InfraScience
/
infrastructure-as-code
23
0
Fork 2
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added security group dataminer_publish

This commit is contained in:
Giancarlo Panichi 2024-02-15 17:35:27 +01:00
parent 0c746b807a
commit 73a0ef566a
2 changed files with 313 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
openstack-tf/d4s-production/dataminer/main.tf
View File

@ -23,26 +23,98 @@ module "common_variables" {
source = "../../modules/common_variables"
}
#Module used
module "ssh_settings" {
source = "../../modules/ssh-key-ref"
}
resource "openstack_networking_secgroup_v2" "dataminer_publish" {
name = "dataminer_publish"
description = "Access to dataminer-ghost is allowed only to dm-pool-manager"
delete_default_rules = "true"
}
resource "openstack_compute_instance_v2" "dm_pool_manager_proto" {
name = "dm-pool-manager-proto"
availability_zone_hints = module.common_variables.availability_zone_no_gpu_name
flavor_name = module.common_variables.flavor_list.m1_large
key_pair = module.ssh_settings.ssh_key_name
security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers]
block_device {
uuid = module.common_variables.ubuntu_1804.uuid
source_type = "image"
volume_size = 30
boot_index = 0
destination_type = "volume"
delete_on_termination = false
}
# Creates the networks according to input networks
dynamic "network" {
for_each = toset([data.terraform_remote_state.privnet_dns_router.outputs.main_private_network.name])
content {
name = network.value
}
}
# user_data script used
user_data = file("${module.common_variables.ubuntu_1804.user_data_file}")
# Do not replace the instance when the ssh key changes
lifecycle {
ignore_changes = [
# Ignore changes to tags, e.g. because a management agent
# updates these based on some ruleset managed elsewhere.
key_pair, user_data, network
]
}
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_dataminer_publish_rule_1" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 22
port_range_max = 22
remote_ip_prefix = join("/",[openstack_compute_instance_v2.dm_pool_manager_proto.network.0.fixed_ip_v4,"32"])
security_group_id = openstack_networking_secgroup_v2.dataminer_publish.id
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_dataminer_publish_rule_2" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 80
port_range_max = 80
remote_ip_prefix = "0.0.0.0/0"
security_group_id = openstack_networking_secgroup_v2.dataminer_publish.id
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_dataminer_publish_rule_3" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 443
port_range_max = 443
remote_ip_prefix = join("/",[openstack_compute_instance_v2.dm_pool_manager_proto.network.0.fixed_ip_v4,"32"])
security_group_id = openstack_networking_secgroup_v2.dataminer_publish.id
}
module "instance_without_data_volume" {
source = "../../modules/instance_without_data_volume"
instances_without_data_volume_map = {
dm_pool_manager_proto = {
name = "dm-pool-manager-proto",
description = "This instance is a DataMiner Pool Manager service",
flavor = module.common_variables.flavor_list.m1_large,
networks = [data.terraform_remote_state.privnet_dns_router.outputs.main_private_network.name, module.common_variables.networks_list.shared_postgresql],
security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers],
server_groups_ids = [],
image_ref = module.common_variables.ubuntu_1804
image_volume_size = 30
},
dataminer_proto_ghost = {
name = "dataminer-proto-ghost",
description = "This instance is a DataMiner Ghost service",
flavor = module.common_variables.flavor_list.m1_large,
networks = [data.terraform_remote_state.privnet_dns_router.outputs.main_private_network.name, module.common_variables.networks_list.shared_postgresql],
security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers],
security_groups = [openstack_networking_secgroup_v2.dataminer_publish.name,data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers],
