Merge pull request #2 from StackedDane/main

Changed provider form Openstack to STACKIT

.gitignore

@@ -35,3 +35,4 @@ terraform.rc
 .env
 .terraform.lock.hcl
 conf.img
+pfsense.qcow2

00-provider.tf

@@ -1,6 +1,6 @@
 /*
 Copyright 2023 Schwarz IT KG <markus.brunsch@mail.schwarz>
-Copyright 2024 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
+Copyright 2024-2025 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
 
 Use of this source code is governed by an MIT-style
 license that can be found in the LICENSE file or at
@@ -11,20 +11,15 @@ https://opensource.org/licenses/MIT.
 terraform {
   required_version = ">= 0.14.0"
   required_providers {
-    openstack = {
+    stackit = {
-      source  = "terraform-provider-openstack/openstack"
+      source  = "stackitcloud/stackit"
-      version = "3.0.0"
+      version = "0.46.0"
     }
   }
 }
 
-# Configure the OpenStack Provider
+provider "stackit" {
-provider "openstack" {
+  default_region        = "eu01"
-  user_name         = var.USERNAME
+  service_account_token = var.STACKIT_SERVICE_ACCOUNT_TOKEN
-  tenant_id         = var.TENANTID
+  enable_beta_resources = true
-  user_domain_name  = "portal_mvp"
-  project_domain_id = "portal_mvp"
-  password          = var.PASSWORD
-  auth_url          = "https://keystone.api.iaas.eu01.stackit.cloud/v3/"
-  region            = "RegionOne"
 }

01-config.tf

@@ -1,6 +1,6 @@
 /*
 Copyright 2023 Schwarz IT KG <markus.brunsch@mail.schwarz>
-Copyright 2024 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
+Copyright 2024-2025 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
 
 Use of this source code is governed by an MIT-style
 license that can be found in the LICENSE file or at
@@ -11,47 +11,40 @@ https://opensource.org/licenses/MIT.
 # Custom User Settings
 #
 
-# OpenStack Availability Zone
+# STACKIT Availability Zone
 variable "zone" {
   type        = string
   description = ""
   default     = "eu01-m"
 }
 
-# OpenStack VM Flavor
+# STACKIT VM Flavor
 variable "flavor" {
   type        = string
   description = ""
   default     = "c1.2"
 }
 
-# Local VPC Subnet to create OpenStack Network
+# Local VPC Subnet to create Network
 variable "LOCAL_SUBNET" {
   type        = string
   description = ""
-  default     = "10.0.0.0/24"
+  default     = "10.10.0.0/24"
+}
+variable "LOCAL_FIREWALL_IP" {
+  type        = string
+  description = ""
+  default     = "10.10.0.220"
 }
 
-############################################
+# STACKIT ProjectID
-
+variable "STACKIT_PROJECT_ID" {
-#
-# System Settings (do not edit)
-#
-
-# OpenStack UAT Username
-variable "USERNAME" {
   type        = string
   description = ""
 }
 
-# OpenStack Project ID
+# STACKIT Service Account Token
-variable "TENANTID" {
+variable "STACKIT_SERVICE_ACCOUNT_TOKEN" {
-  type        = string
-  description = ""
-}
-
-# OpenStack UAT Password
-variable "PASSWORD" {
   type        = string
   description = ""
 }

02-pfsense-image.tf

@@ -1,18 +1,36 @@
 /*
 Copyright 2023 Schwarz IT KG <markus.brunsch@mail.schwarz>
-Copyright 2024 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
+Copyright 2024-2025 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
 
 Use of this source code is governed by an MIT-style
 license that can be found in the LICENSE file or at
 https://opensource.org/licenses/MIT.
 */
 
-# Upload VPN Appliance Image to OpenStack
+# Local copy of the Image 
-resource "openstack_images_image_v2" "pfsense_image" {
+resource "null_resource" "pfsense_image_file" {
-  name             = "pfsense-2.7.2-amd64-image"
+  triggers = {
-  image_source_url = "https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2"
+    always_run = timestamp()
-  web_download     = true
+  }
-  container_format = "bare"
+
-  disk_format      = "qcow2"
+  provisioner "local-exec" {
-  visibility       = "shared"
+    command = "curl -o pfsense.qcow2 https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2"
+  }
+  lifecycle {
+    ignore_changes = all
+  }
+}
+
+# Upload VPN Appliance Image to STACKIT
+resource "stackit_image" "pfsense_image" {
+  project_id      = var.STACKIT_PROJECT_ID
+  name            = "pfsense-2.7.2-amd64-image"
+  local_file_path = "./pfsense.qcow2"
+  disk_format     = "qcow2"
+  depends_on      = [null_resource.pfsense_image_file]
+  min_disk_size   = 10
+  min_ram         = 2
+  config = {
+    uefi = false
+  }
 }

03-pfsense-network.tf

@@ -1,78 +1,42 @@
 /*
 Copyright 2023 Schwarz IT KG <markus.brunsch@mail.schwarz>
-Copyright 2024 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
+Copyright 2024-2025 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
 
 Use of this source code is governed by an MIT-style
 license that can be found in the LICENSE file or at
 https://opensource.org/licenses/MIT.
 */
 
-# Create vNET Networks
+# Get vNET Networks
-resource "openstack_networking_network_v2" "vpc_network" {
+resource "stackit_network" "wan_network" {
-  name           = "VPC Network"
+  project_id       = var.STACKIT_PROJECT_ID
-  description    = "Local Peering VPC Network"
+  name             = "wan_network"
-  admin_state_up = "true"
+  ipv4_nameservers = ["208.67.222.222", "9.9.9.9"]
 }
 
-resource "openstack_networking_network_v2" "wan_network" {
+resource "stackit_network" "lan_network" {
-  name           = "WAN Network"
+  project_id       = var.STACKIT_PROJECT_ID
-  description    = "Transfer Net for binding FloatingIPs"
+  name             = "lan_network"
-  admin_state_up = "true"
+  ipv4_nameservers = ["208.67.222.222", "9.9.9.9"]
+  ipv4_prefix      = var.LOCAL_SUBNET
+  ipv4_gateway     = var.LOCAL_FIREWALL_IP
+  routed           = false
 }
 
-# Create Subnets
+resource "stackit_network_interface" "nic_wan" {
-resource "openstack_networking_subnet_v2" "vpc_subnet_1" {
+  project_id = var.STACKIT_PROJECT_ID
-  name        = "vpc_subnet"
+  network_id = stackit_network.wan_network.network_id
-  description = "Local VPC Network"
+  security   = false
-  network_id  = openstack_networking_network_v2.vpc_network.id
-  cidr        = var.LOCAL_SUBNET
-  ip_version  = 4
-  dns_nameservers = [
-    "208.67.222.222",
-    "9.9.9.9",
-  ]
 }
 
-resource "openstack_networking_subnet_v2" "wan_subnet_1" {
+resource "stackit_network_interface" "nic_lan" {
-  name        = "wan_subnet"
+  project_id = var.STACKIT_PROJECT_ID
-  description = "WAN Network"
+  network_id = stackit_network.lan_network.network_id
-  network_id  = openstack_networking_network_v2.wan_network.id
+  ipv4       = var.LOCAL_FIREWALL_IP
-  cidr        = "100.96.96.0/25"
+  security   = false
-  ip_version  = 4
-  dns_nameservers = [
-    "208.67.222.222",
-    "9.9.9.9",
-  ]
 }
 
-# Create OpenStack Router
+resource "stackit_public_ip" "wan-ip" {
-
+  project_id           = var.STACKIT_PROJECT_ID
-resource "openstack_networking_router_v2" "vpc_router" {
+  network_interface_id = stackit_network_interface.nic_wan.network_interface_id
-  name        = "vpc_router"
-  description = "VPC Router"
-}
-
-resource "openstack_networking_router_interface_v2" "vpc_router_interface_1" {
-  router_id = openstack_networking_router_v2.vpc_router.id
-  subnet_id = openstack_networking_subnet_v2.vpc_subnet_1.id
-}
-
-resource "openstack_networking_router_v2" "wan_router" {
-  name                = "wan_router"
-  description         = "WAN Router"
-  external_network_id = "970ace5c-458f-484a-a660-0903bcfd91ad"
-}
-
-# Create Router interfaces
-resource "openstack_networking_router_interface_v2" "wan_router_interface_1" {
-  router_id = openstack_networking_router_v2.wan_router.id
-  subnet_id = openstack_networking_subnet_v2.wan_subnet_1.id
-}
-
-# Create static routing entry for VPC Traffic to hit the pfSense instead of the default gateway
-resource "openstack_networking_router_route_v2" "vpc_router_route_1" {
-  depends_on       = [openstack_networking_router_interface_v2.vpc_router_interface_1]
-  router_id        = openstack_networking_router_v2.vpc_router.id
-  destination_cidr = "0.0.0.0/0"
-  next_hop         = openstack_compute_instance_v2.instance_fw.network.1.fixed_ip_v4
 }

04-pfsense-appliance.tf

@@ -1,74 +1,43 @@
 /*
 Copyright 2023 Schwarz IT KG <markus.brunsch@mail.schwarz>
-Copyright 2024 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
+Copyright 2024-2025 STACKIT GmbH & Co. KG <markus.brunsch@stackit.cloud>
 
 Use of this source code is governed by an MIT-style
 license that can be found in the LICENSE file or at
 https://opensource.org/licenses/MIT.
 */
 
