Permit UDP and IGMP traffic between the liferay nodes

2024-02-20 12:45:24 +01:00 · 2024-02-20 12:45:24 +01:00 · d66efc4b8f
parent 64f78b2ca5
commit d66efc4b8f
2 changed files with 174 additions and 9 deletions
--- a/openstack-tf/d4s-preprod/liferay/terraform.tfstate
+++ b/openstack-tf/d4s-preprod/liferay/terraform.tfstate
@ -1,7 +1,7 @@
 {
  "version": 4,
  "terraform_version": "1.6.6",
-  "serial": 19,
+  "serial": 31,
  "lineage": "2cef4407-f7f5-0a46-74de-03956dd178ed",
  "outputs": {},
  "resources": [
@ -132,6 +132,7 @@
                "main_subnet_network_id": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04",
                "mtu_size": 8942,
                "networks_list": {
+                  "cassandra": "cassandra-net",
                  "orientdb": "orientdb-net",
                  "orientdb_se": "orientdb-se-net",
                  "shared_postgresql": "postgresql-srv-net",
@ -146,6 +147,7 @@
                  "isti_net": "146.48.80.0/21",
                  "s2i2s_net": "146.48.28.0/22"
                },
+                "nfs_share_no_ingress_secgroup_id": "ddb16502-7217-4677-a8a7-ca0cbf9a779a",
                "octavia_information": {
                  "main_lb_description": "Main L4 load balancer for the D4Science PRE production",
                  "main_lb_hostname": "main-lb",
@ -168,7 +170,7 @@
                "prometheus_server_data": {
                  "flavor": "m1.medium",
                  "name": "prometheus",
-                  "public_grafana_server_cidr": "146.48.122.132/32",
+                  "public_grafana_server_cidr": "146.48.28.103/32",
                  "vol_data_device": "/dev/vdb",
                  "vol_data_name": "prometheus-data",
                  "vol_data_size": "100"
@ -195,6 +197,7 @@
                  "limited_HTTPS_access": "restricted_web_service",
                  "limited_SSH_access": "Limited SSH access",
                  "mongo": "mongo",
+                  "nfs_share_no_ingress": "nfs_share_no_ingress",
                  "orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic",
                  "postgreSQL": "PostgreSQL service",
                  "public_HTTPS": "Public HTTPS"
@ -226,6 +229,8 @@
                  "s2i2s_vpn_2_cidr": "146.48.28.11/32",
                  "shell_d4s_cidr": "146.48.122.95/32"
                },
+                "storage_nfs_network_id": "5f4023cc-4016-404c-94e5-86220095fbaf",
+                "storage_nfs_subnet_id": "6ff0f9e8-0e74-4cc3-a268-7ed4af435696",
                "ubuntu1804_data_file": "../../openstack_vm_data_scripts/ubuntu1804.sh",
                "ubuntu2204_data_file": "../../openstack_vm_data_scripts/ubuntu2204.sh",
                "ubuntu_1804": {
@ -326,6 +331,7 @@
                    "map",
                    "string"
                  ],
+                  "nfs_share_no_ingress_secgroup_id": "string",
                  "octavia_information": [
                    "map",
                    "string"
@ -370,6 +376,8 @@
                    "map",
                    "string"
                  ],
+                  "storage_nfs_network_id": "string",
+                  "storage_nfs_subnet_id": "string",
                  "ubuntu1804_data_file": "string",
                  "ubuntu2204_data_file": "string",
                  "ubuntu_1804": [
@ -517,6 +525,7 @@
                "main_subnet_network_id": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04",
                "mtu_size": 8942,
                "networks_list": {
+                  "cassandra": "cassandra-net",
                  "orientdb": "orientdb-net",
                  "orientdb_se": "orientdb-se-net",
                  "shared_postgresql": "postgresql-srv-net",
@ -531,6 +540,7 @@
                  "isti_net": "146.48.80.0/21",
                  "s2i2s_net": "146.48.28.0/22"
                },
+                "nfs_share_no_ingress_secgroup_id": "ddb16502-7217-4677-a8a7-ca0cbf9a779a",
                "octavia_information": {
                  "main_lb_description": "Main L4 load balancer for the D4Science PRE production",
                  "main_lb_hostname": "main-lb",
@ -553,7 +563,7 @@
                "prometheus_server_data": {
                  "flavor": "m1.medium",
                  "name": "prometheus",
-                  "public_grafana_server_cidr": "146.48.122.132/32",
+                  "public_grafana_server_cidr": "146.48.28.103/32",
                  "vol_data_device": "/dev/vdb",
                  "vol_data_name": "prometheus-data",