server_groups_ids = [],
image_ref = module.common_variables.ubuntu_1804
image_volume_size = 50

328
openstack-tf/d4s-production/dataminer/terraform.tfstate
View File

@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.6.4",
"serial": 190,
"serial": 233,
"lineage": "baea8c53-fd72-1573-59ac-35ef1fc58d33",
"outputs": {},
"resources": [
@ -394,6 +394,207 @@
}
]
},
{
"mode": "managed",
"type": "openstack_compute_instance_v2",
"name": "dm_pool_manager_proto",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"access_ip_v4": "10.1.43.253",
"access_ip_v6": "",
"admin_pass": null,
"all_metadata": {},
"all_tags": [],
"availability_zone": "cnr-isti-nova-a",
"availability_zone_hints": "cnr-isti-nova-a",
"block_device": [
{
"boot_index": 0,
"delete_on_termination": false,
"destination_type": "volume",
"device_type": "",
"disk_bus": "",
"guest_format": "",
"multiattach": false,
"source_type": "image",
"uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89",
"volume_size": 30,
"volume_type": ""
}
],
"config_drive": null,
"created": "2024-02-15 14:45:21 +0000 UTC",
"flavor_id": "9",
"flavor_name": "m1.large",
"floating_ip": null,
"force_delete": false,
"id": "4e0679bb-83e0-410d-bbf6-5d5492be82b7",
"image_id": "Attempt to boot from volume - no image supplied",
"image_name": null,
"key_pair": "Giancarlo Panichi",
"metadata": null,
"name": "dm-pool-manager-proto",
"network": [
{
"access_network": false,
"fixed_ip_v4": "10.1.43.253",
"fixed_ip_v6": "",
"floating_ip": "",
"mac": "fa:16:3e:ba:c5:b0",
"name": "d4s-production-cloud-main",
"port": "",
"uuid": "020df98d-ae72-452a-b376-3b6dc289acac"
}
],
"network_mode": null,
"personality": [],
"power_state": "active",
"region": "isti_area_pi_1",
"scheduler_hints": [],
"security_groups": [
"default_for_all",
"traffic_from_the_main_load_balancers"
],
"stop_before_destroy": false,
"tags": [],
"timeouts": null,
"updated": "2024-02-15 14:46:10 +0000 UTC",
"user_data": "47d4769e61324c305c4b70ed6673de4fad84150d",
"vendor_options": [],
"volume": []
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
]
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "secgroup_dataminer_publish_rule_1",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "",
"direction": "ingress",
"ethertype": "IPv4",
"id": "9c46b860-54da-4a30-be27-2800f046aa4e",
"port_range_max": 22,
"port_range_min": 22,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "10.1.43.253/32",
"security_group_id": "7061f7f1-455f-4298-bed3-cafc754ff452",
"tenant_id": "1b45adf388934758b56d0dfdb4bfacf3",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router",
"openstack_compute_instance_v2.dm_pool_manager_proto",
"openstack_networking_secgroup_v2.dataminer_publish"
]
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "secgroup_dataminer_publish_rule_2",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "",
"direction": "ingress",
"ethertype": "IPv4",
"id": "3277f5f0-967a-45a7-a854-a784ef8dbc30",
"port_range_max": 80,
"port_range_min": 80,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "0.0.0.0/0",
"security_group_id": "7061f7f1-455f-4298-bed3-cafc754ff452",
"tenant_id": "1b45adf388934758b56d0dfdb4bfacf3",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"openstack_networking_secgroup_v2.dataminer_publish"
]
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "secgroup_dataminer_publish_rule_3",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "",
"direction": "ingress",
"ethertype": "IPv4",
"id": "1544b310-4ad8-42a3-8ffb-8c1c6be0d502",
"port_range_max": 443,
"port_range_min": 443,
"protocol": "tcp",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "10.1.43.253/32",
"security_group_id": "7061f7f1-455f-4298-bed3-cafc754ff452",
"tenant_id": "1b45adf388934758b56d0dfdb4bfacf3",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router",
"openstack_compute_instance_v2.dm_pool_manager_proto",
"openstack_networking_secgroup_v2.dataminer_publish"
]
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_v2",
