diff options
14 files changed, 85 insertions, 0 deletions
diff --git a/deployment/noheat/infra-openstack/ansible/create.yml b/deployment/noheat/infra-openstack/ansible/create.yml index a2665f911..38f2f9d20 100644 --- a/deployment/noheat/infra-openstack/ansible/create.yml +++ b/deployment/noheat/infra-openstack/ansible/create.yml @@ -5,5 +5,6 @@ gather_facts: False roles: - openstack/create_devstack_network + - openstack/create_devstack_securitygroup - openstack/create_devstack_keypair - openstack/create_devstack_hosts diff --git a/deployment/noheat/infra-openstack/ansible/destroy.yml b/deployment/noheat/infra-openstack/ansible/destroy.yml index 4576125c4..6091e597d 100644 --- a/deployment/noheat/infra-openstack/ansible/destroy.yml +++ b/deployment/noheat/infra-openstack/ansible/destroy.yml @@ -7,3 +7,4 @@ - openstack/destroy_devstack_hosts - openstack/destroy_devstack_keypair - openstack/destroy_devstack_network + - openstack/destroy_devstack_securitygroup diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml index 1da1e8f78..40fdabf94 100644 --- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml +++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml @@ -6,9 +6,14 @@ network: keypair: name: &keypair_name "onap_ci_lab" +securitygroup: + name: &securitygroup_name "onap_ci_lab" + remote_ip_prefix: "172.24.4.0/24" + hosts: - name: "operator0" image: "cirros-0.5.1-x86_64-disk" flavor: "cirros256" keypair: *keypair_name network: *network_name + securitygroup: *securitygroup_name diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml index 847150f36..c164d7144 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml @@ -7,3 +7,5 @@ flavor: "{{ host.flavor }}" key_name: "{{ host.keypair }}" network: "{{ host.network }}" + security_groups: + - "{{ host.securitygroup }}" diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml new file mode 100644 index 000000000..d6b78d1f4 --- /dev/null +++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml @@ -0,0 +1,19 @@ +--- +- name: "Create {{ secgrp.name }} security group" + os_security_group: + state: present + name: "{{ secgrp.name }}" + +- name: "Create {{ secgrp.name }} security group rule for ping" + os_security_group_rule: + security_group: "{{ secgrp.name }}" + protocol: icmp + remote_ip_prefix: "{{ secgrp.remote_ip_prefix }}" + +- name: "Create {{ secgrp.name }} security group rule for SSH" + os_security_group_rule: + security_group: "{{ secgrp.name }}" + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: "{{ secgrp.remote_ip_prefix }}" diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml new file mode 100644 index 000000000..da125cbc4 --- /dev/null +++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- include: create_securitygroup.yml secgrp={{ item }} + with_items: + - "{{ securitygroup }}" diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/destroy_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/destroy_securitygroup.yml new file mode 100644 index 000000000..eb86f9bc2 --- /dev/null +++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/destroy_securitygroup.yml @@ -0,0 +1,5 @@ +--- +- name: "Destroy {{ secgrp.name }} security group" + os_security_group: + state: absent + name: "{{ secgrp.name }}" diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/main.yml new file mode 100644 index 000000000..586e18067 --- /dev/null +++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_securitygroup/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- include: destroy_securitygroup.yml secgrp={{ item }} + with_items: + - "{{ securitygroup }}" diff --git a/deployment/noheat/infra-openstack/vagrant/test/create_securitygroup.stderr b/deployment/noheat/infra-openstack/vagrant/test/create_securitygroup.stderr new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/deployment/noheat/infra-openstack/vagrant/test/create_securitygroup.stderr diff --git a/deployment/noheat/infra-openstack/vagrant/test/create_securitygroup.stdout b/deployment/noheat/infra-openstack/vagrant/test/create_securitygroup.stdout new file mode 100644 index 000000000..363825389 --- /dev/null +++ b/deployment/noheat/infra-openstack/vagrant/test/create_securitygroup.stdout @@ -0,0 +1 @@ +"onap_ci_lab" diff --git a/deployment/noheat/infra-openstack/vagrant/test/create_securitygroup.test b/deployment/noheat/infra-openstack/vagrant/test/create_securitygroup.test new file mode 100755 index 000000000..6378776b8 --- /dev/null +++ b/deployment/noheat/infra-openstack/vagrant/test/create_securitygroup.test @@ -0,0 +1,21 @@ +#!/bin/sh + +export SECURITYGROUP_NAME='onap_ci_lab' + +export VAGRANT_CWD='..' + +set_up() { + vagrant up --provision-with=run_playbook_destroy + vagrant up --provision-with=run_playbook_create +} + +check() { + local secgrp="$1" + vagrant ssh operator --no-tty -c \ + "export OS_CLOUD=openstack; openstack security group list -fcsv" \ + | grep "$secgrp" \ + | cut -d',' -f2 +} + +set_up >/dev/null # drop provisioning output +check "$SECURITYGROUP_NAME" diff --git a/deployment/noheat/infra-openstack/vagrant/test/destroy_securitygroup.stderr b/deployment/noheat/infra-openstack/vagrant/test/destroy_securitygroup.stderr new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/deployment/noheat/infra-openstack/vagrant/test/destroy_securitygroup.stderr diff --git a/deployment/noheat/infra-openstack/vagrant/test/destroy_securitygroup.stdout b/deployment/noheat/infra-openstack/vagrant/test/destroy_securitygroup.stdout new file mode 100644 index 000000000..7adb2f89a --- /dev/null +++ b/deployment/noheat/infra-openstack/vagrant/test/destroy_securitygroup.stdout @@ -0,0 +1 @@ +Security group onap_ci_lab not found. diff --git a/deployment/noheat/infra-openstack/vagrant/test/destroy_securitygroup.test b/deployment/noheat/infra-openstack/vagrant/test/destroy_securitygroup.test new file mode 100755 index 000000000..0d8042d6a --- /dev/null +++ b/deployment/noheat/infra-openstack/vagrant/test/destroy_securitygroup.test @@ -0,0 +1,21 @@ +#!/bin/sh + +export SECURITYGROUP_NAME='onap_ci_lab' + +export VAGRANT_CWD='..' + +set_up() { + vagrant up --provision-with=run_playbook_create + vagrant up --provision-with=run_playbook_destroy +} + +check() { + local secgrp="$1" + vagrant ssh operator --no-tty -c \ + "export OS_CLOUD=openstack; openstack security group list -fcsv" \ + | grep "$secgrp" \ + || echo "Security group ${secgrp} not found." +} + +set_up >/dev/null # drop provisioning output +check "$SECURITYGROUP_NAME" |