~damien/infrastructure

infrastructure/tools/update-nomad-client-firewall -rwxr-xr-x 1.1 KiB
e72863f8Damien Radtke Renew CAs 13 days ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#!/usr/bin/env bash

echo "$(tput bold)Updating Nomad client firewalls...$(tput sgr0)"

# TODO: it might be good to enhance this script to also update the confured "join" values for node configurations.

if [[ ! -f terraform.tfstate ]]; then
	echo "no state file found, are you in the right directory?"
	exit 1
fi

all_clients="$(echo "$(terraform output -json nomad-clients) $(terraform output -json nomad-clients-ingress)" | jq -n '[inputs|.[]]')"
from_ips="$(echo "${all_clients}" | jq -r '.[].ip')"
to_ips="$(echo "${all_clients}" | jq -r '.[] | .ip, .ipv4')"

for from_ip in ${from_ips}; do
	echo "clearing existing values for ${from_ip}"
	# TODO: is there a firewalld command we could run to do this instead?
	ssh "${from_ip}" "sudo sed -i '/<source address/d' /etc/firewalld/zones/nomad-clients.xml"
	ssh "${from_ip}" "sudo firewall-cmd --reload"
	for to_ip in ${to_ips}; do
		echo "from ${from_ip} trust ${to_ip}"
		ssh "${from_ip}" "sudo firewall-cmd --zone=nomad-clients --add-source='${to_ip}' --permanent"
	done
	echo "reloading for ${from_ip}"
	ssh "${from_ip}" "sudo firewall-cmd --reload"
done