define sec-group for keygen

2015-05-19 16:15:22 +02:00 · 2015-05-19 16:15:22 +02:00 · 4b4a3fd570
commit 4b4a3fd570
parent 4e370e58a7
2 changed files with 27 additions and 1 deletions
--- a/inventory/host_vars/copr-keygen.cloud.fedoraproject.org
+++ b/inventory/host_vars/copr-keygen.cloud.fedoraproject.org
@ -11,7 +11,7 @@ description: copr key gen instance
 # volumes: ['-d /dev/vdc vol-0000002e']
 volumes: []
 # security_group: default
-security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent
+security_group: web-80-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent,keygen-persistent

 inventory_tenant: persistent
 # name of machine in OpenStack
--- a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
@ -1005,6 +1005,32 @@
          remote_ip_prefix: "0.0.0.0/0"
    with_items: all_tenants

+  - name: "Create 'keygen-persistent' security group"
+    neutron_sec_group:
+      login_username: "admin"
+      login_password: "{{ ADMIN_PASS }}"
+      login_tenant_name: "admin"
+      auth_url: "https://{{controller_hostname}}:35357/v2.0"
+      state: "present"
+      name: 'keygen-persistent'
+      description: "rules for copr-keygen"
+      tenant_name: "{{item}}"
+      rules:
+        - direction: "ingress"
+          port_range_min: "5167"
+          port_range_max: "5167"
+          ethertype: "IPv4"
+          protocol: "tcp"
+          remote_ip_prefix: "172.25.32.1/20"
+        - direction: "ingress"
+          port_range_min: "80"
+          port_range_max: "80"
+          ethertype: "IPv4"
+          protocol: "tcp"
+          remote_ip_prefix: "172.25.32.1/20"
+    with_items: all_tenants
+
+
  # Update quota for Copr
  #   SEE:
  #   nova quota-defaults