From 7e1baa120e49c02999c724a0d5541424cc044830 Mon Sep 17 00:00:00 2001
From: Ricardo Carrillo Cruz <ricardo.carrillo.cruz@gmail.com>
Date: Wed, 24 Feb 2016 17:44:42 +0100
Subject: [PATCH] Create role and playbook to set default secgroup in
 infracloud

We'll add another task on the play to run on east when it's in prod,
doing west now.

Change-Id: I1bddb8f3e6a577487fbee5c4b5344047b0619d94
---
 .../allow_all_traffic_default_secgroup.yml    | 14 +++++++++++++
 .../tasks/main.yml                            | 21 +++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 playbooks/allow_all_traffic_default_secgroup.yml
 create mode 100644 playbooks/roles/allow_all_traffic_default_secgroup/tasks/main.yml

diff --git a/playbooks/allow_all_traffic_default_secgroup.yml b/playbooks/allow_all_traffic_default_secgroup.yml
new file mode 100644
index 0000000000..662b66aac6
--- /dev/null
+++ b/playbooks/allow_all_traffic_default_secgroup.yml
@@ -0,0 +1,14 @@
+---
+- hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  roles:
+    - { role: allow_all_traffic_default_secgroup, os_client_config_cloud: 'openstackci-infracloud-west' }
+
+- hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  roles:
+    - { role: allow_all_traffic_default_secgroup, os_client_config_cloud: 'openstackjenkins-infracloud-west' }
diff --git a/playbooks/roles/allow_all_traffic_default_secgroup/tasks/main.yml b/playbooks/roles/allow_all_traffic_default_secgroup/tasks/main.yml
new file mode 100644
index 0000000000..c5a0247aab
--- /dev/null
+++ b/playbooks/roles/allow_all_traffic_default_secgroup/tasks/main.yml
@@ -0,0 +1,21 @@
+- name: Delete any previously default security group rules
+  shell: /usr/local/bin/openstack security group rule delete "{{ item }}"
+  environment:
+    OS_CLOUD: "{{ os_client_config_cloud }}"
+  with_lines: OS_CLOUD="{{ os_client_config_cloud }}" /usr/local/bin/openstack security group rule list -f value -c ID default
+
+- name: Allow all IPv4 traffic on default security group
+  os_security_group_rule:
+    cloud: "{{ os_client_config_cloud }}"
+    security_group: default
+    direction: ingress
+    ethertype: IPv4
+    remote_ip_prefix: 0.0.0.0/0
+
+- name: Allow all IPv6 traffic on default security group
+  os_security_group_rule:
+    cloud: "{{ os_client_config_cloud }}"
+    security_group: default
+    direction: ingress
+    ethertype: IPv6
+    remote_ip_prefix: ::0/0