Protocol Security group for AWS #538
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Praveen Ramu <praveen.ramu@ibm.com>
Signed-off-by: Praveen Ramu <praveen.ramu@ibm.com>
Signed-off-by: Praveen Ramu <praveen.ramu@ibm.com>
Signed-off-by: Praveen Ramu <praveen.ramu@ibm.com>
Signed-off-by: Praveen Ramu <praveen.ramu@ibm.com>
sasikeda
reviewed
Jun 10, 2024
| @@ -15,6 +15,72 @@ locals { | |||
| instance_storage_device_names = ["/dev/nvme0n1", "/dev/nvme1n1", "/dev/nvme2n1", "/dev/nvme3n1", "/dev/nvme4n1", "/dev/nvme5n1", "/dev/nvme6n1", "/dev/nvme7n1", "/dev/nvme8n1", "/dev/nvme9n1", "/dev/nvme10n1", "/dev/nvme11n1", "/dev/nvme12n1", "/dev/nvme13n1", "/dev/nvme14n1", "/dev/nvme15n1", "/dev/nvme16n1"] | |||
| gpfs_base_rpm_path = var.spectrumscale_rpms_path != null ? fileset(var.spectrumscale_rpms_path, "gpfs.base-*") : null | |||
| scale_version = local.gpfs_base_rpm_path != null ? regex("gpfs.base-(.*).x86_64.rpm", tolist(local.gpfs_base_rpm_path)[0])[0] : null | |||
|
|
|||
| traffic_protocol_bi = ["icmp", "TCP", "TCP", "TCP", "TCP", "UDP", "TCP", "TCP", "UDP", "TCP", "TCP", "TCP", "TCP", "icmp", "TCP", "TCP", "TCP", "TCP", "UDP", "TCP", "TCP", "UDP", "TCP", "TCP", "TCP", "TCP"] | |||
There was a problem hiding this comment.
Consolidate the security groups b/w compute, storage and protocol nodes
sasikeda
reviewed
Jun 10, 2024
|
|
||
| traffic_protocol_bi = ["icmp", "TCP", "TCP", "TCP", "TCP", "UDP", "TCP", "TCP", "UDP", "TCP", "TCP", "TCP", "TCP", "icmp", "TCP", "TCP", "TCP", "TCP", "UDP", "TCP", "TCP", "UDP", "TCP", "TCP", "TCP", "TCP"] | ||
| traffic_protocol_from_port_bi = [-1, 22, 1191, 60000, 47080, 47443, 4444, 4739, 4739, 9080, 9081, 80, 443, -1, 22, 1191, 60000, 47080, 47443, 4444, 4739, 4739, 9080, 9081, 80, 443] | ||
| traffic_protocol_to_port_bi = [-1, 22, 1191, 61000, 47080, 47443, 4444, 4739, 4739, 9080, 9081, 80, 443, -1, 22, 1191, 60000, 47080, 47443, 4444, 4739, 4739, 9080, 9081, 80, 443] |
There was a problem hiding this comment.
Check the ports with the latest security port definitions and separate them as the base and extended. (Base is limited to storage only) and extended to protocol
sasikeda
reviewed
Jun 10, 2024
| sec_group_description = ["Enable SSH access to the compute cluster hosts"] | ||
| turn_on = true | ||
| sec_group_name = ["scale-sec-group-"] | ||
| sec_group_description = ["Scale cluster sec group"] |
sasikeda
reviewed
Jun 10, 2024
| # Create Scale cluster security group | ||
| module "protocol_security_group" { | ||
| source = "../../../resources/aws/security/security_group" | ||
| turn_on = length(local.protocol_vm_subnet_map) > 0 ? true : false |
There was a problem hiding this comment.
change to len of protocol nodes rather than subnet map
sasikeda
reviewed
Jun 10, 2024
| ami = var.ami_id | ||
| instance_type = var.instance_type | ||
| key_name = var.user_public_key | ||
| #security_groups = var.security_groups |
There was a problem hiding this comment.
Is the security group commented ?
sasikeda
reviewed
Jun 10, 2024
| vpc_id = var.vpc_id | ||
| revoke_rules_on_delete = true | ||
|
|
||
| lifecycle { |
There was a problem hiding this comment.
is lifecycle required, by default it is create before destroy true.
sasikeda
reviewed
Jun 10, 2024
| @@ -32,7 +32,7 @@ output "compute_cluster_instance_details" { | |||
| } | |||
|
|
|||
| output "compute_cluster_security_group_id" { | |||
There was a problem hiding this comment.
once consolidation is complete, both security groups will merge and causes changes in terms of edit, remote mount
Signed-off-by: Praveen Ramu <praveen.ramu@ibm.com>
|
Signed-off-by: Praveen Ramu <praveen.ramu@ibm.com>
|
sasikeda
reviewed
Jun 12, 2024
|
|
||
| ## Extended ports | ||
| # Protocol ports | ||
| protocol_traffic_ports = [4379, 11211, 11211, 6200, 5431] |
There was a problem hiding this comment.
please remove the openstack swift ports and add nooba ports
Signed-off-by: Praveen Ramu <praveen.ramu@ibm.com>
|
Added nooba ports and removed swift port |
Signed-off-by: Praveen Ramu <praveen.ramu@ibm.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.