diff options
author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2021-08-16 18:37:14 +0200 |
---|---|---|
committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2021-08-16 18:37:14 +0200 |
commit | 8a66e973a215315a26eea79808de039a3506052d (patch) | |
tree | 426ed611456a3b85a742bada005dda1f5fca4d9a | |
parent | 6485974b116bafb979480fe97f248f1373c1451a (diff) | |
download | infrastructure-8a66e973a215315a26eea79808de039a3506052d.tar.gz |
networking setup
-rw-r--r-- | terraform/infra.tf | 88 |
1 files changed, 86 insertions, 2 deletions
diff --git a/terraform/infra.tf b/terraform/infra.tf index 67c6e2b8..2e0cfe15 100644 --- a/terraform/infra.tf +++ b/terraform/infra.tf @@ -48,6 +48,87 @@ resource "openstack_compute_keypair_v2" "pedro-keypair" { public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDrfYhQAgqiwtcl37TfBR7N5Fq7ze17Cn4UUbz/Nuby/9qfypUp5Ir2x0P1otbQfozwWBOwmKCFRQMs+fZXFpWsvshNcmaw+rMI8wP1Bx2cqSuPusLPEYbvRbnfGo/E7aj/GvpSKRlBCGF3tORzGAmQsogUUXXcXP7PKIkPB3Jo04K8IeuSoRGd8cGfUWA6dcx9YuZHeJ3o/RzpV8UvU3Ge50mLf05cbrS2LlXgnG2PGbuBX5l87O6u3KUXq5zoafd0AtpSelNcVfAjpwdPokyuR1pXn+3q2w+l7ExmIAjwJV+QJeSSRMRfiHbk/+D3vYUlnqoarB0UrsTb2mY2tAPD" } +resource "openstack_networking_network_v2" "baserock_network" { + name = "Baserock Network" + admin_state_up = "true" +} + +resource "openstack_networking_subnet_v2" "baserock_subnet" { + name = "Baserock Subnet" + network_id = "${openstack_networking_network_v2.baserock_network.id}" + cidr = "10.3.0.0/24" + ip_version = 4 +} + +resource "openstack_networking_secgroup_v2" "sg_base" { + name = "base" + description = "Allow all outgoing traffic, and allow incoming ICMP (ping) and SSH connections" +} + +resource "openstack_networking_secgroup_rule_v2" "sg_base_egress_icmp" { + direction = "egress" + ethertype = "IPv4" + protocol = "icmp" + port_range_min = 0 + port_range_max = 255 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}" +} + +resource "openstack_networking_secgroup_rule_v2" "sg_base_egress_tcp" { + direction = "egress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 1 + port_range_max = 65535 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}" +} + +resource "openstack_networking_secgroup_rule_v2" "sg_base_egress_udp" { + direction = "egress" + ethertype = "IPv4" + protocol = "udp" + port_range_min = 1 + port_range_max = 65535 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}" +} + +resource "openstack_networking_secgroup_rule_v2" "sg_base_ingress_icmp" { + direction = "ingress" + ethertype = "IPv4" + protocol = "icmp" + port_range_min = 0 + port_range_max = 255 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}" +} + + +resource "openstack_networking_secgroup_rule_v2" "sg_base_ingress_ssh" { + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 22 + port_range_max = 22 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}" +} + +resource "openstack_networking_port_v2" "frontend_port" { + name = "port_1" + network_id = "${openstack_networking_network_v2.baserock_network.id}" + admin_state_up = "true" + security_group_ids = ["${openstack_networking_secgroup_v2.sg_base.id}"] + + fixed_ip { + subnet_id = "${openstack_networking_subnet_v2.baserock_subnet.id}" + ip_address = "10.3.0.10" + } +} + + # Create instance resource "openstack_compute_instance_v2" "baserock_frontend" { name = "frontend-haproxy" @@ -55,12 +136,15 @@ resource "openstack_compute_instance_v2" "baserock_frontend" { flavor_id = data.openstack_compute_flavor_v2.flavor_frontend.id key_pair = "${openstack_compute_keypair_v2.pedro-keypair.name}" + security_groups = ["${openstack_networking_secgroup_v2.sg_base.name}"] + network { + port = "${openstack_networking_port_v2.frontend_port.id}" + } + lifecycle { ignore_changes = [ # Ignore changes to base image image_id, - # Ignore changes to flavor changes - flavor_id, # Ignore changes to key_pairs key_pair, ] |