summaryrefslogtreecommitdiffstats
path: root/playbooks
diff options
context:
space:
mode:
authorJason DeTiberus <detiber@gmail.com>2016-08-19 14:07:01 -0400
committerGitHub <noreply@github.com>2016-08-19 14:07:01 -0400
commit4a48123bf6889279cbbd6f6aeb8317fd0cf1b827 (patch)
treea1ebfdc563abd4142544e88a5577a47e5963cee9 /playbooks
parent48e187e22207e395f742eee541f47f5a0153a25b (diff)
parent9ad145998702ecb8651df73d06dc99bdd2343b57 (diff)
downloadopenshift-4a48123bf6889279cbbd6f6aeb8317fd0cf1b827.tar.gz
openshift-4a48123bf6889279cbbd6f6aeb8317fd0cf1b827.tar.bz2
openshift-4a48123bf6889279cbbd6f6aeb8317fd0cf1b827.tar.xz
openshift-4a48123bf6889279cbbd6f6aeb8317fd0cf1b827.zip
Merge pull request #2330 from lhuard1A/open_node_ports
Open OpenStack security group for the service node port range
Diffstat (limited to 'playbooks')
-rw-r--r--playbooks/openstack/openshift-cluster/files/heat_stack.yaml11
-rw-r--r--playbooks/openstack/openshift-cluster/launch.yml1
-rw-r--r--playbooks/openstack/openshift-cluster/vars.yml2
3 files changed, 14 insertions, 0 deletions
diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
index 2d0098784..458cf5ac7 100644
--- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
@@ -42,6 +42,12 @@ parameters:
description: Source of legitimate ssh connections
default: 0.0.0.0/0
+ node_port_incoming:
+ type: string
+ label: Source of node port connections
+ description: Authorized sources targetting node ports
+ default: 0.0.0.0/0
+
num_etcd:
type: number
label: Number of etcd nodes
@@ -393,6 +399,11 @@ resources:
port_range_min: 4789
port_range_max: 4789
remote_mode: remote_group_id
+ - direction: ingress
+ protocol: tcp
+ port_range_min: 30000
+ port_range_max: 32767
+ remote_ip_prefix: { get_param: node_port_incoming }
infra-secgrp:
type: OS::Neutron::SecurityGroup
diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml
index 36ac7513d..5cf543204 100644
--- a/playbooks/openstack/openshift-cluster/launch.yml
+++ b/playbooks/openstack/openshift-cluster/launch.yml
@@ -33,6 +33,7 @@
-P external_net={{ openstack_network_external_net }}
-P ssh_public_key="{{ openstack_ssh_public_key }}"
-P ssh_incoming={{ openstack_ssh_access_from }}
+ -P node_port_incoming={{ openstack_node_port_access_from }}
-P num_etcd={{ num_etcd }}
-P num_masters={{ num_masters }}
-P num_nodes={{ num_nodes }}
diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml
index bc53a51b0..17063ef34 100644
--- a/playbooks/openstack/openshift-cluster/vars.yml
+++ b/playbooks/openstack/openshift-cluster/vars.yml
@@ -12,6 +12,8 @@ openstack_ssh_public_key: "{{ lookup('file', lookup('oo_option', 'public_k
default('~/.ssh/id_rsa.pub', True)) }}"
openstack_ssh_access_from: "{{ lookup('oo_option', 'ssh_from') |
default('0.0.0.0/0', True) }}"
+openstack_node_port_access_from: "{{ lookup('oo_option', 'node_port_from') |
+ default('0.0.0.0/0', True) }}"
openstack_flavor:
dns: "{{ lookup('oo_option', 'dns_flavor' ) | default('m1.small', True) }}"
etcd: "{{ lookup('oo_option', 'etcd_flavor' ) | default('m1.small', True) }}"