From patchwork Fri Nov 8 20:12:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13868940 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 694C61A9B42 for ; Fri, 8 Nov 2024 20:12:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731096769; cv=none; b=gTE4ek9STJISuFnS2AxD+hjhM58aTlsgXut0fc4hOQC/3LAkqNEDPAAHuN9hUaEkhqJTmeMS1l5bswjnabQKNHpHYDgnKS/fVbYRjBNU6sVrsK1yCKVtfQBCSbPUomS4gNlL1w01452DbCTVb9tAsFPeE/DDtu4h6tTmTX6nZ4I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731096769; c=relaxed/simple; bh=wd/8VkoZCvc/2ktz8G+qUy3GK6zc32XMELorH3pr0Vc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tSFge82VS1bbIao40wCFEBzBeQl2OFG0D1OlNgm8iaZQh95IoGyVfsTI9PPN5hKRhL8QSXqADkULsXJtFlH/d8qdCMjspyRAg5SaYIQYjMWz4tfnTNhGVU41TPCTJvsnGmBMl0Z/MOTpv8aExCncNdTajx1u8/WHQmJ4iHECOk0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=SNeIf2wa; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="SNeIf2wa" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8EC48C4CED2; Fri, 8 Nov 2024 20:12:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1731096768; bh=wd/8VkoZCvc/2ktz8G+qUy3GK6zc32XMELorH3pr0Vc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SNeIf2waVZOIs/AJUH95iRYELUkgN9elCAESy/KMHtlAtVqgYJvU1rbjOzzOln389 X5+5j2c9WQlMvCuQTiIAjf+TXykTcelxz8ak7JN3KBygM5LujnV+A6znHgahcJBBPy zLJvcSyBgGNnSMn25cz/TVx2pRU8Xi66MmhkTHQNCnO2QftITEIDQHG9jXc+UaZ0/H A6vWowaMe0M/7NscjrPWjsXMrc+NZmWCvkUZF6sOLUqAA5BUD0Ie9X8Va7Chex+Rqc fdOzNiB5BQS4SptVDYRipMMtrYHqQbmKFkS+dPgikyclGFpB8rTzCRfEuC5HK+m6P4 vnaU6AEpa+i9Q== From: cel@kernel.org To: Cc: Chuck Lever Subject: [RFC PATCH 1/2] aws: Permit inter-node network traffic Date: Fri, 8 Nov 2024 15:12:44 -0500 Message-ID: <20241108201245.561269-2-cel@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241108201245.561269-1-cel@kernel.org> References: <20241108201245.561269-1-cel@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Chuck Lever Permit target nodes to mount the kdevops NFS server by adding a security group that allows traffic between test nodes. Signed-off-by: Chuck Lever --- terraform/aws/main.tf | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf index 290d5c0f04b1..62730d77422c 100644 --- a/terraform/aws/main.tf +++ b/terraform/aws/main.tf @@ -51,6 +51,22 @@ resource "aws_security_group" "kdevops_sec_group" { } } +resource "aws_security_group" "kdevops_internal_group" { + name = "kdevops_isg" + vpc_id = aws_vpc.kdevops_vpc.id + + # Allow all traffic between hosts in the security group + ingress { + cidr_blocks = [ + "10.0.0.0/16", + ] + from_port = 0 + to_port = 0 + protocol = "-1" + } +} + + resource "aws_key_pair" "kdevops_keypair" { key_name = var.ssh_keyname public_key = var.ssh_pubkey_data != "" ? var.ssh_pubkey_data : var.ssh_config_pubkey_file != "" ? file(var.ssh_config_pubkey_file) : "" @@ -110,7 +126,10 @@ resource "aws_instance" "kdevops_instance" { count = local.kdevops_num_boxes ami = data.aws_ami.distro.id instance_type = var.aws_instance_type - security_groups = [aws_security_group.kdevops_sec_group.id] + security_groups = [ + aws_security_group.kdevops_sec_group.id, + aws_security_group.kdevops_internal_group.id + ] key_name = var.ssh_keyname subnet_id = aws_subnet.kdevops_subnet.id user_data_base64 = element(