dbb56dda99
Previously we had opened port 5000 for the buildset registry. But we also run a buildset registry proxy on port 5001. Because docker manages the ipv4 firewall rules itself it was opening ipv4 5001 but ignoring ipv6 5001. This meant that jobs that use ipv6 addrs as primary addrs were failing to talk ot the registry proxy. Fix this by opening the range 5000:5001. Change-Id: I88abcd7fd99fb7dcc7726ef9a52f9b022729f9d5
39 lines
999 B
YAML
39 lines
999 B
YAML
- hosts: all
|
|
tasks:
|
|
- name: Install docker
|
|
include_role:
|
|
name: install-docker
|
|
- name: Open the IPv4 port for the buildset registry
|
|
become: true
|
|
iptables:
|
|
action: insert
|
|
chain: openstack-INPUT
|
|
destination_port: '5000:5001'
|
|
jump: ACCEPT
|
|
match: tcp
|
|
ctstate: NEW
|
|
protocol: tcp
|
|
ip_version: ipv4
|
|
- name: Open the IPv6 port for the buildset registry
|
|
become: true
|
|
iptables:
|
|
action: insert
|
|
chain: openstack-INPUT
|
|
destination_port: '5000:5001'
|
|
jump: ACCEPT
|
|
match: tcp
|
|
ctstate: NEW
|
|
protocol: tcp
|
|
ip_version: ipv6
|
|
- name: Run buildset registry (if not already running)
|
|
when: buildset_registry is not defined
|
|
include_role:
|
|
name: run-buildset-registry
|
|
- name: Use buildset registry
|
|
include_role:
|
|
name: use-buildset-registry
|
|
|
|
- hosts: localhost
|
|
roles:
|
|
- pull-from-intermediate-registry
|