aboutsummaryrefslogtreecommitdiffstats
path: root/deployment/noheat/infra-openstack/ansible/roles
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2020-06-23 17:18:24 +0200
committerBartek Grzybowski <b.grzybowski@partner.samsung.com>2020-07-30 09:03:24 +0000
commit7a58f1ffb1572122e76346156050f0b8c1c35c00 (patch)
tree165567bf9d388fdb084080fa97c0df998db0e962 /deployment/noheat/infra-openstack/ansible/roles
parentcbc0bf009dc59c483c88ce32a50c016874cd5363 (diff)
Add Ansible roles for OpenStack security groups
Additional OpenStack security group and its rules are required to allow traffic to virtual machines created on DevStack. Virtual machines will be accessible from 172.24.4.0/24 network (default public IP pool). Issue-ID: INT-1601 Change-Id: I902f64f542197e329e21790f98662d2e408d4bb6 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'deployment/noheat/infra-openstack/ansible/roles')
-rw-r--r--deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml2
-rw-r--r--deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml19
-rw-r--r--deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml4
-rw-r--r--deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/destroy_securitygroup.yml5
-rw-r--r--deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/main.yml4
5 files changed, 34 insertions, 0 deletions
diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml
index 847150f36..c164d7144 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml
@@ -7,3 +7,5 @@
flavor: "{{ host.flavor }}"
key_name: "{{ host.keypair }}"
network: "{{ host.network }}"
+ security_groups:
+ - "{{ host.securitygroup }}"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml
new file mode 100644
index 000000000..d6b78d1f4
--- /dev/null
+++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml
@@ -0,0 +1,19 @@
+---
+- name: "Create {{ secgrp.name }} security group"
+ os_security_group:
+ state: present
+ name: "{{ secgrp.name }}"
+
+- name: "Create {{ secgrp.name }} security group rule for ping"
+ os_security_group_rule:
+ security_group: "{{ secgrp.name }}"
+ protocol: icmp
+ remote_ip_prefix: "{{ secgrp.remote_ip_prefix }}"
+
+- name: "Create {{ secgrp.name }} security group rule for SSH"
+ os_security_group_rule:
+ security_group: "{{ secgrp.name }}"
+ protocol: tcp
+ port_range_min: 22
+ port_range_max: 22
+ remote_ip_prefix: "{{ secgrp.remote_ip_prefix }}"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml
new file mode 100644
index 000000000..da125cbc4
--- /dev/null
+++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml
@@ -0,0 +1,4 @@
+---
+- include: create_securitygroup.yml secgrp={{ item }}
+ with_items:
+ - "{{ securitygroup }}"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/destroy_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/destroy_securitygroup.yml
new file mode 100644
index 000000000..eb86f9bc2
--- /dev/null
+++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/destroy_securitygroup.yml
@@ -0,0 +1,5 @@
+---
+- name: "Destroy {{ secgrp.name }} security group"
+ os_security_group:
+ state: absent
+ name: "{{ secgrp.name }}"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/main.yml
new file mode 100644
index 000000000..586e18067
--- /dev/null
+++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/main.yml
@@ -0,0 +1,4 @@
+---
+- include: destroy_securitygroup.yml secgrp={{ item }}
+ with_items:
+ - "{{ securitygroup }}"