aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--deployment/noheat/cluster-rke/ansible/create.yml17
l---------deployment/noheat/cluster-rke/ansible/group_vars/all.yml1
-rw-r--r--deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap4
-rw-r--r--deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml35
-rw-r--r--deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample2
-rw-r--r--deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap2
-rw-r--r--deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml9
7 files changed, 70 insertions, 0 deletions
diff --git a/deployment/noheat/cluster-rke/ansible/create.yml b/deployment/noheat/cluster-rke/ansible/create.yml
new file mode 100644
index 000000000..fa24fb1d6
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/create.yml
@@ -0,0 +1,17 @@
+---
+- name: Set up bastion node for ONAP Docker registry
+ hosts: "control0"
+ become: yes
+ roles:
+ - role: create_bastion
+ destination: "{{ nexus }}"
+- name: Add bastion information to the cluster nodes
+ hosts: all
+ become: yes
+ tasks:
+ - name: Add cluster hostnames to /etc/hosts file
+ lineinfile:
+ path: /etc/hosts
+ line: "{{ hostvars['control0']['ansible_default_ipv4']['address'] }} {{ item }}"
+ loop:
+ - "nexus3.onap.org"
diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml
new file mode 120000
index 000000000..d8e74e27a
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml
@@ -0,0 +1 @@
+all.yml.sm-onap \ No newline at end of file
diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap
new file mode 100644
index 000000000..2810d2d73
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap
@@ -0,0 +1,4 @@
+---
+nexus:
+ address: 199.204.45.137
+ port: 10001
diff --git a/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml
new file mode 100644
index 000000000..8189968c4
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml
@@ -0,0 +1,35 @@
+- name: Add cluster hostnames to /etc/hosts file
+ lineinfile:
+ path: /etc/hosts
+ line: "{{ ansible_default_ipv4.address + ' ' + ansible_hostname }}"
+
+- name: Enable IP forwarding
+ ansible.posix.sysctl:
+ name: net.ipv4.ip_forward
+ value: '1'
+ sysctl_set: yes
+
+- name: Create PREROUTING rule
+ ansible.builtin.iptables:
+ table: nat
+ chain: PREROUTING
+ protocol: tcp
+ destination_port: "{{ destination.port }}"
+ jump: DNAT
+ to_destination: "{{ destination.address }}:{{ destination.port }}"
+
+- name: Create OUTPUT rule
+ ansible.builtin.iptables:
+ table: nat
+ chain: OUTPUT
+ protocol: tcp
+ destination: "{{ ansible_default_ipv4.address }}"
+ destination_port: "{{ destination.port }}"
+ jump: DNAT
+ to_destination: "{{ destination.address }}"
+
+- name: Enable masquerading
+ ansible.builtin.iptables:
+ table: nat
+ chain: POSTROUTING
+ jump: MASQUERADE
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
index 470c2b120..f0e1b0037 100644
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
@@ -11,6 +11,8 @@ securitygroup:
remote_ip_prefix:
- "172.24.4.0/24"
- "192.168.1.0/24"
+ local_ip_prefix:
+ - "192.168.1.0/24"
image:
name: &image_name "Ubuntu_18.04"
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
index fb4f20861..fbfe432be 100644
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
@@ -10,6 +10,8 @@ securitygroup:
name: &securitygroup_name "onap_ci_lab"
remote_ip_prefix:
- "0.0.0.0/0"
+ local_ip_prefix:
+ - "192.168.1.0/24"
image:
name: &image_name "Ubuntu_18.04"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
index bd8abf564..f389559ec 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
@@ -19,3 +19,12 @@
port_range_max: 22
remote_ip_prefix: "{{ item }}"
loop: "{{ secgrp.remote_ip_prefix }}"
+
+- name: "Create {{ secgrp.name }} security group rule for ONAP Docker registry"
+ os_security_group_rule:
+ security_group: "{{ secgrp.name }}"
+ protocol: tcp
+ port_range_min: 10001
+ port_range_max: 10001
+ remote_ip_prefix: "{{ item }}"
+ loop: "{{ secgrp.local_ip_prefix }}"