add firewall mgmt on simple-nva module
This commit is contained in:
parent
987ea34d93
commit
021fb84765
|
@ -54,6 +54,9 @@ write_files:
|
||||||
%{ for route in interface.routes ~}
|
%{ for route in interface.routes ~}
|
||||||
ip route add ${route} via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/${interface.number}/gateway -H "Metadata-Flavor:Google"` dev ${interface.name}
|
ip route add ${route} via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/${interface.number}/gateway -H "Metadata-Flavor:Google"` dev ${interface.name}
|
||||||
%{ endfor ~}
|
%{ endfor ~}
|
||||||
|
%{ for port in firewall_open_ports ~}
|
||||||
|
iptables -A INPUT -p all --dport ${port} -j ACCEPT
|
||||||
|
%{ endfor ~}
|
||||||
%{ endfor ~}
|
%{ endfor ~}
|
||||||
|
|
||||||
bootcmd:
|
bootcmd:
|
||||||
|
|
|
@ -67,32 +67,39 @@ locals {
|
||||||
} : {}
|
} : {}
|
||||||
)
|
)
|
||||||
|
|
||||||
_frr_daemons = [
|
_frr_daemons = {
|
||||||
"zebra",
|
"zebra": []
|
||||||
"bgpd",
|
"bgpd": ["179"]
|
||||||
"ospfd",
|
"ospfd": []
|
||||||
"ospf6d",
|
"ospf6d": []
|
||||||
"ripd",
|
"ripd": ["520"]
|
||||||
"ripngd",
|
"ripngd": ["521"]
|
||||||
"isisd",
|
"isisd": []
|
||||||
"pimd",
|
"pimd": []
|
||||||
"ldpd",
|
"ldpd": ["646"]
|
||||||
"nhrpd",
|
"nhrpd": []
|
||||||
"eigrpd",
|
"eigrpd" : []
|
||||||
"babeld",
|
"babeld": []
|
||||||
"sharpd",
|
"sharpd": []
|
||||||
"staticd",
|
"staticd": []
|
||||||
"pbrd",
|
"pbrd": []
|
||||||
"bfdd",
|
"bfdd": ["3784"]
|
||||||
"fabricd"
|
"fabricd": []
|
||||||
]
|
}
|
||||||
|
|
||||||
_frr_daemons_enabled = try(
|
_frr_daemons_enabled = try(
|
||||||
{
|
{
|
||||||
for daemon in local._frr_daemons :
|
for daemon in keys(local._frr_daemons) :
|
||||||
"${daemon}_enabled" => contains(var.frr_config.daemons_enabled, daemon) ? "yes" : "no"
|
"${daemon}_enabled" => contains(var.frr_config.daemons_enabled, daemon) ? "yes" : "no"
|
||||||
}, {})
|
}, {})
|
||||||
|
|
||||||
|
_frr_required_ports = try(
|
||||||
|
[
|
||||||
|
for daemon, ports in local._frr_daemons : contains(var.frr_config.daemons_enabled, daemon) ? ports : []
|
||||||
|
], [])
|
||||||
|
|
||||||
|
_local_firewall_ports = concat(var.optional_firewall_open_ports, flatten(local._frr_required_ports))
|
||||||
|
|
||||||
_network_interfaces = [
|
_network_interfaces = [
|
||||||
for index, interface in var.network_interfaces : {
|
for index, interface in var.network_interfaces : {
|
||||||
name = "eth${index}"
|
name = "eth${index}"
|
||||||
|
@ -118,6 +125,7 @@ locals {
|
||||||
cloud_config = templatefile(local._template, {
|
cloud_config = templatefile(local._template, {
|
||||||
enable_health_checks = var.enable_health_checks
|
enable_health_checks = var.enable_health_checks
|
||||||
files = local._files
|
files = local._files
|
||||||
|
firewall_open_ports = local._local_firewall_ports
|
||||||
network_interfaces = local._network_interfaces
|
network_interfaces = local._network_interfaces
|
||||||
optional_run_cmds = local._optional_run_cmds
|
optional_run_cmds = local._optional_run_cmds
|
||||||
})
|
})
|
||||||
|
|
|
@ -86,3 +86,9 @@ variable "optional_run_cmds" {
|
||||||
type = list(string)
|
type = list(string)
|
||||||
default = []
|
default = []
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "optional_firewall_open_ports" {
|
||||||
|
description = "Optional Ports to be opened on the local firewall."
|
||||||
|
type = list(string)
|
||||||
|
default = []
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue