openshift/installer
1
0
Fork 0
mirror of https://github.com/openshift/installer.git synced 2026-02-05 15:47:14 +01:00
Code Issues Releases Activity

openstack/upi: add missing modules namespaces

Browse Source
This commit is contained in:
Emilien Macchi
2023-07-27 11:38:28 -04:00
parent 8f032c2064
commit aa258c01ab
12 changed files with 130 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
upi/openstack/bootstrap.yaml
View File

@@ -5,7 +5,7 @@
# openstacksdk
# netaddr
- import_playbook: common.yaml
- ansible.builtin.import_playbook: common.yaml
- hosts: all
gather_facts: no

20
upi/openstack/compute-nodes.yaml
View File

@@ -5,14 +5,14 @@
# openstacksdk
# netaddr
- import_playbook: common.yaml
- ansible.builtin.import_playbook: common.yaml
- hosts: all
gather_facts: no
tasks:
- name: 'Create the Compute ports'
os_port:
openstack.cloud.port:
name: "{{ item.1 }}-{{ item.0 }}"
network: "{{ os_network }}"
security_groups:
@@ -23,18 +23,18 @@
register: ports
- name: 'Set Compute ports tag'
command:
ansible.builtin.command:
cmd: "openstack port set --tag {{ cluster_id_tag }} {{ item.1 }}-{{ item.0 }}"
with_indexed_items: "{{ [os_port_worker] * os_compute_nodes_number }}"
- name: 'List the Compute Trunks'
command:
ansible.builtin.command:
cmd: "openstack network trunk list"
when: os_networking_type == "Kuryr"
register: compute_trunks
- name: 'Create the Compute trunks'
command:
ansible.builtin.command:
cmd: "openstack network trunk create --parent-port {{ item.1.id }} {{ os_compute_trunk_name }}-{{ item.0 }}"
with_indexed_items: "{{ ports.results }}"
when:
@@ -42,13 +42,13 @@
- "os_compute_trunk_name|string not in compute_trunks.stdout"
- name: 'List the Server groups'
command:
ansible.builtin.command:
# os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy
cmd: "openstack --os-compute-api-version=2.15 server group list -f json -c ID -c Name"
register: server_group_list
- name: 'Parse the Server group ID from existing'
set_fact:
ansible.builtin.set_fact:
server_group_id: "{{ (server_group_list.stdout | from_json | json_query(list_query) | first).ID }}"
vars:
list_query: "[?Name=='{{ os_compute_server_group_name }}']"
@@ -56,7 +56,7 @@
- "os_compute_server_group_name|string in server_group_list.stdout"
- name: 'Create the Compute server group'
command:
ansible.builtin.command:
# os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy
cmd: "openstack --os-compute-api-version=2.15 server group create -f json -c id --policy=soft-anti-affinity {{ os_compute_server_group_name }}"
register: server_group_created
@@ -64,13 +64,13 @@
- server_group_id is not defined
- name: 'Parse the Server group ID from creation'
set_fact:
ansible.builtin.set_fact:
server_group_id: "{{ (server_group_created.stdout | from_json).id }}"
when:
- server_group_id is not defined
- name: 'Create the Compute servers'
os_server:
openstack.cloud.server:
name: "{{ item.1 }}-{{ item.0 }}"
image: "{{ os_image_rhcos }}"
flavor: "{{ os_flavor_worker }}"

20
upi/openstack/control-plane.yaml
View File

@@ -5,14 +5,14 @@
# openstacksdk
# netaddr
- import_playbook: common.yaml
- ansible.builtin.import_playbook: common.yaml
- hosts: all
gather_facts: no
tasks:
- name: 'Create the Control Plane ports'
os_port:
openstack.cloud.port:
name: "{{ item.1 }}-{{ item.0 }}"
network: "{{ os_network }}"
security_groups:
@@ -24,18 +24,18 @@
register: ports
- name: 'Set Control Plane ports tag'
command:
ansible.builtin.command:
cmd: "openstack port set --tag {{ cluster_id_tag }} {{ item.1 }}-{{ item.0 }}"
with_indexed_items: "{{ [os_port_master] * os_cp_nodes_number }}"
- name: 'List the Control Plane Trunks'
command:
ansible.builtin.command:
cmd: "openstack network trunk list"
when: os_networking_type == "Kuryr"
register: control_plane_trunks
- name: 'Create the Control Plane trunks'
command:
ansible.builtin.command:
cmd: "openstack network trunk create --parent-port {{ item.1.id }} {{ os_cp_trunk_name }}-{{ item.0 }}"
with_indexed_items: "{{ ports.results }}"
when:
@@ -43,13 +43,13 @@
- "os_cp_trunk_name|string not in control_plane_trunks.stdout"
- name: 'List the Server groups'
command:
ansible.builtin.command:
# os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy
cmd: "openstack --os-compute-api-version=2.15 server group list -f json -c ID -c Name"
register: server_group_list
- name: 'Parse the Server group ID from existing'
set_fact:
ansible.builtin.set_fact:
server_group_id: "{{ (server_group_list.stdout | from_json | json_query(list_query) | first).ID }}"
vars:
list_query: "[?Name=='{{ os_cp_server_group_name }}']"
@@ -57,7 +57,7 @@
- "os_cp_server_group_name|string in server_group_list.stdout"
- name: 'Create the Control Plane server group'
command:
ansible.builtin.command:
# os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy
cmd: "openstack --os-compute-api-version=2.15 server group create -f json -c id --policy=soft-anti-affinity {{ os_cp_server_group_name }}"
register: server_group_created
@@ -65,13 +65,13 @@
- server_group_id is not defined
- name: 'Parse the Server group ID from creation'
set_fact:
ansible.builtin.set_fact:
server_group_id: "{{ (server_group_created.stdout | from_json).id }}"
when:
- server_group_id is not defined
- name: 'Create the Control Plane servers'
os_server:
openstack.cloud.server:
name: "{{ item.1 }}-{{ item.0 }}"
image: "{{ os_image_rhcos }}"
flavor: "{{ os_flavor_master }}"

6
upi/openstack/down-bootstrap.yaml
View File

@@ -3,18 +3,18 @@
# ansible
# openstacksdk
- import_playbook: common.yaml
- ansible.builtin.import_playbook: common.yaml
- hosts: all
gather_facts: no
tasks:
- name: 'Remove the bootstrap server'
os_server:
openstack.cloud.server:
name: "{{ os_bootstrap_server_name }}"
state: absent
- name: 'Remove the bootstrap server port'
os_port:
openstack.cloud.port:
name: "{{ os_port_bootstrap }}"
state: absent

16
upi/openstack/down-compute-nodes.yaml
View File

@@ -4,26 +4,26 @@
# openstackclient
# openstacksdk
- import_playbook: common.yaml
- ansible.builtin.import_playbook: common.yaml
- hosts: all
gather_facts: no
tasks:
- name: 'Remove the Compute servers'
os_server:
openstack.cloud.server:
name: "{{ item.1 }}-{{ item.0 }}"
state: absent
with_indexed_items: "{{ [os_compute_server_name] * os_compute_nodes_number }}"
- name: 'List the Server groups'
command:
ansible.builtin.command:
# os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy
cmd: "openstack --os-compute-api-version=2.15 server group list -f json -c ID -c Name"
register: server_group_list
- name: 'Parse the Server group ID from existing'
set_fact:
ansible.builtin.set_fact:
server_group_id: "{{ (server_group_list.stdout | from_json | json_query(list_query) | first).ID }}"
vars:
list_query: "[?Name=='{{ os_compute_server_group_name }}']"
@@ -31,20 +31,20 @@
- "os_compute_server_group_name|string in server_group_list.stdout"
- name: 'Remove the Compute server group'
command:
ansible.builtin.command:
# os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy
cmd: "openstack --os-compute-api-version=2.15 server group delete {{ server_group_id }}"
when:
- server_group_id is defined
- name: 'List the Compute trunks'
command:
ansible.builtin.command:
cmd: "openstack network trunk list -c Name -f value"
when: os_networking_type == "Kuryr"
register: trunks
- name: 'Remove the Compute trunks'
command:
ansible.builtin.command:
cmd: "openstack network trunk delete {{ item.1 }}-{{ item.0 }}"
when:
- os_networking_type == "Kuryr"
@@ -52,7 +52,7 @@
with_indexed_items: "{{ [os_compute_trunk_name] * os_compute_nodes_number }}"
- name: 'Remove the Compute ports'
os_port:
openstack.cloud.port:
name: "{{ item.1 }}-{{ item.0 }}"
state: absent
with_indexed_items: "{{ [os_port_worker] * os_compute_nodes_number }}"

6
upi/openstack/down-containers.yaml
View File

@@ -4,18 +4,18 @@
# openstackclient
# openstacksdk
- import_playbook: common.yaml
- ansible.builtin.import_playbook: common.yaml
- hosts: all
gather_facts: no
tasks:
- name: 'List the containers associated with the cluster'
command:
ansible.builtin.command:
cmd: "openstack container list --prefix {{ os_infra_id }} -f value -c Name"
register: container_list
- name: 'Delete the containers associated with the cluster'
command:
ansible.builtin.command:
cmd: "openstack container delete -r {{ container_list.stdout }}"
when: container_list.stdout|length > 0

16
upi/openstack/down-control-plane.yaml
View File

@@ -4,26 +4,26 @@
# openstackclient
# openstacksdk
- import_playbook: common.yaml
- ansible.builtin.import_playbook: common.yaml
- hosts: all
gather_facts: no
tasks:
- name: 'Remove the Control Plane servers'
os_server:
openstack.cloud.server:
name: "{{ item.1 }}-{{ item.0 }}"
state: absent
with_indexed_items: "{{ [os_cp_server_name] * os_cp_nodes_number }}"
- name: 'List the Server groups'
command:
ansible.builtin.command:
# os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy
cmd: "openstack --os-compute-api-version=2.15 server group list -f json -c ID -c Name"
register: server_group_list
- name: 'Parse the Server group ID from existing'
set_fact:
ansible.builtin.set_fact:
server_group_id: "{{ (server_group_list.stdout | from_json | json_query(list_query) | first).ID }}"
vars:
list_query: "[?Name=='{{ os_cp_server_group_name }}']"
@@ -31,20 +31,20 @@
- "os_cp_server_group_name|string in server_group_list.stdout"
- name: 'Remove the Control Plane server group'
command:
ansible.builtin.command:
# os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy
cmd: "openstack --os-compute-api-version=2.15 server group delete {{ server_group_id }}"
when:
- server_group_id is defined
- name: 'List the Compute trunks'
command:
ansible.builtin.command:
cmd: "openstack network trunk list -c Name -f value"
when: os_networking_type == "Kuryr"
register: trunks
- name: 'Remove the Control Plane trunks'
command:
ansible.builtin.command:
cmd: "openstack network trunk delete {{ item.1 }}-{{ item.0 }}"
when:
- os_networking_type == "Kuryr"
@@ -52,7 +52,7 @@
with_indexed_items: "{{ [os_cp_trunk_name] * os_cp_nodes_number }}"
- name: 'Remove the Control Plane ports'
os_port:
openstack.cloud.port:
name: "{{ item.1 }}-{{ item.0 }}"
state: absent
with_indexed_items: "{{ [os_port_master] * os_cp_nodes_number }}"

16
upi/openstack/down-load-balancers.yaml
View File

@@ -4,19 +4,19 @@
# openstackcli
# openstacksdk
- import_playbook: common.yaml
- ansible.builtin.import_playbook: common.yaml
- hosts: all
gather_facts: no
tasks:
- name: 'Get an auth token'
os_auth:
openstack.cloud.auth:
register: cloud
when: os_networking_type == "Kuryr"
- name: 'List octavia versions'
uri:
ansible.builtin.uri:
method: GET
headers:
X-Auth-Token: "{{ cloud.ansible_facts.auth_token }}"
@@ -25,12 +25,12 @@
register: octavia_versions
when: os_networking_type == "Kuryr"
- set_fact:
- ansible.builtin.set_fact:
versions: "{{ octavia_versions.json.versions | selectattr('id', 'match', 'v2.5') | map(attribute='id') | list }}"
when: os_networking_type == "Kuryr"
- name: 'List tagged loadbalancers'
uri:
ansible.builtin.uri:
method: GET
headers:
X-Auth-Token: "{{ cloud.ansible_facts.auth_token }}"
@@ -44,7 +44,7 @@
# for each service present on the cluster. Let's make
# sure to remove the resources generated.
- name: 'Remove the cluster load balancers'
command:
ansible.builtin.command:
cmd: "openstack loadbalancer delete --cascade {{ item.id }}"
with_items: "{{ lbs_tagged.json.loadbalancers }}"
when:
@@ -53,7 +53,7 @@
- '"PENDING" not in item.provisioning_status'
- name: 'List loadbalancers tagged on description'
uri:
ansible.builtin.uri:
method: GET
headers:
X-Auth-Token: "{{ cloud.ansible_facts.auth_token }}"
@@ -67,7 +67,7 @@
# for each service present on the cluster. Let's make
# sure to remove the resources generated.
- name: 'Remove the cluster load balancers'
command:
ansible.builtin.command:
cmd: "openstack loadbalancer delete --cascade {{ item.id }}"
with_items: "{{ lbs_description.json.loadbalancers }}"
when:

24
upi/openstack/down-network.yaml
View File

@@ -4,65 +4,65 @@
# openstackclient
# openstacksdk
- import_playbook: common.yaml
- ansible.builtin.import_playbook: common.yaml
- hosts: all
gather_facts: no
tasks:
- name: 'List ports attatched to router'
command:
ansible.builtin.command:
cmd: "openstack port list --device-owner=network:router_interface --tags {{ cluster_id_tag }} -f value -c id"
register: router_ports
- name: 'Remove the ports from router'
command:
ansible.builtin.command:
cmd: "openstack router remove port {{ os_router }} {{ item.1}}"
with_indexed_items: "{{ router_ports.stdout_lines }}"
- name: 'List ha ports attached to router'
command:
ansible.builtin.command:
cmd: "openstack port list --device-owner=network:ha_router_replicated_interface --tags {{ cluster_id_tag }} -f value -c id"
register: ha_router_ports
- name: 'Remove the ha ports from router'
command:
ansible.builtin.command:
cmd: "openstack router remove port {{ os_router }} {{ item.1}}"
with_indexed_items: "{{ ha_router_ports.stdout_lines }}"
- name: 'List ports'
command:
ansible.builtin.command:
cmd: "openstack port list --tags {{ cluster_id_tag }} -f value -c id"
register: ports
- name: 'Remove the cluster ports'
command:
ansible.builtin.command:
cmd: "openstack port delete {{ ports.stdout_lines | join(' ') }}"
when: ports.stdout != ""
- name: 'Remove the cluster router'
os_router:
openstack.cloud.router:
name: "{{ os_router }}"
state: absent
- name: 'List cluster networks'
command:
ansible.builtin.command:
cmd: "openstack network list --tags {{ cluster_id_tag }} -f value -c ID"
register: networks
- name: 'Remove the cluster networks'
command:
ansible.builtin.command:
cmd: "openstack network delete {{ networks.stdout_lines | join(' ') }}"
when: networks.stdout != ""
- name: 'List the cluster subnet pool'
command:
ansible.builtin.command:
cmd: "openstack subnet pool list --name {{ subnet_pool }}"
when: os_networking_type == "Kuryr"
register: pods_subnet_pool
- name: 'Remove the cluster subnet pool'
command:
ansible.builtin.command:
cmd: "openstack subnet pool delete {{ subnet_pool }}"
when:
- os_networking_type == "Kuryr"

6
upi/openstack/down-security-groups.yaml
View File

@@ -4,18 +4,18 @@
# openstackclient
# openstacksdk
- import_playbook: common.yaml
- ansible.builtin.import_playbook: common.yaml
- hosts: all
gather_facts: no
tasks:
- name: 'List security groups'
command:
ansible.builtin.command:
cmd: "openstack security group list --tags {{ cluster_id_tag }} -f value -c ID"
register: security_groups
- name: 'Remove the cluster security groups'
command:
ansible.builtin.command:
cmd: "openstack security group delete {{ item.1 }}"
with_indexed_items: "{{ security_groups.stdout_lines }}"

