Closed ossarga closed 5 years ago
I did it already in this branch, give it a look: https://github.com/thelastpickle/tlp-cluster/compare/jon/42_sg_suggestions?expand=1
On Sun, Mar 24, 2019 at 3:08 PM Anthony Grasso notifications@github.com wrote:
@ossarga commented on this pull request.
In src/main/kotlin/com/thelastpickle/tlpcluster/terraform/Configuration.kt https://github.com/thelastpickle/tlp-cluster/pull/62#discussion_r268455582 :
@@ -92,9 +93,43 @@ class Configuration(val tags: MutableMap<String, String> = mutableMapOf(), setVariable("region", region) setVariable("zones", Variable(listOf("us-west-2a", "us-west-2b", "us-west-2c"), "list"))
- setResource("cassandra", cassandraAMI, cassandraInstanceType, numCassandraInstances, setTagName(tags, ServerType.Cassandra))
- setResource("stress", stressAMI, stressInstanceType, numStressInstances, setTagName(tags, ServerType.Stress))
- setResource("monitoring", monitoringAMI, monitoringInstanceType, if (monitoring) 1 else 0, setTagName(tags, ServerType.Monitoring))
- val instanceSg = SecurityGroupResource.Builder()
- .newSecurityGroupResource("${ticket}_TlpClusterSG","tlp-cluster ${ticket} security group", tags)
- .withRule(0, 65535, "tcp", listOf("0.0.0.0/0"), "All traffic", SecurityGroupRule.Direction.Outbound)
- .withRule(22, 22, "tcp", listOf("0.0.0.0/0"), "SSH", SecurityGroupRule.Direction.Inbound)
- .withRule(7000, 7001, "tcp", listOf("172.31.0.0/16"), "Intra node", SecurityGroupRule.Direction.Inbound)
Ok. I'll give it a try and rework the code once I have it working in a handcrafted terraform JSON file. I assume self will allow only the IPs within the VPC? (which is what we would want). If so, I guess we just give a port range and set the self property to true?
— You are receiving this because your review was requested. Reply to this email directly, view it on GitHub https://github.com/thelastpickle/tlp-cluster/pull/62#discussion_r268455582, or mute the thread https://github.com/notifications/unsubscribe-auth/AAUn0IsFxhEZxFf3PWPQrgww3VbKFPRoks5vZ_dUgaJpZM4cAxF_ .
@rustyrazorblade I have pushed up a new change that incorporates all feedback.
withRule
function names so that it is clear if you are adding an inbound or outbound rule.self
to SecurityGroupRule class and a with
function to add a rule that uses it.I think your last commit removing the security group introduced a bug, now it doesn't build.
Fixed!
Closes #42 Closes #36