Skip to content

Instantly share code, notes, and snippets.

@davebiffuk
Created February 2, 2018 15:11
Show Gist options
  • Save davebiffuk/7447d3edb81aef94a81b37c672c12c1e to your computer and use it in GitHub Desktop.
Save davebiffuk/7447d3edb81aef94a81b37c672c12c1e to your computer and use it in GitHub Desktop.
Terraform template for security group
variable "count" {
default = 1
}
variable "flavor" {
default = "m1.small"
}
resource "openstack_networking_floatingip_v2" "fip" {
count = "${var.count}"
pool = "nova"
}
resource "openstack_networking_secgroup_v2" "secgroup" {
name = "tf_wideopen"
description = "wide open provisioned by terraform"
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp" {
direction = "ingress"
ethertype = "IPv4"
protocol = "icmp"
remote_ip_prefix = "0.0.0.0/0"
security_group_id = "${openstack_networking_secgroup_v2.secgroup.id}"
}
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_tcp" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
remote_ip_prefix = "0.0.0.0/0"
security_group_id = "${openstack_networking_secgroup_v2.secgroup.id}"
}
resource "openstack_compute_instance_v2" "dh3tf" {
name = "${format("dh3tf-%02d", count.index)}"
count = "${var.count}"
image_id = "0fea53f3-a79f-459f-9c52-9ed49d537170"
flavor_name = "${var.flavor}"
key_pair = "dh3-set1"
#
# if the security group is specified by ID, terraform constantly
# thinks it needs to reapply it
security_groups = ["${openstack_networking_secgroup_v2.secgroup.id}"]
#
# if the security group is specified by name, the misbehaviour
# is not observed, and terraform doesn't try to make unneeded changes
#security_groups = ["${openstack_networking_secgroup_v2.secgroup.name}"]
#
user_data = "${format("#cloud-config\nhostname: dh3tf-%02d", count.index)}"
network {
uuid = "01a342ae-f7c8-4709-bb6f-eb89506da6b4"
}
}
resource "openstack_compute_floatingip_associate_v2" "fip" {
count = "${var.count}"
# it's important to use the array syntax not element(), or existing floating IPs
# get deleted and recreated when count is changed and the plan is reapplied
floating_ip = "${openstack_networking_floatingip_v2.fip.*.address[count.index]}"
instance_id = "${openstack_compute_instance_v2.dh3tf.*.id[count.index]}"
}
output "floating_ip" {
value = "${openstack_networking_floatingip_v2.fip.*.address}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment