You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by dm...@apache.org on 2019/09/27 12:23:04 UTC
[incubator-dlab] 02/02: [DLAB-edge] Added terraform scripts for
project creation [Azure]
This is an automated email from the ASF dual-hosted git repository.
dmysakovets pushed a commit to branch DLAB-terraform
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 74239e889729f0cbf5bdbca62e0c95cd1f70bcee
Author: Demyan Mysakovets <de...@gmail.com>
AuthorDate: Fri Sep 27 15:22:44 2019 +0300
[DLAB-edge] Added terraform scripts for project creation [Azure]
---
.../terraform/azure/project/main/instance.tf | 194 ++---
.../terraform/azure/project/main/main.tf | 52 +-
.../terraform/azure/project/main/network.tf | 882 ++++++++++-----------
.../terraform/azure/project/main/variables.tf | 198 ++---
4 files changed, 663 insertions(+), 663 deletions(-)
diff --git a/infrastructure-provisioning/terraform/azure/project/main/instance.tf b/infrastructure-provisioning/terraform/azure/project/main/instance.tf
index e578e43..d7ec3aa 100644
--- a/infrastructure-provisioning/terraform/azure/project/main/instance.tf
+++ b/infrastructure-provisioning/terraform/azure/project/main/instance.tf
@@ -1,98 +1,98 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- node_name = "${var.service_base_name}-${var.project_tag}-edge"
- nic = "${var.service_base_name}-${var.project_tag}-edge-nic"
-}
-
-resource "azurerm_network_interface" "nic" {
- name = local.nic
- location = var.region
- resource_group_name = var.resource_group
- network_security_group_id = azurerm_network_security_group.edge_sg.id
-
- ip_configuration {
- name = "${local.nic}-IPconigurations"
- subnet_id = var.subnet_id
- #private_ip_address_allocation = "Dynamic"
- private_ip_address_allocation = "Static"
- private_ip_address = var.edge_private_ip
- public_ip_address_id = azurerm_public_ip.edge_ip.id
- }
-
- tags = {
- SBN = var.service_base_name
- Name = local.node_name
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_Tag = var.endpoint_tag
- Product = var.product
- User_Tag = var.user_tag
- Custom_Tag = var.custom_tag
- }
-}
-
-resource "azurerm_virtual_machine" "instance" {
- name = local.node_name
- location = var.region
- resource_group_name = var.resource_group
- network_interface_ids = [azurerm_network_interface.nic.id]
- vm_size = var.instance_type
-
- storage_os_disk {
- name = "${local.node_name}-disk0"
- caching = "ReadWrite"
- create_option = "FromImage"
- managed_disk_type = "Premium_LRS"
- }
-
- storage_image_reference {
- publisher = var.ami_publisher[var.os_env]
- offer = var.ami_offer[var.os_env]
- sku = var.ami_sku[var.os_env]
- version = var.ami_version[var.os_env]
- }
-
- os_profile {
- computer_name = local.node_name
- admin_username = var.initial_user
- }
-
- os_profile_linux_config {
- disable_password_authentication = true
- ssh_keys {
- path = "/home/${var.initial_user}/.ssh/authorized_keys"
- key_data = "${file("${var.ssh_key}")}"
- }
- }
-
- tags = {
- SBN = var.service_base_name
- Name = local.node_name
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_Tag = var.endpoint_tag
- Product = var.product
- User_Tag = var.user_tag
- Custom_Tag = var.custom_tag
- }
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+locals {
+ node_name = "${var.service_base_name}-${var.project_tag}-edge"
+ nic = "${var.service_base_name}-${var.project_tag}-edge-nic"
+}
+
+resource "azurerm_network_interface" "nic" {
+ name = local.nic
+ location = var.region
+ resource_group_name = var.resource_group
+ network_security_group_id = azurerm_network_security_group.edge_sg.id
+
+ ip_configuration {
+ name = "${local.nic}-IPconigurations"
+ subnet_id = var.subnet_id
+ #private_ip_address_allocation = "Dynamic"
+ private_ip_address_allocation = "Static"
+ private_ip_address = var.edge_private_ip
+ public_ip_address_id = azurerm_public_ip.edge_ip.id
+ }
+
+ tags = {
+ SBN = var.service_base_name
+ Name = local.node_name
+ Project_name = var.project_name
+ Project_tag = var.project_tag
+ Endpoint_Tag = var.endpoint_tag
+ Product = var.product
+ User_Tag = var.user_tag
+ Custom_Tag = var.custom_tag
+ }
+}
+
+resource "azurerm_virtual_machine" "instance" {
+ name = local.node_name
+ location = var.region
+ resource_group_name = var.resource_group
+ network_interface_ids = [azurerm_network_interface.nic.id]
+ vm_size = var.instance_type
+
+ storage_os_disk {
+ name = "${local.node_name}-disk0"
+ caching = "ReadWrite"
+ create_option = "FromImage"
+ managed_disk_type = "Premium_LRS"
+ }
+
+ storage_image_reference {
+ publisher = var.ami_publisher[var.os_env]
+ offer = var.ami_offer[var.os_env]
+ sku = var.ami_sku[var.os_env]
+ version = var.ami_version[var.os_env]
+ }
+
+ os_profile {
+ computer_name = local.node_name
+ admin_username = var.initial_user
+ }
+
+ os_profile_linux_config {
+ disable_password_authentication = true
+ ssh_keys {
+ path = "/home/${var.initial_user}/.ssh/authorized_keys"
+ key_data = "${file("${var.ssh_key}")}"
+ }
+ }
+
+ tags = {
+ SBN = var.service_base_name
+ Name = local.node_name
+ Project_name = var.project_name
+ Project_tag = var.project_tag
+ Endpoint_Tag = var.endpoint_tag
+ Product = var.product
+ User_Tag = var.user_tag
+ Custom_Tag = var.custom_tag
+ }
}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/project/main/main.tf b/infrastructure-provisioning/terraform/azure/project/main/main.tf
