From: cel@kernel.org
To: <kdevops@lists.linux.dev>
Cc: Chuck Lever <chuck.lever@oracle.com>
Subject: [RFC PATCH 1/2] aws: Permit inter-node network traffic
Date: Fri, 8 Nov 2024 15:12:44 -0500 [thread overview]
Message-ID: <20241108201245.561269-2-cel@kernel.org> (raw)
In-Reply-To: <20241108201245.561269-1-cel@kernel.org>
From: Chuck Lever <chuck.lever@oracle.com>
Permit target nodes to mount the kdevops NFS server by adding
a security group that allows traffic between test nodes.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
terraform/aws/main.tf | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf
index 290d5c0f04b1..62730d77422c 100644
--- a/terraform/aws/main.tf
+++ b/terraform/aws/main.tf
@@ -51,6 +51,22 @@ resource "aws_security_group" "kdevops_sec_group" {
}
}
+resource "aws_security_group" "kdevops_internal_group" {
+ name = "kdevops_isg"
+ vpc_id = aws_vpc.kdevops_vpc.id
+
+ # Allow all traffic between hosts in the security group
+ ingress {
+ cidr_blocks = [
+ "10.0.0.0/16",
+ ]
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ }
+}
+
+
resource "aws_key_pair" "kdevops_keypair" {
key_name = var.ssh_keyname
public_key = var.ssh_pubkey_data != "" ? var.ssh_pubkey_data : var.ssh_config_pubkey_file != "" ? file(var.ssh_config_pubkey_file) : ""
@@ -110,7 +126,10 @@ resource "aws_instance" "kdevops_instance" {
count = local.kdevops_num_boxes
ami = data.aws_ami.distro.id
instance_type = var.aws_instance_type
- security_groups = [aws_security_group.kdevops_sec_group.id]
+ security_groups = [
+ aws_security_group.kdevops_sec_group.id,
+ aws_security_group.kdevops_internal_group.id
+ ]
key_name = var.ssh_keyname
subnet_id = aws_subnet.kdevops_subnet.id
user_data_base64 = element(
--
2.47.0
next prev parent reply other threads:[~2024-11-08 20:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-08 20:12 [RFC PATCH 0/2] Provisioning the AWS private network cel
2024-11-08 20:12 ` cel [this message]
2024-11-08 20:12 ` [RFC PATCH 2/2] aws: Add each test instance to the local DNS service cel
2024-11-09 0:44 ` [RFC PATCH 0/2] Provisioning the AWS private network Luis Chamberlain
2024-11-09 17:19 ` Chuck Lever III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241108201245.561269-2-cel@kernel.org \
--to=cel@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=kdevops@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox