Commit 515bf7b7 authored by Bo-Chun Chen's avatar Bo-Chun Chen
Browse files

Add security group module

parent addb381e
......@@ -15,7 +15,7 @@ resource "openstack_compute_instance_v2" "box" {
image_id = data.openstack_images_image_v2.box.id
flavor_id = data.openstack_compute_flavor_v2.box.id
key_pair = var.key_pair
security_groups = ["default"]
security_groups = concat(["default"], var.sec_groups)
count = var.amount
user_data = var.user_data
......
......@@ -39,3 +39,7 @@ variable "floating_ip_pool" {
default = ""
}
variable "sec_groups" {
description = "List of security groups to add to instance"
default = []
}
......@@ -25,6 +25,13 @@ module "dmzrouter" {
gateway = data.openstack_networking_network_v2.public-network.id
}
module "security-group" {
source = "./security-group"
group_name = "tf_security_group"
ports = [22, 80]
}
# set up ssh key pair
resource "openstack_compute_keypair_v2" "keypair" {
name = var.keypair_name
......@@ -40,6 +47,7 @@ module "ohpc-instance" {
box_name = var.ohpc_instance_name
image_name = var.ohpc_image
floating_ip_pool = var.public_network_name
sec_groups = [module.security-group.name]
box_nets = [
{ net_id = module.external-net.id, ip_v4 = "" },
{ net_id = module.internal-net.id, ip_v4 = var.ohpc_private_ip }
......@@ -55,6 +63,7 @@ module "ood-instance" {
box_name = var.ood_instance_name
image_name = var.ood_image
floating_ip_pool = var.public_network_name
sec_groups = [module.security-group.name]
box_nets = [
{ net_id = module.external-net.id, ip_v4 = "" },
{ net_id = module.internal-net.id, ip_v4 = var.ood_private_ip }
......
resource "openstack_networking_secgroup_v2" "secgroup" {
name = "${var.group_name}"
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule" {
count = length(var.ports)
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = var.ports[count.index]
port_range_max = var.ports[count.index]
remote_ip_prefix = "0.0.0.0/0"
security_group_id = "${openstack_networking_secgroup_v2.secgroup.id}"
}
output "id" {
value = openstack_networking_secgroup_v2.secgroup.id
}
output "name" {
value = openstack_networking_secgroup_v2.secgroup.name
}
variable "group_name" {
description = "Name of the security group"
}
variable "ports" {
description = "List of ports to open"
}
terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "~> 1.42.0"
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment