terraform-openstack-loadbalancer

Terraform module to create an OpenStack Load Balancer, including listeners, pools, members, health monitors, and L7 policies/rules.

This module is designed to be flexible. It accepts structured maps for each resource type, enabling you to define a complete load balancer topology.

Module versions

• For Terraform v0.11 and v0.12, use module version v0.1.*.
• Version 2.0+ introduces multiple listeners, more configuration options, and L7 policy support. This release is not backward compatible.

If you are using the older module schema, pin your version to:

version = "1.0.0"

Usage Example

Basic HTTP load balancer

#####################
### Basic HTTP LB ###
#####################
module "openstack-lb" {
  source = "git::https://github.com/thobiast/terraform-openstack-loadbalancer.git"

  # Logical name for the load balancer
  lb_name = "example-basic-http"

  # Subnet where the LB VIP will be allocated
  lb_vip_subnet_id = var.subnet_id

  #################
  # HTTP listener #
  #################
  listeners = {
    # The map key "my_http" is the listener key
    my_http = {
      protocol      = "HTTP"
      protocol_port = 80

      # default_pool_key MUST match a pool key from the "pools" map below
      # Traffic arriving on this listener will be sent to pool "my_pool"
      default_pool_key = "my_pool"
    }
  }

  ############
  # One Pool #
  ############
  pools = {
    # The map key "my_pool" is the pool key
    my_pool = {
      protocol = "HTTP"
      monitor  = { type = "HTTP", delay = 5, timeout = 3, max_retries = 3 }

      # The "members" block dynamically adds all backend servers to this pool
      #
      #   openstack_compute_instance_v2.http[*]
      #
      # Each instance creates one pool member:
      #   - key           = instance name
      #   - value         = instance IP
	  #   - protocol_port = member port
      members = {
        for inst in openstack_compute_instance_v2.http :
        inst.name => {
          address       = inst.network[0].fixed_ip_v4
          protocol_port = 80
        }
      }
    }
  }
}

Load balancer with L7 Policy

#########################
### LB with L7 Policy ###
#########################
module "openstack-lb" {
  source = "git::https://github.com/thobiast/terraform-openstack-loadbalancer.git"

  lb_name          = "example-l7-policy"
  lb_vip_subnet_id = var.subnet_id

  #################
  # HTTP listener #
  #################
  listeners = {
    # The map key "my_http_listener" is the listener key
    # This same key will be used under `l7policies` to attach L7 policies
    my_http_listener = {
      protocol      = "HTTP"
      protocol_port = 80
      # Must match a pool key from the "pools" map below.
      default_pool_key = "app_default"
    }
  }

  ###############################
  # Two pools (default + admin) #
  ###############################
  pools = {
    # The map key "app_default" is the pool key
    # This is the default pool for normal traffic (non-/admin)
    app_default = {
      protocol = "HTTP"
      monitor  = { type = "HTTP", delay = 5, timeout = 3, max_retries = 3 }
      members = {
        # One member per frontend instance
        for inst in openstack_compute_instance_v2.frontend :
        inst.name => {
          address       = inst.network[0].fixed_ip_v4
          protocol_port = 80
        }
      }
    }
    # The map key "app_admin" is the pool key
    # This pool only receives traffic that matches the L7 /admin rule
    app_admin = {
      protocol = "HTTP"
      monitor  = { type = "HTTP", delay = 5, timeout = 3, max_retries = 3 }
      members = {
        # One member per admin instance
        for inst in openstack_compute_instance_v2.admin :
        inst.name => {
          address       = inst.network[0].fixed_ip_v4
          protocol_port = 80
        }
      }
    }
  }

  ################################################################
  # L7 Policy: redirect /admin* to app_admin pool                #
  # Example: curl http://<vip>/admin/   # goes to app_admin pool #
  ################################################################
  l7policies = {
    # This map key MUST match the listener key under "listeners" map
    # In this case "my_http_listener"
    my_http_listener = {
      path_to_admin = {
        action   = "REDIRECT_TO_POOL"
        position = 1
        # Redirect to the pool whose key is "app_admin" in "pools" map
        redirect_pool_key = "app_admin"
        rules = {
          path_admin = { type = "PATH", compare_type = "STARTS_WITH", value = "/admin" }
        }
      }
    }
  }
}

You can find additional and more complete examples in the examples/ directory.

Requirements

Name	Version
terraform	>= 1.3.0
openstack	>= 3.0

Providers

Name	Version
openstack	>= 3.0

Modules

No modules.