48
upi/openstack/network.yaml
View File

@@ -5,22 +5,22 @@
# openstacksdk
# netaddr
- import_playbook: common.yaml
- ansible.builtin.import_playbook: common.yaml
- hosts: all
gather_facts: no
tasks:
- name: 'Create the primary cluster network'
os_network:
openstack.cloud.network:
name: "{{ os_network }}"
- name: 'Set tags on the primary cluster network'
command:
ansible.builtin.command:
cmd: "openstack network set --tag {{ primary_cluster_network_tag }} --tag {{ cluster_id_tag }} {{ os_network }}"
- name: 'Create the primary cluster subnet'
os_subnet:
openstack.cloud.subnet:
name: "{{ os_subnet }}"
network_name: "{{ os_network }}"
cidr: "{{ os_subnet_range }}"
@@ -29,21 +29,21 @@
dns_nameservers: "{{ os_external_dns }}"
- name: 'Set tags on primary cluster subnet'
command:
ansible.builtin.command:
cmd: "openstack subnet set --tag {{ cluster_id_tag }} {{ os_subnet }}"
- name: 'Create the service network'
os_network:
openstack.cloud.network:
name: "{{ os_svc_network }}"
when: os_networking_type == "Kuryr"
- name: 'Set the service network tag'
command:
ansible.builtin.command:
cmd: "openstack network set --tag {{ cluster_id_tag }} {{ os_svc_network }}"
when: os_networking_type == "Kuryr"
- name: 'Computing facts for service subnet'
set_fact:
ansible.builtin.set_fact:
first_ip_svc_subnet_range: "{{ svc_subnet_range | ipv4('network') }}"
last_ip_svc_subnet_range: "{{ svc_subnet_range | ansible.utils.ipaddr('last_usable') |ipmath(1) }}"
first_ip_os_svc_network_range: "{{ os_svc_network_range | ipv4('network') }}"
@@ -52,57 +52,57 @@
when: os_networking_type == "Kuryr"
- name: 'Get first part of OpenStack network'
set_fact:
ansible.builtin.set_fact:
allocation_pool: "{{ allocation_pool + '--allocation-pool start={{ first_ip_os_svc_network_range | ipmath(1) }},end={{ first_ip_svc_subnet_range |ipmath(-1) }}' }}"
when:
- os_networking_type == "Kuryr"
- first_ip_svc_subnet_range != first_ip_os_svc_network_range
- name: 'Get last part of OpenStack network'
set_fact:
ansible.builtin.set_fact:
allocation_pool: "{{ allocation_pool + ' --allocation-pool start={{ last_ip_svc_subnet_range | ipmath(1) }},end={{ last_ip_os_svc_network_range |ipmath(-1) }}' }}"
when:
- os_networking_type == "Kuryr"
- last_ip_svc_subnet_range != last_ip_os_svc_network_range
- name: 'Get end of allocation'
set_fact:
ansible.builtin.set_fact:
gateway_ip: "{{ allocation_pool.split('=')[-1] }}"
when: os_networking_type == "Kuryr"
- name: 'replace last IP'
set_fact:
ansible.builtin.set_fact:
allocation_pool: "{{ allocation_pool | replace(gateway_ip, gateway_ip | ipmath(-1))}}"
when: os_networking_type == "Kuryr"
- name: 'list service subnet'
command:
ansible.builtin.command:
cmd: "openstack subnet list --name {{ os_svc_subnet }} --tag {{ cluster_id_tag }}"
