Update lb sg

2024-11-05 22:38:41 +01:00 · 2024-11-05 22:38:41 +01:00 · 956deed67a
parent 888f20a67b
commit 956deed67a
2 changed files with 38 additions and 3 deletions
--- a/IaC-test/securitygroups-lb.tf
+++ b/IaC-test/securitygroups-lb.tf
@ -12,7 +12,7 @@ resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule_v4_dco" {
  port_range_min    = "8443"
  port_range_max    = "8443"
  provider          = openstack.dco
-  remote_ip_prefix  = "87.251.31.153/32"
+  remote_ip_prefix  = "87.251.31.118/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
 }

@ -23,6 +23,41 @@ resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule2_v4_dco" {
  port_range_min    = "16443"
  port_range_max    = "16443"
  provider          = openstack.dco
-  remote_ip_prefix  = "87.251.31.153/32"
+  remote_ip_prefix  = "87.251.31.118/32"
+  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
+}
+
+# From mgmt1
+
+resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule3_v4_dco" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "16443"
+  port_range_max    = "16443"
+  provider          = openstack.dco
+  remote_ip_prefix  = "89.47.191.66/32"
+  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule4_v4_dco" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "80"
+  port_range_max    = "80"
+  provider          = openstack.dco
+  remote_ip_prefix  = "89.47.191.66/32"
+  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule5_v4_dco" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "443"
+  port_range_max    = "443"
+  provider          = openstack.dco
+  remote_ip_prefix  = "89.47.191.66/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
 }
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@ -70,4 +70,4 @@
  matrix::podmanhost:
    rootless: true
    rlusers:
-      - 'matrixinstaller'
+      - matrixinstaller