diff --git a/openstack-tf/d4s-dev/project-setup/terraform.tfstate b/openstack-tf/d4s-dev/project-setup/terraform.tfstate index 9751832..fedb8c6 100644 --- a/openstack-tf/d4s-dev/project-setup/terraform.tfstate +++ b/openstack-tf/d4s-dev/project-setup/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, - "terraform_version": "1.6.5", - "serial": 8, + "terraform_version": "1.6.6", + "serial": 11, "lineage": "194691ec-f344-4bd2-98ae-cbd15e9c9cdf", "outputs": { "almalinux_9": { @@ -134,12 +134,15 @@ "c1_large": "c1.large", "c1_medium": "c1.medium", "c1_small": "c1.small", + "c2_large": "c2.large", "m1_large": "m1.large", "m1_medium": "m1.medium", "m1_xlarge": "m1.xlarge", + "m1_xxl": "m1.xxl", "m2_large": "m2.large", "m2_medium": "m2.medium", - "m2_small": "m2.small" + "m2_small": "m2.small", + "m3_large": "m3.large" }, "type": [ "map", @@ -230,6 +233,7 @@ }, "networks_list": { "value": { + "cassandra": "cassandra-net", "orientdb": "orientdb-net", "orientdb_se": "orientdb-se-net", "shared_postgresql": "postgresql-srv-net", @@ -293,7 +297,7 @@ "value": { "flavor": "m1.medium", "name": "prometheus", - "public_grafana_server_cidr": "146.48.122.132/32", + "public_grafana_server_cidr": "146.48.28.103/32", "vol_data_device": "/dev/vdb", "vol_data_name": "prometheus-data", "vol_data_size": "100" @@ -333,11 +337,12 @@ "default": "default", "docker_swarm": "Docker Swarm", "docker_swarm_NFS": "Docker Swarm NFS", - "haproxy": "HAPROXY L7", - "http_and_https_from_the_load_balancers": "http and https from the load balancers", - "limited_HTTPS_access": "Limited HTTPS access", + "haproxy": "traffic_from_main_lb_to_haproxy_l7", + "http_and_https_from_the_load_balancers": "traffic_from_the_main_load_balancers", + "limited_HTTPS_access": "restricted_web_service", "limited_SSH_access": "Limited SSH access", "mongo": "mongo", + "nfs_share_no_ingress": "nfs_share_no_ingress", "orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic", "postgreSQL": "PostgreSQL service", "public_HTTPS": "Public HTTPS" @@ -593,6 +598,61 @@ } ] }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "egress_ipv4_allowed", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow the egress traffic from the NFS port", + "direction": "egress", + "ethertype": "IPv4", + "id": "b6f234e2-db03-4b25-899d-725217796ae0", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "5887da8d-e362-4509-93ac-8a70bf8baef9", + "tenant_id": "e8f8ca72f30648a8b389b4e745ac83a9", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.nfs_share_no_ingress" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "nfs_share_no_ingress", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Security rule that must be assigned to the NFS ports", + "id": "5887da8d-e362-4509-93ac-8a70bf8baef9", + "name": "nfs_share_no_ingress", + "region": "isti_area_pi_1", + "tags": null, + "tenant_id": "e8f8ca72f30648a8b389b4e745ac83a9", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, { "mode": "managed", "type": "openstack_networking_subnet_v2", diff --git a/openstack-tf/d4s-preprod/project-setup/terraform.tfstate b/openstack-tf/d4s-preprod/project-setup/terraform.tfstate index e924f53..a8705d5 100644 --- a/openstack-tf/d4s-preprod/project-setup/terraform.tfstate +++ b/openstack-tf/d4s-preprod/project-setup/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 34, + "serial": 37, "lineage": "6d43430c-e6aa-d370-b6d5-22f2281117df", "outputs": { "almalinux_9": { @@ -234,6 +234,7 @@ }, "networks_list": { "value": { + "cassandra": "cassandra-net", "orientdb": "orientdb-net", "orientdb_se": "orientdb-se-net", "shared_postgresql": "postgresql-srv-net", @@ -300,7 +301,7 @@ "value": { "flavor": "m1.medium", "name": "prometheus", - "public_grafana_server_cidr": "146.48.122.132/32", + "public_grafana_server_cidr": "146.48.28.103/32", "vol_data_device": "/dev/vdb", "vol_data_name": "prometheus-data", "vol_data_size": "100" @@ -345,6 +346,7 @@ "limited_HTTPS_access": "restricted_web_service", "limited_SSH_access": "Limited SSH access", "mongo": "mongo", + "nfs_share_no_ingress": "nfs_share_no_ingress", "orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic", "postgreSQL": "PostgreSQL service", "public_HTTPS": "Public HTTPS" @@ -600,6 +602,61 @@ } ] }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "egress_ipv4_allowed", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow the egress traffic from the NFS port", + "direction": "egress", + "ethertype": "IPv4", + "id": "4cbefb20-8003-4e15-89f6-92a36a0f4004", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "ddb16502-7217-4677-a8a7-ca0cbf9a779a", + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.nfs_share_no_ingress" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "nfs_share_no_ingress", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Security rule that must be assigned to the NFS ports", + "id": "ddb16502-7217-4677-a8a7-ca0cbf9a779a", + "name": "nfs_share_no_ingress", + "region": "isti_area_pi_1", + "tags": null, + "tenant_id": "6fdc02e2827b405dad99f34698659742", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, { "mode": "managed", "type": "openstack_networking_subnet_v2", diff --git a/openstack-tf/d4s-production/project-setup/main.tf b/openstack-tf/d4s-production/project-setup/main.tf index 2f0d8b2..ff89be3 100644 --- a/openstack-tf/d4s-production/project-setup/main.tf +++ b/openstack-tf/d4s-production/project-setup/main.tf @@ -10,8 +10,8 @@ terraform { } provider "openstack" { - cloud = "d4s-production" - # cloud = "ISTI-Cloud" + # cloud = "d4s-production" + cloud = "ISTI-Cloud" } module "common_variables" { @@ -185,4 +185,4 @@ output "security_group_list" { #Added by Francesco output "networks_list" { value = module.common_variables.networks_list -} \ No newline at end of file +} diff --git a/openstack-tf/d4s-production/project-setup/terraform.tfstate b/openstack-tf/d4s-production/project-setup/terraform.tfstate index d194479..37e8f31 100644 --- a/openstack-tf/d4s-production/project-setup/terraform.tfstate +++ b/openstack-tf/d4s-production/project-setup/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, - "terraform_version": "1.6.5", - "serial": 13, + "terraform_version": "1.6.6", + "serial": 17, "lineage": "6d54ddff-c4ea-b8c7-3b92-53ed6c62db24", "outputs": { "almalinux_9": { @@ -134,12 +134,15 @@ "c1_large": "c1.large", "c1_medium": "c1.medium", "c1_small": "c1.small", + "c2_large": "c2.large", "m1_large": "m1.large", "m1_medium": "m1.medium", "m1_xlarge": "m1.xlarge", + "m1_xxl": "m1.xxl", "m2_large": "m2.large", "m2_medium": "m2.medium", - "m2_small": "m2.small" + "m2_small": "m2.small", + "m3_large": "m3.large" }, "type": [ "map", @@ -230,6 +233,7 @@ }, "networks_list": { "value": { + "cassandra": "cassandra-net", "orientdb": "orientdb-net", "orientdb_se": "orientdb-se-net", "shared_postgresql": "postgresql-srv-net", @@ -294,7 +298,7 @@ "value": { "flavor": "m1.medium", "name": "prometheus", - "public_grafana_server_cidr": "146.48.122.132/32", + "public_grafana_server_cidr": "146.48.28.103/32", "vol_data_device": "/dev/vdb", "vol_data_name": "prometheus-data", "vol_data_size": "100" @@ -339,6 +343,7 @@ "limited_HTTPS_access": "restricted_web_service", "limited_SSH_access": "Limited SSH access", "mongo": "mongo", + "nfs_share_no_ingress": "nfs_share_no_ingress", "orientdb_internal_docker_traffic": "orientdb_internal_docker_traffic", "postgreSQL": "PostgreSQL service", "public_HTTPS": "Public HTTPS" @@ -562,6 +567,61 @@ } ] }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_rule_v2", + "name": "egress_ipv4_allowed", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Allow the egress traffic from the NFS port", + "direction": "egress", + "ethertype": "IPv4", + "id": "28c6b5b2-9c00-4633-a77c-c0e8b5c05147", + "port_range_max": 0, + "port_range_min": 0, + "protocol": "", + "region": "isti_area_pi_1", + "remote_group_id": "", + "remote_ip_prefix": "0.0.0.0/0", + "security_group_id": "167e4897-f776-4cbd-986f-77313aa68af2", + "tenant_id": "1b45adf388934758b56d0dfdb4bfacf3", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "openstack_networking_secgroup_v2.nfs_share_no_ingress" + ] + } + ] + }, + { + "mode": "managed", + "type": "openstack_networking_secgroup_v2", + "name": "nfs_share_no_ingress", + "provider": "provider[\"registry.terraform.io/terraform-provider-openstack/openstack\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_tags": [], + "delete_default_rules": true, + "description": "Security rule that must be assigned to the NFS ports", + "id": "167e4897-f776-4cbd-986f-77313aa68af2", + "name": "nfs_share_no_ingress", + "region": "isti_area_pi_1", + "tags": null, + "tenant_id": "1b45adf388934758b56d0dfdb4bfacf3", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjo2MDAwMDAwMDAwMDB9fQ==" + } + ] + }, { "mode": "managed", "type": "openstack_networking_subnet_v2", diff --git a/openstack-tf/modules/common_variables/variables.tf b/openstack-tf/modules/common_variables/variables.tf index 5a02fb1..b392f16 100644 --- a/openstack-tf/modules/common_variables/variables.tf +++ b/openstack-tf/modules/common_variables/variables.tf @@ -221,6 +221,7 @@ variable "security_group_list" { default = "default" cassandra = "Cassandra" access_to_orientdb_se = "access_to_orientdb_se" + nfs_share_no_ingress = "nfs_share_no_ingress" } } diff --git a/openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf b/openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf index 2be9e14..b680049 100644 --- a/openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf +++ b/openstack-tf/modules/main_private_net_and_dns_zone/main_network_dns_zone.tf @@ -67,3 +67,17 @@ resource "openstack_dns_recordset_v2" "acme_challenge_recordset" { type = "CNAME" records = ["_acme-challenge.d4science.net."] } + +resource "openstack_networking_secgroup_v2" "nfs_share_no_ingress" { + name = "nfs_share_no_ingress" + delete_default_rules = "true" + description = "Security rule that must be assigned to the NFS ports" +} + +resource "openstack_networking_secgroup_rule_v2" "egress_ipv4_allowed" { + security_group_id = openstack_networking_secgroup_v2.nfs_share_no_ingress.id + description = "Allow the egress traffic from the NFS port" + direction = "egress" + ethertype = "IPv4" + remote_ip_prefix = "0.0.0.0/0" +}