Skip to content

Commit f5a61f2

Browse files
Mahuwa-BarmanMahuwa-Barman
authored
fixes_in_create_nsg.sh (#114)
1 parent 3547d0b commit f5a61f2

File tree

1 file changed

+32
-1
lines changed

1 file changed

+32
-1
lines changed

utils/create_nsg.sh

Lines changed: 32 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -396,6 +396,37 @@ EOF
396396
echo -e "Adding IDCS Security Rule to access CLOUD GATE port in Managed Server Network Security Group $managed_server_nsg_ocid..."
397397
oci network nsg rules add --nsg-id $managed_server_nsg_ocid --security-rules file://$IDCS_RULES_FILE
398398
fi
399+
400+
# Create security rule for IDCS - Open CLOUDGATE GATE PORT from LB AD subnet2 in MANAGED SERVER NSG
401+
if [[ -n $lbsubnet_availability_domain && $is_private_lb = false ]]
402+
then
403+
if [[ -n ${LB_SUBNET2_OCID} ]]
404+
then
405+
lbsubnet2_cidr_block=$(oci network subnet get --subnet-id "${LB_SUBNET2_OCID}" | jq -r '.data["cidr-block"]')
406+
IDCS_RULES_FILE2=$(mktemp)
407+
cat > ${IDCS_RULES_FILE2} << EOF
408+
[{
409+
"description": "TCP traffic for cloudgate port",
410+
"direction": "INGRESS",
411+
"isStateless": "false",
412+
"protocol": "6",
413+
"sourceType": "CIDR_BLOCK",
414+
"source": "$lbsubnet2_cidr_block",
415+
"tcpOptions": {
416+
"destinationPortRange": {
417+
"min": "$CLOUDGATE_PORT",
418+
"max": "$CLOUDGATE_PORT"
419+
}
420+
}
421+
}]
422+
EOF
423+
if [[ -n $managed_server_nsg_ocid ]]
424+
then
425+
echo -e "Adding IDCS Security Rule to access CLOUD GATE port in Managed Server Network Security Group $managed_server_nsg_ocid..."
426+
oci network nsg rules add --nsg-id $managed_server_nsg_ocid --security-rules file://$IDCS_RULES_FILE2
427+
fi
428+
fi
429+
fi
399430
fi
400431
# Load Balancer NSG
401432
network_security_group_name="load_balancer_nsg"
@@ -450,7 +481,7 @@ EOF
450481
}]
451482
EOF
452483
echo -e "Adding LB Security Rules to access MS HTTP port for AD subnet in Admin Server Network Security Group $admin_server_nsg_ocid..."
453-
oci network nsg rules add --nsg-id $admin_server_nsg_ocid --security-rules file://$WLS_MS_RULES_FILE2
484+
oci network nsg rules add --nsg-id $managed_server_nsg_ocid --security-rules file://$WLS_MS_RULES_FILE2
454485
fi
455486
fi
456487
fi

0 commit comments

Comments
 (0)