From aa258c01abee08c396d5cdc29f8aef6d44434307 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Thu, 27 Jul 2023 11:38:28 -0400 Subject: [PATCH] openstack/upi: add missing modules namespaces --- upi/openstack/bootstrap.yaml | 2 +- upi/openstack/compute-nodes.yaml | 20 +++---- upi/openstack/control-plane.yaml | 20 +++---- upi/openstack/down-bootstrap.yaml | 6 +- upi/openstack/down-compute-nodes.yaml | 16 ++--- upi/openstack/down-containers.yaml | 6 +- upi/openstack/down-control-plane.yaml | 16 ++--- upi/openstack/down-load-balancers.yaml | 16 ++--- upi/openstack/down-network.yaml | 24 ++++---- upi/openstack/down-security-groups.yaml | 6 +- upi/openstack/network.yaml | 48 +++++++-------- upi/openstack/security-groups.yaml | 80 ++++++++++++------------- 12 files changed, 130 insertions(+), 130 deletions(-) diff --git a/upi/openstack/bootstrap.yaml b/upi/openstack/bootstrap.yaml index a18edc1144..6fd2300df5 100644 --- a/upi/openstack/bootstrap.yaml +++ b/upi/openstack/bootstrap.yaml @@ -5,7 +5,7 @@ # openstacksdk # netaddr -- import_playbook: common.yaml +- ansible.builtin.import_playbook: common.yaml - hosts: all gather_facts: no diff --git a/upi/openstack/compute-nodes.yaml b/upi/openstack/compute-nodes.yaml index 745a6d9720..04f523d066 100644 --- a/upi/openstack/compute-nodes.yaml +++ b/upi/openstack/compute-nodes.yaml @@ -5,14 +5,14 @@ # openstacksdk # netaddr -- import_playbook: common.yaml +- ansible.builtin.import_playbook: common.yaml - hosts: all gather_facts: no tasks: - name: 'Create the Compute ports' - os_port: + openstack.cloud.port: name: "{{ item.1 }}-{{ item.0 }}" network: "{{ os_network }}" security_groups: @@ -23,18 +23,18 @@ register: ports - name: 'Set Compute ports tag' - command: + ansible.builtin.command: cmd: "openstack port set --tag {{ cluster_id_tag }} {{ item.1 }}-{{ item.0 }}" with_indexed_items: "{{ [os_port_worker] * os_compute_nodes_number }}" - name: 'List the Compute Trunks' - command: + ansible.builtin.command: cmd: "openstack network trunk list" when: os_networking_type == "Kuryr" register: compute_trunks - name: 'Create the Compute trunks' - command: + ansible.builtin.command: cmd: "openstack network trunk create --parent-port {{ item.1.id }} {{ os_compute_trunk_name }}-{{ item.0 }}" with_indexed_items: "{{ ports.results }}" when: @@ -42,13 +42,13 @@ - "os_compute_trunk_name|string not in compute_trunks.stdout" - name: 'List the Server groups' - command: + ansible.builtin.command: # os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy cmd: "openstack --os-compute-api-version=2.15 server group list -f json -c ID -c Name" register: server_group_list - name: 'Parse the Server group ID from existing' - set_fact: + ansible.builtin.set_fact: server_group_id: "{{ (server_group_list.stdout | from_json | json_query(list_query) | first).ID }}" vars: list_query: "[?Name=='{{ os_compute_server_group_name }}']" @@ -56,7 +56,7 @@ - "os_compute_server_group_name|string in server_group_list.stdout" - name: 'Create the Compute server group' - command: + ansible.builtin.command: # os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy cmd: "openstack --os-compute-api-version=2.15 server group create -f json -c id --policy=soft-anti-affinity {{ os_compute_server_group_name }}" register: server_group_created @@ -64,13 +64,13 @@ - server_group_id is not defined - name: 'Parse the Server group ID from creation' - set_fact: + ansible.builtin.set_fact: server_group_id: "{{ (server_group_created.stdout | from_json).id }}" when: - server_group_id is not defined - name: 'Create the Compute servers' - os_server: + openstack.cloud.server: name: "{{ item.1 }}-{{ item.0 }}" image: "{{ os_image_rhcos }}" flavor: "{{ os_flavor_worker }}" diff --git a/upi/openstack/control-plane.yaml b/upi/openstack/control-plane.yaml index b4b5e35451..02d44e5365 100644 --- a/upi/openstack/control-plane.yaml +++ b/upi/openstack/control-plane.yaml @@ -5,14 +5,14 @@ # openstacksdk # netaddr -- import_playbook: common.yaml +- ansible.builtin.import_playbook: common.yaml - hosts: all gather_facts: no tasks: - name: 'Create the Control Plane ports' - os_port: + openstack.cloud.port: name: "{{ item.1 }}-{{ item.0 }}" network: "{{ os_network }}" security_groups: @@ -24,18 +24,18 @@ register: ports - name: 'Set Control Plane ports tag' - command: + ansible.builtin.command: cmd: "openstack port set --tag {{ cluster_id_tag }} {{ item.1 }}-{{ item.0 }}" with_indexed_items: "{{ [os_port_master] * os_cp_nodes_number }}" - name: 'List the Control Plane Trunks' - command: + ansible.builtin.command: cmd: "openstack network trunk list" when: os_networking_type == "Kuryr" register: control_plane_trunks - name: 'Create the Control Plane trunks' - command: + ansible.builtin.command: cmd: "openstack network trunk create --parent-port {{ item.1.id }} {{ os_cp_trunk_name }}-{{ item.0 }}" with_indexed_items: "{{ ports.results }}" when: @@ -43,13 +43,13 @@ - "os_cp_trunk_name|string not in control_plane_trunks.stdout" - name: 'List the Server groups' - command: + ansible.builtin.command: # os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy cmd: "openstack --os-compute-api-version=2.15 server group list -f json -c ID -c Name" register: server_group_list - name: 'Parse the Server group ID from existing' - set_fact: + ansible.builtin.set_fact: server_group_id: "{{ (server_group_list.stdout | from_json | json_query(list_query) | first).ID }}" vars: list_query: "[?Name=='{{ os_cp_server_group_name }}']" @@ -57,7 +57,7 @@ - "os_cp_server_group_name|string in server_group_list.stdout" - name: 'Create the Control Plane server group' - command: + ansible.builtin.command: # os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy cmd: "openstack --os-compute-api-version=2.15 server group create -f json -c id --policy=soft-anti-affinity {{ os_cp_server_group_name }}" register: server_group_created @@ -65,13 +65,13 @@ - server_group_id is not defined - name: 'Parse the Server group ID from creation' - set_fact: + ansible.builtin.set_fact: server_group_id: "{{ (server_group_created.stdout | from_json).id }}" when: - server_group_id is not defined - name: 'Create the Control Plane servers' - os_server: + openstack.cloud.server: name: "{{ item.1 }}-{{ item.0 }}" image: "{{ os_image_rhcos }}" flavor: "{{ os_flavor_master }}" diff --git a/upi/openstack/down-bootstrap.yaml b/upi/openstack/down-bootstrap.yaml index acaad6a182..c8012b64fd 100644 --- a/upi/openstack/down-bootstrap.yaml +++ b/upi/openstack/down-bootstrap.yaml @@ -3,18 +3,18 @@ # ansible # openstacksdk -- import_playbook: common.yaml +- ansible.builtin.import_playbook: common.yaml - hosts: all gather_facts: no tasks: - name: 'Remove the bootstrap server' - os_server: + openstack.cloud.server: name: "{{ os_bootstrap_server_name }}" state: absent - name: 'Remove the bootstrap server port' - os_port: + openstack.cloud.port: name: "{{ os_port_bootstrap }}" state: absent diff --git a/upi/openstack/down-compute-nodes.yaml b/upi/openstack/down-compute-nodes.yaml index 1de2144d8c..a24c56c9ae 100644 --- a/upi/openstack/down-compute-nodes.yaml +++ b/upi/openstack/down-compute-nodes.yaml @@ -4,26 +4,26 @@ # openstackclient # openstacksdk -- import_playbook: common.yaml +- ansible.builtin.import_playbook: common.yaml - hosts: all gather_facts: no tasks: - name: 'Remove the Compute servers' - os_server: + openstack.cloud.server: name: "{{ item.1 }}-{{ item.0 }}" state: absent with_indexed_items: "{{ [os_compute_server_name] * os_compute_nodes_number }}" - name: 'List the Server groups' - command: + ansible.builtin.command: # os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy cmd: "openstack --os-compute-api-version=2.15 server group list -f json -c ID -c Name" register: server_group_list - name: 'Parse the Server group ID from existing' - set_fact: + ansible.builtin.set_fact: server_group_id: "{{ (server_group_list.stdout | from_json | json_query(list_query) | first).ID }}" vars: list_query: "[?Name=='{{ os_compute_server_group_name }}']" @@ -31,20 +31,20 @@ - "os_compute_server_group_name|string in server_group_list.stdout" - name: 'Remove the Compute server group' - command: + ansible.builtin.command: # os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy cmd: "openstack --os-compute-api-version=2.15 server group delete {{ server_group_id }}" when: - server_group_id is defined - name: 'List the Compute trunks' - command: + ansible.builtin.command: cmd: "openstack network trunk list -c Name -f value" when: os_networking_type == "Kuryr" register: trunks - name: 'Remove the Compute trunks' - command: + ansible.builtin.command: cmd: "openstack network trunk delete {{ item.1 }}-{{ item.0 }}" when: - os_networking_type == "Kuryr" @@ -52,7 +52,7 @@ with_indexed_items: "{{ [os_compute_trunk_name] * os_compute_nodes_number }}" - name: 'Remove the Compute ports' - os_port: + openstack.cloud.port: name: "{{ item.1 }}-{{ item.0 }}" state: absent with_indexed_items: "{{ [os_port_worker] * os_compute_nodes_number }}" diff --git a/upi/openstack/down-containers.yaml b/upi/openstack/down-containers.yaml index 3b0c3f553a..dc3caf8c0c 100644 --- a/upi/openstack/down-containers.yaml +++ b/upi/openstack/down-containers.yaml @@ -4,18 +4,18 @@ # openstackclient # openstacksdk -- import_playbook: common.yaml +- ansible.builtin.import_playbook: common.yaml - hosts: all gather_facts: no tasks: - name: 'List the containers associated with the cluster' - command: + ansible.builtin.command: cmd: "openstack container list --prefix {{ os_infra_id }} -f value -c Name" register: container_list - name: 'Delete the containers associated with the cluster' - command: + ansible.builtin.command: cmd: "openstack container delete -r {{ container_list.stdout }}" when: container_list.stdout|length > 0 diff --git a/upi/openstack/down-control-plane.yaml b/upi/openstack/down-control-plane.yaml index 6aeb3995fa..58e5a3f30c 100644 --- a/upi/openstack/down-control-plane.yaml +++ b/upi/openstack/down-control-plane.yaml @@ -4,26 +4,26 @@ # openstackclient # openstacksdk -- import_playbook: common.yaml +- ansible.builtin.import_playbook: common.yaml - hosts: all gather_facts: no tasks: - name: 'Remove the Control Plane servers' - os_server: + openstack.cloud.server: name: "{{ item.1 }}-{{ item.0 }}" state: absent with_indexed_items: "{{ [os_cp_server_name] * os_cp_nodes_number }}" - name: 'List the Server groups' - command: + ansible.builtin.command: # os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy cmd: "openstack --os-compute-api-version=2.15 server group list -f json -c ID -c Name" register: server_group_list - name: 'Parse the Server group ID from existing' - set_fact: + ansible.builtin.set_fact: server_group_id: "{{ (server_group_list.stdout | from_json | json_query(list_query) | first).ID }}" vars: list_query: "[?Name=='{{ os_cp_server_group_name }}']" @@ -31,20 +31,20 @@ - "os_cp_server_group_name|string in server_group_list.stdout" - name: 'Remove the Control Plane server group' - command: + ansible.builtin.command: # os-compute-api-version 2.15 or higher is required for the 'soft-anti-affinity' policy cmd: "openstack --os-compute-api-version=2.15 server group delete {{ server_group_id }}" when: - server_group_id is defined - name: 'List the Compute trunks' - command: + ansible.builtin.command: cmd: "openstack network trunk list -c Name -f value" when: os_networking_type == "Kuryr" register: trunks - name: 'Remove the Control Plane trunks' - command: + ansible.builtin.command: cmd: "openstack network trunk delete {{ item.1 }}-{{ item.0 }}" when: - os_networking_type == "Kuryr" @@ -52,7 +52,7 @@ with_indexed_items: "{{ [os_cp_trunk_name] * os_cp_nodes_number }}" - name: 'Remove the Control Plane ports' - os_port: + openstack.cloud.port: name: "{{ item.1 }}-{{ item.0 }}" state: absent with_indexed_items: "{{ [os_port_master] * os_cp_nodes_number }}" diff --git a/upi/openstack/down-load-balancers.yaml b/upi/openstack/down-load-balancers.yaml index dc702ebbb8..582c1373cd 100644 --- a/upi/openstack/down-load-balancers.yaml +++ b/upi/openstack/down-load-balancers.yaml @@ -4,19 +4,19 @@ # openstackcli # openstacksdk -- import_playbook: common.yaml +- ansible.builtin.import_playbook: common.yaml - hosts: all gather_facts: no tasks: - name: 'Get an auth token' - os_auth: + openstack.cloud.auth: register: cloud when: os_networking_type == "Kuryr" - name: 'List octavia versions' - uri: + ansible.builtin.uri: method: GET headers: X-Auth-Token: "{{ cloud.ansible_facts.auth_token }}" @@ -25,12 +25,12 @@ register: octavia_versions when: os_networking_type == "Kuryr" - - set_fact: + - ansible.builtin.set_fact: versions: "{{ octavia_versions.json.versions | selectattr('id', 'match', 'v2.5') | map(attribute='id') | list }}" when: os_networking_type == "Kuryr" - name: 'List tagged loadbalancers' - uri: + ansible.builtin.uri: method: GET headers: X-Auth-Token: "{{ cloud.ansible_facts.auth_token }}" @@ -44,7 +44,7 @@ # for each service present on the cluster. Let's make # sure to remove the resources generated. - name: 'Remove the cluster load balancers' - command: + ansible.builtin.command: cmd: "openstack loadbalancer delete --cascade {{ item.id }}" with_items: "{{ lbs_tagged.json.loadbalancers }}" when: @@ -53,7 +53,7 @@ - '"PENDING" not in item.provisioning_status' - name: 'List loadbalancers tagged on description' - uri: + ansible.builtin.uri: method: GET headers: X-Auth-Token: "{{ cloud.ansible_facts.auth_token }}" @@ -67,7 +67,7 @@ # for each service present on the cluster. Let's make # sure to remove the resources generated. - name: 'Remove the cluster load balancers' - command: + ansible.builtin.command: cmd: "openstack loadbalancer delete --cascade {{ item.id }}" with_items: "{{ lbs_description.json.loadbalancers }}" when: diff --git a/upi/openstack/down-network.yaml b/upi/openstack/down-network.yaml index 1ac5ad3d10..42a2e586a3 100644 --- a/upi/openstack/down-network.yaml +++ b/upi/openstack/down-network.yaml @@ -4,65 +4,65 @@ # openstackclient # openstacksdk -- import_playbook: common.yaml +- ansible.builtin.import_playbook: common.yaml - hosts: all gather_facts: no tasks: - name: 'List ports attatched to router' - command: + ansible.builtin.command: cmd: "openstack port list --device-owner=network:router_interface --tags {{ cluster_id_tag }} -f value -c id" register: router_ports - name: 'Remove the ports from router' - command: + ansible.builtin.command: cmd: "openstack router remove port {{ os_router }} {{ item.1}}" with_indexed_items: "{{ router_ports.stdout_lines }}" - name: 'List ha ports attached to router' - command: + ansible.builtin.command: cmd: "openstack port list --device-owner=network:ha_router_replicated_interface --tags {{ cluster_id_tag }} -f value -c id" register: ha_router_ports - name: 'Remove the ha ports from router' - command: + ansible.builtin.command: cmd: "openstack router remove port {{ os_router }} {{ item.1}}" with_indexed_items: "{{ ha_router_ports.stdout_lines }}" - name: 'List ports' - command: + ansible.builtin.command: cmd: "openstack port list --tags {{ cluster_id_tag }} -f value -c id" register: ports - name: 'Remove the cluster ports' - command: + ansible.builtin.command: cmd: "openstack port delete {{ ports.stdout_lines | join(' ') }}" when: ports.stdout != "" - name: 'Remove the cluster router' - os_router: + openstack.cloud.router: name: "{{ os_router }}" state: absent - name: 'List cluster networks' - command: + ansible.builtin.command: cmd: "openstack network list --tags {{ cluster_id_tag }} -f value -c ID" register: networks - name: 'Remove the cluster networks' - command: + ansible.builtin.command: cmd: "openstack network delete {{ networks.stdout_lines | join(' ') }}" when: networks.stdout != "" - name: 'List the cluster subnet pool' - command: + ansible.builtin.command: cmd: "openstack subnet pool list --name {{ subnet_pool }}" when: os_networking_type == "Kuryr" register: pods_subnet_pool - name: 'Remove the cluster subnet pool' - command: + ansible.builtin.command: cmd: "openstack subnet pool delete {{ subnet_pool }}" when: - os_networking_type == "Kuryr" diff --git a/upi/openstack/down-security-groups.yaml b/upi/openstack/down-security-groups.yaml index 9ed91dcd78..e44ba8f742 100644 --- a/upi/openstack/down-security-groups.yaml +++ b/upi/openstack/down-security-groups.yaml @@ -4,18 +4,18 @@ # openstackclient # openstacksdk -- import_playbook: common.yaml +- ansible.builtin.import_playbook: common.yaml - hosts: all gather_facts: no tasks: - name: 'List security groups' - command: + ansible.builtin.command: cmd: "openstack security group list --tags {{ cluster_id_tag }} -f value -c ID" register: security_groups - name: 'Remove the cluster security groups' - command: + ansible.builtin.command: cmd: "openstack security group delete {{ item.1 }}" with_indexed_items: "{{ security_groups.stdout_lines }}" diff --git a/upi/openstack/network.yaml b/upi/openstack/network.yaml index 1a683fe350..a543c3fb83 100644 --- a/upi/openstack/network.yaml +++ b/upi/openstack/network.yaml @@ -5,22 +5,22 @@ # openstacksdk # netaddr -- import_playbook: common.yaml +- ansible.builtin.import_playbook: common.yaml - hosts: all gather_facts: no tasks: - name: 'Create the primary cluster network' - os_network: + openstack.cloud.network: name: "{{ os_network }}" - name: 'Set tags on the primary cluster network' - command: + ansible.builtin.command: cmd: "openstack network set --tag {{ primary_cluster_network_tag }} --tag {{ cluster_id_tag }} {{ os_network }}" - name: 'Create the primary cluster subnet' - os_subnet: + openstack.cloud.subnet: name: "{{ os_subnet }}" network_name: "{{ os_network }}" cidr: "{{ os_subnet_range }}" @@ -29,21 +29,21 @@ dns_nameservers: "{{ os_external_dns }}" - name: 'Set tags on primary cluster subnet' - command: + ansible.builtin.command: cmd: "openstack subnet set --tag {{ cluster_id_tag }} {{ os_subnet }}" - name: 'Create the service network' - os_network: + openstack.cloud.network: name: "{{ os_svc_network }}" when: os_networking_type == "Kuryr" - name: 'Set the service network tag' - command: + ansible.builtin.command: cmd: "openstack network set --tag {{ cluster_id_tag }} {{ os_svc_network }}" when: os_networking_type == "Kuryr" - name: 'Computing facts for service subnet' - set_fact: + ansible.builtin.set_fact: first_ip_svc_subnet_range: "{{ svc_subnet_range | ipv4('network') }}" last_ip_svc_subnet_range: "{{ svc_subnet_range | ansible.utils.ipaddr('last_usable') |ipmath(1) }}" first_ip_os_svc_network_range: "{{ os_svc_network_range | ipv4('network') }}" @@ -52,57 +52,57 @@ when: os_networking_type == "Kuryr" - name: 