-# Create root Volume
+resource "stackit_volume" "pfsense_vol" {
-resource "openstack_blockstorage_volume_v3" "fw_root_volume" {
+  project_id        = var.STACKIT_PROJECT_ID
   name              = "pfsense-2.7.2-root"
-  description       = "Root Volume"
+  availability_zone = var.zone
   size              = 16
-  image_id          = openstack_images_image_v2.pfsense_image.id
+  performance_class = "storage_premium_perf4"
+  source = {
+    id   = stackit_image.pfsense_image.image_id
+    type = "image"
+  }
+}
+
+resource "stackit_server" "pfsense_Server" {
+  project_id = var.STACKIT_PROJECT_ID
+  name       = "pfSense"
+  boot_volume = {
+    source_type = "volume"
+    source_id   = stackit_volume.pfsense_vol.volume_id
+  }
   availability_zone = var.zone
-  volume_type       = "storage_premium_perf4"
+  machine_type      = var.flavor
 }
 
-# Create virtual Server
+resource "stackit_server_network_interface_attach" "nic-attachment-lan" {
-resource "openstack_compute_instance_v2" "instance_fw" {
+  project_id           = var.STACKIT_PROJECT_ID
-  name              = "pfSense" # Server name
+  server_id            = stackit_server.pfsense_Server.server_id
-  flavor_name       = var.flavor
+  network_interface_id = stackit_network_interface.nic_lan.network_interface_id
-  availability_zone = var.zone
+  depends_on           = [stackit_server_network_interface_attach.nic-attachment-wan]
-
-  block_device {
-    uuid                  = openstack_blockstorage_volume_v3.fw_root_volume.id
-    source_type           = "volume"
-    destination_type      = "volume"
-    boot_index            = 0
-    delete_on_termination = true
-  }
-
-  network {
-    port = openstack_networking_port_v2.wan_port_1.id
-  }
-
-  network {
-    port = openstack_networking_port_v2.vpc_port_1.id
-  }
-
 }
-
+resource "stackit_server_network_interface_attach" "nic-attachment-wan" {
-# Network Ports
+  project_id           = var.STACKIT_PROJECT_ID
-resource "openstack_networking_port_v2" "wan_port_1" {
+  server_id            = stackit_server.pfsense_Server.server_id
-  name                  = "FW WAN Port"
+  network_interface_id = stackit_network_interface.nic_wan.network_interface_id
-  network_id            = openstack_networking_network_v2.wan_network.id
-  admin_state_up        = "true"
-  port_security_enabled = "false"
-  fixed_ip {
-    subnet_id = openstack_networking_subnet_v2.wan_subnet_1.id
-  }
 }
-
-resource "openstack_networking_port_v2" "vpc_port_1" {
-  name                  = "FW VPC Port"
-  network_id            = openstack_networking_network_v2.vpc_network.id
-  admin_state_up        = "true"
-  port_security_enabled = "false"
-  fixed_ip {
-    subnet_id = openstack_networking_subnet_v2.vpc_subnet_1.id
-  }
-}
-
-
-# Add FloatingIP
-resource "openstack_networking_floatingip_v2" "fip" {
-  pool = "floating-net"
-}
-
-resource "openstack_networking_floatingip_associate_v2" "fip" {
-  floating_ip = openstack_networking_floatingip_v2.fip.address
-  port_id     = openstack_networking_port_v2.wan_port_1.id
-}

README.md

@@ -7,9 +7,7 @@ Deployment overview:
 
 The Terraform deployment consists of:
 + WAN Network
-+ WAN Router with external RouterIP
 + LAN Network
-+ LAN Router with static default gateway router to the pfSense firewall
 + pfSense firewall VM + disk volume
 + FloatingIP for firewall VM
 + deactivating port security on firewall ports
@@ -18,7 +16,7 @@ The Terraform deployment consists of:
 **Requirements:**
 + Terraform installed
 + Access to a STACKIT project
-+ UAT (OpenStack) credentials
++ STACKIT Service-Account-Token
 
 ### Installation
 1. Clone Repo
@@ -47,4 +45,4 @@ Set default password for admin to STACKIT123!
 Disabled Referer-Check
 Enable allow all wan adresses to connect to the WebUI
 
-Now you can enter the WebUI via the FloatingIP on port 443 the default login is admin:STACKIT123!
+Now you can enter the WebUI via the FloatingIP on port 443 the default login is admin:STACKIT123!

example.env

@@ -1,6 +1,4 @@
-# UAT Username
+# STACKIT ProjectID
-export TF_VAR_USERNAME=
+export TF_VAR_STACKIT_PROJECT_ID=
-# UAT Password
+# STACKIT Service Account Token
-export TF_VAR_PASSWORD=
+export TF_VAR_STACKIT_SERVICE_ACCOUNT_TOKEN=
-# OpenStack (not STACKIT) project id
-export TF_VAR_TENANTID=

pfsense.qcow2

@@ -0,0 +1 @@
+