changes
This commit is contained in:
parent
fdfb2cdf60
commit
248f554aed
5 changed files with 12 additions and 16 deletions
|
|
@ -63,7 +63,7 @@ resource "stackit_network_interface" "wan" {
|
|||
name = "MGMT"
|
||||
ipv4 = "10.220.131.10"
|
||||
allowed_addresses = ["10.220.131.30/32"]
|
||||
security_group_ids = ["92fc0cad-1a6f-495f-89da-2a12100bea68"]
|
||||
security_group_ids = [stackit_security_group.paloalto.security_group_id]
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -89,7 +89,7 @@ resource "stackit_network_interface" "wan2" {
|
|||
name = "WAN2"
|
||||
ipv4 = "10.220.131.20"
|
||||
allowed_addresses = ["10.220.131.30/32"]
|
||||
security_group_ids = ["92fc0cad-1a6f-495f-89da-2a12100bea68"]
|
||||
security_group_ids = [stackit_security_group.paloalto.security_group_id]
|
||||
}
|
||||
|
||||
resource "stackit_network_interface" "vip" {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ variable "organization_id" {
|
|||
}
|
||||
|
||||
variable "service_account_key_path" {
|
||||
default = "~/.stackit/credentials.json"
|
||||
default = "/Users/sodan/.stackit/credentials.json"
|
||||
}
|
||||
|
||||
variable "default_region" {
|
||||
|
|
|
|||
18
README.md
18
README.md
|
|
@ -1,12 +1,8 @@
|
|||
1. terraform files for deploying the hengeler project
|
||||
2. terraform files for add a palo alto fw
|
||||
3. currently splitted because of 2 internal bugs in stackit cli and terraform but should be fixed now .... so code can be changed.
|
||||
|
||||
Todo:
|
||||
|
||||
- activate the project module that you only need one terraform run and one set of terraform state files
|
||||
- the state files must be secured and backuped to an S3 Object Store.
|
||||
-
|
||||
|
||||
|
||||
1. terraform files for deploying two paloAlto Firewalls in a HA Setup
|
||||
- important thing is to enable port_security on the interfaces which will hold the vip
|
||||
- the interface with the VIP must not be attached to a server!
|
||||
- also the internal VIP IP has to be added as allowed_address, otherwise the move of the floating IP will not work.
|
||||
It is not possible to a CIDR here. The IP must be set with /32.
|
||||
- if you enable port_security also a security rule must be added with the relevant rules.
|
||||
- the interfaces are added to the same network on firewall 1 and 2 for HA.
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
resource "time_sleep" "wait_before_destroy" {
|
||||
destroy_duration = "10s"
|
||||
destroy_duration = "60s"
|
||||
}
|
||||
|
||||
resource "stackit_network_area" "sna" {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ variable "organization_id" {
|
|||
}
|
||||
|
||||
variable "service_account_key_path" {
|
||||
default = "~/.stackit/credentials.json"
|
||||
default = "/Users/sodan/.stackit/credentials.json"
|
||||
}
|
||||
|
||||
variable "default_region" {
|
||||
|
|
|
|||
Loading…
Reference in a new issue