Commit 4d0b73f3 authored by McDonnell, Marshall's avatar McDonnell, Marshall

Initial module

parents
# Created by https://www.gitignore.io/api/terraform
# Edit at https://www.gitignore.io/?templates=terraform
### Terraform ###
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
# .tfvars files are managed as part of configuration and so should be included in
# version control.
#
# example.tfvars
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# End of https://www.gitignore.io/api/terraform
# OpenStack RC files
*openrc*
# swap files
*.swp
# Security group for HashiCorp's Consul Server
This Terraform setup creates a security group with rules suitable for
[Consul](https://www.consul.io/).
The target cloud platform is CADES OpenStack.
The [HashiCorp Consul Server Ports AWS Module](https://github.com/hashicorp-modules/consul-server-ports-aws)
was used to develop this OpenStack version of the module.
The requirements for each port are described in the
[Consul Required Ports](https://www.consul.io/docs/install/ports) docs.
The steps are:
1. Setup the security group
2. Add rules to the security group
## Common issues when deleting the security group
If the security group is attached to a VM, you will not be able to delete it.
Make sure to dis-associate the security group with all VMs and then you can delete it.
Also, if you have a static IP setup,
even if the VM associated with the static IP is not provisioned but is associated with this security group,
you will not be able to delete the security group.
Spin up a VM with that static IP, dis-associate the security group, and then you can delete the security group.
provider "openstack" {}
module "consul_server_sg" {
source = "git::https://code.ornl.gov/rse-terraform-modules/cades-consul-server-security-group//modules/cades-consul-server-security-group"
security_group_name = "consul-server-sg"
security_group_description = "My Consul server security group"
}
resource "openstack_networking_secgroup_rule_v2" "allow_ssh_inbound" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 22
port_range_max = 22
remote_ip_prefix = "0.0.0.0/0"
security_group_id = module.consul_server_sg.id
}
resource "openstack_networking_secgroup_rule_v2" "allow_checkmk_inbound" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 6556
port_range_max = 6556
remote_ip_prefix = "160.91.8.218/32"
security_group_id = module.consul_server_sg.id
}
variable "name" {
type = string
default = "consul-server-sg"
}
variable "description" {
type = string
default = "Consul server security group"
}
module "consul_client_sg" {
source = "git::https://code.ornl.gov/rse-terraform-modules/cades-consul-client-security-group//modules/cades-consul-client-security-group?ref=v0.2"
name = var.security_group_name
description = var.security_group_description
}
resource "openstack_networking_secgroup_rule_v2" "server_rpc_tcp" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 8300
port_range_max = 8300
remote_ip_prefix = "0.0.0.0/0"
security_group_id = module.consul_client_sg.id
}
resource "openstack_networking_secgroup_rule_v2" "serf_wan_tcp" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 8302
port_range_max = 8302
remote_ip_prefix = "0.0.0.0/0"
security_group_id = module.consul_client_sg.id
}
resource "openstack_networking_secgroup_rule_v2" "serf_wan_udp" {
direction = "ingress"
ethertype = "IPv4"
protocol = "udp"
port_range_min = 8302
port_range_max = 8302
remote_ip_prefix = "0.0.0.0/0"
security_group_id = module.consul_client_sg.id
}
output "name" {
value = var.name
}
output "id" {
value = module.consul_client_sg.id
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment