Set up network for in-cluster deployment stage

author Pawel Wieczorek <p.wieczorek2@samsung.com>

Fri, 30 Apr 2021 05:43:07 +0000 (07:43 +0200)

committer Pawel Wieczorek <p.wieczorek2@samsung.com>

Fri, 30 Apr 2021 12:12:51 +0000 (14:12 +0200)
author Pawel Wieczorek <p.wieczorek2@samsung.com>
Fri, 30 Apr 2021 05:43:07 +0000 (07:43 +0200)
committer Pawel Wieczorek <p.wieczorek2@samsung.com>
Fri, 30 Apr 2021 12:12:51 +0000 (14:12 +0200)
diff --git a/deployment/noheat/cluster-rke/ansible/create.yml b/deployment/noheat/cluster-rke/ansible/create.yml

new file mode 100644 (file)

index 0000000..fa24fb1
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/create.yml
@@ -0,0 +1,17 @@
+---
+- name: Set up bastion node for ONAP Docker registry
+  hosts: "control0"
+  become: yes
+  roles:
+    - role: create_bastion
+      destination: "{{ nexus }}"
+- name: Add bastion information to the cluster nodes
+  hosts: all
+  become: yes
+  tasks:
+    - name: Add cluster hostnames to /etc/hosts file
+      lineinfile:
+        path: /etc/hosts
+        line: "{{ hostvars['control0']['ansible_default_ipv4']['address'] }} {{ item }}"
+      loop:
+        - "nexus3.onap.org"
diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml

new file mode 120000 (symlink)

index 0000000..d8e74e2
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml
@@ -0,0 +1 @@
+all.yml.sm-onap
+\ No newline at end of file
diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap

new file mode 100644 (file)

index 0000000..2810d2d
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap
@@ -0,0 +1,4 @@
+---
+nexus:
+  address: 199.204.45.137
+  port: 10001
diff --git a/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml

new file mode 100644 (file)

index 0000000..8189968
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml
@@ -0,0 +1,35 @@
+- name: Add cluster hostnames to /etc/hosts file
+  lineinfile:
+    path: /etc/hosts
+    line: "{{ ansible_default_ipv4.address + ' ' + ansible_hostname }}"
+
+- name: Enable IP forwarding
+  ansible.posix.sysctl:
+    name: net.ipv4.ip_forward
+    value: '1'
+    sysctl_set: yes
+
+- name: Create PREROUTING rule
+  ansible.builtin.iptables:
+    table: nat
+    chain: PREROUTING
+    protocol: tcp
+    destination_port: "{{ destination.port }}"
+    jump: DNAT
+    to_destination: "{{ destination.address }}:{{ destination.port }}"
+
+- name: Create OUTPUT rule
+  ansible.builtin.iptables:
+    table: nat
+    chain: OUTPUT
+    protocol: tcp
+    destination: "{{ ansible_default_ipv4.address }}"
+    destination_port: "{{ destination.port }}"
+    jump: DNAT
+    to_destination: "{{ destination.address }}"
+
+- name: Enable masquerading
+  ansible.builtin.iptables:
+    table: nat
+    chain: POSTROUTING
+    jump: MASQUERADE
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample

index 470c2b1..f0e1b00 100644 (file)
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
@@ -11,6 +11,8 @@ securitygroup:
    remote_ip_prefix:
      - "172.24.4.0/24"
      - "192.168.1.0/24"
+  local_ip_prefix:
+    - "192.168.1.0/24"
  
  image:
    name: &image_name "Ubuntu_18.04"
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap

index fb4f208..fbfe432 100644 (file)
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
@@ -10,6 +10,8 @@ securitygroup:
    name: &securitygroup_name "onap_ci_lab"
    remote_ip_prefix:
      - "0.0.0.0/0"
+  local_ip_prefix:
+    - "192.168.1.0/24"
  
  image:
    name: &image_name "Ubuntu_18.04"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml

index bd8abf5..f389559 100644 (file)
--- a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
@@ -19,3 +19,12 @@
      port_range_max: 22
      remote_ip_prefix: "{{ item }}"
    loop: "{{ secgrp.remote_ip_prefix }}"
+
+- name: "Create {{ secgrp.name }} security group rule for ONAP Docker registry"
+  os_security_group_rule:
+    security_group: "{{ secgrp.name }}"
+    protocol: tcp
+    port_range_min: 10001
+    port_range_max: 10001
+    remote_ip_prefix: "{{ item }}"
+  loop: "{{ secgrp.local_ip_prefix }}"
author	Pawel Wieczorek <p.wieczorek2@samsung.com>
	Fri, 30 Apr 2021 05:43:07 +0000 (07:43 +0200)
committer	Pawel Wieczorek <p.wieczorek2@samsung.com>
	Fri, 30 Apr 2021 12:12:51 +0000 (14:12 +0200)
deployment/noheat/cluster-rke/ansible/create.yml	[new file with mode: 0644]	patch \| blob
deployment/noheat/cluster-rke/ansible/group_vars/all.yml	[new symlink]	patch \| blob
deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap	[new file with mode: 0644]	patch \| blob
deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml	[new file with mode: 0644]	patch \| blob
deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample		patch \| blob \| history
deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap		patch \| blob \| history
deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml		patch \| blob \| history