From aaa7d9652eb58dd47327a99e70451b08f682356f Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek
Date: Wed, 30 Dec 2020 15:21:11 +0100
Subject: Allow using multiple remote IP prefixes for security groups
This patch is required for allowing machine-to-machine traffic within
ONAP cluster with no Vagrant operator involvement.
Issue-ID: INT-1601
Change-Id: I0159b3176ecb3e5783f4f87b9b507824fc411b2b
Signed-off-by: Pawel Wieczorek
---
deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample | 4 +++-
.../noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap | 3 ++-
.../create_devstack_securitygroup/tasks/create_securitygroup.yml | 6 ++++--
.../roles/openstack/create_devstack_securitygroup/tasks/main.yml | 4 +++-
4 files changed, 12 insertions(+), 5 deletions(-)
(limited to 'deployment/noheat/infra-openstack')
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
index c2d551da6..7ca72de10 100644
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
@@ -8,7 +8,9 @@ keypair:
securitygroup:
name: &securitygroup_name "onap_ci_lab"
- remote_ip_prefix: "172.24.4.0/24"
+ remote_ip_prefix:
+ - "172.24.4.0/24"
+ - "192.168.1.0/24"
image:
name: &image_name "Ubuntu_18.04"
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
index c6ded5605..e3ae6b346 100644
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
@@ -8,7 +8,8 @@ keypair:
securitygroup:
name: &securitygroup_name "onap_ci_lab"
- remote_ip_prefix: "0.0.0.0/0"
+ remote_ip_prefix:
+ - "0.0.0.0/0"
image:
name: &image_name "Ubuntu_18.04"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml
index d6b78d1f4..bd8abf564 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/create_securitygroup.yml
@@ -8,7 +8,8 @@
os_security_group_rule:
security_group: "{{ secgrp.name }}"
protocol: icmp
- remote_ip_prefix: "{{ secgrp.remote_ip_prefix }}"
+ remote_ip_prefix: "{{ item }}"
+ loop: "{{ secgrp.remote_ip_prefix }}"
- name: "Create {{ secgrp.name }} security group rule for SSH"
os_security_group_rule:
@@ -16,4 +17,5 @@
protocol: tcp
port_range_min: 22
port_range_max: 22
- remote_ip_prefix: "{{ secgrp.remote_ip_prefix }}"
+ remote_ip_prefix: "{{ item }}"
+ loop: "{{ secgrp.remote_ip_prefix }}"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml
index 3ce0e182b..d04b72c34 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_securitygroup/tasks/main.yml
@@ -1,4 +1,6 @@
---
-- include: create_securitygroup.yml secgrp={{ item }}
+- include: create_securitygroup.yml
loop:
- "{{ securitygroup }}"
+ loop_control:
+ loop_var: secgrp
--
cgit 1.2.3-korg