"
+  availability_zone = var.zone
   size              = 16
-  image_id          = openstack_images_image_v2.pfsense_image.id
+  performance_class = "storage_premium_perf4"
+  source = {
+    id = stackit_image.pfsense_image.image_id
+    type = "image"
+  } 
+}
+
+resource "stackit_server" "pfsense_Server" {
+  project_id = var.STACKIT_PROJECT_ID
+  name       = "pfSense"
+  boot_volume = {
+    source_type = "volume"
+    source_id   = stackit_volume.pfsense_vol.volume_id
+  }
   availability_zone = var.zone
-  volume_type       = "storage_premium_perf4"
+  machine_type      = var.flavor
 }
 
-# Create virtual Server
-resource "openstack_compute_instance_v2" "instance_fw" {
-  name              = "pfSense" # Server name
-  flavor_name       = var.flavor
-  availability_zone = var.zone
-
-  block_device {
-    uuid                  = openstack_blockstorage_volume_v3.fw_root_volume.id
-    source_type           = "volume"
-    destination_type      = "volume"
-    boot_index            = 0
-    delete_on_termination = true
-  }
-
-  network {
-    port = openstack_networking_port_v2.wan_port_1.id
-  }
-
-  network {
-    port = openstack_networking_port_v2.vpc_port_1.id
-  }
-
+resource "stackit_server_network_interface_attach" "nic-attachment-lan" {
+  project_id           = var.STACKIT_PROJECT_ID
+  server_id            = stackit_server.pfsense_Server.server_id
+  network_interface_id = stackit_network_interface.nic_lan.network_interface_id
 }
-
-# Network Ports
-resource "openstack_networking_port_v2" "wan_port_1" {
-  name                  = "FW WAN Port"
-  network_id            = openstack_networking_network_v2.wan_network.id
-  admin_state_up        = "true"
-  port_security_enabled = "false"
-  fixed_ip {
-    subnet_id = openstack_networking_subnet_v2.wan_subnet_1.id
-  }
-}
-
-resource "openstack_networking_port_v2" "vpc_port_1" {
-  name                  = "FW VPC Port"
-  network_id            = openstack_networking_network_v2.vpc_network.id
-  admin_state_up        = "true"
-  port_security_enabled = "false"
-  fixed_ip {
-    subnet_id = openstack_networking_subnet_v2.vpc_subnet_1.id
-  }
-}
-
-
-# Add FloatingIP
-resource "openstack_networking_floatingip_v2" "fip" {
-  pool = "floating-net"
-}
-
-resource "openstack_networking_floatingip_associate_v2" "fip" {
-  floating_ip = openstack_networking_floatingip_v2.fip.address
-  port_id     = openstack_networking_port_v2.wan_port_1.id
+resource "stackit_server_network_interface_attach" "nic-attachment-wan" {
+  project_id           = var.STACKIT_PROJECT_ID
+  server_id            = stackit_server.pfsense_Server.server_id
+  network_interface_id = stackit_network_interface.nic_wan.network_interface_id
 }