aboutsummaryrefslogtreecommitdiffstats
path: root/deployment/noheat
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2021-04-30 07:43:07 +0200
committerPawel Wieczorek <p.wieczorek2@samsung.com>2021-04-30 14:12:51 +0200
commita10322497f3e122a0fbd22f171dba88d131b1ae4 (patch)
treed3fde644e42eb5f84e44eed877d2556ebd8cd313 /deployment/noheat
parent276b3ffcb1dbc2ce4485a4777bb18d2b8fb499aa (diff)
Set up network for in-cluster deployment stage
This patch adds new network traffic exceptions to the infrastructure setup step. This change has to be done during the infrastructure setup step because OpenStack client is not available from within the cluster. Issue-ID: INT-1601 Change-Id: I5adbce6197d8de6ab2bf7f54c73d6003442674da Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'deployment/noheat')
-rw-r--r--deployment/noheat/cluster-rke/ansible/create.yml17
l---------deployment/noheat/cluster-rke/ansible/group_vars/all.yml1
-rw-r--r--deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap4
-rw-r--r--deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml35
-rw-r--r--deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample2
-rw-r--r--deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap2
-rw-r--r--deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml9
7 files changed, 70 insertions, 0 deletions
diff --git a/deployment/noheat/cluster-rke/ansible/create.yml b/deployment/noheat/cluster-rke/ansible/create.yml
new file mode 100644
index 000000000..fa24fb1d6
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/create.yml
@@ -0,0 +1,17 @@
+---
+- name: Set up bastion node for ONAP Docker registry
+ hosts: "control0"
+ become: yes
+ roles:
+ - role: create_bastion
+ destination: "{{ nexus }}"
+- name: Add bastion information to the cluster nodes
+ hosts: all
+ become: yes
+ tasks:
+ - name: Add cluster hostnames to /etc/hosts file
+ lineinfile:
+ path: /etc/hosts
+ line: "{{ hostvars['control0']['ansible_default_ipv4']['address'] }} {{ item }}"
+ loop:
+ - "nexus3.onap.org"
diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml
new file mode 120000
index 000000000..d8e74e27a
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml
@@ -0,0 +1 @@
+all.yml.sm-onap \ No newline at end of file
diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap
new file mode 100644
index 000000000..2810d2d73
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap
@@ -0,0 +1,4 @@
+---
+nexus:
+ address: 199.204.45.137
+ port: 10001
diff --git a/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml
new file mode 100644
index 000000000..8189968c4
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml
@@ -0,0 +1,35 @@
+- name: Add cluster hostnames to /etc/hosts file
+ lineinfile:
+ path: /etc/hosts
+ line: "{{ ansible_default_ipv4.address + ' ' + ansible_hostname }}"
+
+- name: Enable IP forwarding
+ ansible.posix.sysctl:
+ name: net.ipv4.ip_forward
+ value: '1'
+ sysctl_set: yes
+
+- name: Create PREROUTING rule
+ ansible.builtin.iptables:
+ table: nat
+ chain: PREROUTING
+ protocol: tcp
+ destination_port: "{{ destination.port }}"
+ jump: DNAT
+ to_destination: "{{ destination.address }}:{{ destination.port }}"
+
+- name: Create OUTPUT rule
+ ansible.builtin.iptables:
+ table: nat
+ chain: OUTPUT
+ protocol: tcp
+ destination: "{{ ansible_default_ipv4.address }}"
+ destination_port: "{{ destination.port }}"
+ jump: DNAT
+ to_destination: "{{ destination.address }}"
+
+- name: Enable masquerading
+ ansible.builtin.iptables:
+ table: nat
+ chain: POSTROUTING
+ jump: MASQUERADE
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
index 470c2b120..f0e1b0037 100644
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
@@ -11,6 +11,8 @@ securitygroup:
remote_ip_prefix:
- "172.24.4.0/24"
- "192.168.1.0/24"
+ local_ip_prefix:
+ - "192.168.1.0/24"
image:
name: &image_name "Ubuntu_18.04"
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
index fb4f20861..fbfe432be 100644
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
@@ -10,6 +10,8 @@ securitygroup:
name: &securitygroup_name "onap_ci_lab"
remote_ip_prefix:
- "0.0.0.0/0"
+ local_ip_prefix:
+ - "192.168.1.0/24"
image:
name: &image_name "Ubuntu_18.04"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
index bd8abf564..f389559ec 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
@@ -19,3 +19,12 @@
port_range_max: 22
remote_ip_prefix: "{{ item }}"
loop: "{{ secgrp.remote_ip_prefix }}"
+
+- name: "Create {{ secgrp.name }} security group rule for ONAP Docker registry"
+ os_security_group_rule:
+ security_group: "{{ secgrp.name }}"
+ protocol: tcp
+ port_range_min: 10001
+ port_range_max: 10001
+ remote_ip_prefix: "{{ item }}"
+ loop: "{{ secgrp.local_ip_prefix }}"