Merge "Create role and playbook to set default secgroup in infracloud"

2016-02-25 19:22:29 +00:00 · 2016-02-25 19:22:29 +00:00 · c070992791
parent a3620649c2 7e1baa120e
commit c070992791
2 changed files with 35 additions and 0 deletions
--- a/playbooks/allow_all_traffic_default_secgroup.yml
+++ b/playbooks/allow_all_traffic_default_secgroup.yml
@ -0,0 +1,14 @@
+---
+- hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  roles:
+    - { role: allow_all_traffic_default_secgroup, os_client_config_cloud: 'openstackci-infracloud-west' }
+
+- hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  roles:
+    - { role: allow_all_traffic_default_secgroup, os_client_config_cloud: 'openstackjenkins-infracloud-west' }
--- a/playbooks/roles/allow_all_traffic_default_secgroup/tasks/main.yml
+++ b/playbooks/roles/allow_all_traffic_default_secgroup/tasks/main.yml
@ -0,0 +1,21 @@
+- name: Delete any previously default security group rules
+  shell: /usr/local/bin/openstack security group rule delete "{{ item }}"
+  environment:
+    OS_CLOUD: "{{ os_client_config_cloud }}"
+  with_lines: OS_CLOUD="{{ os_client_config_cloud }}" /usr/local/bin/openstack security group rule list -f value -c ID default
+
+- name: Allow all IPv4 traffic on default security group
+  os_security_group_rule:
+    cloud: "{{ os_client_config_cloud }}"
+    security_group: default
+    direction: ingress
+    ethertype: IPv4
+    remote_ip_prefix: 0.0.0.0/0
+
+- name: Allow all IPv6 traffic on default security group
+  os_security_group_rule:
+    cloud: "{{ os_client_config_cloud }}"
+    security_group: default
+    direction: ingress
+    ethertype: IPv6
+    remote_ip_prefix: ::0/0