index f73aa75..249c945 100644
--- a/infrastructure-provisioning/terraform/azure/project/main/main.tf
+++ b/infrastructure-provisioning/terraform/azure/project/main/main.tf
@@ -1,27 +1,27 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-provider "azurerm" {
- subscription_id = var.subscription_id
- client_id = var.client_id
- client_secret = var.client_secret
- tenant_id = var.tenant_id
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/project/main/network.tf b/infrastructure-provisioning/terraform/azure/project/main/network.tf
index 1fc99c5..e1a93b1 100644
--- a/infrastructure-provisioning/terraform/azure/project/main/network.tf
+++ b/infrastructure-provisioning/terraform/azure/project/main/network.tf
@@ -1,442 +1,442 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-locals {
- edge_sg_name = "${var.service_base_name}-${var.project_tag}-edge-sg"
- edge_ip_name = "${var.service_base_name}-${var.project_tag}-edge-ip"
- ps_subnet_name = "${var.service_base_name}-${var.project_tag}-ps-subnet"
- ps_sg_name = "${var.service_base_name}-${var.project_tag}-ps-sg"
-}
-
-#################
-### Edge node ###
-#################
-
-resource "azurerm_public_ip" "edge_ip" {
- location = var.region
- name = local.edge_ip_name
- resource_group_name = var.resource_group
- allocation_method = "Static"
- tags = {
- SBN = var.service_base_name
- Name = local.edge_ip_name
- Project_tag = var.project_tag
- Endpoint_Tag = var.endpoint_tag
- Product = var.product
- User_Tag = var.user_tag
- Custom_Tag = var.custom_tag
- }
-}
-
-resource "azurerm_network_security_group" "edge_sg" {
- name = local.edge_sg_name
- location = var.region
- resource_group_name = var.resource_group
-
- security_rule {
- name = "in-1"
- priority = 100
- direction = "Inbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "${var.ps_cidr}"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "in-2"
- priority = 110
- direction = "Inbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "22"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "in-3"
- priority = 120
- direction = "Inbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "3128"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "in-4"
- priority = 130
- direction = "Inbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "80"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-1"
- priority = 100
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "22"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-2"
- priority = 110
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "8888"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-3"
- priority = 120
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "8080"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-4"
- priority = 130
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "8787"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-5"
- priority = 140
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "6006"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-6"
- priority = 150
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "20888"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-7"
- priority = 160
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "8088"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-8"
- priority = 170
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "18080"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-9"
- priority = 180
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "50070"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-10"
- priority = 190
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "8085"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-11"
- priority = 200
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "8081"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-12"
- priority = 210
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "4040-4140"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-13"
- priority = 220
- direction = "Outbound"
- access = "Allow"
- protocol = "UDP"
- source_port_range = "*"
- destination_port_range = "53"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-14"
- priority = 230
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "80"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-15"
- priority = 240
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "443"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-16"
- priority = 250
- direction = "Outbound"
- access = "Allow"
- protocol = "TCP"
- source_port_range = "*"
- destination_port_range = "389"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-17"
- priority = 260
- direction = "Outbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "8042"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-18"
- priority = 270
- direction = "Outbound"
- access = "Allow"
- protocol = "UDP"
- source_port_range = "*"
- destination_port_range = "123"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-19"
- priority = 280
- direction = "Outbound"
- access = "Deny"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-}
-
-############################################################
-### Explotratory environment and computational resources ###
-############################################################
-
-
-resource "azurerm_subnet" "ps_subnet" {
- name = local.ps_subnet_name
- resource_group_name = var.resource_group
