Terraform security groups in separate file and symlinks

9d498cb9 · František Dvořák · 30446e54 · 9d498cb9 · 9d498cb9 · 9d498cb9
Commit 9d498cb9 authored 11 months ago by František Dvořák
--- a/common/terraform/firewall.tf
+++ b/common/terraform/firewall.tf
+resource "openstack_networking_secgroup_v2" "ping" {
+  name        = "ping"
+  description = "ICMP for ping"
+}
+resource "openstack_networking_secgroup_v2" "ssh" {
+  name        = "ssh"
+  description = "ssh connection"
+}
+resource "openstack_networking_secgroup_v2" "http" {
+  name        = "http"
+  description = "http/https"
+}
+resource "openstack_networking_secgroup_rule_v2" "ping4" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_min    = 8
+  port_range_max    = 0
+  protocol          = "icmp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.ping.id
+}
+resource "openstack_networking_secgroup_rule_v2" "ping6" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  port_range_min    = 128
+  port_range_max    = 0
+  protocol          = "icmp"  # icmp / ipv6-icmp
+  remote_ip_prefix  = "::/0"
+  security_group_id = openstack_networking_secgroup_v2.ping.id
+}
+resource "openstack_networking_secgroup_rule_v2" "ssh4" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_min    = 22
+  port_range_max    = 22
+  protocol          = "tcp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.ssh.id
+}
+resource "openstack_networking_secgroup_rule_v2" "ssh6" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  port_range_min    = 22
+  port_range_max    = 22
+  protocol          = "tcp"
+  remote_ip_prefix  = "::/0"
+  security_group_id = openstack_networking_secgroup_v2.ssh.id
+}
+resource "openstack_networking_secgroup_rule_v2" "http4" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_min    = 80
+  port_range_max    = 80
+  protocol          = "tcp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.http.id
+}
+resource "openstack_networking_secgroup_rule_v2" "http6" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  port_range_min    = 80
+  port_range_max    = 80
+  protocol          = "tcp"
+  remote_ip_prefix  = "::/0"
+  security_group_id = openstack_networking_secgroup_v2.http.id
+}
+resource "openstack_networking_secgroup_rule_v2" "https4" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_min    = 443
+  port_range_max    = 443
+  protocol          = "tcp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.http.id
+}
+resource "openstack_networking_secgroup_rule_v2" "https6" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  port_range_min    = 443
+  port_range_max    = 443
+  protocol          = "tcp"
+  remote_ip_prefix  = "::/0"
+  security_group_id = openstack_networking_secgroup_v2.http.id
+}
--- a/staging1/terraform/firewall.tf
+++ b/staging1/terraform/firewall.tf
+../../common/terraform/firewall.tf
\ No newline at end of file
--- a/staging1/terraform/vms.tf
+++ b/staging1/terraform/vms.tf
@@ -10,103 +10,6 @@ locals {
  gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[0].fixed_ip_v4 : s]
 }
-# Security groups
-resource "openstack_networking_secgroup_v2" "ping" {
-  name        = "ping"
-  description = "ICMP for ping"
-}
-resource "openstack_networking_secgroup_v2" "ssh" {
-  name        = "ssh"
-  description = "ssh connection"
-}
-resource "openstack_networking_secgroup_v2" "http" {
-  name        = "http"
-  description = "http/https"
-}
-resource "openstack_networking_secgroup_rule_v2" "ping4" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  port_range_min    = 8
-  port_range_max    = 0
-  protocol          = "icmp"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.ping.id
-}
-resource "openstack_networking_secgroup_rule_v2" "ping6" {
-  direction         = "ingress"
-  ethertype         = "IPv6"
-  port_range_min    = 128
-  port_range_max    = 0
-  protocol          = "icmp"  # icmp / ipv6-icmp
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.ping.id
-}
-resource "openstack_networking_secgroup_rule_v2" "ssh4" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  port_range_min    = 22
-  port_range_max    = 22
-  protocol          = "tcp"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.ssh.id
-}
-resource "openstack_networking_secgroup_rule_v2" "ssh6" {
-  direction         = "ingress"
-  ethertype         = "IPv6"
-  port_range_min    = 22
-  port_range_max    = 22
-  protocol          = "tcp"
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.ssh.id
-}
-resource "openstack_networking_secgroup_rule_v2" "http4" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  port_range_min    = 80
-  port_range_max    = 80
-  protocol          = "tcp"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.http.id
-}
-resource "openstack_networking_secgroup_rule_v2" "http6" {
-  direction         = "ingress"
-  ethertype         = "IPv6"
-  port_range_min    = 80
-  port_range_max    = 80
-  protocol          = "tcp"
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.http.id
-}
-resource "openstack_networking_secgroup_rule_v2" "https4" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  port_range_min    = 443
-  port_range_max    = 443
-  protocol          = "tcp"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.http.id
-}
-resource "openstack_networking_secgroup_rule_v2" "https6" {
-  direction         = "ingress"
-  ethertype         = "IPv6"
-  port_range_min    = 443
-  port_range_max    = 443
-  protocol          = "tcp"
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.http.id
-}
 resource "openstack_networking_floatingip_v2" "public_ip" {
  pool = var.ip_pool
 }

--- a/staging2/terraform/firewall.tf
+++ b/staging2/terraform/firewall.tf
+../../common/terraform/firewall.tf
\ No newline at end of file
--- a/staging2/terraform/vms.tf
+++ b/staging2/terraform/vms.tf
@@ -10,103 +10,6 @@ locals {
  gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[0].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
 }
-# Security groups
-resource "openstack_networking_secgroup_v2" "ping" {
-  name        = "ping"
-  description = "ICMP for ping"
-}
-resource "openstack_networking_secgroup_v2" "ssh" {
-  name        = "ssh"
-  description = "ssh connection"
-}
-resource "openstack_networking_secgroup_v2" "http" {
-  name        = "http"
-  description = "http/https"
-}
-resource "openstack_networking_secgroup_rule_v2" "ping4" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  port_range_min    = 8
-  port_range_max    = 0
-  protocol          = "icmp"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.ping.id
-}
-resource "openstack_networking_secgroup_rule_v2" "ping6" {
-  direction         = "ingress"
-  ethertype         = "IPv6"
-  port_range_min    = 128
-  port_range_max    = 0
-  protocol          = "icmp"  # icmp / ipv6-icmp
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.ping.id
-}
-resource "openstack_networking_secgroup_rule_v2" "ssh4" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  port_range_min    = 22
-  port_range_max    = 22
-  protocol          = "tcp"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.ssh.id
-}
-resource "openstack_networking_secgroup_rule_v2" "ssh6" {
-  direction         = "ingress"
-  ethertype         = "IPv6"
-  port_range_min    = 22
-  port_range_max    = 22
-  protocol          = "tcp"
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.ssh.id
-}
-resource "openstack_networking_secgroup_rule_v2" "http4" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  port_range_min    = 80
-  port_range_max    = 80
-  protocol          = "tcp"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.http.id
-}
-resource "openstack_networking_secgroup_rule_v2" "http6" {
-  direction         = "ingress"
-  ethertype         = "IPv6"
-  port_range_min    = 80
-  port_range_max    = 80
-  protocol          = "tcp"
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.http.id
-}
-resource "openstack_networking_secgroup_rule_v2" "https4" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  port_range_min    = 443
-  port_range_max    = 443
-  protocol          = "tcp"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.http.id
-}
-resource "openstack_networking_secgroup_rule_v2" "https6" {
-  direction         = "ingress"
-  ethertype         = "IPv6"
-  port_range_min    = 443
-  port_range_max    = 443
-  protocol          = "tcp"
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.http.id
-}
 data "openstack_images_image_v2" "ubuntu" {
  name = "ubuntu-22.04"
 }

--- a/testing/terraform/firewall.tf
+++ b/testing/terraform/firewall.tf
+../../common/terraform/firewall.tf
\ No newline at end of file
--- a/testing/terraform/vms.tf
+++ b/testing/terraform/vms.tf
@@ -10,103 +10,6 @@ locals {
  gpu_ips = [for s in openstack_compute_instance_v2.gpu[*].network[1].fixed_ip_v6 : replace(s, "/\\[(.*)\\]/", "$1")]
 }
-# Security groups
-resource "openstack_networking_secgroup_v2" "ping" {
-  name        = "ping"
-  description = "ICMP for ping"
-}
-resource "openstack_networking_secgroup_v2" "ssh" {
-  name        = "ssh"
-  description = "ssh connection"
-}
-resource "openstack_networking_secgroup_v2" "http" {
-  name        = "http"
-  description = "http/https"
-}
-resource "openstack_networking_secgroup_rule_v2" "ping4" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  port_range_min    = 8
-  port_range_max    = 0
-  protocol          = "icmp"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.ping.id
-}
-resource "openstack_networking_secgroup_rule_v2" "ping6" {
-  direction         = "ingress"
-  ethertype         = "IPv6"
-  port_range_min    = 128
-  port_range_max    = 0
-  protocol          = "icmp"  # icmp / ipv6-icmp
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.ping.id
-}
-resource "openstack_networking_secgroup_rule_v2" "ssh4" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  port_range_min    = 22
-  port_range_max    = 22
-  protocol          = "tcp"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.ssh.id
-}
-resource "openstack_networking_secgroup_rule_v2" "ssh6" {
-  direction         = "ingress"
-  ethertype         = "IPv6"
-  port_range_min    = 22
-  port_range_max    = 22
-  protocol          = "tcp"
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.ssh.id
-}
-resource "openstack_networking_secgroup_rule_v2" "http4" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  port_range_min    = 80
-  port_range_max    = 80
-  protocol          = "tcp"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.http.id
-}
-resource "openstack_networking_secgroup_rule_v2" "http6" {
-  direction         = "ingress"
-  ethertype         = "IPv6"
-  port_range_min    = 80
-  port_range_max    = 80
-  protocol          = "tcp"
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.http.id
-}
-resource "openstack_networking_secgroup_rule_v2" "https4" {
-  direction         = "ingress"
-  ethertype         = "IPv4"
-  port_range_min    = 443
-  port_range_max    = 443
-  protocol          = "tcp"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.http.id
-}
-resource "openstack_networking_secgroup_rule_v2" "https6" {
-  direction         = "ingress"
-  ethertype         = "IPv6"
-  port_range_min    = 443
-  port_range_max    = 443
-  protocol          = "tcp"
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.http.id
-}
 resource "openstack_networking_floatingip_v2" "public_ip" {
  pool = var.ip_pool
 }