changes
This commit is contained in:
parent
fdfb2cdf60
commit
248f554aed
5 changed files with 12 additions and 16 deletions
|
|
@ -63,7 +63,7 @@ resource "stackit_network_interface" "wan" {
|
||||||
name = "MGMT"
|
name = "MGMT"
|
||||||
ipv4 = "10.220.131.10"
|
ipv4 = "10.220.131.10"
|
||||||
allowed_addresses = ["10.220.131.30/32"]
|
allowed_addresses = ["10.220.131.30/32"]
|
||||||
security_group_ids = ["92fc0cad-1a6f-495f-89da-2a12100bea68"]
|
security_group_ids = [stackit_security_group.paloalto.security_group_id]
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -89,7 +89,7 @@ resource "stackit_network_interface" "wan2" {
|
||||||
name = "WAN2"
|
name = "WAN2"
|
||||||
ipv4 = "10.220.131.20"
|
ipv4 = "10.220.131.20"
|
||||||
allowed_addresses = ["10.220.131.30/32"]
|
allowed_addresses = ["10.220.131.30/32"]
|
||||||
security_group_ids = ["92fc0cad-1a6f-495f-89da-2a12100bea68"]
|
security_group_ids = [stackit_security_group.paloalto.security_group_id]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "stackit_network_interface" "vip" {
|
resource "stackit_network_interface" "vip" {
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@ variable "organization_id" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "service_account_key_path" {
|
variable "service_account_key_path" {
|
||||||
default = "~/.stackit/credentials.json"
|
default = "/Users/sodan/.stackit/credentials.json"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "default_region" {
|
variable "default_region" {
|
||||||
|
|
|
||||||
18
README.md
18
README.md
|
|
@ -1,12 +1,8 @@
|
||||||
1. terraform files for deploying the hengeler project
|
1. terraform files for deploying two paloAlto Firewalls in a HA Setup
|
||||||
2. terraform files for add a palo alto fw
|
- important thing is to enable port_security on the interfaces which will hold the vip
|
||||||
3. currently splitted because of 2 internal bugs in stackit cli and terraform but should be fixed now .... so code can be changed.
|
- the interface with the VIP must not be attached to a server!
|
||||||
|
- also the internal VIP IP has to be added as allowed_address, otherwise the move of the floating IP will not work.
|
||||||
Todo:
|
It is not possible to a CIDR here. The IP must be set with /32.
|
||||||
|
- if you enable port_security also a security rule must be added with the relevant rules.
|
||||||
- activate the project module that you only need one terraform run and one set of terraform state files
|
- the interfaces are added to the same network on firewall 1 and 2 for HA.
|
||||||
- the state files must be secured and backuped to an S3 Object Store.
|
|
||||||
-
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
resource "time_sleep" "wait_before_destroy" {
|
resource "time_sleep" "wait_before_destroy" {
|
||||||
destroy_duration = "10s"
|
destroy_duration = "60s"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "stackit_network_area" "sna" {
|
resource "stackit_network_area" "sna" {
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@ variable "organization_id" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "service_account_key_path" {
|
variable "service_account_key_path" {
|
||||||
default = "~/.stackit/credentials.json"
|
default = "/Users/sodan/.stackit/credentials.json"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "default_region" {
|
variable "default_region" {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue