~damien/infrastructure

586008a6c9edb6172083dac8b4f222970046477f — Damien Radtke 9 months ago 4fb7260
Small firewall updates
3 files changed, 11 insertions(+), 6 deletions(-)

D firewall/zones/internal.xml
M terraform/main.tf
M tools/update-nomad-client-firewall
D firewall/zones/internal.xml => firewall/zones/internal.xml +0 -6
@@ 1,6 0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Internal</short>
  <description>For internal datacenter communication.</description>
  <source address="192.168.0.0/16"/>
</zone>

M terraform/main.tf => terraform/main.tf +10 -0
@@ 104,3 104,13 @@ module "vault-server" {
  ca_host          = var.ca_host
  ca_key           = var.ca_key
}

resource "null_resource" "nomad_client_firewall" {
	triggers = {
		ips = module.nomad-client.instances[*].ipv6
	}

	provisioner "local-exec" {
		command = "update-nomad-client-firewall"
	}
}

M tools/update-nomad-client-firewall => tools/update-nomad-client-firewall +1 -0
@@ 10,6 10,7 @@ fi
client_ips="$(terraform output -json nomad_client_ips | jq -r '.[]')"
for from_ip in ${client_ips}; do
	echo "clearing existing values for ${from_ip}"
	# TODO: is there a firewalld command we could run to do this instead?
	ssh "${from_ip}" "sudo sed -i '/<source address/d' /etc/firewalld/zones/nomad-clients.xml"
	ssh "${from_ip}" "sudo firewall-cmd --reload"
	for to_ip in ${client_ips}; do