From: Maciej Wereski Date: Tue, 27 Jul 2021 12:50:25 +0000 (+0000) Subject: noheat deployment: loosen security groups constraints X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=a2e6b6e74d7e2503fe58b27336b82df0144a5e9b;p=integration.git noheat deployment: loosen security groups constraints Current rules may cause kubernetes services to be blocked. This may lead to a lot of time wasted on debuging issues that aren't to any of deployed components. After all patches are in place and working we might try to come up with restricting Security Groups. Issue-ID: INT-1601 Signed-off-by: Maciej Wereski Change-Id: I2f36afefb72df1c4082bc9dda036713f4625ab46 --- diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml index f389559ec..b9a3e2973 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/create_securitygroup.yml @@ -11,20 +11,13 @@ remote_ip_prefix: "{{ item }}" loop: "{{ secgrp.remote_ip_prefix }}" -- name: "Create {{ secgrp.name }} security group rule for SSH" +- name: "Create {{ secgrp.name }} security group rule for all TCP" os_security_group_rule: security_group: "{{ secgrp.name }}" protocol: tcp - port_range_min: 22 - port_range_max: 22 - remote_ip_prefix: "{{ item }}" - loop: "{{ secgrp.remote_ip_prefix }}" + remote_ip_prefix: "0.0.0.0/0" -- name: "Create {{ secgrp.name }} security group rule for ONAP Docker registry" +- name: "Create {{ secgrp.name }} security group rule for all UDP" os_security_group_rule: security_group: "{{ secgrp.name }}" - protocol: tcp - port_range_min: 10001 - port_range_max: 10001 - remote_ip_prefix: "{{ item }}" - loop: "{{ secgrp.local_ip_prefix }}" + protocol: udp