- virtual_network_name = var.vpc_id
- address_prefix = var.ps_cidr
-}
-
-resource "azurerm_network_security_group" "ps_sg" {
- name = local.ps_sg_name
- location = var.region
- resource_group_name = var.resource_group
-
- security_rule {
- name = "in-1"
- priority = 100
- direction = "Inbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "${var.ps_cidr}"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "in-2"
- priority = 110
- direction = "Inbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "${var.edge_cidr}"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "in-3"
- priority = 200
- direction = "Inbound"
- access = "Deny"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-1"
- priority = 100
- direction = "Outbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "${var.ps_cidr}"
- }
-
- security_rule {
- name = "out-2"
- priority = 110
- direction = "Outbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "${var.edge_cidr}"
- }
-
- security_rule {
- name = "out-3"
- priority = 120
- direction = "Outbound"
- access = "Allow"
- protocol = "*"
- source_port_range = "443"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- security_rule {
- name = "out-4"
- priority = 200
- direction = "Outbound"
- access = "Deny"
- protocol = "*"
- source_port_range = "*"
- destination_port_range = "*"
- source_address_prefix = "*"
- destination_address_prefix = "*"
- }
-
- tags = {
- Name = local.ps_subnet_name
- SBN = var.service_base_name
- Product = var.product
- Project_name = var.project_name
- Project_tag = var.project_tag
- Endpoint_tag = var.endpoint_tag
- User_tag = var.user_tag
- Custom_tag = var.custom_tag
- }
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+locals {
+ edge_sg_name = "${var.service_base_name}-${var.project_tag}-edge-sg"
+ edge_ip_name = "${var.service_base_name}-${var.project_tag}-edge-ip"
+ ps_subnet_name = "${var.service_base_name}-${var.project_tag}-ps-subnet"
+ ps_sg_name = "${var.service_base_name}-${var.project_tag}-ps-sg"
+}
+
+#################
+### Edge node ###
+#################
+
+resource "azurerm_public_ip" "edge_ip" {
+ location = var.region
+ name = local.edge_ip_name
+ resource_group_name = var.resource_group
+ allocation_method = "Static"
+ tags = {
+ SBN = var.service_base_name
+ Name = local.edge_ip_name
+ Project_tag = var.project_tag
+ Endpoint_Tag = var.endpoint_tag
+ Product = var.product
+ User_Tag = var.user_tag
+ Custom_Tag = var.custom_tag
+ }
+}
+
+resource "azurerm_network_security_group" "edge_sg" {
+ name = local.edge_sg_name
+ location = var.region
+ resource_group_name = var.resource_group
+
+ security_rule {
+ name = "in-1"
+ priority = 100
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "${var.ps_cidr}"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "in-2"
+ priority = 110
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "22"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "in-3"
+ priority = 120
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "3128"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "in-4"
+ priority = 130
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "80"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-1"
+ priority = 100
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "22"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-2"
+ priority = 110
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "8888"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-3"
+ priority = 120
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "8080"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-4"
+ priority = 130
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "8787"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-5"
+ priority = 140
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "6006"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-6"
+ priority = 150
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "20888"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-7"
+ priority = 160
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "8088"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-8"
+ priority = 170
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "18080"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-9"
+ priority = 180
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "50070"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-10"
+ priority = 190
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "8085"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-11"
+ priority = 200
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "8081"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-12"
+ priority = 210
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "4040-4140"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-13"
+ priority = 220
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "UDP"
+ source_port_range = "*"
+ destination_port_range = "53"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-14"
+ priority = 230
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "80"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-15"
+ priority = 240
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "443"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-16"
+ priority = 250
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "TCP"
+ source_port_range = "*"
