From d66efc4b8f8b53fc4037e92163c425b272d812e3 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 20 Feb 2024 12:45:24 +0100 Subject: [PATCH] Permit UDP and IGMP traffic between the liferay nodes --- .../d4s-preprod/liferay/terraform.tfstate | 151 +++++++++++++++++- openstack-tf/modules/liferay/liferay.tf | 32 +++- 2 files changed, 174 insertions(+), 9 deletions(-) diff --git a/openstack-tf/d4s-preprod/liferay/terraform.tfstate b/openstack-tf/d4s-preprod/liferay/terraform.tfstate index c375217..ddd1216 100644 --- a/openstack-tf/d4s-preprod/liferay/terraform.tfstate +++ b/openstack-tf/d4s-preprod/liferay/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 19, + "serial": 31, "lineage": "2cef4407-f7f5-0a46-74de-03956dd178ed", "outputs": {}, "resources": [ @@ -132,6 +132,7 @@ "main_subnet_network_id": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04", "mtu_size": 8942, "networks_list": { + "cassandra": "cassandra-net", "orientdb": "orientdb-net", "orientdb_se": "orientdb-se-net", "shared_postgresql": "postgresql-srv-net", @@ -146,6 +147,7 @@ "isti_net": "146.48.80.0/21", "s2i2s_net": "146.48.28.0/22" }, + "nfs_share_no_ingress_secgroup_id": "ddb16502-7217-4677-a8a7-ca0cbf9a779a", "octavia_information": { "main_lb_description": "Main L4 load balancer for the D4Science PRE production", "main_lb_hostname": "main-lb", @@ -168,7 +170,7 @@ "prometheus_server_data": { "flavor": "m1.medium", "name": "prometheus", - "public_grafana_server_cidr": "146.48.122.132/32", + "public_grafana_server_cidr": "146.48.28.103/32", "vol_data_device": "/dev/vdb", "vol_data_name": "prometheus-data", "vol_data_size": "100" @@ -195,6 +197,7 @@ "limited_HTTPS_access": "restricted_web_service", "limited_SSH_access": "Limited SSH access", "mongo": "mongo", + "nfs_share_no_ingress": "nfs_share_no_ingress", "orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic", "postgreSQL": "PostgreSQL service", "public_HTTPS": "Public HTTPS" @@ -226,6 +229,8 @@ "s2i2s_vpn_2_cidr": "146.48.28.11/32", "shell_d4s_cidr": "146.48.122.95/32" }, + "storage_nfs_network_id": "5f4023cc-4016-404c-94e5-86220095fbaf", + "storage_nfs_subnet_id": "6ff0f9e8-0e74-4cc3-a268-7ed4af435696", "ubuntu1804_data_file": "../../openstack_vm_data_scripts/ubuntu1804.sh", "ubuntu2204_data_file": "../../openstack_vm_data_scripts/ubuntu2204.sh", "ubuntu_1804": { @@ -326,6 +331,7 @@ "map", "string" ], + "nfs_share_no_ingress_secgroup_id": "string", "octavia_information": [ "map", "string" @@ -370,6 +376,8 @@ "map", "string" ], + "storage_nfs_network_id": "string", + "storage_nfs_subnet_id": "string", "ubuntu1804_data_file": "string", "ubuntu2204_data_file": "string", "ubuntu_1804": [ @@ -517,6 +525,7 @@ "main_subnet_network_id": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04", "mtu_size": 8942, "networks_list": { + "cassandra": "cassandra-net", "orientdb": "orientdb-net", "orientdb_se": "orientdb-se-net", "shared_postgresql": "postgresql-srv-net", @@ -531,6 +540,7 @@ "isti_net": "146.48.80.0/21", "s2i2s_net": "146.48.28.0/22" }, + "nfs_share_no_ingress_secgroup_id": "ddb16502-7217-4677-a8a7-ca0cbf9a779a", "octavia_information": { "main_lb_description": "Main L4 load balancer for the D4Science PRE production", "main_lb_hostname": "main-lb", @@ -553,7 +563,7 @@ "prometheus_server_data": { "flavor": "m1.medium", "name": "prometheus", - "public_grafana_server_cidr": "146.48.122.132/32", + "public_grafana_server_cidr": "146.48.28.103/32", "vol_data_device": "/dev/vdb", "vol_data_name": "prometheus-data", "vol_data_size": "100" @@ -580,6 +590,7 @@ "limited_HTTPS_access": "restricted_web_service", "limited_SSH_access": "Limited SSH access", "mongo": "mongo", + "nfs_share_no_ingress": "nfs_share_no_ingress", "orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic", "postgreSQL": "PostgreSQL service", "public_HTTPS": "Public HTTPS" @@ -611,6 +622,8 @@ "s2i2s_vpn_2_cidr": "146.48.28.11/32", "shell_d4s_cidr": "146.48.122.95/32" }, + "storage_nfs_network_id": "5f4023cc-4016-404c-94e5-86220095fbaf", + "storage_nfs_subnet_id": "6ff0f9e8-0e74-4cc3-a268-7ed4af435696", "ubuntu1804_data_file": "../../openstack_vm_data_scripts/ubuntu1804.sh", "ubuntu2204_data_file": "../../openstack_vm_data_scripts/ubuntu2204.sh", "ubuntu_1804": { @@ -711,6 +724,7 @@ "map", "string" ], + "nfs_share_no_ingress_secgroup_id": "string", "octavia_information": [ "map", "string" @@ -755,6 +769,8 @@ "map", "string" ], + "storage_nfs_network_id": "string", + "storage_nfs_subnet_id": "string", "ubuntu1804_data_file": "string", "ubuntu2204_data_file": "string", "ubuntu_1804": [ @@ -1046,6 +1062,70 @@ } ] }, + { + "module": "module.liferay", + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "igmp_egress_between_liferay_nodes", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Egress IGMP traffic between liferay nodes", + "direction": "egress", + "ethertype": "IPv4", + "id": "8320f5b1-d473-4c4a-9708-bc3fb23e93c5", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "igmp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic" + ] + } + ] + }, + { + "module": "module.liferay", + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "igmp_ingress_between_liferay_nodes", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Ingress IGMP traffic between liferay nodes", + "direction": "ingress", + "ethertype": "IPv4", + "id": "113fdbae-a951-4444-981c-5a625be4eb3e", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "igmp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic" + ] + } + ] + }, { "module": "module.liferay", "mode": "managed", @@ -1057,10 +1137,10 @@ "index_key": 0, "schema_version": 0, "attributes": { - "description": "Traffic between liferay nodes", + "description": "TCP traffic between liferay nodes", "direction": "ingress", "ethertype": "IPv4", - "id": "c06d140b-d14b-4c31-bf55-3115225ac7bd", + "id": "f653c40a-e6a3-4c2f-91c0-d2c2899797a0", "port_range_max": 0, "port_range_min": 0, "protocol": "tcp", @@ -1081,10 +1161,10 @@ "index_key": 1, "schema_version": 0, "attributes": { - "description": "Traffic between liferay nodes", + "description": "TCP traffic between liferay nodes", "direction": "ingress", "ethertype": "IPv4", - "id": "1367e3f1-f815-43df-aee9-fd219cb257d9", + "id": "d98bd2ca-5afb-41e9-ac7e-2bfd96ba06c9", "port_range_max": 0, "port_range_min": 0, "protocol": "tcp", @@ -1103,6 +1183,63 @@ } ] }, + { + "module": "module.liferay", + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "udp_traffic_between_liferay_nodes", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "description": "UDP traffic between liferay nodes", + "direction": "ingress", + "ethertype": "IPv4", + "id": "44f19ebd-dca2-4dd9-aa27-22bc6214b482", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "udp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.24/32", + "security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic" + ] + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "description": "UDP traffic between liferay nodes", + "direction": "ingress", + "ethertype": "IPv4", + "id": "d3af9940-7b79-4d02-a30d-9ff68c2a3a4f", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "udp", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "10.1.32.25/32", + "security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic" + ] + } + ] + }, { "module": "module.liferay", "mode": "managed", diff --git a/openstack-tf/modules/liferay/liferay.tf b/openstack-tf/modules/liferay/liferay.tf index b508a5a..8f8156c 100644 --- a/openstack-tf/modules/liferay/liferay.tf +++ b/openstack-tf/modules/liferay/liferay.tf @@ -13,13 +13,41 @@ resource "openstack_networking_secgroup_v2" "liferay_cluster_traffic" { resource "openstack_networking_secgroup_rule_v2" "traffic_between_liferay_nodes" { count = var.liferay_data.vm_count security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id - description = "Traffic between liferay nodes" + description = "TCP traffic between liferay nodes" direction = "ingress" ethertype = "IPv4" protocol = "tcp" remote_ip_prefix = join("/", [element(var.liferay_ip_addrs.*, count.index), "32"]) } +resource "openstack_networking_secgroup_rule_v2" "udp_traffic_between_liferay_nodes" { + count = var.liferay_data.vm_count + security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id + description = "UDP traffic between liferay nodes" + direction = "ingress" + ethertype = "IPv4" + protocol = "udp" + remote_ip_prefix = join("/", [element(var.liferay_ip_addrs.*, count.index), "32"]) +} + +resource "openstack_networking_secgroup_rule_v2" "igmp_ingress_between_liferay_nodes" { + security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id + description = "Ingress IGMP traffic between liferay nodes" + direction = "ingress" + ethertype = "IPv4" + protocol = "igmp" + remote_ip_prefix = "0.0.0.0/0" +} + +resource "openstack_networking_secgroup_rule_v2" "igmp_egress_between_liferay_nodes" { + security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id + description = "Egress IGMP traffic between liferay nodes" + direction = "egress" + ethertype = "IPv4" + protocol = "igmp" + remote_ip_prefix = "0.0.0.0/0" +} + # # Object storage container # @@ -86,4 +114,4 @@ resource "openstack_dns_recordset_v2" "cdn_dns_recordset" { locals { cname_target = "main-lb.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name}" -} \ No newline at end of file +}