'Get first part of OpenStack network' - set_fact: + ansible.builtin.set_fact: allocation_pool: "{{ allocation_pool + '--allocation-pool start={{ first_ip_os_svc_network_range | ipmath(1) }},end={{ first_ip_svc_subnet_range |ipmath(-1) }}' }}" when: - os_networking_type == "Kuryr" - first_ip_svc_subnet_range != first_ip_os_svc_network_range - name: 'Get last part of OpenStack network' - set_fact: + ansible.builtin.set_fact: allocation_pool: "{{ allocation_pool + ' --allocation-pool start={{ last_ip_svc_subnet_range | ipmath(1) }},end={{ last_ip_os_svc_network_range |ipmath(-1) }}' }}" when: - os_networking_type == "Kuryr" - last_ip_svc_subnet_range != last_ip_os_svc_network_range - name: 'Get end of allocation' - set_fact: + ansible.builtin.set_fact: gateway_ip: "{{ allocation_pool.split('=')[-1] }}" when: os_networking_type == "Kuryr" - name: 'replace last IP' - set_fact: + ansible.builtin.set_fact: allocation_pool: "{{ allocation_pool | replace(gateway_ip, gateway_ip | ipmath(-1))}}" when: os_networking_type == "Kuryr" - name: 'list service subnet' - command: + ansible.builtin.command: cmd: "openstack subnet list --name {{ os_svc_subnet }} --tag {{ cluster_id_tag }}" when: os_networking_type == "Kuryr" register: svc_subnet - name: 'Create the service subnet' - command: + ansible.builtin.command: cmd: "openstack subnet create --ip-version 4 --gateway {{ gateway_ip }} --subnet-range {{ os_svc_network_range }} {{ allocation_pool }} --no-dhcp --network {{ os_svc_network }} --tag {{ cluster_id_tag }} {{ os_svc_subnet }}" when: - os_networking_type == "Kuryr" - svc_subnet.stdout == "" - name: 'list subnet pool' - command: + ansible.builtin.command: cmd: "openstack subnet pool list --name {{ subnet_pool }} --tags {{ cluster_id_tag }}" when: os_networking_type == "Kuryr" register: pods_subnet_pool - name: 'Create pods subnet pool' - command: + ansible.builtin.command: cmd: "openstack subnet pool create --default-prefix-length {{ host_prefix }} --pool-prefix {{ cluster_network_cidrs }} --tag {{ cluster_id_tag }} {{ subnet_pool }}" when: - os_networking_type == "Kuryr" - pods_subnet_pool.stdout == "" - name: 'Create external router' - os_router: + openstack.cloud.router: name: "{{ os_router }}" network: "{{ os_external_network }}" interfaces: @@ -110,12 +110,12 @@ when: os_external_network is defined and os_external_network|length>0 - name: 'Set external router tag' - command: + ansible.builtin.command: cmd: "openstack router set --tag {{ cluster_id_tag }} {{ os_router }}" when: os_external_network is defined and os_external_network|length>0 - name: 'Create the API port' - os_port: + openstack.cloud.port: name: "{{ os_port_api }}" network: "{{ os_network }}" security_groups: @@ -125,11 +125,11 @@ ip_address: "{{ os_apiVIP }}" - name: 'Set API port tag' - command: + ansible.builtin.command: cmd: "openstack port set --tag {{ cluster_id_tag }} {{ os_port_api }}" - name: 'Create the Ingress port' - os_port: + openstack.cloud.port: name: "{{ os_port_ingress }}" network: "{{ os_network }}" security_groups: @@ -139,19 +139,19 @@ ip_address: "{{ os_ingressVIP }}" - name: 'Set the Ingress port tag' - command: + ansible.builtin.command: cmd: "openstack port set --tag {{ cluster_id_tag }} {{ os_port_ingress }}" # NOTE: openstack ansible module doesn't allow attaching Floating IPs to # ports, let's use the CLI instead - name: 'Attach the API floating IP to API port' - command: + ansible.builtin.command: cmd: "openstack floating ip set --port {{ os_port_api }} {{ os_api_fip }}" when: os_api_fip is defined and os_api_fip|length>0 # NOTE: openstack ansible module doesn't allow attaching Floating IPs to # ports, let's use the CLI instead - name: 'Attach the Ingress floating IP