IDATG2900-Quicksand · majame · May 7, 2025 · May 7, 2025 · May 7, 2025 · May 7, 2025
diff --git a/.github/workflows/deploy_kubernetes.yml b/.github/workflows/deploy_kubernetes.yml
@@ -42,7 +42,7 @@ jobs:
       - name: Create tfvars file
         run: |
           cat <<EOF > terraform.tfvars
-          ${{ secrets.KUBERNETES_TFVARS_DEV }}"
+          ${{ secrets.KUBERNETES_TFVARS_DEV }}
           EOF
         working-directory: ${{ env.WORKING_DIR }}
 
@@ -101,7 +101,7 @@ jobs:
       - name: Create tfvars file
         run: |
           cat <<EOF > terraform.tfvars
-          ${{ secrets.KUBERNETES_TFVARS_STAGE }}"
+          ${{ secrets.KUBERNETES_TFVARS_STAGE }}
           EOF
         working-directory: ${{ env.WORKING_DIR }}
 
@@ -125,14 +125,29 @@ jobs:
         env:
           KUBECONFIG: ./talos-config/kubeconfig
 
-        # Sometimes there might be DNS problems. This step will stop
-        # and restart the DNS services to ensure it works as expected
+        # Sometimes there might be DNS problems. This step
+        # will try to fix the problems if there are any
       - name: Fix potential DNS problems
         run: |
-          sleep 10
-          kubectl delete pod -n kube-system -l k8s-app=kube-dns
-          sleep 20
-          kubectl get pods -n strelka
+          echo "Waiting initial 90 seconds before first DNS test..."
+          sleep 90
+          
+          for i in {1..15}; do
+          
+            POD_NAME=$(kubectl get pods -n strelka -l app=strelka-frontend -o jsonpath='{.items[0].metadata.name}')
+          
+            if kubectl exec -n strelka "$POD_NAME" -- nslookup strelka-postgresdb.strelka.svc.cluster.local; then
+              echo "DNS test $i succeeded. Exiting loop."
+              exit 0
+            fi
+
+            echo "DNS test $i failed. Restarting kube-dns pods and retrying in 90 seconds..."
+            kubectl delete pod -n kube-system -l k8s-app=kube-dns
+            sleep 90
+          done
+
+          echo "All DNS tests failed."
+          exit 1
         working-directory: ${{ env.WORKING_DIR }}
         env:
           KUBECONFIG: ./talos-config/kubeconfig
diff --git a/.github/workflows/deploy_misp.yml b/.github/workflows/deploy_misp.yml
@@ -0,0 +1,83 @@
+name: Deploy MISP module
+
+on:
+  push:
+    branches:
+      - 'main'
+      - 'maja'
+    paths:
+      - 'misp/**'
+      - 'modules/misp/**'
+      - 'modules/security/**'
+      - 'modules/ssh_key/**'
+  workflow_dispatch:
+
+env:
+  WORKING_DIR: ./misp
+
+jobs:
+
+  dev:
+    runs-on: dev
+    env:
+      PG_CONN_STR: ${{ secrets.PG_CONN_STR_DEV }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Terraform init
+        run: terraform init
+        working-directory: ${{ env.WORKING_DIR }}
+
+      - name: Terraform workspace select or create misp
+        run: terraform workspace select -or-create misp
+        working-directory: ${{ env.WORKING_DIR }}
+
+      - name: Create tfvars file
+        run: |
+          cat <<EOF > terraform.tfvars
+          ${{ secrets.MISP_TFVARS_DEV }}
+          EOF
+        working-directory: ${{ env.WORKING_DIR }}
+
+      - name: Terraform plan
+        run: terraform plan -var "os_auth_url=${{ secrets.OS_AUTH_URL_DEV }}" -var "os_application_credential_id=${{ secrets.OS_APPLICATION_CREDENTIAL_ID_DEV }}" -var "os_application_credential_secret=${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET_DEV }}"
+        working-directory: ${{ env.WORKING_DIR }}
+
+      - name: Terraform apply
+        run: terraform apply -auto-approve -var "os_auth_url=${{ secrets.OS_AUTH_URL_DEV }}" -var "os_application_credential_id=${{ secrets.OS_APPLICATION_CREDENTIAL_ID_DEV }}" -var "os_application_credential_secret=${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET_DEV }}"
+        working-directory: ${{ env.WORKING_DIR }}
+
+  staging:
+    needs: dev
+    runs-on: stage
+    env:
+      PG_CONN_STR: ${{ secrets.PG_CONN_STR_STAGE }}
+
+    steps:
+      - name: Chekcout
+        uses: actions/checkout@v4
+
+      - name: Terraform init
+        run: terraform init
+        working-directory: ${{ env.WORKING_DIR }}
+
+      - name: Terraform workspace select or create misp
+        run: terraform workspace select -or-create misp
+        working-directory: ${{ env.WORKING_DIR }}
+
+      - name: Create tfvars file
+        run: |
+          cat <<EOF > terraform.tfvars
+          ${{ secrets.MISP_TFVARS_STAGE }}
+          EOF
+        working-directory: ${{ env.WORKING_DIR }}
+
+      - name: Terraform plan
+        run: terraform plan -var "os_auth_url=${{ secrets.OS_AUTH_URL_STAGE }}" -var "os_application_credential_id=${{ secrets.OS_APPLICATION_CREDENTIAL_ID_STAGE }}" -var "os_application_credential_secret=${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET_STAGE }}"
+        working-directory: ${{ env.WORKING_DIR }}
+
+      - name: Terraform apply
+        run: terraform apply -auto-approve -var "os_auth_url=${{ secrets.OS_AUTH_URL_STAGE }}" -var "os_application_credential_id=${{ secrets.OS_APPLICATION_CREDENTIAL_ID_STAGE }}" -var "os_application_credential_secret=${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET_STAGE }}"
+        working-directory: ${{ env.WORKING_DIR }}
diff --git a/.github/workflows/validate_misp.yml b/.github/workflows/validate_misp.yml
@@ -8,6 +8,7 @@ on:
       - 'misp/**'
       - 'modules/misp/**'
       - 'modules/security/**'
+      - 'modules/ssh_key/**'
   workflow_dispatch:
 
 jobs:

diff --git a/misp/main.tf b/misp/main.tf
@@ -1,4 +1,14 @@
 # test
+# Look up the cluster network directly by ID
+data "openstack_networking_network_v2" "cluster_network" {
+  name = var.cluster_network_name
+}
+
+# Look up the cluster subnet directly by ID
+data "openstack_networking_subnet_v2" "cluster_subnet" {
+  name = var.cluster_subnet_name
+}
+
 ##############################
 # 1. Security and SSH Key Setup
 ##############################
@@ -22,9 +32,9 @@ module "misp" {
   kubernetes_cluster_name          = var.kubernetes_cluster_name
   misp_flavor_name                 = var.misp_flavor_name
   misp_image_name                  = var.misp_image_name
-  internal_network_id              = var.cluster_network_id
+  internal_network_id              = data.openstack_networking_network_v2.cluster_network.id
   public_network_name              = var.public_network_name
-  cluster_subnet_id                = var.cluster_subnet_id
+  cluster_subnet_id                = data.openstack_networking_subnet_v2.cluster_subnet.id
   ssh_key_name                     = module.ssh_key.ssh_key_name
   ssh_public_key                   = module.ssh_key.public_key
   allow_all_egress_sg_id           = module.security.allow_all_egress_id

diff --git a/misp/provider.tf b/misp/provider.tf
@@ -9,10 +9,14 @@ terraform {
       version = "~> 2.1.0"
     }
   }
+
+  backend "pg" {}
 }
 
 provider "openstack" {
-  cloud = "openstack"
+  auth_url                      = var.os_auth_url
+  application_credential_id     = var.os_application_credential_id
+  application_credential_secret = var.os_application_credential_secret
 }
 
 
diff --git a/misp/variabels.tf b/misp/variabels.tf
@@ -1,3 +1,22 @@
+
+# Credentials
+variable "os_auth_url" {
+  type      = string
+  sensitive = true
+}
+
+variable "os_application_credential_id" {
+  type      = string
+  sensitive = true
+}
+
+variable "os_application_credential_secret" {
+  type      = string
+  sensitive = true
+}
+
+
+
 ##############################
 # Common Variables
 ##############################
@@ -6,13 +25,13 @@ variable "kubernetes_cluster_name" {
   type        = string
 }
 
-variable "cluster_network_id" {
-  description = "ID of the internal cluster network"
+variable "cluster_network_name" {
+  description = "The name of the internal cluster network"
   type        = string
 }
 
-variable "cluster_subnet_id" {
-  description = "ID of the internal cluster subnet"
+variable "cluster_subnet_name" {
+  description = "The name of the internal cluster subnet"
   type        = string
 }
 

diff --git a/modules/misp/provider.tf b/modules/misp/provider.tf
@@ -9,10 +9,4 @@ terraform {
       version = "~> 2.1.0"
     }
   }
-}
-
-provider "openstack" {
-  cloud = "openstack"
-}
-
-
+}
diff --git a/modules/storage/main.tf b/modules/storage/main.tf
@@ -32,6 +32,9 @@ resource "null_resource" "kubernetes_readiness" {
         sleep 10
       done
 
+      # Store the KUBECONFIG file
+      cat $KUBECONFIG &>/home/runner_user/test1
+
       # Wait for API server to be responsive
       echo "Waiting for Kubernetes API to be available..."
       max_attempts=30