From 95f4326f9a595266c2ceb795b91cb7bdd3f798bf Mon Sep 17 00:00:00 2001 From: cruizba Date: Fri, 10 Oct 2025 14:51:55 +0200 Subject: [PATCH] openvidu-deployment: elastic & ha - Add security group ingress rules for media and master node communication 7880 --- .../pro/elastic/aws/cf-openvidu-elastic.yaml | 9 ++++++ .../elastic/azure/cf-openvidu-elastic.bicep | 23 ++++++++++++++ .../elastic/azure/cf-openvidu-elastic.json | 30 ++++++++++++++++++- .../pro/ha/aws/cf-openvidu-ha.yaml | 9 ++++++ .../pro/ha/azure/cf-openvidu-ha.bicep | 23 ++++++++++++++ .../pro/ha/azure/cf-openvidu-ha.json | 29 +++++++++++++++++- 6 files changed, 121 insertions(+), 2 deletions(-) diff --git a/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml b/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml index 5a2c0b753..b8f896b19 100644 --- a/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml +++ b/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml @@ -1678,6 +1678,15 @@ Resources: ToPort: 1935 CidrIpv6: ::/0 + OpenViduMediaNodeToMasterNodeClusterPortIngress: + Type: AWS::EC2::SecurityGroupIngress + Properties: + GroupId: !GetAtt OpenViduMasterNodeSG.GroupId + IpProtocol: tcp + FromPort: 7880 + ToPort: 7880 + SourceSecurityGroupId: !GetAtt OpenViduMediaNodeSG.GroupId + OpenViduMediaNodeToMasterNodeRedisIngress: Type: AWS::EC2::SecurityGroupIngress Properties: diff --git a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep index 2a9e1cdd6..fefc7882d 100644 --- a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep +++ b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.bicep @@ -1766,6 +1766,29 @@ resource openviduMasterNodeASG 'Microsoft.Network/applicationSecurityGroups@2024 location: location } +resource mediaToMasterClusterIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = { + parent: openviduMasterNodeNSG + name: 'mediaNode_to_masterNode_CLUSTER_INGRESS' + properties: { + protocol: 'Tcp' + sourceApplicationSecurityGroups: [ + { + id: openviduMediaNodeASG.id + } + ] + sourcePortRange: '*' + destinationApplicationSecurityGroups: [ + { + id: openviduMasterNodeASG.id + } + ] + destinationPortRange: '7880' + access: 'Allow' + priority: 145 + direction: 'Inbound' + } +} + resource mediaToMasterRedisIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = { parent: openviduMasterNodeNSG name: 'mediaNode_to_masterNode_REDIS_INGRESS' diff --git a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json index 1d573cc99..6534aa356 100644 --- a/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json +++ b/openvidu-deployment/pro/elastic/azure/cf-openvidu-elastic.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.37.4.10188", - "templateHash": "2817356128446679614" + "templateHash": "10094209354917441049" } }, "parameters": { @@ -1055,6 +1055,34 @@ "name": "[format('{0}-masterNodeASG', parameters('stackName'))]", "location": "[variables('location')]" }, + { + "type": "Microsoft.Network/networkSecurityGroups/securityRules", + "apiVersion": "2023-11-01", + "name": "[format('{0}/{1}', format('{0}-masterNoderNSG', parameters('stackName')), 'mediaNode_to_masterNode_CLUSTER_INGRESS')]", + "properties": { + "protocol": "Tcp", + "sourceApplicationSecurityGroups": [ + { + "id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]" + } + ], + "sourcePortRange": "*", + "destinationApplicationSecurityGroups": [ + { + "id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]" + } + ], + "destinationPortRange": "7880", + "access": "Allow", + "priority": 145, + "direction": "Inbound" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNoderNSG', parameters('stackName')))]", + "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-mediaNodeASG', parameters('stackName')))]" + ] + }, { "type": "Microsoft.Network/networkSecurityGroups/securityRules", "apiVersion": "2023-11-01", diff --git a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml index 73ed03d30..89c844fcf 100644 --- a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml +++ b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml @@ -1991,6 +1991,15 @@ Resources: ToPort: 7001 SourceSecurityGroupId: !Ref OpenViduMasterNodeSG + OpenViduMediaNodeToMasterNodeClusterPortIngress: + Type: AWS::EC2::SecurityGroupIngress + Properties: + GroupId: !Ref OpenViduMasterNodeSG + IpProtocol: tcp + FromPort: 7880 + ToPort: 7880 + SourceSecurityGroupId: !Ref OpenViduMediaNodeSG + OpenViduMediaNodeToMasterRedisIngressSG: Type: AWS::EC2::SecurityGroupIngress Properties: diff --git a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep index 40bb34b10..cd8a4913a 100644 --- a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep +++ b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.bicep @@ -2396,6 +2396,29 @@ resource loadBalancerToMasterIngress 'Microsoft.Network/networkSecurityGroups/se } } +resource masterToMasterClusterIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = { + parent: openviduMasterNodeNSG + name: 'masterNode_to_masterNode_CLUSTER_INGRESS' + properties: { + protocol: 'Tcp' + sourceApplicationSecurityGroups: [ + { + id: openviduMasterNodeASG.id + } + ] + sourcePortRange: '7880' + destinationApplicationSecurityGroups: [ + { + id: openviduMasterNodeASG.id + } + ] + destinationPortRange: '7880' + access: 'Allow' + priority: 115 + direction: 'Inbound' + } +} + resource masterToMasterRedisIngress 'Microsoft.Network/networkSecurityGroups/securityRules@2023-11-01' = { parent: openviduMasterNodeNSG name: 'masterNode_to_masterNode_REDIS_INGRESS' diff --git a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json index ea21071e7..0031e3f32 100644 --- a/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json +++ b/openvidu-deployment/pro/ha/azure/cf-openvidu-ha.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.37.4.10188", - "templateHash": "715418153284332793" + "templateHash": "9275960504660161817" } }, "parameters": { @@ -1626,6 +1626,33 @@ "[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]" ] }, + { + "type": "Microsoft.Network/networkSecurityGroups/securityRules", + "apiVersion": "2023-11-01", + "name": "[format('{0}/{1}', format('{0}-masterNodeNSG', parameters('stackName')), 'masterNode_to_masterNode_CLUSTER_INGRESS')]", + "properties": { + "protocol": "Tcp", + "sourceApplicationSecurityGroups": [ + { + "id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]" + } + ], + "sourcePortRange": "7880", + "destinationApplicationSecurityGroups": [ + { + "id": "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]" + } + ], + "destinationPortRange": "7880", + "access": "Allow", + "priority": 115, + "direction": "Inbound" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/applicationSecurityGroups', format('{0}-masterNodeASG', parameters('stackName')))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', format('{0}-masterNodeNSG', parameters('stackName')))]" + ] + }, { "type": "Microsoft.Network/networkSecurityGroups/securityRules", "apiVersion": "2023-11-01",