[RFC,1/2] aws: Permit inter-node network traffic

Commit Message

Chuck Lever Nov. 8, 2024, 8:12 p.m. UTC

From: Chuck Lever <chuck.lever@oracle.com>

Permit target nodes to mount the kdevops NFS server by adding
a security group that allows traffic between test nodes.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 terraform/aws/main.tf | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

Patch

diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf
index 290d5c0f04b1..62730d77422c 100644
--- a/terraform/aws/main.tf
+++ b/terraform/aws/main.tf
@@ -51,6 +51,22 @@  resource "aws_security_group" "kdevops_sec_group" {
   }
 }
 
+resource "aws_security_group" "kdevops_internal_group" {
+  name   = "kdevops_isg"
+  vpc_id = aws_vpc.kdevops_vpc.id
+
+  # Allow all traffic between hosts in the security group
+  ingress {
+    cidr_blocks = [
+      "10.0.0.0/16",
+    ]
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+  }
+}
+
+
 resource "aws_key_pair" "kdevops_keypair" {
   key_name   = var.ssh_keyname
   public_key = var.ssh_pubkey_data != "" ? var.ssh_pubkey_data : var.ssh_config_pubkey_file != "" ? file(var.ssh_config_pubkey_file) : ""
@@ -110,7 +126,10 @@  resource "aws_instance" "kdevops_instance" {
   count           = local.kdevops_num_boxes
   ami             = data.aws_ami.distro.id
   instance_type   = var.aws_instance_type
-  security_groups = [aws_security_group.kdevops_sec_group.id]
+  security_groups = [
+	aws_security_group.kdevops_sec_group.id,
+	aws_security_group.kdevops_internal_group.id
+  ]
   key_name        = var.ssh_keyname
   subnet_id       = aws_subnet.kdevops_subnet.id
   user_data_base64 = element(