mauro.mugnaini
/
infrastructure-as-code
forked from InfraScience/infrastructure-as-code
1
0
Fork 0
Code Pull Requests Activity

Add a global security group for the NFS ports.

This commit is contained in:
Andrea Dell'Amico 2024-01-30 18:41:04 +01:00
parent a4a7feefef
commit f2c51abfae
Signed by untrusted user: andrea.dellamico
GPG Key ID: 147ABE6CEB9E20FF
6 changed files with 208 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
openstack-tf/d4s-dev/project-setup/terraform.tfstate
View File

@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.6.5",
"serial": 8,
"terraform_version": "1.6.6",
"serial": 11,
"lineage": "194691ec-f344-4bd2-98ae-cbd15e9c9cdf",
"outputs": {
"almalinux_9": {
@ -134,12 +134,15 @@
"c1_large": "c1.large",
"c1_medium": "c1.medium",
"c1_small": "c1.small",
"c2_large": "c2.large",
"m1_large": "m1.large",
"m1_medium": "m1.medium",
"m1_xlarge": "m1.xlarge",
"m1_xxl": "m1.xxl",
"m2_large": "m2.large",
"m2_medium": "m2.medium",
"m2_small": "m2.small"
"m2_small": "m2.small",
"m3_large": "m3.large"
},
"type": [
"map",
@ -230,6 +233,7 @@
},
"networks_list": {
"value": {
"cassandra": "cassandra-net",
"orientdb": "orientdb-net",
"orientdb_se": "orientdb-se-net",
"shared_postgresql": "postgresql-srv-net",
@ -293,7 +297,7 @@
"value": {
"flavor": "m1.medium",
"name": "prometheus",
"public_grafana_server_cidr": "146.48.122.132/32",
"public_grafana_server_cidr": "146.48.28.103/32",
"vol_data_device": "/dev/vdb",
"vol_data_name": "prometheus-data",
"vol_data_size": "100"
@ -333,11 +337,12 @@
"default": "default",
"docker_swarm": "Docker Swarm",
"docker_swarm_NFS": "Docker Swarm NFS",
"haproxy": "HAPROXY L7",
"http_and_https_from_the_load_balancers": "http and https from the load balancers",
"limited_HTTPS_access": "Limited HTTPS access",
"haproxy": "traffic_from_main_lb_to_haproxy_l7",
"http_and_https_from_the_load_balancers": "traffic_from_the_main_load_balancers",
"limited_HTTPS_access": "restricted_web_service",
"limited_SSH_access": "Limited SSH access",
"mongo": "mongo",
"nfs_share_no_ingress": "nfs_share_no_ingress",
"orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic",
"postgreSQL": "PostgreSQL service",
"public_HTTPS": "Public HTTPS"
@ -593,6 +598,61 @@
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "egress_ipv4_allowed",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "Allow the egress traffic from the NFS port",
"direction": "egress",
"ethertype": "IPv4",
"id": "b6f234e2-db03-4b25-899d-725217796ae0",
"port_range_max": 0,
"port_range_min": 0,
"protocol": "",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "0.0.0.0/0",
"security_group_id": "5887da8d-e362-4509-93ac-8a70bf8baef9",
"tenant_id": "e8f8ca72f30648a8b389b4e745ac83a9",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"openstack_networking_secgroup_v2.nfs_share_no_ingress"
]
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_v2",
"name": "nfs_share_no_ingress",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_tags": [],
"delete_default_rules": true,
"description": "Security rule that must be assigned to the NFS ports",
"id": "5887da8d-e362-4509-93ac-8a70bf8baef9",
"name": "nfs_share_no_ingress",
"region": "isti_area_pi_1",
"tags": null,
"tenant_id": "e8f8ca72f30648a8b389b4e745ac83a9",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ=="
}
]
},
{
"mode": "managed",
"type": "openstack_networking_subnet_v2",

61
openstack-tf/d4s-preprod/project-setup/terraform.tfstate
View File

@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.6.6",
"serial": 34,
"serial": 37,
"lineage": "6d43430c-e6aa-d370-b6d5-22f2281117df",
"outputs": {
"almalinux_9": {
@ -234,6 +234,7 @@
},
"networks_list": {
"value": {
"cassandra": "cassandra-net",
"orientdb": "orientdb-net",
"orientdb_se": "orientdb-se-net",
"shared_postgresql": "postgresql-srv-net",
@ -300,7 +301,7 @@
"value": {
"flavor": "m1.medium",
"name": "prometheus",
"public_grafana_server_cidr": "146.48.122.132/32",
"public_grafana_server_cidr": "146.48.28.103/32",
"vol_data_device": "/dev/vdb",
"vol_data_name": "prometheus-data",
"vol_data_size": "100"
@ -345,6 +346,7 @@
"limited_HTTPS_access": "restricted_web_service",
"limited_SSH_access": "Limited SSH access",
"mongo": "mongo",
"nfs_share_no_ingress": "nfs_share_no_ingress",
"orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic",
"postgreSQL": "PostgreSQL service",
"public_HTTPS": "Public HTTPS"
@ -600,6 +602,61 @@
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "egress_ipv4_allowed",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "Allow the egress traffic from the NFS port",
"direction": "egress",
"ethertype": "IPv4",
"id": "4cbefb20-8003-4e15-89f6-92a36a0f4004",
"port_range_max": 0,
"port_range_min": 0,
"protocol": "",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "0.0.0.0/0",
"security_group_id": "ddb16502-7217-4677-a8a7-ca0cbf9a779a",
"tenant_id": "6fdc02e2827b405dad99f34698659742",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"openstack_networking_secgroup_v2.nfs_share_no_ingress"
]
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_v2",
"name": "nfs_share_no_ingress",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_tags": [],
"delete_default_rules": true,
"description": "Security rule that must be assigned to the NFS ports",
"id": "ddb16502-7217-4677-a8a7-ca0cbf9a779a",
"name": "nfs_share_no_ingress",
"region": "isti_area_pi_1",
"tags": null,
"tenant_id": "6fdc02e2827b405dad99f34698659742",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ=="
}
]
},
{
"mode": "managed",
"type": "openstack_networking_subnet_v2",