when: os_networking_type == "Kuryr"
register: svc_subnet
- name: 'Create the service subnet'
command:
ansible.builtin.command:
cmd: "openstack subnet create --ip-version 4 --gateway {{ gateway_ip }} --subnet-range {{ os_svc_network_range }} {{ allocation_pool }} --no-dhcp --network {{ os_svc_network }} --tag {{ cluster_id_tag }} {{ os_svc_subnet }}"
when:
- os_networking_type == "Kuryr"
- svc_subnet.stdout == ""
- name: 'list subnet pool'
command:
ansible.builtin.command:
cmd: "openstack subnet pool list --name {{ subnet_pool }} --tags {{ cluster_id_tag }}"
when: os_networking_type == "Kuryr"
register: pods_subnet_pool
- name: 'Create pods subnet pool'
command:
ansible.builtin.command:
cmd: "openstack subnet pool create --default-prefix-length {{ host_prefix }} --pool-prefix {{ cluster_network_cidrs }} --tag {{ cluster_id_tag }} {{ subnet_pool }}"
when:
- os_networking_type == "Kuryr"
- pods_subnet_pool.stdout == ""
- name: 'Create external router'
os_router:
openstack.cloud.router:
name: "{{ os_router }}"
network: "{{ os_external_network }}"
interfaces:
@@ -110,12 +110,12 @@
when: os_external_network is defined and os_external_network|length>0
- name: 'Set external router tag'
command:
ansible.builtin.command:
cmd: "openstack router set --tag {{ cluster_id_tag }} {{ os_router }}"
when: os_external_network is defined and os_external_network|length>0
- name: 'Create the API port'
os_port:
openstack.cloud.port:
name: "{{ os_port_api }}"
network: "{{ os_network }}"
security_groups:
@@ -125,11 +125,11 @@
ip_address: "{{ os_apiVIP }}"
- name: 'Set API port tag'
command:
ansible.builtin.command:
cmd: "openstack port set --tag {{ cluster_id_tag }} {{ os_port_api }}"
- name: 'Create the Ingress port'
os_port:
openstack.cloud.port:
name: "{{ os_port_ingress }}"
network: "{{ os_network }}"
security_groups:
@@ -139,19 +139,19 @@
ip_address: "{{ os_ingressVIP }}"
- name: 'Set the Ingress port tag'
command:
ansible.builtin.command:
cmd: "openstack port set --tag {{ cluster_id_tag }} {{ os_port_ingress }}"
# NOTE: openstack ansible module doesn't allow attaching Floating IPs to
# ports, let's use the CLI instead
- name: 'Attach the API floating IP to API port'
command:
ansible.builtin.command:
cmd: "openstack floating ip set --port {{ os_port_api }} {{ os_api_fip }}"
when: os_api_fip is defined and os_api_fip|length>0
# NOTE: openstack ansible module doesn't allow attaching Floating IPs to
# ports, let's use the CLI instead
- name: 'Attach the Ingress floating IP to Ingress port'
command:
ansible.builtin.command:
cmd: "openstack floating ip set --port {{ os_port_ingress }} {{ os_ingress_fip }}"
when: os_ingress_fip is defined and os_ingress_fip|length>0

80
upi/openstack/security-groups.yaml
View File

@@ -4,35 +4,35 @@
# openstackclient
# openstacksdk
- import_playbook: common.yaml
- ansible.builtin.import_playbook: common.yaml
- hosts: all
gather_facts: no
tasks:
- name: 'Create the master security group'
os_security_group:
openstack.cloud.security_group:
name: "{{ os_sg_master }}"
- name: 'Set master security group tag'
command:
ansible.builtin.command:
cmd: "openstack security group set --tag {{ cluster_id_tag }} {{ os_sg_master }} "
- name: 'Create the worker security group'
os_security_group:
openstack.cloud.security_group:
name: "{{ os_sg_worker }}"
- name: 'Set worker security group tag'
command:
ansible.builtin.command:
cmd: "openstack security group set --tag {{ cluster_id_tag }} {{ os_sg_worker }} "
- name: 'Create master-sg rule "ICMP"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: icmp
- name: 'Create master-sg rule "machine config server"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: tcp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -40,7 +40,7 @@
port_range_max: 22623
- name: 'Create master-sg rule "SSH"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: tcp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -48,7 +48,7 @@
port_range_max: 22
- name: 'Create master-sg rule "DNS (TCP)"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
remote_ip_prefix: "{{ os_subnet_range }}"
protocol: tcp
@@ -56,7 +56,7 @@
port_range_max: 53
- name: 'Create master-sg rule "DNS (UDP)"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
remote_ip_prefix: "{{ os_subnet_range }}"
protocol: udp
@@ -64,14 +64,14 @@
port_range_max: 53
- name: 'Create master-sg rule "OpenShift API"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: tcp
port_range_min: 6443
port_range_max: 6443
- name: 'Create master-sg rule "VXLAN"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: udp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -79,7 +79,7 @@
port_range_max: 4789
- name: 'Create master-sg rule "Geneve"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: udp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -87,7 +87,7 @@
port_range_max: 6081
- name: 'Create master-sg rule "IPsec IKE"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: udp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -95,7 +95,7 @@
port_range_max: 500
- name: 'Create master-sg rule "IPsec NAT-T"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: udp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -103,7 +103,7 @@
port_range_max: 4500
- name: 'Create master-sg rule "ovndb"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: tcp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -111,7 +111,7 @@
port_range_max: 6642
- name: 'Create master-sg rule "master ingress internal (TCP)"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: tcp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -119,7 +119,7 @@
port_range_max: 9999
- name: 'Create master-sg rule "master ingress internal (UDP)"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: udp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -127,7 +127,7 @@
port_range_max: 9999
- name: 'Create master-sg rule "kube scheduler"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: tcp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -135,7 +135,7 @@
port_range_max: 10259
- name: 'Create master-sg rule "kube controller manager"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: tcp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -143,7 +143,7 @@
port_range_max: 10257
- name: 'Create master-sg rule "master ingress kubelet secure"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: tcp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -151,7 +151,7 @@
port_range_max: 10250
- name: 'Create master-sg rule "etcd"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: tcp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -159,7 +159,7 @@
port_range_max: 2380
- name: 'Create master-sg rule "master ingress services (TCP)"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: tcp
remote_ip_prefix: "0.0.0.0/0"
@@ -167,7 +167,7 @@
port_range_max: 32767
- name: 'Create master-sg rule "master ingress services (UDP)"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: udp
remote_ip_prefix: "0.0.0.0/0"
@@ -175,19 +175,19 @@
port_range_max: 32767
- name: 'Create master-sg rule "VRRP"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_master }}"
protocol: '112'
remote_ip_prefix: "{{ os_subnet_range }}"
- name: 'Create worker-sg rule "ICMP"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: icmp
- name: 'Create worker-sg rule "SSH"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: tcp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -195,21 +195,21 @@
port_range_max: 22
- name: 'Create worker-sg rule "Ingress HTTP"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: tcp
port_range_min: 80
port_range_max: 80
- name: 'Create worker-sg rule "Ingress HTTPS"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: tcp
port_range_min: 443
port_range_max: 443
- name: 'Create worker-sg rule "router"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: tcp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -217,7 +217,7 @@
port_range_max: 1936
- name: 'Create worker-sg rule "VXLAN"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: udp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -225,7 +225,7 @@
port_range_max: 4789
- name: 'Create worker-sg rule "Geneve"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: udp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -233,7 +233,7 @@
port_range_max: 6081
- name: 'Create worker-sg rule "IPsec IKE"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: udp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -241,7 +241,7 @@
port_range_max: 500
- name: 'Create worker-sg rule "IPsec NAT-T"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: udp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -249,7 +249,7 @@
port_range_max: 4500
- name: 'Create worker-sg rule "worker ingress internal (TCP)"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: tcp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -257,7 +257,7 @@
port_range_max: 9999
- name: 'Create worker-sg rule "worker ingress internal (UDP)"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: udp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -265,7 +265,7 @@
port_range_max: 9999
- name: 'Create worker-sg rule "worker ingress kubelet insecure"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: tcp
remote_ip_prefix: "{{ os_subnet_range }}"
@@ -273,7 +273,7 @@
port_range_max: 10250
- name: 'Create worker-sg rule "worker ingress services (TCP)"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: tcp
remote_ip_prefix: "0.0.0.0/0"
@@ -281,7 +281,7 @@
port_range_max: 32767
- name: 'Create worker-sg rule "worker ingress services (UDP)"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: udp
remote_ip_prefix: "0.0.0.0/0"
@@ -289,7 +289,7 @@
port_range_max: 32767
- name: 'Create worker-sg rule "VRRP"'
os_security_group_rule:
openstack.cloud.security_group_rule:
security_group: "{{ os_sg_worker }}"
protocol: '112'
remote_ip_prefix: "{{ os_subnet_range }}"