Remove all cell access restrictions in terraform deploy

sclevine · sclevine · commit 3ddb5e7af807 · 2015-09-11T15:42:35.000-04:00
- These will be re-enabled in a later release

[Finishes #103224632]
diff --git a/README.md b/README.md
@@ -212,8 +212,6 @@ This repository contains several [Terraform](https://www.terraform.io/) template
   v0.3.0  | Terraform 0.6.1
   v0.2.7  | Terraform 0.6.1
 
-> As of v0.4.1, direct access to Lattice cells will be restricted to private addresses within the cluster.
-
 ## Deploying
 
 Here are some step-by-step instructions for deploying a Lattice cluster via Terraform:
diff --git a/terraform/aws/resources.tf b/terraform/aws/resources.tf
@@ -160,11 +160,6 @@ resource "aws_instance" "cell" {
         destination = "/tmp/install-from-tar"
     }
 
-    provisioner "file" {
-        source = "${path.module}/../scripts/remote/cell-iptables"
-        destination = "/tmp/cell-iptables"
-    }
-
     provisioner "remote-exec" {
         inline = [
             "sudo mkdir -p /var/lattice/setup",
@@ -173,9 +168,8 @@ resource "aws_instance" "cell" {
             "sudo sh -c 'echo \"LATTICE_CELL_ID=cell-${count.index}\" >> /var/lattice/setup/lattice-environment'",
             "sudo sh -c 'echo \"GARDEN_EXTERNAL_IP=$(hostname -I | awk '\"'\"'{ print $1 }'\"'\"')\" >> /var/lattice/setup/lattice-environment'",
 
-            "sudo chmod +x /tmp/install-from-tar /tmp/cell-iptables",
-            "sudo /tmp/install-from-tar cell",
-            "sudo /tmp/cell-iptables ${aws_instance.lattice-brain.private_ip}",
+            "sudo chmod +x /tmp/install-from-tar",
+            "sudo /tmp/install-from-tar cell"
         ]
     }
 }
diff --git a/terraform/digitalocean/resources.tf b/terraform/digitalocean/resources.tf
@@ -48,7 +48,7 @@ resource "digitalocean_droplet" "lattice-brain" {
             "sudo sh -c 'echo \"LATTICE_PASSWORD=${var.lattice_password}\" >> /var/lattice/setup/lattice-environment'",
             "sudo sh -c 'echo \"CONSUL_SERVER_IP=${digitalocean_droplet.lattice-brain.ipv4_address}\" >> /var/lattice/setup/lattice-environment'",
             "sudo sh -c 'echo \"SYSTEM_DOMAIN=${digitalocean_droplet.lattice-brain.ipv4_address}.xip.io\" >> /var/lattice/setup/lattice-environment'",
-  
+
             "sudo apt-get -y install lighttpd lighttpd-mod-webdav",
             "sudo chmod 755 /tmp/install-from-tar",
             "sudo /tmp/install-from-tar brain",
@@ -85,11 +85,6 @@ resource "digitalocean_droplet" "cell" {
         destination = "/tmp/install-from-tar"
     }
 
-    provisioner "file" {
-        source = "${path.module}/../scripts/remote/cell-iptables"
-        destination = "/tmp/cell-iptables"
-    }
-
     provisioner "remote-exec" {
         inline = [
             "sudo apt-get update",
@@ -113,9 +108,8 @@ resource "digitalocean_droplet" "cell" {
             "sudo sh -c 'echo \"LATTICE_CELL_ID=cell-${count.index}\" >> /var/lattice/setup/lattice-environment'",
             "sudo sh -c 'echo \"GARDEN_EXTERNAL_IP=$(hostname -I | awk '\"'\"'{ print $1 }'\"'\"')\" >> /var/lattice/setup/lattice-environment'",
 
-            "sudo chmod +x /tmp/install-from-tar /tmp/cell-iptables",
-            "sudo /tmp/install-from-tar cell",
-            "sudo /tmp/cell-iptables ${digitalocean_droplet.lattice-brain.ipv4_address}",
+            "sudo chmod +x /tmp/install-from-tar",
+            "sudo /tmp/install-from-tar cell"
         ]
     }
 }
diff --git a/terraform/google/resources.tf b/terraform/google/resources.tf
@@ -125,11 +125,6 @@ resource "google_compute_instance" "cell" {
         destination = "/tmp/install-from-tar"
     }
 
-    provisioner "file" {
-        source = "${path.module}/../scripts/remote/cell-iptables"
-        destination = "/tmp/cell-iptables"
-    }
-
     provisioner "remote-exec" {
         inline = [
             "sudo apt-get update",
@@ -153,9 +148,8 @@ resource "google_compute_instance" "cell" {
             "sudo sh -c 'echo \"LATTICE_CELL_ID=cell-${count.index}\" >> /var/lattice/setup/lattice-environment'",
             "sudo sh -c 'echo \"GARDEN_EXTERNAL_IP=$(hostname -I | awk '\"'\"'{ print $1 }'\"'\"')\" >> /var/lattice/setup/lattice-environment'",
 
-            "sudo chmod +x /tmp/install-from-tar /tmp/cell-iptables",
-            "sudo /tmp/install-from-tar cell",
-            "sudo /tmp/cell-iptables ${google_compute_address.lattice-brain.address}",
+            "sudo chmod +x /tmp/install-from-tar",
+            "sudo /tmp/install-from-tar cell"
         ]
     }
 }
diff --git a/terraform/openstack/resources.tf b/terraform/openstack/resources.tf
@@ -178,11 +178,6 @@ resource "openstack_compute_instance_v2" "lattice-cell" {
       destination = "/tmp/install-from-tar"
     }
 
-    provisioner "file" {
-        source = "${path.module}/../scripts/remote/cell-iptables"
-        destination = "/tmp/cell-iptables"
-    }
-
     provisioner "remote-exec" {
         inline = [
             "sudo apt-get update",
@@ -200,9 +195,8 @@ resource "openstack_compute_instance_v2" "lattice-cell" {
             "sudo sh -c 'echo \"LATTICE_CELL_ID=lattice-cell-${count.index}\" >> /var/lattice/setup/lattice-environment'",
             "sudo sh -c 'echo \"GARDEN_EXTERNAL_IP=$(hostname -I | awk '\"'\"'{ print $1 }'\"'\"')\" >> /var/lattice/setup/lattice-environment'",
 
-            "sudo chmod +x /tmp/install-from-tar /tmp/cell-iptables",
-            "sudo /tmp/install-from-tar cell",
-            "sudo /tmp/cell-iptables ${openstack_compute_instance_v2.lattice-coordinator.access_ip_v4}",
+            "sudo chmod +x /tmp/install-from-tar",
+            "sudo /tmp/install-from-tar cell"
         ]
     }
 }
diff --git a/terraform/scripts/remote/cell-iptables b/terraform/scripts/remote/cell-iptables

