noheat deployment: loosen security groups constraints

Current rules may cause kubernetes services to be blocked. This may lead
to a lot of time wasted on debuging issues that aren't to any of
deployed components. After all patches are in place and working we might
try to come up with restricting Security Groups.

Issue-ID: INT-1601
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Change-Id: I2f36afefb72df1c4082bc9dda036713f4625ab46

diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
index f389559..b9a3e29 100644 (file)
--- a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml
@@ -11,20 +11,13 @@
     remote_ip_prefix: "{{ item }}"
   loop: "{{ secgrp.remote_ip_prefix }}"
 
-- name: "Create {{ secgrp.name }} security group rule for SSH"
+- name: "Create {{ secgrp.name }} security group rule for all TCP"
   os_security_group_rule:
     security_group: "{{ secgrp.name }}"
     protocol: tcp
-    port_range_min: 22
-    port_range_max: 22
-    remote_ip_prefix: "{{ item }}"
-  loop: "{{ secgrp.remote_ip_prefix }}"
+    remote_ip_prefix: "0.0.0.0/0"
 
-- name: "Create {{ secgrp.name }} security group rule for ONAP Docker registry"
+- name: "Create {{ secgrp.name }} security group rule for all UDP"
   os_security_group_rule:
     security_group: "{{ secgrp.name }}"
-    protocol: tcp
-    port_range_min: 10001
-    port_range_max: 10001
-    remote_ip_prefix: "{{ item }}"
-  loop: "{{ secgrp.local_ip_prefix }}"
+    protocol: udp