aboutsummaryrefslogtreecommitdiffstats
path: root/deployment/noheat/infra-openstack
diff options
context:
space:
mode:
authorMaciej Wereski <m.wereski@partner.samsung.com>2021-07-27 12:50:25 +0000
committerMorgan Richomme <morgan.richomme@orange.com>2021-08-24 13:41:02 +0000
commita2e6b6e74d7e2503fe58b27336b82df0144a5e9b (patch)
tree7a9ad689e62213912996bb77ff97e371d246d891 /deployment/noheat/infra-openstack
parent1583a651b3f1934cdf6c10e38ae526c31077a983 (diff)
noheat deployment: loosen security groups constraints
Current rules may cause kubernetes services to be blocked. This may lead to a lot of time wasted on debuging issues that aren't to any of deployed components. After all patches are in place and working we might try to come up with restricting Security Groups. Issue-ID: INT-1601 Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com> Change-Id: I2f36afefb72df1c4082bc9dda036713f4625ab46
Diffstat (limited to 'deployment/noheat/infra-openstack')
-rw-r--r--deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml15
1 files changed, 4 insertions, 11 deletions
diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
index f389559ec..b9a3e2973 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
@@ -11,20 +11,13 @@
remote_ip_prefix: "{{ item }}"
loop: "{{ secgrp.remote_ip_prefix }}"
-- name: "Create {{ secgrp.name }} security group rule for SSH"
+- name: "Create {{ secgrp.name }} security group rule for all TCP"
os_security_group_rule:
security_group: "{{ secgrp.name }}"
protocol: tcp
- port_range_min: 22
- port_range_max: 22
- remote_ip_prefix: "{{ item }}"
- loop: "{{ secgrp.remote_ip_prefix }}"
+ remote_ip_prefix: "0.0.0.0/0"
-- name: "Create {{ secgrp.name }} security group rule for ONAP Docker registry"
+- name: "Create {{ secgrp.name }} security group rule for all UDP"
os_security_group_rule:
security_group: "{{ secgrp.name }}"
- protocol: tcp
- port_range_min: 10001
- port_range_max: 10001
- remote_ip_prefix: "{{ item }}"
- loop: "{{ secgrp.local_ip_prefix }}"
+ protocol: udp