Permit UDP and IGMP traffic between the liferay nodes
This commit is contained in:
parent
64f78b2ca5
commit
d66efc4b8f
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"version": 4,
|
||||
"terraform_version": "1.6.6",
|
||||
"serial": 19,
|
||||
"serial": 31,
|
||||
"lineage": "2cef4407-f7f5-0a46-74de-03956dd178ed",
|
||||
"outputs": {},
|
||||
"resources": [
|
||||
|
@ -132,6 +132,7 @@
|
|||
"main_subnet_network_id": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04",
|
||||
"mtu_size": 8942,
|
||||
"networks_list": {
|
||||
"cassandra": "cassandra-net",
|
||||
"orientdb": "orientdb-net",
|
||||
"orientdb_se": "orientdb-se-net",
|
||||
"shared_postgresql": "postgresql-srv-net",
|
||||
|
@ -146,6 +147,7 @@
|
|||
"isti_net": "146.48.80.0/21",
|
||||
"s2i2s_net": "146.48.28.0/22"
|
||||
},
|
||||
"nfs_share_no_ingress_secgroup_id": "ddb16502-7217-4677-a8a7-ca0cbf9a779a",
|
||||
"octavia_information": {
|
||||
"main_lb_description": "Main L4 load balancer for the D4Science PRE production",
|
||||
"main_lb_hostname": "main-lb",
|
||||
|
@ -168,7 +170,7 @@
|
|||
"prometheus_server_data": {
|
||||
"flavor": "m1.medium",
|
||||
"name": "prometheus",
|
||||
"public_grafana_server_cidr": "146.48.122.132/32",
|
||||
"public_grafana_server_cidr": "146.48.28.103/32",
|
||||
"vol_data_device": "/dev/vdb",
|
||||
"vol_data_name": "prometheus-data",
|
||||
"vol_data_size": "100"
|
||||
|
@ -195,6 +197,7 @@
|
|||
"limited_HTTPS_access": "restricted_web_service",
|
||||
"limited_SSH_access": "Limited SSH access",
|
||||
"mongo": "mongo",
|
||||
"nfs_share_no_ingress": "nfs_share_no_ingress",
|
||||
"orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic",
|
||||
"postgreSQL": "PostgreSQL service",
|
||||
"public_HTTPS": "Public HTTPS"
|
||||
|
@ -226,6 +229,8 @@
|
|||
"s2i2s_vpn_2_cidr": "146.48.28.11/32",
|
||||
"shell_d4s_cidr": "146.48.122.95/32"
|
||||
},
|
||||
"storage_nfs_network_id": "5f4023cc-4016-404c-94e5-86220095fbaf",
|
||||
"storage_nfs_subnet_id": "6ff0f9e8-0e74-4cc3-a268-7ed4af435696",
|
||||
"ubuntu1804_data_file": "../../openstack_vm_data_scripts/ubuntu1804.sh",
|
||||
"ubuntu2204_data_file": "../../openstack_vm_data_scripts/ubuntu2204.sh",
|
||||
"ubuntu_1804": {
|
||||
|
@ -326,6 +331,7 @@
|
|||
"map",
|
||||
"string"
|
||||
],
|
||||
"nfs_share_no_ingress_secgroup_id": "string",
|
||||
"octavia_information": [
|
||||
"map",
|
||||
"string"
|
||||
|
@ -370,6 +376,8 @@
|
|||
"map",
|
||||
"string"
|
||||
],
|
||||
"storage_nfs_network_id": "string",
|
||||
"storage_nfs_subnet_id": "string",
|
||||
"ubuntu1804_data_file": "string",
|
||||
"ubuntu2204_data_file": "string",
|
||||
"ubuntu_1804": [
|
||||
|
@ -517,6 +525,7 @@
|
|||
"main_subnet_network_id": "cd77a2fd-4a36-4254-b1d0-70b3874c6d04",
|
||||
"mtu_size": 8942,
|
||||
"networks_list": {
|
||||
"cassandra": "cassandra-net",
|
||||
"orientdb": "orientdb-net",
|
||||
"orientdb_se": "orientdb-se-net",
|
||||
"shared_postgresql": "postgresql-srv-net",
|
||||
|
@ -531,6 +540,7 @@
|
|||
"isti_net": "146.48.80.0/21",
|
||||
"s2i2s_net": "146.48.28.0/22"
|
||||
},
|
||||
"nfs_share_no_ingress_secgroup_id": "ddb16502-7217-4677-a8a7-ca0cbf9a779a",
|
||||
"octavia_information": {
|
||||
"main_lb_description": "Main L4 load balancer for the D4Science PRE production",
|
||||
"main_lb_hostname": "main-lb",
|
||||
|
@ -553,7 +563,7 @@
|
|||
"prometheus_server_data": {
|
||||
"flavor": "m1.medium",
|
||||
"name": "prometheus",
|
||||
"public_grafana_server_cidr": "146.48.122.132/32",
|
||||
"public_grafana_server_cidr": "146.48.28.103/32",
|
||||
"vol_data_device": "/dev/vdb",
|
||||
"vol_data_name": "prometheus-data",
|
||||
"vol_data_size": "100"
|
||||
|
@ -580,6 +590,7 @@
|
|||
"limited_HTTPS_access": "restricted_web_service",
|
||||
"limited_SSH_access": "Limited SSH access",
|
||||
"mongo": "mongo",
|
||||
"nfs_share_no_ingress": "nfs_share_no_ingress",
|
||||
"orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic",
|
||||
"postgreSQL": "PostgreSQL service",
|
||||
"public_HTTPS": "Public HTTPS"
|
||||
|
@ -611,6 +622,8 @@
|
|||
"s2i2s_vpn_2_cidr": "146.48.28.11/32",
|
||||
"shell_d4s_cidr": "146.48.122.95/32"
|
||||
},
|
||||
"storage_nfs_network_id": "5f4023cc-4016-404c-94e5-86220095fbaf",
|
||||
"storage_nfs_subnet_id": "6ff0f9e8-0e74-4cc3-a268-7ed4af435696",
|
||||
"ubuntu1804_data_file": "../../openstack_vm_data_scripts/ubuntu1804.sh",
|
||||
"ubuntu2204_data_file": "../../openstack_vm_data_scripts/ubuntu2204.sh",
|
||||
"ubuntu_1804": {
|
||||
|
@ -711,6 +724,7 @@
|
|||
"map",
|
||||
"string"
|
||||
],
|
||||
"nfs_share_no_ingress_secgroup_id": "string",
|
||||
"octavia_information": [
|
||||
"map",
|
||||
"string"
|
||||
|
@ -755,6 +769,8 @@
|
|||
"map",
|
||||
"string"
|
||||
],
|
||||
"storage_nfs_network_id": "string",
|
||||
"storage_nfs_subnet_id": "string",
|
||||
"ubuntu1804_data_file": "string",
|
||||
"ubuntu2204_data_file": "string",
|
||||
"ubuntu_1804": [
|
||||
|
@ -1046,6 +1062,70 @@
|
|||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"module": "module.liferay",
|
||||
"mode": "managed",
|
||||
"type": "openstack_networking_secgroup_rule_v2",
|
||||
"name": "igmp_egress_between_liferay_nodes",
|
||||
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
|
||||
"instances": [
|
||||
{
|
||||
"schema_version": 0,
|
||||
"attributes": {
|
||||
"description": "Egress IGMP traffic between liferay nodes",
|
||||
"direction": "egress",
|
||||
"ethertype": "IPv4",
|
||||
"id": "8320f5b1-d473-4c4a-9708-bc3fb23e93c5",
|
||||
"port_range_max": 0,
|
||||
"port_range_min": 0,
|
||||
"protocol": "igmp",
|
||||
"region": "isti_area_pi_1",
|
||||
"remote_group_id": "",
|
||||
"remote_ip_prefix": "0.0.0.0/0",
|
||||
"security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4",
|
||||
"tenant_id": "6fdc02e2827b405dad99f34698659742",
|
||||
"timeouts": null
|
||||
},
|
||||
"sensitive_attributes": [],
|
||||
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
|
||||
"dependencies": [
|
||||
"module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"module": "module.liferay",
|
||||
"mode": "managed",
|
||||
"type": "openstack_networking_secgroup_rule_v2",
|
||||
"name": "igmp_ingress_between_liferay_nodes",
|
||||
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
|
||||
"instances": [
|
||||
{
|
||||
"schema_version": 0,
|
||||
"attributes": {
|
||||
"description": "Ingress IGMP traffic between liferay nodes",
|
||||
"direction": "ingress",
|
||||
"ethertype": "IPv4",
|
||||
"id": "113fdbae-a951-4444-981c-5a625be4eb3e",
|
||||
"port_range_max": 0,
|
||||
"port_range_min": 0,
|
||||
"protocol": "igmp",
|
||||
"region": "isti_area_pi_1",
|
||||
"remote_group_id": "",
|
||||
"remote_ip_prefix": "0.0.0.0/0",
|
||||
"security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4",
|
||||
"tenant_id": "6fdc02e2827b405dad99f34698659742",
|
||||
"timeouts": null
|
||||
},
|
||||
"sensitive_attributes": [],
|
||||
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
|
||||
"dependencies": [
|
||||
"module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"module": "module.liferay",
|
||||
"mode": "managed",
|
||||
|
@ -1057,10 +1137,10 @@
|
|||
"index_key": 0,
|
||||
"schema_version": 0,
|
||||
"attributes": {
|
||||
"description": "Traffic between liferay nodes",
|
||||
"description": "TCP traffic between liferay nodes",
|
||||
"direction": "ingress",
|
||||
"ethertype": "IPv4",
|
||||
"id": "c06d140b-d14b-4c31-bf55-3115225ac7bd",
|
||||
"id": "f653c40a-e6a3-4c2f-91c0-d2c2899797a0",
|
||||
"port_range_max": 0,
|
||||
"port_range_min": 0,
|
||||
"protocol": "tcp",
|
||||
|
@ -1081,10 +1161,10 @@
|
|||
"index_key": 1,
|
||||
"schema_version": 0,
|
||||
"attributes": {
|
||||
"description": "Traffic between liferay nodes",
|
||||
"description": "TCP traffic between liferay nodes",
|
||||
"direction": "ingress",
|
||||
"ethertype": "IPv4",
|
||||
"id": "1367e3f1-f815-43df-aee9-fd219cb257d9",
|
||||
"id": "d98bd2ca-5afb-41e9-ac7e-2bfd96ba06c9",
|
||||
"port_range_max": 0,
|
||||
"port_range_min": 0,
|
||||
"protocol": "tcp",
|
||||
|
@ -1103,6 +1183,63 @@
|
|||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"module": "module.liferay",
|
||||
"mode": "managed",
|
||||
"type": "openstack_networking_secgroup_rule_v2",
|
||||
"name": "udp_traffic_between_liferay_nodes",
|
||||
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
|
||||
"instances": [
|
||||
{
|
||||
"index_key": 0,
|
||||
"schema_version": 0,
|
||||
"attributes": {
|
||||
"description": "UDP traffic between liferay nodes",
|
||||
"direction": "ingress",
|
||||
"ethertype": "IPv4",
|
||||
"id": "44f19ebd-dca2-4dd9-aa27-22bc6214b482",
|
||||
"port_range_max": 0,
|
||||
"port_range_min": 0,
|
||||
"protocol": "udp",
|
||||
"region": "isti_area_pi_1",
|
||||
"remote_group_id": "",
|
||||
"remote_ip_prefix": "10.1.32.24/32",
|
||||
"security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4",
|
||||
"tenant_id": "6fdc02e2827b405dad99f34698659742",
|
||||
"timeouts": null
|
||||
},
|
||||
"sensitive_attributes": [],
|
||||
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
|
||||
"dependencies": [
|
||||
"module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic"
|
||||
]
|
||||
},
|
||||
{
|
||||
"index_key": 1,
|
||||
"schema_version": 0,
|
||||
"attributes": {
|
||||
"description": "UDP traffic between liferay nodes",
|
||||
"direction": "ingress",
|
||||
"ethertype": "IPv4",
|
||||
"id": "d3af9940-7b79-4d02-a30d-9ff68c2a3a4f",
|
||||
"port_range_max": 0,
|
||||
"port_range_min": 0,
|
||||
"protocol": "udp",
|
||||
"region": "isti_area_pi_1",
|
||||
"remote_group_id": "",
|
||||
"remote_ip_prefix": "10.1.32.25/32",
|
||||
"security_group_id": "67747d93-a58e-41e2-9486-31ef27d389c4",
|
||||
"tenant_id": "6fdc02e2827b405dad99f34698659742",
|
||||
"timeouts": null
|
||||
},
|
||||
"sensitive_attributes": [],
|
||||
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
|
||||
"dependencies": [
|
||||
"module.liferay.openstack_networking_secgroup_v2.liferay_cluster_traffic"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"module": "module.liferay",
|
||||
"mode": "managed",
|
||||
|
|
|
@ -13,13 +13,41 @@ resource "openstack_networking_secgroup_v2" "liferay_cluster_traffic" {
|
|||
resource "openstack_networking_secgroup_rule_v2" "traffic_between_liferay_nodes" {
|
||||
count = var.liferay_data.vm_count
|
||||
security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id
|
||||
description = "Traffic between liferay nodes"
|
||||
description = "TCP traffic between liferay nodes"
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
protocol = "tcp"
|
||||
remote_ip_prefix = join("/", [element(var.liferay_ip_addrs.*, count.index), "32"])
|
||||
}
|
||||
|
||||
resource "openstack_networking_secgroup_rule_v2" "udp_traffic_between_liferay_nodes" {
|
||||
count = var.liferay_data.vm_count
|
||||
security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id
|
||||
description = "UDP traffic between liferay nodes"
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
protocol = "udp"
|
||||
remote_ip_prefix = join("/", [element(var.liferay_ip_addrs.*, count.index), "32"])
|
||||
}
|
||||
|
||||
resource "openstack_networking_secgroup_rule_v2" "igmp_ingress_between_liferay_nodes" {
|
||||
security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id
|
||||
description = "Ingress IGMP traffic between liferay nodes"
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
protocol = "igmp"
|
||||
remote_ip_prefix = "0.0.0.0/0"
|
||||
}
|
||||
|
||||
resource "openstack_networking_secgroup_rule_v2" "igmp_egress_between_liferay_nodes" {
|
||||
security_group_id = openstack_networking_secgroup_v2.liferay_cluster_traffic.id
|
||||
description = "Egress IGMP traffic between liferay nodes"
|
||||
direction = "egress"
|
||||
ethertype = "IPv4"
|
||||
protocol = "igmp"
|
||||
remote_ip_prefix = "0.0.0.0/0"
|
||||
}
|
||||
|
||||
#
|
||||
# Object storage container
|
||||
#
|
||||
|
@ -86,4 +114,4 @@ resource "openstack_dns_recordset_v2" "cdn_dns_recordset" {
|
|||
|
||||
locals {
|
||||
cname_target = "main-lb.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name}"
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue