diff options
author | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2020-12-30 15:21:11 +0100 |
---|---|---|
committer | Bartek Grzybowski <b.grzybowski@partner.samsung.com> | 2021-01-07 10:34:50 +0000 |
commit | aaa7d9652eb58dd47327a99e70451b08f682356f (patch) | |
tree | 568d0dbe3c0e18462c295a5e2be708aedb2a5fd9 /deployment | |
parent | f7dd723294912e4bb4484859ac263ab9270d70c6 (diff) |
Allow using multiple remote IP prefixes for security groups
This patch is required for allowing machine-to-machine traffic within
ONAP cluster with no Vagrant operator involvement.
Issue-ID: INT-1601
Change-Id: I0159b3176ecb3e5783f4f87b9b507824fc411b2b
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'deployment')
4 files changed, 12 insertions, 5 deletions
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample index c2d551da6..7ca72de10 100644 --- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample +++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample @@ -8,7 +8,9 @@ keypair: securitygroup: name: &securitygroup_name "onap_ci_lab" - remote_ip_prefix: "172.24.4.0/24" + remote_ip_prefix: + - "172.24.4.0/24" + - "192.168.1.0/24" image: name: &image_name "Ubuntu_18.04" diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap index c6ded5605..e3ae6b346 100644 --- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap +++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap @@ -8,7 +8,8 @@ keypair: securitygroup: name: &securitygroup_name "onap_ci_lab" - remote_ip_prefix: "0.0.0.0/0" + remote_ip_prefix: + - "0.0.0.0/0" image: name: &image_name "Ubuntu_18.04" diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml index d6b78d1f4..bd8abf564 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml @@ -8,7 +8,8 @@ os_security_group_rule: security_group: "{{ secgrp.name }}" protocol: icmp - remote_ip_prefix: "{{ secgrp.remote_ip_prefix }}" + remote_ip_prefix: "{{ item }}" + loop: "{{ secgrp.remote_ip_prefix }}" - name: "Create {{ secgrp.name }} security group rule for SSH" os_security_group_rule: @@ -16,4 +17,5 @@ protocol: tcp port_range_min: 22 port_range_max: 22 - remote_ip_prefix: "{{ secgrp.remote_ip_prefix }}" + remote_ip_prefix: "{{ item }}" + loop: "{{ secgrp.remote_ip_prefix }}" diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml index 3ce0e182b..d04b72c34 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml @@ -1,4 +1,6 @@ --- -- include: create_securitygroup.yml secgrp={{ item }} +- include: create_securitygroup.yml loop: - "{{ securitygroup }}" + loop_control: + loop_var: secgrp |