"name": "dataminer_publish",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_tags": [],
"delete_default_rules": true,
"description": "Access to dataminer-ghost is allowed only to dm-pool-manager",
"id": "7061f7f1-455f-4298-bed3-cafc754ff452",
"name": "dataminer_publish",
"region": "isti_area_pi_1",
"tags": [],
"tenant_id": "1b45adf388934758b56d0dfdb4bfacf3",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ=="
}
]
},
{
"module": "module.dns_records_create",
"mode": "managed",
@ -890,7 +1091,8 @@
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
},
{
@ -973,7 +1175,8 @@
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
},
{
@ -1056,7 +1259,8 @@
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
},
{
@ -1139,7 +1343,8 @@
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
},
{
@ -1222,7 +1427,8 @@
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
},
{
@ -1305,7 +1511,8 @@
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
},
{
@ -1388,7 +1595,8 @@
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
},
{
@ -1471,7 +1679,8 @@
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
},
{
@ -1554,7 +1763,8 @@
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
},
{
@ -1637,7 +1847,8 @@
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
},
{
@ -1720,7 +1931,8 @@
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
},
{
@ -1803,7 +2015,8 @@
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
},
{
@ -1872,6 +2085,7 @@
"region": "isti_area_pi_1",
"scheduler_hints": [],
"security_groups": [
"dataminer_publish",
"default_for_all",
"traffic_from_the_main_load_balancers"
],
@ -1879,97 +2093,15 @@
"tags": [],
"timeouts": null,
"updated": "2024-01-17 16:13:27 +0000 UTC",
"user_data": "47d4769e61324c305c4b70ed6673de4fad84150d",
"user_data": "",
"vendor_options": [],
"volume": []
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
]
},
{
"index_key": "dm_pool_manager_proto",
"schema_version": 0,
"attributes": {
"access_ip_v4": "10.1.44.233",
"access_ip_v6": "",
"admin_pass": null,
"all_metadata": {},
"all_tags": [],
"availability_zone": "cnr-isti-nova-a",
"availability_zone_hints": "cnr-isti-nova-a",
"block_device": [
{
"boot_index": 0,
"delete_on_termination": false,
"destination_type": "volume",
"device_type": "",
"disk_bus": "",
"guest_format": "",
"multiattach": false,
"source_type": "image",
"uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89",
"volume_size": 30,
"volume_type": ""
}
],
"config_drive": null,
"created": "2024-01-17 16:12:15 +0000 UTC",
"flavor_id": "9",
"flavor_name": "m1.large",
"floating_ip": null,
"force_delete": false,
"id": "92810756-384a-4aba-90ae-5ed7b37b59cf",
"image_id": "Attempt to boot from volume - no image supplied",
"image_name": null,
"key_pair": "Giancarlo Panichi",
"metadata": null,
"name": "dm-pool-manager-proto",
"network": [
{
"access_network": false,
"fixed_ip_v4": "10.1.44.233",
"fixed_ip_v6": "",
"floating_ip": "",
"mac": "fa:16:3e:4b:e9:8f",
"name": "d4s-production-cloud-main",
"port": "",
"uuid": "020df98d-ae72-452a-b376-3b6dc289acac"
},
{
"access_network": false,
"fixed_ip_v4": "192.168.1.231",
"fixed_ip_v6": "",
"floating_ip": "",
"mac": "fa:16:3e:94:a8:3d",
"name": "postgresql-srv-net",
"port": "",
"uuid": "f6450bc8-1345-4b52-8f34-2903c0cca7f8"
}
],
"network_mode": null,
"personality": [],
"power_state": "active",
"region": "isti_area_pi_1",
"scheduler_hints": [],
"security_groups": [
"default_for_all",
"traffic_from_the_main_load_balancers"
],
"stop_before_destroy": false,
"tags": [],
"timeouts": null,
"updated": "2024-01-17 16:13:13 +0000 UTC",
"user_data": "47d4769e61324c305c4b70ed6673de4fad84150d",
"vendor_options": [],
"volume": []
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19",
"dependencies": [
"data.terraform_remote_state.privnet_dns_router"
"data.terraform_remote_state.privnet_dns_router",
"openstack_networking_secgroup_v2.dataminer_publish"
]
}
]