6
openstack-tf/d4s-production/project-setup/main.tf
View File

@ -10,8 +10,8 @@ terraform {
}
provider "openstack" {
cloud = "d4s-production"
# cloud = "ISTI-Cloud"
# cloud = "d4s-production"
cloud = "ISTI-Cloud"
}
module "common_variables" {
@ -185,4 +185,4 @@ output "security_group_list" {
#Added by Francesco
output "networks_list" {
value = module.common_variables.networks_list
}
}

68
openstack-tf/d4s-production/project-setup/terraform.tfstate
View File

@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.6.5",
"serial": 13,
"terraform_version": "1.6.6",
"serial": 17,
"lineage": "6d54ddff-c4ea-b8c7-3b92-53ed6c62db24",
"outputs": {
"almalinux_9": {
@ -134,12 +134,15 @@
"c1_large": "c1.large",
"c1_medium": "c1.medium",
"c1_small": "c1.small",
"c2_large": "c2.large",
"m1_large": "m1.large",
"m1_medium": "m1.medium",
"m1_xlarge": "m1.xlarge",
"m1_xxl": "m1.xxl",
"m2_large": "m2.large",
"m2_medium": "m2.medium",
"m2_small": "m2.small"
"m2_small": "m2.small",
"m3_large": "m3.large"
},
"type": [
"map",
@ -230,6 +233,7 @@
},
"networks_list": {
"value": {
"cassandra": "cassandra-net",
"orientdb": "orientdb-net",
"orientdb_se": "orientdb-se-net",
"shared_postgresql": "postgresql-srv-net",
@ -294,7 +298,7 @@
"value": {
"flavor": "m1.medium",
"name": "prometheus",
"public_grafana_server_cidr": "146.48.122.132/32",
"public_grafana_server_cidr": "146.48.28.103/32",
"vol_data_device": "/dev/vdb",
"vol_data_name": "prometheus-data",
"vol_data_size": "100"
@ -339,6 +343,7 @@
"limited_HTTPS_access": "restricted_web_service",
"limited_SSH_access": "Limited SSH access",
"mongo": "mongo",
"nfs_share_no_ingress": "nfs_share_no_ingress",
"orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic",
"postgreSQL": "PostgreSQL service",
"public_HTTPS": "Public HTTPS"
@ -562,6 +567,61 @@
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_rule_v2",
"name": "egress_ipv4_allowed",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"description": "Allow the egress traffic from the NFS port",
"direction": "egress",
"ethertype": "IPv4",
"id": "28c6b5b2-9c00-4633-a77c-c0e8b5c05147",
"port_range_max": 0,
"port_range_min": 0,
"protocol": "",
"region": "isti_area_pi_1",
"remote_group_id": "",
"remote_ip_prefix": "0.0.0.0/0",
"security_group_id": "167e4897-f776-4cbd-986f-77313aa68af2",
"tenant_id": "1b45adf388934758b56d0dfdb4bfacf3",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"openstack_networking_secgroup_v2.nfs_share_no_ingress"
]
}
]
},
{
"mode": "managed",
"type": "openstack_networking_secgroup_v2",
"name": "nfs_share_no_ingress",
"provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_tags": [],
"delete_default_rules": true,
"description": "Security rule that must be assigned to the NFS ports",
"id": "167e4897-f776-4cbd-986f-77313aa68af2",
"name": "nfs_share_no_ingress",
"region": "isti_area_pi_1",
"tags": null,
"tenant_id": "1b45adf388934758b56d0dfdb4bfacf3",
"timeouts": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ=="
}
]
},
{
"mode": "managed",
"type": "openstack_networking_subnet_v2",

1
openstack-tf/modules/common_variables/variables.tf
View File

@ -221,6 +221,7 @@ variable "security_group_list" {
default = "default"
cassandra = "Cassandra"
access_to_orientdb_se = "access_to_orientdb_se"
nfs_share_no_ingress = "nfs_share_no_ingress"
}
}

14
openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf
View File

@ -67,3 +67,17 @@ resource "openstack_dns_recordset_v2" "acme_challenge_recordset" {
type = "CNAME"
records = ["_acme-challenge.d4science.net."]
}
resource "openstack_networking_secgroup_v2" "nfs_share_no_ingress" {
name = "nfs_share_no_ingress"
delete_default_rules = "true"
description = "Security rule that must be assigned to the NFS ports"
}
resource "openstack_networking_secgroup_rule_v2" "egress_ipv4_allowed" {
security_group_id = openstack_networking_secgroup_v2.nfs_share_no_ingress.id
description = "Allow the egress traffic from the NFS port"
direction = "egress"
ethertype = "IPv4"
remote_ip_prefix = "0.0.0.0/0"
}