From aaa7d9652eb58dd47327a99e70451b08f682356f Mon Sep 17 00:00:00 2001 From: Pawel Wieczorek Date: Wed, 30 Dec 2020 15:21:11 +0100 Subject: Allow using multiple remote IP prefixes for security groups This patch is required for allowing machine-to-machine traffic within ONAP cluster with no Vagrant operator involvement. Issue-ID: INT-1601 Change-Id: I0159b3176ecb3e5783f4f87b9b507824fc411b2b Signed-off-by: Pawel Wieczorek --- deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample | 4 +++- .../noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap | 3 ++- .../create_devstack_securitygroup/tasks/create_securitygroup.yml | 6 ++++-- .../roles/openstack/create_devstack_securitygroup/tasks/main.yml | 4 +++- 4 files changed, 12 insertions(+), 5 deletions(-) (limited to 'deployment/noheat/infra-openstack') diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample index c2d551da6..7ca72de10 100644 --- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample +++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample @@ -8,7 +8,9 @@ keypair: securitygroup: name: &securitygroup_name "onap_ci_lab" - remote_ip_prefix: "172.24.4.0/24" + remote_ip_prefix: + - "172.24.4.0/24" + - "192.168.1.0/24" image: name: &image_name "Ubuntu_18.04" diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap index c6ded5605..e3ae6b346 100644 --- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap +++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap @@ -8,7 +8,8 @@ keypair: securitygroup: name: &securitygroup_name "onap_ci_lab" - remote_ip_prefix: "0.0.0.0/0" + remote_ip_prefix: + - "0.0.0.0/0" image: name: &image_name "Ubuntu_18.04" diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml index d6b78d1f4..bd8abf564 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml @@ -8,7 +8,8 @@ os_security_group_rule: security_group: "{{ secgrp.name }}" protocol: icmp - remote_ip_prefix: "{{ secgrp.remote_ip_prefix }}" + remote_ip_prefix: "{{ item }}" + loop: "{{ secgrp.remote_ip_prefix }}" - name: "Create {{ secgrp.name }} security group rule for SSH" os_security_group_rule: @@ -16,4 +17,5 @@ protocol: tcp port_range_min: 22 port_range_max: 22 - remote_ip_prefix: "{{ secgrp.remote_ip_prefix }}" + remote_ip_prefix: "{{ item }}" + loop: "{{ secgrp.remote_ip_prefix }}" diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml index 3ce0e182b..d04b72c34 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml @@ -1,4 +1,6 @@ --- -- include: create_securitygroup.yml secgrp={{ item }} +- include: create_securitygroup.yml loop: - "{{ securitygroup }}" + loop_control: + loop_var: secgrp -- cgit 1.2.3-korg