404d4d0a50
Till now we've been flusing iptables in the gates to allow cross node communication in the multi node ceph jobs. This raised security concerns, in particular it exposed memcached to the external net. This patch uses the infra provided role 'multi-node-firewall' in order to correctly configure iptables. Thanks to Jeremy Stanley and Jeffrey for help with this. Closes-Bug: #1749326 Change-Id: Iafaf1cf1d9b0227b0f869969d0bd52fbde3791a0
34 lines
736 B
YAML
34 lines
736 B
YAML
- hosts: all
|
|
vars:
|
|
logs_dir: "/tmp/logs"
|
|
tasks:
|
|
- name: Install dbus for debian system
|
|
apt: name=dbus
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
become: true
|
|
|
|
- name: Ensure /tmp/logs/ dir
|
|
file:
|
|
path: "{{ logs_dir }}"
|
|
state: "directory"
|
|
|
|
- name: Ensure node directories
|
|
file:
|
|
path: "{{ logs_dir }}/{{ item }}"
|
|
state: "directory"
|
|
mode: 0777
|
|
with_items:
|
|
- "docker_logs"
|
|
- "kolla_configs"
|
|
- "system_logs"
|
|
- "kolla"
|
|
- "ansible"
|
|
|
|
- name: set new hostname based on ansible inventory file
|
|
hostname:
|
|
name: "{{ inventory_hostname }}"
|
|
become: true
|
|
roles:
|
|
- multi-node-firewall
|