aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2020-12-30 15:21:11 +0100
committerBartek Grzybowski <b.grzybowski@partner.samsung.com>2021-01-07 10:34:50 +0000
commitaaa7d9652eb58dd47327a99e70451b08f682356f (patch)
tree568d0dbe3c0e18462c295a5e2be708aedb2a5fd9
parentf7dd723294912e4bb4484859ac263ab9270d70c6 (diff)
Allow using multiple remote IP prefixes for security groups
This patch is required for allowing machine-to-machine traffic within ONAP cluster with no Vagrant operator involvement. Issue-ID: INT-1601 Change-Id: I0159b3176ecb3e5783f4f87b9b507824fc411b2b Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
-rw-r--r--deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample4
-rw-r--r--deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap3
-rw-r--r--deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml6
-rw-r--r--deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml4
4 files changed, 12 insertions, 5 deletions
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
index c2d551da6..7ca72de10 100644
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
@@ -8,7 +8,9 @@ keypair:
securitygroup:
name: &securitygroup_name "onap_ci_lab"
- remote_ip_prefix: "172.24.4.0/24"
+ remote_ip_prefix:
+ - "172.24.4.0/24"
+ - "192.168.1.0/24"
image:
name: &image_name "Ubuntu_18.04"
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
index c6ded5605..e3ae6b346 100644
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
@@ -8,7 +8,8 @@ keypair:
securitygroup:
name: &securitygroup_name "onap_ci_lab"
- remote_ip_prefix: "0.0.0.0/0"
+ remote_ip_prefix:
+ - "0.0.0.0/0"
image:
name: &image_name "Ubuntu_18.04"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml
index d6b78d1f4..bd8abf564 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml
@@ -8,7 +8,8 @@
os_security_group_rule:
security_group: "{{ secgrp.name }}"
protocol: icmp
- remote_ip_prefix: "{{ secgrp.remote_ip_prefix }}"
+ remote_ip_prefix: "{{ item }}"
+ loop: "{{ secgrp.remote_ip_prefix }}"
- name: "Create {{ secgrp.name }} security group rule for SSH"
os_security_group_rule:
@@ -16,4 +17,5 @@
protocol: tcp
port_range_min: 22
port_range_max: 22
- remote_ip_prefix: "{{ secgrp.remote_ip_prefix }}"
+ remote_ip_prefix: "{{ item }}"
+ loop: "{{ secgrp.remote_ip_prefix }}"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml
index 3ce0e182b..d04b72c34 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml
@@ -1,4 +1,6 @@
---
-- include: create_securitygroup.yml secgrp={{ item }}
+- include: create_securitygroup.yml
loop:
- "{{ securitygroup }}"
+ loop_control:
+ loop_var: secgrp