feat: In this release, you can have more than 1 vsi per subnet when u…

…sing secondary VNIs (#753)
terraform-ibm-modules · Nov 28, 2024 · 5e39a48 · 5e39a48
1 parent 2f8d441
commit 5e39a48
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 22 deletions.
diff --git a/main.tf b/main.tf
@@ -27,15 +27,35 @@ locals {
       # For each subnet
       for subnet in range(length(var.subnets)) :
       {
-        name        = "${var.subnets[subnet].name}-${count}"
-        vsi_name    = "${var.prefix}-${substr(var.subnets[subnet].id, -4, 4)}-${format("%03d", count + 1)}"
-        subnet_id   = var.subnets[subnet].id
-        zone        = var.subnets[subnet].zone
-        subnet_name = var.subnets[subnet].name
+        name           = "${var.subnets[subnet].name}-${count}"
+        vsi_name       = "${var.prefix}-${substr(var.subnets[subnet].id, -4, 4)}-${format("%03d", count + 1)}"
+        subnet_id      = var.subnets[subnet].id
+        zone           = var.subnets[subnet].zone
+        subnet_name    = var.subnets[subnet].name
+        secondary_vnis = [for index, vni in ibm_is_virtual_network_interface.secondary_vni : vni.id if(vni.zone == var.subnets[subnet].zone) && (tonumber(substr(index, -1, -1)) == count)]
       }
     ]
   ])
 
+  secondary_vni_list = flatten([
+    # For each number in a range from 0 to VSI per subnet
+    for count in range(var.vsi_per_subnet) : [
+      # For each subnet
+      for subnet in range(length(var.secondary_subnets)) :
+      {
+        name        = "${var.secondary_subnets[subnet].name}-${count}"
+        subnet_id   = var.secondary_subnets[subnet].id
+        zone        = var.secondary_subnets[subnet].zone
+        subnet_name = var.secondary_subnets[subnet].name
+      }
+    ]
+  ])
+
+  secondary_vni_map = {
+    for vni in local.secondary_vni_list :
+    vni.name => vni
+  }
+
   # Create map of VSI from list
   vsi_map = {
     for server in local.vsi_list :
@@ -76,19 +96,20 @@ locals {
 
   # List of secondary Virtual network interface for which floating IPs needs to be added.
   secondary_fip_list = !var.use_legacy_network_interface && length(var.secondary_floating_ips) != 0 ? flatten([
-    for instance in ibm_is_instance.vsi : [
-      for network_attachment in instance.network_attachments :
-      network_attachment if contains([for subnet in var.secondary_floating_ips : subnet], network_attachment.name)
+    for subnet in var.secondary_floating_ips :
+    [
+      for key, value in local.secondary_vni_map :
+      {
+        subnet_index = key
+        vni_name     = ibm_is_virtual_network_interface.secondary_vni[key].name
+        vni_id       = ibm_is_virtual_network_interface.secondary_vni[key].id
+      } if strcontains(key, subnet)
     ]
   ]) : []
 
   secondary_fip_map = {
     for vni in local.secondary_fip_list :
-    vni.name => {
-      vni_name    = vni.virtual_network_interface[0].name
-      subnet_name = vni.name
-      vni_id      = vni.virtual_network_interface[0].id
-    }
+    vni.subnet_index => vni
   }
 
   # determine snapshot in following order: input variable -> from consistency group -> null (none)
@@ -140,9 +161,9 @@ resource "ibm_is_virtual_network_interface" "primary_vni" {
 }
 
 resource "ibm_is_virtual_network_interface" "secondary_vni" {
-  for_each = { for k in var.secondary_subnets : k.zone => k if !var.use_legacy_network_interface }
+  for_each = { for key, value in local.secondary_vni_map : key => value if !var.use_legacy_network_interface }
   name     = each.value.name
-  subnet   = each.value.id
+  subnet   = each.value.subnet_id
   # If security_groups is empty(list is len(0)) then default list to data.ibm_is_vpc.vpc.default_security_group.
   # If list is empty it will fail on reapply as when vsi is passed an empty security group list it will attach the default security group.
   allow_ip_spoofing = var.secondary_allow_ip_spoofing
@@ -194,15 +215,15 @@ resource "ibm_is_subnet_reserved_ip" "vsi_ip" {
 
 resource "ibm_is_subnet_reserved_ip" "secondary_vsi_ip" {
   for_each    = { for key, value in local.secondary_reserved_ips_map : key => value if var.primary_vni_additional_ip_count > 0 && !var.use_legacy_network_interface }
-  name        = "${each.value.name}-ip"
+  name        = "${var.prefix}-${substr(md5(each.value.name), -4, 4)}-ip"
   subnet      = each.value.subnet_id
   auto_delete = false
 }
 
 resource "ibm_is_subnet_reserved_ip" "secondary_vni_ip" {
-  for_each    = { for k in var.secondary_subnets : k.zone => k if !var.use_legacy_network_interface && var.manage_reserved_ips }
-  name        = "${each.value.name}-ip"
-  subnet      = each.value.id
+  for_each    = { for key, value in local.secondary_vni_map : key => value if !var.use_legacy_network_interface && var.manage_reserved_ips }
+  name        = "${var.prefix}-${substr(md5(each.value.name), -4, 4)}-secondary-vni-ip"
+  subnet      = each.value.subnet_id
   auto_delete = false
 }
 
@@ -238,11 +259,11 @@ resource "ibm_is_instance" "vsi" {
 
   # Additional Virtual Network Interface
   dynamic "network_attachments" {
-    for_each = { for key, value in ibm_is_virtual_network_interface.secondary_vni : key => value if key == each.value.zone && !var.use_legacy_network_interface }
+    for_each = { for index, id in each.value.secondary_vnis : index => id if !var.use_legacy_network_interface }
     content {
-      name = network_attachments.value.name
+      name = "${each.value.vsi_name}-secondary-vni-${network_attachments.key}"
       virtual_network_interface {
-        id = network_attachments.value.id
+        id = network_attachments.value
       }
     }
   }

diff --git a/variables.tf b/variables.tf
@@ -499,5 +499,6 @@ variable "snapshot_consistency_group_id" {
 variable "use_legacy_network_interface" {
   description = "Set this to true to use legacy network interface for the created instances."
   type        = bool
+  nullable    = false
   default     = false
 }