diff options
| author |   Pawel Wieczorek <p.wieczorek2@samsung.com> | 2021-04-30 07:43:07 +0200 |
|---|---|---|
| committer | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2021-04-30 14:12:51 +0200 |
| commit | a10322497f3e122a0fbd22f171dba88d131b1ae4 (patch) | |
| tree | d3fde644e42eb5f84e44eed877d2556ebd8cd313 /deployment/noheat/cluster-rke | |
| parent | 276b3ffcb1dbc2ce4485a4777bb18d2b8fb499aa (diff) | |
Set up network for in-cluster deployment stage
This patch adds new network traffic exceptions to the infrastructure
setup step. This change has to be done during the infrastructure setup
step because OpenStack client is not available from within the cluster.
Issue-ID: INT-1601
Change-Id: I5adbce6197d8de6ab2bf7f54c73d6003442674da
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'deployment/noheat/cluster-rke')
4 files changed, 57 insertions, 0 deletions
diff --git a/deployment/noheat/cluster-rke/ansible/create.yml b/deployment/noheat/cluster-rke/ansible/create.yml new file mode 100644 index 000000000..fa24fb1d6 --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/create.yml @@ -0,0 +1,17 @@ +--- +- name: Set up bastion node for ONAP Docker registry + hosts: "control0" + become: yes + roles: + - role: create_bastion + destination: "{{ nexus }}" +- name: Add bastion information to the cluster nodes + hosts: all + become: yes + tasks: + - name: Add cluster hostnames to /etc/hosts file + lineinfile: + path: /etc/hosts + line: "{{ hostvars['control0']['ansible_default_ipv4']['address'] }} {{ item }}" + loop: + - "nexus3.onap.org" diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml new file mode 120000 index 000000000..d8e74e27a --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml @@ -0,0 +1 @@ +all.yml.sm-onap
\ No newline at end of file diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap new file mode 100644 index 000000000..2810d2d73 --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap @@ -0,0 +1,4 @@ +--- +nexus: + address: 199.204.45.137 + port: 10001 diff --git a/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml new file mode 100644 index 000000000..8189968c4 --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml @@ -0,0 +1,35 @@ +- name: Add cluster hostnames to /etc/hosts file + lineinfile: + path: /etc/hosts + line: "{{ ansible_default_ipv4.address + ' ' + ansible_hostname }}" + +- name: Enable IP forwarding + ansible.posix.sysctl: + name: net.ipv4.ip_forward + value: '1' + sysctl_set: yes + +- name: Create PREROUTING rule + ansible.builtin.iptables: + table: nat + chain: PREROUTING + protocol: tcp + destination_port: "{{ destination.port }}" + jump: DNAT + to_destination: "{{ destination.address }}:{{ destination.port }}" + +- name: Create OUTPUT rule + ansible.builtin.iptables: + table: nat + chain: OUTPUT + protocol: tcp + destination: "{{ ansible_default_ipv4.address }}" + destination_port: "{{ destination.port }}" + jump: DNAT + to_destination: "{{ destination.address }}" + +- name: Enable masquerading + ansible.builtin.iptables: + table: nat + chain: POSTROUTING + jump: MASQUERADE |