fix: allow egress to Puppetmaster for all VMs (jenkins-infra#562)

Signed-off-by: Damien Duportal <[email protected]>
dduportal · Aug 8, 2024 · 92e4d1e · 92e4d1e
1 parent 055dc92
commit 92e4d1e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/.shared-tools b/.shared-tools
diff --git a/network.tf b/network.tf
@@ -83,3 +83,15 @@ resource "aws_vpc_security_group_egress_rule" "allow_https_to_internet" {
   ip_protocol = "tcp"
   to_port     = 443
 }
+
+resource "aws_vpc_security_group_egress_rule" "allow_puppet_to_puppetmaster" {
+  description       = "Allow Puppet protocol to the Puppet master"
+  security_group_id = aws_security_group.unrestricted_http.id
+
+  # Ref. https://github.com/jenkins-infra/azure/blob/main/puppet.jenkins.io.tf
+  # TODO: automate retrieval of this IP with updatecli
+  cidr_ipv4   = "20.12.27.65/32"
+  from_port   = 8140
+  ip_protocol = "tcp"
+  to_port     = 8140
+}
+5 −0		terraform/modules/azure-jenkinsinfra-azurevm-agents/main.tf
+1 −1		terraform/modules/jenkins-infra-shared-data/outputs.tf