Original file line number	Diff line number	Diff line change
`@@ -160,11 +160,6 @@ resource "aws_instance" "cell" {`
`160`	`160`	`destination = "/tmp/install-from-tar"`
`161`	`161`	`}`
`162`	`162`
`163`		`- provisioner "file" {`
`164`		`- source = "${path.module}/../scripts/remote/cell-iptables"`
`165`		`- destination = "/tmp/cell-iptables"`
`166`		`- }`
`167`		`-`
`168`	`163`	`provisioner "remote-exec" {`
`169`	`164`	`inline = [`
`170`	`165`	`"sudo mkdir -p /var/lattice/setup",`
`@@ -173,9 +168,8 @@ resource "aws_instance" "cell" {`
`173`	`168`	`"sudo sh -c 'echo \"LATTICE_CELL_ID=cell-${count.index}\" >> /var/lattice/setup/lattice-environment'",`
`174`	`169`	`"sudo sh -c 'echo \"GARDEN_EXTERNAL_IP=$(hostname -I \| awk '\"'\"'{ print $1 }'\"'\"')\" >> /var/lattice/setup/lattice-environment'",`
`175`	`170`
`176`		`- "sudo chmod +x /tmp/install-from-tar /tmp/cell-iptables",`
`177`		`- "sudo /tmp/install-from-tar cell",`
`178`		`- "sudo /tmp/cell-iptables ${aws_instance.lattice-brain.private_ip}",`
	`171`	`+ "sudo chmod +x /tmp/install-from-tar",`
	`172`	`+ "sudo /tmp/install-from-tar cell"`
`179`	`173`	`]`
`180`	`174`	`}`
`181`	`175`	`}`
Original file line number	Diff line number	Diff line change
`@@ -125,11 +125,6 @@ resource "google_compute_instance" "cell" {`
`125`	`125`	`destination = "/tmp/install-from-tar"`
`126`	`126`	`}`
`127`	`127`
`128`		`- provisioner "file" {`
`129`		`- source = "${path.module}/../scripts/remote/cell-iptables"`
`130`		`- destination = "/tmp/cell-iptables"`
`131`		`- }`
`132`		`-`
`133`	`128`	`provisioner "remote-exec" {`
`134`	`129`	`inline = [`
`135`	`130`	`"sudo apt-get update",`
`@@ -153,9 +148,8 @@ resource "google_compute_instance" "cell" {`
`153`	`148`	`"sudo sh -c 'echo \"LATTICE_CELL_ID=cell-${count.index}\" >> /var/lattice/setup/lattice-environment'",`
`154`	`149`	`"sudo sh -c 'echo \"GARDEN_EXTERNAL_IP=$(hostname -I \| awk '\"'\"'{ print $1 }'\"'\"')\" >> /var/lattice/setup/lattice-environment'",`
`155`	`150`
`156`		`- "sudo chmod +x /tmp/install-from-tar /tmp/cell-iptables",`
`157`		`- "sudo /tmp/install-from-tar cell",`
`158`		`- "sudo /tmp/cell-iptables ${google_compute_address.lattice-brain.address}",`
	`151`	`+ "sudo chmod +x /tmp/install-from-tar",`
	`152`	`+ "sudo /tmp/install-from-tar cell"`
`159`	`153`	`]`
`160`	`154`	`}`
`161`	`155`	`}`
Original file line number	Diff line number	Diff line change
`@@ -178,11 +178,6 @@ resource "openstack_compute_instance_v2" "lattice-cell" {`
`178`	`178`	`destination = "/tmp/install-from-tar"`
`179`	`179`	`}`
`180`	`180`
`181`		`- provisioner "file" {`
`182`		`- source = "${path.module}/../scripts/remote/cell-iptables"`
`183`		`- destination = "/tmp/cell-iptables"`
`184`		`- }`
`185`		`-`
`186`	`181`	`provisioner "remote-exec" {`
`187`	`182`	`inline = [`
`188`	`183`	`"sudo apt-get update",`
`@@ -200,9 +195,8 @@ resource "openstack_compute_instance_v2" "lattice-cell" {`
`200`	`195`	`"sudo sh -c 'echo \"LATTICE_CELL_ID=lattice-cell-${count.index}\" >> /var/lattice/setup/lattice-environment'",`
`201`	`196`	`"sudo sh -c 'echo \"GARDEN_EXTERNAL_IP=$(hostname -I \| awk '\"'\"'{ print $1 }'\"'\"')\" >> /var/lattice/setup/lattice-environment'",`
`202`	`197`
`203`		`- "sudo chmod +x /tmp/install-from-tar /tmp/cell-iptables",`
`204`		`- "sudo /tmp/install-from-tar cell",`
`205`		`- "sudo /tmp/cell-iptables ${openstack_compute_instance_v2.lattice-coordinator.access_ip_v4}",`
	`198`	`+ "sudo chmod +x /tmp/install-from-tar",`
	`199`	`+ "sudo /tmp/install-from-tar cell"`
`206`	`200`	`]`
`207`	`201`	`}`
`208`	`202`	`}`