Manage tunnel terminations on core side (#25)

ffddorf · Aug 2, 2024 · fc8cc35 · fc8cc35
1 parent de51880
commit fc8cc35
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 26 deletions.
diff --git a/data.tf b/data.tf
@@ -58,3 +58,30 @@ data "netbox_virtual_machines" "core_routers" {
 data "netbox_ipam_role" "transfer" {
   name = "Transfer"
 }
+
+locals {
+  devices = {
+    for dev in data.netbox_devices.devices.devices : dev.name => dev
+  }
+  core_devices = concat(
+    [for dev in data.netbox_devices.core_routers.devices : {
+      id     = dev.device_id
+      name   = dev.name
+      device = dev
+    }],
+    [for vm in data.netbox_virtual_machines.core_routers.vms : {
+      id   = vm.vm_id
+      name = vm.name
+      vm   = vm
+    }],
+  )
+}
+
+data "netbox_ip_addresses" "core_primary" {
+  for_each = { for dev in local.core_devices : dev.name => dev }
+
+  filter {
+    name  = "ip_address"
+    value = can(each.value.vm) ? each.value.vm.primary_ip4 : each.value.device.primary_ipv4
+  }
+}
diff --git a/main.tf b/main.tf
@@ -1,21 +1,3 @@
-locals {
-  devices = {
-    for dev in data.netbox_devices.devices.devices : dev.name => dev
-  }
-  core_devices = concat(
-    [for dev in data.netbox_devices.core_routers.devices : {
-      id     = dev.device_id
-      name   = dev.name
-      device = dev
-    }],
-    [for vm in data.netbox_virtual_machines.core_routers.vms : {
-      id   = vm.vm_id
-      name = vm.name
-      vm   = vm
-    }],
-  )
-}
-
 resource "netbox_vpn_tunnel_group" "sites" {
   name = "site-tunnels"
 }
@@ -48,10 +30,11 @@ module "device" {
   tunnel_prefix_v6_id = data.netbox_prefix.tunnels_prefix_v6.id
 
   core_tunnels = [for dev in local.core_devices : {
-    name        = dev.name
-    device_id   = dev.id
-    device_type = can(dev.vm) ? "vm" : "device"
-    if_name     = module.tunnel_interfaces[dev.name].interface_names[each.key]
+    name            = dev.name
+    device_id       = dev.id
+    device_type     = can(dev.vm) ? "vm" : "device"
+    if_name         = module.tunnel_interfaces[dev.name].interface_names[each.key]
+    primary_ipv4_id = one(data.netbox_ip_addresses.core_primary[dev.name].ip_addresses).id
   }]
 
   tunnel_prefix_role_id = data.netbox_ipam_role.transfer.id

diff --git a/modules/device/tunnel.tf b/modules/device/tunnel.tf
@@ -122,3 +122,23 @@ resource "netbox_vpn_tunnel_termination" "site" {
   device_interface_id   = netbox_device_interface.tunnels[each.key].id
   outside_ip_address_id = netbox_ip_address.gre_dnat.id
 }
+
+resource "netbox_vpn_tunnel_termination" "core_device" {
+  for_each = { for peer in var.core_tunnels : peer.name => peer if peer.device_type == "device" }
+
+  tunnel_id = netbox_vpn_tunnel.core[each.key].id
+  role      = "peer"
+
+  device_interface_id   = netbox_device_interface.core[each.key].id
+  outside_ip_address_id = each.value.primary_ipv4_id
+}
+
+resource "netbox_vpn_tunnel_termination" "core_vm" {
+  for_each = { for peer in var.core_tunnels : peer.name => peer if peer.device_type == "vm" }
+
+  tunnel_id = netbox_vpn_tunnel.core[each.key].id
+  role      = "peer"
+
+  virtual_machine_interface_id = netbox_interface.core[each.key].id
+  outside_ip_address_id        = each.value.primary_ipv4_id
+}
diff --git a/modules/device/variables.tf b/modules/device/variables.tf
@@ -20,10 +20,11 @@ variable "sites_prefix_v6_id" {
 
 variable "core_tunnels" {
   type = list(object({
-    name        = string
-    device_id   = string
-    device_type = string
-    if_name     = string
+    name            = string
+    device_id       = string
+    device_type     = string
+    if_name         = string
+    primary_ipv4_id = number
   }))
   description = "info about tunnel peers"
 }