                  "vol_data_size": "100"
@ -580,6 +590,7 @@
                  "limited_HTTPS_access": "restricted_web_service",
                  "limited_SSH_access": "Limited SSH access",
                  "mongo": "mongo",
+                  "nfs_share_no_ingress": "nfs_share_no_ingress",
                  "orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic",
                  "postgreSQL": "PostgreSQL service",
                  "public_HTTPS": "Public HTTPS"
@ -611,6 +622,8 @@
                  "s2i2s_vpn_2_cidr": "146.48.28.11/32",
                  "shell_d4s_cidr": "146.48.122.95/32"
                },
+                "storage_nfs_network_id": "5f4023cc-4016-404c-94e5-86220095fbaf",
+                "storage_nfs_subnet_id": "6ff0f9e8-0e74-4cc3-a268-7ed4af435696",
                "ubuntu1804_data_file": "../../openstack_vm_data_scripts/ubuntu1804.sh",
                "ubuntu2204_data_file": "../../openstack_vm_data_scripts/ubuntu2204.sh",
                "ubuntu_1804": {
@ -711,6 +724,7 @@
                    "map",
                    "string"
                  ],
+                  "nfs_share_no_ingress_secgroup_id": "string",
                  "octavia_information": [
                    "map",
                    "string"
@ -755,6 +769,8 @@
                    "map",
                    "string"
                  ],
+                  "storage_nfs_network_id": "string",
+                  "storage_nfs_subnet_id": "string",
                  "ubuntu1804_data_file": "string",
                  "ubuntu2204_data_file": "string",
                  "ubuntu_1804": [
@ -1046,6 +1062,70 @@
        }
      ]
    },
+    {
+      "module": "module.liferay",
+      "mode": "managed",
+      "type": "openstack_networking_secgroup_rule_v2",
+      "name": "igmp_egress_between_liferay_nodes",
+      "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "description": "Egress IGMP traffic between liferay nodes",
+            "direction": "egress",
+            "ethertype": "IPv4",
+            "id": "8320f5b1-d473-4c4a-9708-bc3fb23e93c5",
+            "port_range_max": 0,
+            "port_range_min": 0,
+            "protocol": "igmp",
+            "region": "isti_area_pi_1",
+            "remote_group_id": "",
+            "remote_ip_prefix": "0.0.0.0/0",
+            "security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4",
+            "tenant_id": "6fdc02e2827b405dad99f34698659742",
+            "timeouts": null
+          },
+          "sensitive_attributes": [],
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
+          "dependencies": [
+            "module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.liferay",
+      "mode": "managed",
+      "type": "openstack_networking_secgroup_rule_v2",
+      "name": "igmp_ingress_between_liferay_nodes",
+      "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "description": "Ingress IGMP traffic between liferay nodes",
+            "direction": "ingress",
+            "ethertype": "IPv4",
+            "id": "113fdbae-a951-4444-981c-5a625be4eb3e",
+            "port_range_max": 0,
+            "port_range_min": 0,
+            "protocol": "igmp",
+            "region": "isti_area_pi_1",
+            "remote_group_id": "",
+            "remote_ip_prefix": "0.0.0.0/0",
+            "security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4",
+            "tenant_id": "6fdc02e2827b405dad99f34698659742",
+            "timeouts": null
+          },
+          "sensitive_attributes": [],
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
+          "dependencies": [
+            "module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic"
+          ]
+        }
+      ]
+    },
    {
      "module": "module.liferay",
      "mode": "managed",
@ -1057,10 +1137,10 @@
          "index_key": 0,
          "schema_version": 0,
          "attributes": {
-            "description": "Traffic between liferay nodes",
+            "description": "TCP traffic between liferay nodes",
            "direction": "ingress",
            "ethertype": "IPv4",
-            "id": "c06d140b-d14b-4c31-bf55-3115225ac7bd",
+            "id": "f653c40a-e6a3-4c2f-91c0-d2c2899797a0",
            "port_range_max": 0,
            "port_range_min": 0,
            "protocol": "tcp",
@ -1081,10 +1161,10 @@
          "index_key": 1,
          "schema_version": 0,
          "attributes": {
-            "description": "Traffic between liferay nodes",
+            "description": "TCP traffic between liferay nodes",
            "direction": "ingress",
            "ethertype": "IPv4",
-            "id": "1367e3f1-f815-43df-aee9-fd219cb257d9",
+            "id": "d98bd2ca-5afb-41e9-ac7e-2bfd96ba06c9",
            "port_range_max": 0,
            "port_range_min": 0,
            "protocol": "tcp",
@ -1103,6 +1183,63 @@
        }
      ]
    },
+    {
+      "module": "module.liferay",
+      "mode": "managed",
+      "type": "openstack_networking_secgroup_rule_v2",
+      "name": "udp_traffic_between_liferay_nodes",
+      "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
+      "instances": [
+        {
+          "index_key": 0,
+          "schema_version": 0,
+          "attributes": {
+            "description": "UDP traffic between liferay nodes",
+            "direction": "ingress",
+            "ethertype": "IPv4",
+            "id": "44f19ebd-dca2-4dd9-aa27-22bc6214b482",
+            "port_range_max": 0,
+            "port_range_min": 0,
+            "protocol": "udp",
+            "region": "isti_area_pi_1",
+            "remote_group_id": "",
+            "remote_ip_prefix": "10.1.32.24/32",
+            "security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4",
+            "tenant_id": "6fdc02e2827b405dad99f34698659742",
+            "timeouts": null
+          },
+          "sensitive_attributes": [],
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
+          "dependencies": [
+            "module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic"
+          ]
+        },
+        {
+          "index_key": 1,
+          "schema_version": 0,
+          "attributes": {
+            "description": "UDP traffic between liferay nodes",
+            "direction": "ingress",
+            "ethertype": "IPv4",
+            "id": "d3af9940-7b79-4d02-a30d-9ff68c2a3a4f",
+            "port_range_max": 0,
+            "port_range_min": 0,
+            "protocol": "udp",
+            "region": "isti_area_pi_1",
+            "remote_group_id": "",
+            "remote_ip_prefix": "10.1.32.25/32",
+            "security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4",
+            "tenant_id": "6fdc02e2827b405dad99f34698659742",
+            "timeouts": null
+          },
+          "sensitive_attributes": [],
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
+          "dependencies": [
+            "module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic"
+          ]
+        }
+      ]
+    },
    {
      "module": "module.liferay",
      "mode": "managed",
--- a/openstack-tf/modules/liferay/liferay.tf
+++ b/openstack-tf/modules/liferay/liferay.tf
@ -13,13 +13,41 @@ resource "openstack_networking_secgroup_v2" "liferay_cluster_traffic" {
 resource "openstack_networking_secgroup_rule_v2" "traffic_between_liferay_nodes" {
  count             = var.liferay_data.vm_count
  security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id
-  description       = "Traffic between liferay nodes"
+  description       = "TCP traffic between liferay nodes"
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  remote_ip_prefix  = join("/", [element(var.liferay_ip_addrs.*, count.index), "32"])
 }

+resource "openstack_networking_secgroup_rule_v2" "udp_traffic_between_liferay_nodes" {
+  count             = var.liferay_data.vm_count
+  security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id
+  description       = "UDP traffic between liferay nodes"
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "udp"
+  remote_ip_prefix  = join("/", [element(var.liferay_ip_addrs.*, count.index), "32"])
+}
+
+resource "openstack_networking_secgroup_rule_v2" "igmp_ingress_between_liferay_nodes" {
+  security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id
+  description       = "Ingress IGMP traffic between liferay nodes"
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "igmp"
+  remote_ip_prefix  = "0.0.0.0/0"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "igmp_egress_between_liferay_nodes" {
+  security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id
+  description       = "Egress IGMP traffic between liferay nodes"
+  direction         = "egress"
+  ethertype         = "IPv4"
+  protocol          = "igmp"
+  remote_ip_prefix  = "0.0.0.0/0"
+}
+
 #
 # Object storage container
 #
@ -86,4 +114,4 @@ resource "openstack_dns_recordset_v2" "cdn_dns_recordset" {

 locals {
  cname_target     = "main-lb.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name}"
-}
+}