diff options
author | carey.xu <carey.xuhan@huawei.com> | 2015-10-30 10:33:51 +0800 |
---|---|---|
committer | carey.xu <carey.xuhan@huawei.com> | 2015-11-08 12:29:42 +0800 |
commit | 2709a9bee6a562cc6acef75b394d7c4e9a3b3f3f (patch) | |
tree | 2e86fbbfe3779459a2fff18c45dbad43d7cfddd5 /deploy/adapters | |
parent | fc218067fdea16f45b8b9d01201a8c8b25ca9eb0 (diff) |
add option to disable security group
JIRA: COMPASS-126
Change-Id: Ie9417be0e78690b5580d460b9c61f77ccc1d91c6
Signed-off-by: carey.xu <carey.xuhan@huawei.com>
Diffstat (limited to 'deploy/adapters')
9 files changed, 117 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml index ac2f2a8d..d3cec000 100644 --- a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml +++ b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml @@ -67,3 +67,9 @@ sudo: True roles: - monitor + +- hosts: all + remote_user: root + sudo: True + roles: + - secgroup diff --git a/deploy/adapters/ansible/roles/secgroup/handlers/main.yml b/deploy/adapters/ansible/roles/secgroup/handlers/main.yml new file mode 100644 index 00000000..551258d2 --- /dev/null +++ b/deploy/adapters/ansible/roles/secgroup/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: restart controller relation service + service: name={{ item }} state=restarted enabled=yes + ignore_errors: True + with_items: controller_services + +- name: restart compute relation service + service: name={{ item }} state=restarted enabled=yes + ignore_errors: True + with_items: compute_services diff --git a/deploy/adapters/ansible/roles/secgroup/tasks/main.yml b/deploy/adapters/ansible/roles/secgroup/tasks/main.yml new file mode 100644 index 00000000..c26af4b0 --- /dev/null +++ b/deploy/adapters/ansible/roles/secgroup/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- include_vars: "{{ ansible_os_family }}.yml" + tags: secgroup + +- debug: msg={{ enable_secgroup }} + tags: secgroup + +- include: secgroup.yml + when: '{{ enable_secgroup }} == False' + tags: secgroup diff --git a/deploy/adapters/ansible/roles/secgroup/tasks/secgroup.yml b/deploy/adapters/ansible/roles/secgroup/tasks/secgroup.yml new file mode 100644 index 00000000..f2a6c0ab --- /dev/null +++ b/deploy/adapters/ansible/roles/secgroup/tasks/secgroup.yml @@ -0,0 +1,27 @@ +--- +- name: make sure template dir exits + file: path=/opt/os_templates state=directory mode=0755 + tags: secgroup + +- name: copy configs + template: src={{ item.src}} dest=/opt/os_templates + with_items: "{{ configs_templates }}" + tags: secgroup + +- name: update controller configs + shell: '[ -f {{ item.1 }} ] && crudini --merge {{ item.1 }} < /opt/os_templates/{{ item.0.src }} || /bin/true' + tags: secgroup + with_subelements: + - configs_templates + - dest + notify: restart controller relation service + when: inventory_hostname in "{{ groups['controller'] }}" + +- name: update compute configs + shell: '[ -f {{ item.1 }} ] && crudini --merge {{ item.1 }} < /opt/os_templates/{{ item.0.src }} || /bin/true' + tags: secgroup + with_subelements: + - configs_templates + - dest + notify: restart compute relation service + when: inventory_hostname in "{{ groups['compute'] }}" diff --git a/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2 b/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2 new file mode 100644 index 00000000..7b39e18c --- /dev/null +++ b/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2 @@ -0,0 +1,4 @@ +[securitygroup] +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +enable_security_group = False + diff --git a/deploy/adapters/ansible/roles/secgroup/templates/nova.j2 b/deploy/adapters/ansible/roles/secgroup/templates/nova.j2 new file mode 100644 index 00000000..91fa6cd2 --- /dev/null +++ b/deploy/adapters/ansible/roles/secgroup/templates/nova.j2 @@ -0,0 +1,3 @@ +[DEFAULT] +firewall_driver = nova.virt.firewall.NoopFirewallDriver +security_group_api = nova diff --git a/deploy/adapters/ansible/roles/secgroup/vars/Debian.yml b/deploy/adapters/ansible/roles/secgroup/vars/Debian.yml new file mode 100644 index 00000000..85025bf5 --- /dev/null +++ b/deploy/adapters/ansible/roles/secgroup/vars/Debian.yml @@ -0,0 +1,27 @@ +--- +configs_templates: + - src: nova.j2 + dest: + - /etc/nova/nova.conf + - src: neutron.j2 + dest: + - /etc/neutron/plugins/ml2/ml2_conf.ini + - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini + - /etc/neutron/plugins/ml2/restproxy.ini + +controller_services: + - nova-api + - nova-cert + - nova-conductor + - nova-consoleauth + - nova-novncproxy + - nova-scheduler + - neutron-server + - neutron-plugin-openvswitch-agent + - neutron-l3-agent + - neutron-dhcp-agent + - neutron-metadata-agent + +compute_services: + - nova-compute + - neutron-plugin-openvswitch-agent diff --git a/deploy/adapters/ansible/roles/secgroup/vars/RedHat.yml b/deploy/adapters/ansible/roles/secgroup/vars/RedHat.yml new file mode 100644 index 00000000..533bbe9d --- /dev/null +++ b/deploy/adapters/ansible/roles/secgroup/vars/RedHat.yml @@ -0,0 +1,27 @@ +--- +configs_templates: + - src: nova.j2 + dest: + - /etc/nova/nova.conf + - src: neutron.j2 + dest: + - /etc/neutron/plugins/ml2/ml2_conf.ini + - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini + - /etc/neutron/plugins/ml2/restproxy.ini + +controller_services: + - openstack-nova-api + - openstack-nova-cert + - openstack-nova-conductor + - openstack-nova-consoleauth + - openstack-nova-novncproxy + - openstack-nova-scheduler + - neutron-openvswitch-agent + - neutron-l3-agent + - neutron-dhcp-agent + - neutron-metadata-agent + - neutron-server + +compute_services: + - openstack-nova-compute + - neutron-openvswitch-agent diff --git a/deploy/adapters/ansible/roles/secgroup/vars/main.yml b/deploy/adapters/ansible/roles/secgroup/vars/main.yml new file mode 100644 index 00000000..bb87da65 --- /dev/null +++ b/deploy/adapters/ansible/roles/secgroup/vars/main.yml @@ -0,0 +1,3 @@ +--- +packages_noarch: [] +metering_secret: 1c5df72079b31fb47747 |