From a10322497f3e122a0fbd22f171dba88d131b1ae4 Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek
Date: Fri, 30 Apr 2021 07:43:07 +0200
Subject: Set up network for in-cluster deployment stage
This patch adds new network traffic exceptions to the infrastructure
setup step. This change has to be done during the infrastructure setup
step because OpenStack client is not available from within the cluster.
Issue-ID: INT-1601
Change-Id: I5adbce6197d8de6ab2bf7f54c73d6003442674da
Signed-off-by: Pawel Wieczorek
---
.../noheat/infra-openstack/ansible/group_vars/all.yml.sample | 2 ++
.../noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap | 2 ++
.../roles/create_securitygroup/tasks/create_securitygroup.yml | 9 +++++++++
3 files changed, 13 insertions(+)
(limited to 'deployment/noheat/infra-openstack/ansible')
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
index 470c2b120..f0e1b0037 100644
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
@@ -11,6 +11,8 @@ securitygroup:
remote_ip_prefix:
- "172.24.4.0/24"
- "192.168.1.0/24"
+ local_ip_prefix:
+ - "192.168.1.0/24"
image:
name: &image_name "Ubuntu_18.04"
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
index fb4f20861..fbfe432be 100644
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
@@ -10,6 +10,8 @@ securitygroup:
name: &securitygroup_name "onap_ci_lab"
remote_ip_prefix:
- "0.0.0.0/0"
+ local_ip_prefix:
+ - "192.168.1.0/24"
image:
name: &image_name "Ubuntu_18.04"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
index bd8abf564..f389559ec 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
@@ -19,3 +19,12 @@
port_range_max: 22
remote_ip_prefix: "{{ item }}"
loop: "{{ secgrp.remote_ip_prefix }}"
+
+- name: "Create {{ secgrp.name }} security group rule for ONAP Docker registry"
+ os_security_group_rule:
+ security_group: "{{ secgrp.name }}"
+ protocol: tcp
+ port_range_min: 10001
+ port_range_max: 10001
+ remote_ip_prefix: "{{ item }}"
+ loop: "{{ secgrp.local_ip_prefix }}"
--
cgit 1.2.3-korg