From 73a0ef566a588256e8153135a398a0006e23b125 Mon Sep 17 00:00:00 2001 From: Giancarlo Panichi Date: Thu, 15 Feb 2024 17:35:27 +0100 Subject: [PATCH] Added security group dataminer_publish --- openstack-tf/d4s-production/dataminer/main.tf | 94 ++++- .../dataminer/terraform.tfstate | 328 ++++++++++++------ 2 files changed, 313 insertions(+), 109 deletions(-) diff --git a/openstack-tf/d4s-production/dataminer/main.tf b/openstack-tf/d4s-production/dataminer/main.tf index 2c65561..546f8df 100644 --- a/openstack-tf/d4s-production/dataminer/main.tf +++ b/openstack-tf/d4s-production/dataminer/main.tf @@ -23,26 +23,98 @@ module "common_variables" { source = "../../modules/common_variables" } +#Module used +module "ssh_settings" { + source = "../../modules/ssh-key-ref" +} + + +resource "openstack_networking_secgroup_v2" "dataminer_publish" { + name = "dataminer_publish" + description = "Access to dataminer-ghost is allowed only to dm-pool-manager" + delete_default_rules = "true" +} + + +resource "openstack_compute_instance_v2" "dm_pool_manager_proto" { + name = "dm-pool-manager-proto" + availability_zone_hints = module.common_variables.availability_zone_no_gpu_name + flavor_name = module.common_variables.flavor_list.m1_large + key_pair = module.ssh_settings.ssh_key_name + security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers] + block_device { + uuid = module.common_variables.ubuntu_1804.uuid + source_type = "image" + volume_size = 30 + boot_index = 0 + destination_type = "volume" + delete_on_termination = false + } + + # Creates the networks according to input networks + dynamic "network" { + for_each = toset([data.terraform_remote_state.privnet_dns_router.outputs.main_private_network.name]) + content { + name = network.value + } + } + + + # user_data script used + user_data = file("${module.common_variables.ubuntu_1804.user_data_file}") + # Do not replace the instance when the ssh key changes + lifecycle { + ignore_changes = [ + # Ignore changes to tags, e.g. because a management agent + # updates these based on some ruleset managed elsewhere. + key_pair, user_data, network + ] + } +} + + +resource "openstack_networking_secgroup_rule_v2" "secgroup_dataminer_publish_rule_1" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = join("/",[openstack_compute_instance_v2.dm_pool_manager_proto.network.0.fixed_ip_v4,"32"]) + security_group_id = openstack_networking_secgroup_v2.dataminer_publish.id +} + +resource "openstack_networking_secgroup_rule_v2" "secgroup_dataminer_publish_rule_2" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 80 + port_range_max = 80 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = openstack_networking_secgroup_v2.dataminer_publish.id +} + +resource "openstack_networking_secgroup_rule_v2" "secgroup_dataminer_publish_rule_3" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 443 + port_range_max = 443 + remote_ip_prefix = join("/",[openstack_compute_instance_v2.dm_pool_manager_proto.network.0.fixed_ip_v4,"32"]) + security_group_id = openstack_networking_secgroup_v2.dataminer_publish.id +} + + + module "instance_without_data_volume" { source = "../../modules/instance_without_data_volume" instances_without_data_volume_map = { - dm_pool_manager_proto = { - name = "dm-pool-manager-proto", - description = "This instance is a DataMiner Pool Manager service", - flavor = module.common_variables.flavor_list.m1_large, - networks = [data.terraform_remote_state.privnet_dns_router.outputs.main_private_network.name, module.common_variables.networks_list.shared_postgresql], - security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers], - server_groups_ids = [], - image_ref = module.common_variables.ubuntu_1804 - image_volume_size = 30 - }, dataminer_proto_ghost = { name = "dataminer-proto-ghost", description = "This instance is a DataMiner Ghost service", flavor = module.common_variables.flavor_list.m1_large, networks = [data.terraform_remote_state.privnet_dns_router.outputs.main_private_network.name, module.common_variables.networks_list.shared_postgresql], - security_groups = [data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers], + security_groups = [openstack_networking_secgroup_v2.dataminer_publish.name,data.terraform_remote_state.privnet_dns_router.outputs.default_security_group_name, data.terraform_remote_state.privnet_dns_router.outputs.security_group_list.http_and_https_from_the_load_balancers], server_groups_ids = [], image_ref = module.common_variables.ubuntu_1804 image_volume_size = 50 diff --git a/openstack-tf/d4s-production/dataminer/terraform.tfstate b/openstack-tf/d4s-production/dataminer/terraform.tfstate index 25f2170..72f2266 100644 --- a/openstack-tf/d4s-production/dataminer/terraform.tfstate +++ b/openstack-tf/d4s-production/dataminer/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.4", - "serial": 190, + "serial": 233, "lineage": "baea8c53-fd72-1573-59ac-35ef1fc58d33", "outputs": {}, "resources": [ @@ -394,6 +394,207 @@ } ] }, + { + "mode": "managed", + "type": "openstack_compute_instance_v2", + "name": "dm_pool_manager_proto", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_ip_v4": "10.1.43.253", + "access_ip_v6": "", + "admin_pass": null, + "all_metadata": {}, + "all_tags": [], + "availability_zone": "cnr-isti-nova-a", + "availability_zone_hints": "cnr-isti-nova-a", + "block_device": [ + { + "boot_index": 0, + "delete_on_termination": false, + "destination_type": "volume", + "device_type": "", + "disk_bus": "", + "guest_format": "", + "multiattach": false, + "source_type": "image", + "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89", + "volume_size": 30, + "volume_type": "" + } + ], + "config_drive": null, + "created": "2024-02-15 14:45:21 +0000 UTC", + "flavor_id": "9", + "flavor_name": "m1.large", + "floating_ip": null, + "force_delete": false, + "id": "4e0679bb-83e0-410d-bbf6-5d5492be82b7", + "image_id": "Attempt to boot from volume - no image supplied", + "image_name": null, + "key_pair": "Giancarlo Panichi", + "metadata": null, + "name": "dm-pool-manager-proto", + "network": [ + { + "access_network": false, + "fixed_ip_v4": "10.1.43.253", + "fixed_ip_v6": "", + "floating_ip": "", + "mac": "fa:16:3e:ba:c5:b0", + "name": "d4s-production-cloud-main", + "port": "", + "uuid": "020df98d-ae72-452a-b376-3b6dc289acac" + } + ], + "network_mode": null, + "personality": [], + "power_state": "active", + "region": "isti_area_pi_1", + "scheduler_hints": [], + "security_groups": [ + "default_for_all", + "traffic_from_the_main_load_balancers" + ], + "stop_before_destroy": false, + "tags": [], + "timeouts": null, + "updated": "2024-02-15 14:46:10 +0000 UTC", + "user_data": "47d4769e61324c305c4b70ed6673de4fad84150d", + "vendor_options": [], + "volume": [] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "secgroup_dataminer_publish_rule_1", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "", + "direction": "ingress", + "ethertype": "IPv4", + "id": "9c46b860-54da-4a30-be27-2800f046aa4e", + "port_range_max": 22, + "port_range_min": 22, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.43.253/32", + "security_group_id": "7061f7f1-455f-4298-bed3-cafc754ff452", + "tenant_id": "1b45adf388934758b56d0dfdb4bfacf3", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_compute_instance_v2.dm_pool_manager_proto", + "openstack_networking_secgroup_v2.dataminer_publish" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "secgroup_dataminer_publish_rule_2", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "", + "direction": "ingress", + "ethertype": "IPv4", + "id": "3277f5f0-967a-45a7-a854-a784ef8dbc30", + "port_range_max": 80, + "port_range_min": 80, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "7061f7f1-455f-4298-bed3-cafc754ff452", + "tenant_id": "1b45adf388934758b56d0dfdb4bfacf3", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.dataminer_publish" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "secgroup_dataminer_publish_rule_3", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "", + "direction": "ingress", + "ethertype": "IPv4", + "id": "1544b310-4ad8-42a3-8ffb-8c1c6be0d502", + "port_range_max": 443, + "port_range_min": 443, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.43.253/32", + "security_group_id": "7061f7f1-455f-4298-bed3-cafc754ff452", + "tenant_id": "1b45adf388934758b56d0dfdb4bfacf3", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "data.terraform_remote_state.privnet_dns_router", + "openstack_compute_instance_v2.dm_pool_manager_proto", + "openstack_networking_secgroup_v2.dataminer_publish" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "dataminer_publish", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Access to dataminer-ghost is allowed only to dm-pool-manager", + "id": "7061f7f1-455f-4298-bed3-cafc754ff452", + "name": "dataminer_publish", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "1b45adf388934758b56d0dfdb4bfacf3", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, { "module": "module.dns_records_create", "mode": "managed", @@ -890,7 +1091,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] }, { @@ -973,7 +1175,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] }, { @@ -1056,7 +1259,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] }, { @@ -1139,7 +1343,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] }, { @@ -1222,7 +1427,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] }, { @@ -1305,7 +1511,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] }, { @@ -1388,7 +1595,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] }, { @@ -1471,7 +1679,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] }, { @@ -1554,7 +1763,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] }, { @@ -1637,7 +1847,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] }, { @@ -1720,7 +1931,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] }, { @@ -1803,7 +2015,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] }, { @@ -1872,6 +2085,7 @@ "region": "isti_area_pi_1", "scheduler_hints": [], "security_groups": [ + "dataminer_publish", "default_for_all", "traffic_from_the_main_load_balancers" ], @@ -1879,97 +2093,15 @@ "tags": [], "timeouts": null, "updated": "2024-01-17 16:13:27 +0000 UTC", - "user_data": "47d4769e61324c305c4b70ed6673de4fad84150d", + "user_data": "", "vendor_options": [], "volume": [] }, "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" - ] - }, - { - "index_key": "dm_pool_manager_proto", - "schema_version": 0, - "attributes": { - "access_ip_v4": "10.1.44.233", - "access_ip_v6": "", - "admin_pass": null, - "all_metadata": {}, - "all_tags": [], - "availability_zone": "cnr-isti-nova-a", - "availability_zone_hints": "cnr-isti-nova-a", - "block_device": [ - { - "boot_index": 0, - "delete_on_termination": false, - "destination_type": "volume", - "device_type": "", - "disk_bus": "", - "guest_format": "", - "multiattach": false, - "source_type": "image", - "uuid": "7ed6a2cd-2b07-482e-8ce4-f018dff16c89", - "volume_size": 30, - "volume_type": "" - } - ], - "config_drive": null, - "created": "2024-01-17 16:12:15 +0000 UTC", - "flavor_id": "9", - "flavor_name": "m1.large", - "floating_ip": null, - "force_delete": false, - "id": "92810756-384a-4aba-90ae-5ed7b37b59cf", - "image_id": "Attempt to boot from volume - no image supplied", - "image_name": null, - "key_pair": "Giancarlo Panichi", - "metadata": null, - "name": "dm-pool-manager-proto", - "network": [ - { - "access_network": false, - "fixed_ip_v4": "10.1.44.233", - "fixed_ip_v6": "", - "floating_ip": "", - "mac": "fa:16:3e:4b:e9:8f", - "name": "d4s-production-cloud-main", - "port": "", - "uuid": "020df98d-ae72-452a-b376-3b6dc289acac" - }, - { - "access_network": false, - "fixed_ip_v4": "192.168.1.231", - "fixed_ip_v6": "", - "floating_ip": "", - "mac": "fa:16:3e:94:a8:3d", - "name": "postgresql-srv-net", - "port": "", - "uuid": "f6450bc8-1345-4b52-8f34-2903c0cca7f8" - } - ], - "network_mode": null, - "personality": [], - "power_state": "active", - "region": "isti_area_pi_1", - "scheduler_hints": [], - "security_groups": [ - "default_for_all", - "traffic_from_the_main_load_balancers" - ], - "stop_before_destroy": false, - "tags": [], - "timeouts": null, - "updated": "2024-01-17 16:13:13 +0000 UTC", - "user_data": "47d4769e61324c305c4b70ed6673de4fad84150d", - "vendor_options": [], - "volume": [] - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", - "dependencies": [ - "data.terraform_remote_state.privnet_dns_router" + "data.terraform_remote_state.privnet_dns_router", + "openstack_networking_secgroup_v2.dataminer_publish" ] } ]