+ destination_port_range = "389"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-17"
+ priority = 260
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "8042"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-18"
+ priority = 270
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "UDP"
+ source_port_range = "*"
+ destination_port_range = "123"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-19"
+ priority = 280
+ direction = "Outbound"
+ access = "Deny"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+}
+
+############################################################
+### Explotratory environment and computational resources ###
+############################################################
+
+
+resource "azurerm_subnet" "ps_subnet" {
+ name = local.ps_subnet_name
+ resource_group_name = var.resource_group
+ virtual_network_name = var.vpc_id
+ address_prefix = var.ps_cidr
+}
+
+resource "azurerm_network_security_group" "ps_sg" {
+ name = local.ps_sg_name
+ location = var.region
+ resource_group_name = var.resource_group
+
+ security_rule {
+ name = "in-1"
+ priority = 100
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "${var.ps_cidr}"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "in-2"
+ priority = 110
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "${var.edge_cidr}"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "in-3"
+ priority = 200
+ direction = "Inbound"
+ access = "Deny"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-1"
+ priority = 100
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.ps_cidr}"
+ }
+
+ security_rule {
+ name = "out-2"
+ priority = 110
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "*"
+ destination_address_prefix = "${var.edge_cidr}"
+ }
+
+ security_rule {
+ name = "out-3"
+ priority = 120
+ direction = "Outbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_range = "443"
+ destination_port_range = "*"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ security_rule {
+ name = "out-4"
+ priority = 200
+ direction = "Outbound"
+ access = "Deny"
+ protocol = "*"
+ source_port_range = "*"
+ destination_port_range = "*"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+
+ tags = {
+ Name = local.ps_subnet_name
+ SBN = var.service_base_name
+ Product = var.product
+ Project_name = var.project_name
+ Project_tag = var.project_tag
+ Endpoint_tag = var.endpoint_tag
+ User_tag = var.user_tag
+ Custom_tag = var.custom_tag
+ }
}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/azure/project/main/variables.tf b/infrastructure-provisioning/terraform/azure/project/main/variables.tf
index 401fcd4..e3395fd 100644
--- a/infrastructure-provisioning/terraform/azure/project/main/variables.tf
+++ b/infrastructure-provisioning/terraform/azure/project/main/variables.tf
@@ -1,100 +1,100 @@
-# *****************************************************************************
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# ******************************************************************************
-
-variable "subscription_id" {}
-
-variable "client_id" {}
-
-variable "client_secret" {}
-
-variable "tenant_id" {}
-
-variable "service_base_name" {}
-
-variable "resource_group" {}
-
-variable "project_name" {}
-
-variable "project_tag" {}
-
-variable "endpoint_tag" {}
-
-variable "user_tag" {}
-
-variable "custom_tag" {}
-
-variable "os_env" {}
-
-variable "region" {}
-
-variable "product" {}
-
-variable "vpc_id" {}
-
-variable "subnet_id" {}
-
-variable "ps_cidr" {}
-
-variable "edge_cidr" {}
-
-variable "edge_private_ip" {}
-
-variable "instance_type" {}
-
-variable "ssh_key" {}
-
-variable "initial_user" {}
-
-variable "ami_publisher" {
- type = "map"
- default = {
- debian = "Canonical"
- redhat = "RedHat"
- custom = ""
- }
-}
-
-variable "ami_offer" {
- type = "map"
- default = {
- debian = "UbuntuServer"
- redhat = "RHEL"
- custom = ""
- }
-}
-
-variable "ami_sku" {
- type = "map"
- default = {
- debian = "16.04-LTS"
- redhat = "7.3"
- custom = ""
- }
-}
-
-variable "ami_version" {
- type = "map"
- default = {
- debian = "16.04.201907290"
- redhat = "7.3.2017090800"
- custom = ""
- }
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+variable "subscription_id" {}
+
+variable "client_id" {}
+
+variable "client_secret" {}
+
+variable "tenant_id" {}
+
+variable "service_base_name" {}
+
+variable "resource_group" {}
+
+variable "project_name" {}
+
+variable "project_tag" {}
+
+variable "endpoint_tag" {}
+
+variable "user_tag" {}
+
+variable "custom_tag" {}
+
+variable "os_env" {}
+
+variable "region" {}
+
+variable "product" {}
+
+variable "vpc_id" {}
+
+variable "subnet_id" {}
+
+variable "ps_cidr" {}
+
+variable "edge_cidr" {}
+
+variable "edge_private_ip" {}
+
+variable "instance_type" {}
+
+variable "ssh_key" {}
+
+variable "initial_user" {}
+
+variable "ami_publisher" {
+ type = "map"
+ default = {
+ debian = "Canonical"
+ redhat = "RedHat"
+ custom = ""
+ }
+}
+
+variable "ami_offer" {
+ type = "map"
+ default = {
+ debian = "UbuntuServer"
+ redhat = "RHEL"
+ custom = ""
+ }
+}
+
+variable "ami_sku" {
+ type = "map"
+ default = {
+ debian = "16.04-LTS"
+ redhat = "7.3"
+ custom = ""
+ }
+}
+
+variable "ami_version" {
+ type = "map"
+ default = {
+ debian = "16.04.201907290"
+ redhat = "7.3.2017090800"
+ custom = ""
+ }
}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org