Resources

Name	Type
openstack_lb_l7policy_v2.policy	resource
openstack_lb_l7rule_v2.rule	resource
openstack_lb_listener_v2.listener	resource
openstack_lb_loadbalancer_v2.loadbalancer	resource
openstack_lb_member_v2.member	resource
openstack_lb_monitor_v2.monitor	resource
openstack_lb_pool_v2.pool	resource

Inputs

Name	Description	Type	Default	Required
admin_state_up	Load balancer admin state	bool	true	no
l7policies	Map of listener-key => map of L7 policies. Policies can redirect to URL or to a pool (by pool key). - The listener_key must match a key from var.listeners map. - The policy_key is a logical identifier for the policy (e.g., redirect-rule). - redirect_pool_key (optional) must reference a valid key from var.pools map. - Each policy can contain a nested map of rules, where each key is a logical identifier for the rule.	map(map(object({ name = optional(string) description = optional(string) action = string position = number redirect_url = optional(string) redirect_pool_key = optional(string) redirect_prefix = optional(string) redirect_http_code = optional(number) admin_state_up = optional(bool, true) rules = optional(map(object({ type = string compare_type = string value = string key = optional(string) invert = optional(bool, false) admin_state_up = optional(bool, true) })), {}) })))	{}	no
lb_availability_zone	The availability zone of the load balancer	string	null	no
lb_description	Human-readable description for the load balancer	string	""	no
lb_flavor_id	Load balancer flavor (HA, stand-alone)	string	null	no
lb_loadbalancer_provider	The Octavia provider driver name	string	null	no
lb_name	Human-readable name for the load balancer	string	n/a	yes
lb_vip_address	The fixed VIP IP address of the load balancer	string	null	no
lb_vip_network_id	The network on which to allocate the load balancer's address	string	null	no
lb_vip_port_id	The network's port on which want to connect the loadbalancer	string	null	no
lb_vip_qos_policy_id	The ID of the QoS Policy which will be applied to the VIP port	string	null	no
lb_vip_subnet_id	The network's subnet on which to allocate the load balancer's address	string	null	no
listeners	Map of listeners to create, keyed by a logical listener name - default_pool_key (optional) must reference a key in var.pools map	map(object({ name = optional(string) description = optional(string) protocol = string protocol_port = number connection_limit = optional(number) timeout_client_data = optional(number) timeout_member_connect = optional(number) timeout_member_data = optional(number) timeout_tcp_inspect = optional(number) default_tls_container_ref = optional(string) sni_container_refs = optional(list(string), []) insert_headers = optional(map(string), {}) allowed_cidrs = optional(list(string), []) client_authentication = optional(string) client_ca_tls_container_ref = optional(string) client_crl_container_ref = optional(string) tls_ciphers = optional(string) tls_versions = optional(list(string), []) tags = optional(list(string), []) default_pool_key = optional(string) admin_state_up = optional(bool, true) }))	{}	no
pools	Map of pools keyed where each key represents a unique pool name - Each pool may define session_persistence, an optional monitor, and a map of members. - The members map keys are logical identifiers for each member.	map(object({ name = optional(string) description = optional(string) protocol = string lb_method = optional(string, "ROUND_ROBIN") persistence = optional(object({ type = string cookie_name = optional(string) })) monitor = optional(object({ name = optional(string) type = string delay = number timeout = number max_retries = number max_retries_down = optional(number) url_path = optional(string) http_method = optional(string) http_version = optional(string) expected_codes = optional(string) admin_state_up = optional(bool, true) })) members = optional(map(object({ name = optional(string) address = string protocol_port = number subnet_id = optional(string) weight = optional(number) monitor_port = optional(number) monitor_address = optional(string) backup = optional(bool) tags = optional(list(string), []) })), {}) }))	{}	no
tags	A list of strings to add to the load balancer	list(string)	[]	no

Outputs

Name	Description
l7policies	A map of all created OpenStack L7 policy resource objects
l7policy_ids_by_key	Map: listener/policy - l7policy ID
l7rule_ids_by_key	Map: listener/policy/rule - l7rule ID
l7rules	A map of all created OpenStack L7 rule resource objects
listener_ids_by_key	Map: listener key - listener ID
listeners	A map of all created OpenStack listener resource objects
loadbalancer	The full OpenStack load balancer resource object
loadbalancer_id	Load balancer ID
member_ids	Map: pool/member - member ID
members	A map of all created OpenStack member resource objects
monitor_ids_by_pool_key	Map: pool key - monitor ID
monitors	A map of all created OpenStack monitor resource objects
pool_ids_by_key	Map: pool key - pool ID
pools	A map of all created OpenStack pool resource objects
vip_address	Allocated VIP address