networking setup

1 files changed, 86 insertions, 2 deletions

diff --git a/terraform/infra.tf b/terraform/infra.tf
index 67c6e2b8..2e0cfe15 100644
--- a/terraform/infra.tf
+++ b/terraform/infra.tf
@@ -48,6 +48,87 @@ resource "openstack_compute_keypair_v2" "pedro-keypair" {
   public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDrfYhQAgqiwtcl37TfBR7N5Fq7ze17Cn4UUbz/Nuby/9qfypUp5Ir2x0P1otbQfozwWBOwmKCFRQMs+fZXFpWsvshNcmaw+rMI8wP1Bx2cqSuPusLPEYbvRbnfGo/E7aj/GvpSKRlBCGF3tORzGAmQsogUUXXcXP7PKIkPB3Jo04K8IeuSoRGd8cGfUWA6dcx9YuZHeJ3o/RzpV8UvU3Ge50mLf05cbrS2LlXgnG2PGbuBX5l87O6u3KUXq5zoafd0AtpSelNcVfAjpwdPokyuR1pXn+3q2w+l7ExmIAjwJV+QJeSSRMRfiHbk/+D3vYUlnqoarB0UrsTb2mY2tAPD"
 }
 
+resource "openstack_networking_network_v2" "baserock_network" {
+  name           = "Baserock Network"
+  admin_state_up = "true"
+}
+
+resource "openstack_networking_subnet_v2" "baserock_subnet" {
+  name       = "Baserock Subnet"
+  network_id = "${openstack_networking_network_v2.baserock_network.id}"
+  cidr       = "10.3.0.0/24"
+  ip_version = 4
+}
+
+resource "openstack_networking_secgroup_v2" "sg_base" {
+  name        = "base"
+  description = "Allow all outgoing traffic, and allow incoming ICMP (ping) and SSH connections"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "sg_base_egress_icmp" {
+  direction         = "egress"
+  ethertype         = "IPv4"
+  protocol          = "icmp"
+  port_range_min    = 0
+  port_range_max    = 255
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "sg_base_egress_tcp" {
+  direction         = "egress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 1
+  port_range_max    = 65535
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "sg_base_egress_udp" {
+  direction         = "egress"
+  ethertype         = "IPv4"
+  protocol          = "udp"
+  port_range_min    = 1
+  port_range_max    = 65535
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "sg_base_ingress_icmp" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "icmp"
+  port_range_min    = 0
+  port_range_max    = 255
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}"
+}
+
+
+resource "openstack_networking_secgroup_rule_v2" "sg_base_ingress_ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}"
+}
+
+resource "openstack_networking_port_v2" "frontend_port" {
+  name               = "port_1"
+  network_id         = "${openstack_networking_network_v2.baserock_network.id}"
+  admin_state_up     = "true"
+  security_group_ids = ["${openstack_networking_secgroup_v2.sg_base.id}"]
+
+  fixed_ip {
+    subnet_id  = "${openstack_networking_subnet_v2.baserock_subnet.id}"
+    ip_address = "10.3.0.10"
+  }
+}
+
+
 # Create instance
 resource "openstack_compute_instance_v2" "baserock_frontend" {
   name            = "frontend-haproxy"
@@ -55,12 +136,15 @@ resource "openstack_compute_instance_v2" "baserock_frontend" {
   flavor_id       = data.openstack_compute_flavor_v2.flavor_frontend.id
   key_pair        = "${openstack_compute_keypair_v2.pedro-keypair.name}"
 
+  security_groups = ["${openstack_networking_secgroup_v2.sg_base.name}"]
+  network {
+    port = "${openstack_networking_port_v2.frontend_port.id}"
+  }
+
   lifecycle {
     ignore_changes = [
       # Ignore changes to base image
       image_id,
-      # Ignore changes to flavor changes
-      flavor_id,
       # Ignore changes to key_pairs
       key_pair,
     ]