~damien/infrastructure

infrastructure/tools/update-nomad-client-firewall -rwxr-xr-x 995 bytes
41e11f7d — Damien Radtke Use blue-green terraform strategy for cluster upgrades 2 months ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#!/usr/bin/env bash

echo "$(tput bold)Updating Nomad client firewalls...$(tput sgr0)"

# TODO: it might be good to enhance this script to also update the confured "join" values for node configurations.

if [[ ! -f terraform.tfstate ]]; then
	echo "no state file found, are you in the right directory?"
	exit 1
fi

client_ips="$(terraform output -json nomad_client_ips | jq -r '.[]')"
for from_ip in ${client_ips}; do
	echo "clearing existing values for ${from_ip}"
	# TODO: is there a firewalld command we could run to do this instead?
	ssh "${from_ip}" "sudo sed -i '/<source address/d' /etc/firewalld/zones/nomad-clients.xml"
	ssh "${from_ip}" "sudo firewall-cmd --reload"
	for to_ip in ${client_ips}; do
		if [[ "${from_ip}" = "${to_ip}" ]]; then
			continue
		fi
		echo "from ${from_ip} trust ${to_ip}"
		ssh "${from_ip}" "sudo firewall-cmd --zone=nomad-clients --add-source='${to_ip}' --permanent"
	done
	echo "reloading for ${from_ip}"
	ssh "${from_ip}" "sudo firewall-cmd --reload"
done