Skip to main content

Terraform openstack open ICMP rule

By
In general when opening ICMP rule for security groups we generally use the following configuration:

Port: -1

Protocol: icmp

CIDR: 0.0.0.0/0

But with the openstack terraform when using a negative value for port throws the following error:

module.compute.instance.openstack_compute_floatingip_associate_v2.floating_ip_assoc: Creation complete (ID: 10.43.14.187/0e48f51d-6dc0-479d-9481-358e5f739dac/)
Error applying plan:

1 error(s) occurred:

  • module.network.module.sg.openstack_networking_secgroup_rule_v2.secgroup_rule_test: 1 error(s) occurred:

  • openstack_networking_secgroup_rule_v2.secgroup_rule_test: Invalid request due to incorrect syntax or missing required parameters.


The correct way to open ICMP rule is as follows:
resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_test" {
  direction = "ingress"
  ethertype = "IPv4"
  protocol = "icmp"
  port_range_min = "0"
  port_range_max = "0"
  remote_ip_prefix = "0.0.0.0/0"
  security_group_id = "${openstack_compute_secgroup_v2.default_secgroup.id}"
}

Given that the security group is pre-created with following configuration:

resource "openstack_compute_secgroup_v2" "default_secgroup" {
name = "sg-${var.env}-${var.id}"
description = "Default security group"

}

 
Labels:

Comments

Post a Comment

Popular posts from this blog

Saltstack and Vault integration

By
First install and configure vault using this tutorial: https://apassionatechie.wordpress.com/2017/03/05/hashicorp-vault/ Use the latest version of vault. Then install salt using the steps given here: https://docs.saltstack.com/en/latest/topics/installation/ If you face any issues then refer these links: https://apassionatechie.wordpress.com/2017/07/31/salt-issues/ https://apassionatechie.wordpress.com/2017/08/03/salt-stack-formulas/ Now let's integrate vault and salt so that we can access vault secrets from inside salt state. First let's add some key values into our vault. vault write secret/ssh/user1 password="abc123" Then you can check it by reading: vault read secret/ssh/user1 To allow salt to access your secrets you must firstly create a policy as follows: salt-policy.hcl [code] path "secret/*" { capabilities = ["read", "list"] } path "auth/*" { capabilities = ["read", "list","sudo",...
2 comments
Read more

Salt stack issues

By
The function “state.apply” is running as PID Restart salt-minion with command:  service salt-minion restart No matching sls found for ‘init’ in env ‘base’ Add top.sls file in the directory where your main sls file is present. Create the file as follows: 1 2 3 base: 'web*' : - apache If the sls is present in a subdirectory elasticsearch/init.sls then write the top.sls as: 1 2 3 base: '*' : - elasticsearch.init How to execute saltstack-formulas create file  /srv/pillar/top.sls  with content: base : ' * ' : - salt create file  /srv/pillar/salt.sls  with content: salt : master : worker_threads : 2 fileserver_backend : - roots - git gitfs_remotes : - git://github.com/saltstack-formulas/epel-formula.git - git://github.com/saltstack-formulas/git-formula.git - git://github.com/saltstack-formulas/nano-formula.git - git://github.com/saltstack-f...
12 comments
Read more

How to grep the output of cURL?

By
curl writes the output to stderr, so redirect that and also suppress the progress: curl - v -- silent https :// google . com / 2 >& 1 | grep expire The reason why  curl  writes the information to stderr is so you can do: curl <url> | someprgram  without that information clobbering the input of  someprogram It is possible to use  --stderr -  as parameter, to redirect the output from stderr (default) to stdout. With this option you also should use  --silent  to suppress the progress bar. $ curl - v -- silent https :// google . com / -- stderr - | grep expire * expire date : 2015 - 09 - 01 00 : 00 : 00 GMT  
Post a Comment
Read more