diff --git a/openstack-tf/d4s-preprod/liferay/main.tf b/openstack-tf/d4s-preprod/liferay/main.tf index 8fa46671..683012d7 100644 --- a/openstack-tf/d4s-preprod/liferay/main.tf +++ b/openstack-tf/d4s-preprod/liferay/main.tf @@ -83,5 +83,6 @@ module "liferay" { boot_vol_size = 30 } + liferay_ip_addrs = ["10.1.32.24", "10.1.32.25"] } diff --git a/openstack-tf/d4s-preprod/liferay/terraform.tfstate b/openstack-tf/d4s-preprod/liferay/terraform.tfstate index d2a88ca7..29915332 100644 --- a/openstack-tf/d4s-preprod/liferay/terraform.tfstate +++ b/openstack-tf/d4s-preprod/liferay/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.4", - "serial": 5, + "serial": 16, "lineage": "2cef4407-f7f5-0a46-74de-03956dd178ed", "outputs": {}, "resources": [ @@ -132,7 +132,7 @@ "index_key": 0, "schema_version": 0, "attributes": { - "access_ip_v4": "10.1.32.184", + "access_ip_v4": "10.1.32.24", "access_ip_v6": "", "admin_pass": null, "all_metadata": {}, @@ -155,12 +155,12 @@ } ], "config_drive": null, - "created": "2023-12-01 15:18:47 +0000 UTC", + "created": "2023-12-01 16:51:07 +0000 UTC", "flavor_id": "9", "flavor_name": "m1.large", "floating_ip": null, "force_delete": false, - "id": "c94c2c05-b75a-4af9-8e4d-a9e689db34c2", + "id": "aaf50b2a-40e2-4bbe-8e4e-39f5d83dd08f", "image_id": "Attempt to boot from volume - no image supplied", "image_name": null, "key_pair": "adellam", @@ -169,20 +169,20 @@ "network": [ { "access_network": false, - "fixed_ip_v4": "10.1.32.184", + "fixed_ip_v4": "10.1.32.24", "fixed_ip_v6": "", "floating_ip": "", - "mac": "fa:16:3e:b7:f7:42", + "mac": "fa:16:3e:93:d4:8f", "name": "d4s-pre-cloud-main", "port": "", "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" }, { "access_network": false, - "fixed_ip_v4": "192.168.3.34", + "fixed_ip_v4": "192.168.2.43", "fixed_ip_v6": "", "floating_ip": "", - "mac": "fa:16:3e:d1:6c:e0", + "mac": "fa:16:3e:32:7c:e5", "name": "postgresql-srv-net", "port": "", "uuid": "e25395f4-f1aa-4819-b5a5-36d25ee5af54" @@ -194,7 +194,7 @@ "region": "isti_area_pi_1", "scheduler_hints": [ { - "additional_properties": null, + "additional_properties": {}, "build_near_host_ip": "", "different_cell": [], "different_host": [], @@ -206,13 +206,14 @@ ], "security_groups": [ "default_for_all", + "liferay_cluster_traffic", "restricted_web_service", "traffic_from_the_main_load_balancers" ], "stop_before_destroy": false, - "tags": null, + "tags": [], "timeouts": null, - "updated": "2023-12-01 15:20:35 +0000 UTC", + "updated": "2023-12-01 16:52:40 +0000 UTC", "user_data": "47d4769e61324c305c4b70ed6673de4fad84150d", "vendor_options": [], "volume": [] @@ -220,14 +221,15 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "module.liferay.openstack_compute_servergroup_v2.liferay" + "module.liferay.openstack_compute_servergroup_v2.liferay", + "module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic" ] }, { "index_key": 1, "schema_version": 0, "attributes": { - "access_ip_v4": "10.1.34.124", + "access_ip_v4": "10.1.32.25", "access_ip_v6": "", "admin_pass": null, "all_metadata": {}, @@ -250,12 +252,12 @@ } ], "config_drive": null, - "created": "2023-12-01 15:18:48 +0000 UTC", + "created": "2023-12-01 16:51:07 +0000 UTC", "flavor_id": "9", "flavor_name": "m1.large", "floating_ip": null, "force_delete": false, - "id": "b7968935-494d-49e3-b7a9-20db4e793d0a", + "id": "0b9deb27-50ba-409f-a9a7-b3a55b5e5b29", "image_id": "Attempt to boot from volume - no image supplied", "image_name": null, "key_pair": "adellam", @@ -264,20 +266,20 @@ "network": [ { "access_network": false, - "fixed_ip_v4": "10.1.34.124", + "fixed_ip_v4": "10.1.32.25", "fixed_ip_v6": "", "floating_ip": "", - "mac": "fa:16:3e:eb:cd:cd", + "mac": "fa:16:3e:93:23:75", "name": "d4s-pre-cloud-main", "port": "", "uuid": "23fd8a99-d551-4ada-8d3a-9859542ebb8c" }, { "access_network": false, - "fixed_ip_v4": "192.168.1.205", + "fixed_ip_v4": "192.168.2.233", "fixed_ip_v6": "", "floating_ip": "", - "mac": "fa:16:3e:2e:9a:09", + "mac": "fa:16:3e:01:04:ec", "name": "postgresql-srv-net", "port": "", "uuid": "e25395f4-f1aa-4819-b5a5-36d25ee5af54" @@ -289,7 +291,7 @@ "region": "isti_area_pi_1", "scheduler_hints": [ { - "additional_properties": null, + "additional_properties": {}, "build_near_host_ip": "", "different_cell": [], "different_host": [], @@ -301,13 +303,14 @@ ], "security_groups": [ "default_for_all", + "liferay_cluster_traffic", "restricted_web_service", "traffic_from_the_main_load_balancers" ], "stop_before_destroy": false, - "tags": null, + "tags": [], "timeouts": null, - "updated": "2023-12-01 15:19:57 +0000 UTC", + "updated": "2023-12-01 16:51:47 +0000 UTC", "user_data": "47d4769e61324c305c4b70ed6673de4fad84150d", "vendor_options": [], "volume": [] @@ -315,7 +318,8 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH19", "dependencies": [ - "module.liferay.openstack_compute_servergroup_v2.liferay" + "module.liferay.openstack_compute_servergroup_v2.liferay", + "module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic" ] } ] @@ -331,7 +335,10 @@ "schema_version": 0, "attributes": { "id": "ea1d150d-3dc0-4d03-a09f-b40069d0b70c", - "members": [], + "members": [ + "aaf50b2a-40e2-4bbe-8e4e-39f5d83dd08f", + "0b9deb27-50ba-409f-a9a7-b3a55b5e5b29" + ], "name": "liferay", "policies": [ "soft-anti-affinity" @@ -348,6 +355,88 @@ "private": "bnVsbA==" } ] + }, + { + "module": "module.liferay", + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "traffic_between_liferay_nodes", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "description": "Traffic between liferay nodes", + "direction": "ingress", + "ethertype": "IPv4", + "id": "c06d140b-d14b-4c31-bf55-3115225ac7bd", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.24/32", + "security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic" + ] + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "description": "Traffic between liferay nodes", + "direction": "ingress", + "ethertype": "IPv4", + "id": "1367e3f1-f815-43df-aee9-fd219cb257d9", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "tcp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.25/32", + "security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic" + ] + } + ] + }, + { + "module": "module.liferay", + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "liferay_cluster_traffic", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Traffic between the Liferay cluster nodes", + "id": "67747d93-a58e-41e2-9486-31ef27d389c4", + "name": "liferay_cluster_traffic", + "region": "isti_area_pi_1", + "tags": [], + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] } ], "check_results": null diff --git a/openstack-tf/modules/liferay/liferay-variables.tf b/openstack-tf/modules/liferay/liferay-variables.tf index 2d559a74..10dcd685 100644 --- a/openstack-tf/modules/liferay/liferay-variables.tf +++ b/openstack-tf/modules/liferay/liferay-variables.tf @@ -8,3 +8,8 @@ variable "liferay_data" { boot_vol_size = 30 } } + +variable "liferay_ip_addrs" { + type = list(string) + default = [] +} diff --git a/openstack-tf/modules/liferay/liferay.tf b/openstack-tf/modules/liferay/liferay.tf index f501e8f3..ad8606ab 100644 --- a/openstack-tf/modules/liferay/liferay.tf +++ b/openstack-tf/modules/liferay/liferay.tf @@ -1,5 +1,25 @@ # # Liferay nodes +# +# +# Security group +# +resource "openstack_networking_secgroup_v2" "liferay_cluster_traffic" { + name = "liferay_cluster_traffic" + delete_default_rules = "true" + description = "Traffic between the Liferay cluster nodes" +} + +resource "openstack_networking_secgroup_rule_v2" "traffic_between_liferay_nodes" { + count = var.liferay_data.vm_count + security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id + description = "Traffic between liferay nodes" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + remote_ip_prefix = join("/", [element(var.liferay_ip_addrs.*, count.index), "32"]) +} + # # Server group # @@ -15,7 +35,7 @@ resource "openstack_compute_instance_v2" "liferay" { availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu flavor_name = var.liferay_data.vm_flavor key_pair = module.ssh_settings.ssh_key_name - security_groups = [var.default_security_group_name, "traffic_from_the_main_load_balancers", "restricted_web_service"] + security_groups = [var.default_security_group_name, openstack_networking_secgroup_v2.liferay_cluster_traffic.name, "traffic_from_the_main_load_balancers", "restricted_web_service"] scheduler_hints { group = openstack_compute_servergroup_v2.liferay.id } @@ -30,6 +50,7 @@ resource "openstack_compute_instance_v2" "liferay" { network { name = var.main_private_network.name + fixed_ip_v4 = var.liferay_ip_addrs.*[count.index] } network { name = var.shared_postgresql_server_data.network_name