OpenStack: Improve security groups playbook.

All the IPv6 security group related tasks has been moved to dedicated
block. There was added IPv6 rules for the master security groups in case
masters are set to be scheduable. And finally, fixed conditions for IPv6
tasks.

upi/openstack/security-groups.yaml

@@ -70,17 +70,6 @@
       port_range_min: 6443
       port_range_max: 6443
 
-  - name: 'Create master-sg IPv6 rule "OpenShift API"'
-    openstack.cloud.security_group_rule:
-      security_group: "{{ os_sg_master }}"
-      ether_type: IPv6
-      protocol: tcp
-      port_range_min: 6443
-      port_range_max: 6443
-    when:
-    - os_subnet6_range is defined
-    - "{{ os_subnet6_range|ansible.utils.ipv6 }}"
-
   - name: 'Create master-sg rule "VXLAN"'
     openstack.cloud.security_group_rule:
       security_group: "{{ os_sg_master }}"
@@ -236,17 +225,6 @@
       port_range_min: 80
       port_range_max: 80
 
-  - name: 'Create worker-sg IPv6 rule "Ingress HTTP"'
-    openstack.cloud.security_group_rule:
-      security_group: "{{ os_sg_worker }}"
-      ether_type: IPv6
-      protocol: tcp
-      port_range_min: 80
-      port_range_max: 80
-    when:
-    - os_subnet6_range is defined
-    - "{{ os_subnet6_range|ansible.utils.ipv6 }}"
-
   - name: 'Create worker-sg rule "Ingress HTTPS"'
     openstack.cloud.security_group_rule:
       security_group: "{{ os_sg_worker }}"
@@ -254,17 +232,6 @@
       port_range_min: 443
       port_range_max: 443
 
-  - name: 'Create worker-sg IPv6 rule "Ingress HTTPS"'
-    openstack.cloud.security_group_rule:
-      security_group: "{{ os_sg_worker }}"
-      ether_type: IPv6
-      protocol: tcp
-      port_range_min: 443
-      port_range_max: 443
-    when:
-    - os_subnet6_range is defined
-    - "{{ os_subnet6_range|ansible.utils.ipv6 }}"
-
   - name: 'Create worker-sg rule "router"'
     openstack.cloud.security_group_rule:
       security_group: "{{ os_sg_worker }}"
@@ -350,3 +317,61 @@
       security_group: "{{ os_sg_worker }}"
       protocol: '112'
       remote_ip_prefix: "{{ os_subnet_range }}"
+
+  - name: 'Create security groups for IPv6'
+    block:
+    - name: 'Create master-sg IPv6 rule "OpenShift API"'
+      openstack.cloud.security_group_rule:
+        security_group: "{{ os_sg_master }}"
+        ether_type: IPv6
+        protocol: tcp
+        port_range_min: 6443
+        port_range_max: 6443
+
+    - name: 'Create worker-sg IPv6 rule "Ingress HTTP"'
+      openstack.cloud.security_group_rule:
+        security_group: "{{ os_sg_worker }}"
+        ether_type: IPv6
+        protocol: tcp
+        port_range_min: 80
+        port_range_max: 80
+
+    - name: 'Create worker-sg IPv6 rule "Ingress HTTPS"'
+      openstack.cloud.security_group_rule:
+        security_group: "{{ os_sg_worker }}"
+        ether_type: IPv6
+        protocol: tcp
+        port_range_min: 443
+        port_range_max: 443
+
+    - name: 'Create master-sg rule "master ingress HTTP (TCP)"'
+      openstack.cloud.security_group_rule:
+        security_group: "{{ os_sg_master }}"
+        ether_type: IPv6
+        protocol: tcp
+        port_range_min: 80
+        port_range_max: 80
+      when: os_master_schedulable is defined and os_master_schedulable
+
+    - name: 'Create master-sg rule "master ingress HTTPS (TCP)"'
+      openstack.cloud.security_group_rule:
+        security_group: "{{ os_sg_master }}"
+        ether_type: IPv6
+        protocol: tcp
+        port_range_min: 443
+        port_range_max: 443
+      when: os_master_schedulable is defined and os_master_schedulable
+
+    - name: 'Create master-sg rule "router"'
+      openstack.cloud.security_group_rule:
+        security_group: "{{ os_sg_master }}"
+        ether_type: IPv6
+        protocol: tcp
+        remote_ip_prefix: "{{ os_subnet_range }}"
+        port_range_min: 1936
+        port_range_max: 1936
+      when: os_master_schedulable is defined and os_master_schedulable
+
+    when:
+    - os_subnet6_range is defined
+    - os_subnet6_range|ansible.utils.ipv6