to Ingress port' - command: + ansible.builtin.command: cmd: "openstack floating ip set --port {{ os_port_ingress }} {{ os_ingress_fip }}" when: os_ingress_fip is defined and os_ingress_fip|length>0 diff --git a/upi/openstack/security-groups.yaml b/upi/openstack/security-groups.yaml index b57456d6a8..7357a7c38e 100644 --- a/upi/openstack/security-groups.yaml +++ b/upi/openstack/security-groups.yaml @@ -4,35 +4,35 @@ # openstackclient # openstacksdk -- import_playbook: common.yaml +- ansible.builtin.import_playbook: common.yaml - hosts: all gather_facts: no tasks: - name: 'Create the master security group' - os_security_group: + openstack.cloud.security_group: name: "{{ os_sg_master }}" - name: 'Set master security group tag' - command: + ansible.builtin.command: cmd: "openstack security group set --tag {{ cluster_id_tag }} {{ os_sg_master }} " - name: 'Create the worker security group' - os_security_group: + openstack.cloud.security_group: name: "{{ os_sg_worker }}" - name: 'Set worker security group tag' - command: + ansible.builtin.command: cmd: "openstack security group set --tag {{ cluster_id_tag }} {{ os_sg_worker }} " - name: 'Create master-sg rule "ICMP"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: icmp - name: 'Create master-sg rule "machine config server"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: tcp remote_ip_prefix: "{{ os_subnet_range }}" @@ -40,7 +40,7 @@ port_range_max: 22623 - name: 'Create master-sg rule "SSH"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: tcp remote_ip_prefix: "{{ os_subnet_range }}" @@ -48,7 +48,7 @@ port_range_max: 22 - name: 'Create master-sg rule "DNS (TCP)"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" remote_ip_prefix: "{{ os_subnet_range }}" protocol: tcp @@ -56,7 +56,7 @@ port_range_max: 53 - name: 'Create master-sg rule "DNS (UDP)"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" remote_ip_prefix: "{{ os_subnet_range }}" protocol: udp @@ -64,14 +64,14 @@ port_range_max: 53 - name: 'Create master-sg rule "OpenShift API"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: tcp port_range_min: 6443 port_range_max: 6443 - name: 'Create master-sg rule "VXLAN"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: udp remote_ip_prefix: "{{ os_subnet_range }}" @@ -79,7 +79,7 @@ port_range_max: 4789 - name: 'Create master-sg rule "Geneve"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: udp remote_ip_prefix: "{{ os_subnet_range }}" @@ -87,7 +87,7 @@ port_range_max: 6081 - name: 'Create master-sg rule "IPsec IKE"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: udp remote_ip_prefix: "{{ os_subnet_range }}" @@ -95,7 +95,7 @@ port_range_max: 500 - name: 'Create master-sg rule "IPsec NAT-T"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: udp remote_ip_prefix: "{{ os_subnet_range }}" @@ -103,7 +103,7 @@ port_range_max: 4500 - name: 'Create master-sg rule "ovndb"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: tcp remote_ip_prefix: "{{ os_subnet_range }}" @@ -111,7 +111,7 @@ port_range_max: 6642 - name: 'Create master-sg rule "master ingress internal (TCP)"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: tcp remote_ip_prefix: "{{ os_subnet_range }}" @@ -119,7 +119,7 @@ port_range_max: 9999 - name: 'Create master-sg rule "master ingress internal (UDP)"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: udp remote_ip_prefix: "{{ os_subnet_range }}" @@ -127,7 +127,7 @@ port_range_max: 9999 - name: 'Create master-sg rule "kube scheduler"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: tcp remote_ip_prefix: "{{ os_subnet_range }}" @@ -135,7 +135,7 @@ port_range_max: 10259 - name: 'Create master-sg rule "kube controller manager"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: tcp remote_ip_prefix: "{{ os_subnet_range }}" @@ -143,7 +143,7 @@ port_range_max: 10257 - name: 'Create master-sg rule "master ingress kubelet secure"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: tcp remote_ip_prefix: "{{ os_subnet_range }}" @@ -151,7 +151,7 @@ port_range_max: 10250 - name: 'Create master-sg rule "etcd"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: tcp remote_ip_prefix: "{{ os_subnet_range }}" @@ -159,7 +159,7 @@ port_range_max: 2380 - name: 'Create master-sg rule "master ingress services (TCP)"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: tcp remote_ip_prefix: "0.0.0.0/0" @@ -167,7 +167,7 @@ port_range_max: 32767 - name: 'Create master-sg rule "master ingress services (UDP)"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: udp remote_ip_prefix: "0.0.0.0/0" @@ -175,19 +175,19 @@ port_range_max: 32767 - name: 'Create master-sg rule "VRRP"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_master }}" protocol: '112' remote_ip_prefix: "{{ os_subnet_range }}" - name: 'Create worker-sg rule "ICMP"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: icmp - name: 'Create worker-sg rule "SSH"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: tcp remote_ip_prefix: "{{ os_subnet_range }}" @@ -195,21 +195,21 @@ port_range_max: 22 - name: 'Create worker-sg rule "Ingress HTTP"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: tcp port_range_min: 80 port_range_max: 80 - name: 'Create worker-sg rule "Ingress HTTPS"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: tcp port_range_min: 443 port_range_max: 443 - name: 'Create worker-sg rule "router"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: tcp remote_ip_prefix: "{{ os_subnet_range }}" @@ -217,7 +217,7 @@ port_range_max: 1936 - name: 'Create worker-sg rule "VXLAN"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: udp remote_ip_prefix: "{{ os_subnet_range }}" @@ -225,7 +225,7 @@ port_range_max: 4789 - name: 'Create worker-sg rule "Geneve"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: udp remote_ip_prefix: "{{ os_subnet_range }}" @@ -233,7 +233,7 @@ port_range_max: 6081 - name: 'Create worker-sg rule "IPsec IKE"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: udp remote_ip_prefix: "{{ os_subnet_range }}" @@ -241,7 +241,7 @@ port_range_max: 500 - name: 'Create worker-sg rule "IPsec NAT-T"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: udp remote_ip_prefix: "{{ os_subnet_range }}" @@ -249,7 +249,7 @@ port_range_max: 4500 - name: 'Create worker-sg rule "worker ingress internal (TCP)"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: tcp remote_ip_prefix: "{{ os_subnet_range }}" @@ -257,7 +257,7 @@ port_range_max: 9999 - name: 'Create worker-sg rule "worker ingress internal (UDP)"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: udp remote_ip_prefix: "{{ os_subnet_range }}" @@ -265,7 +265,7 @@ port_range_max: 9999 - name: 'Create worker-sg rule "worker ingress kubelet insecure"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: tcp remote_ip_prefix: "{{ os_subnet_range }}" @@ -273,7 +273,7 @@ port_range_max: 10250 - name: 'Create worker-sg rule "worker ingress services (TCP)"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: tcp remote_ip_prefix: "0.0.0.0/0" @@ -281,7 +281,7 @@ port_range_max: 32767 - name: 'Create worker-sg rule "worker ingress services (UDP)"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: udp remote_ip_prefix: "0.0.0.0/0" @@ -289,7 +289,7 @@ port_range_max: 32767 - name: 'Create worker-sg rule "VRRP"' - os_security_group_rule: + openstack.cloud.security_group_rule: security_group: "{{ os_sg_worker }}" protocol: '112' remote_ip_prefix: "{{ os_subnet_range }}"