404d4d0a50
Till now we've been flusing iptables in the gates to allow cross node communication in the multi node ceph jobs. This raised security concerns, in particular it exposed memcached to the external net. This patch uses the infra provided role 'multi-node-firewall' in order to correctly configure iptables. Thanks to Jeremy Stanley and Jeffrey for help with this. Closes-Bug: #1749326 Change-Id: Iafaf1cf1d9b0227b0f869969d0bd52fbde3791a0
160 lines
3.4 KiB
YAML
160 lines
3.4 KiB
YAML
- project:
|
|
check:
|
|
jobs:
|
|
- kolla-ansible-centos-source
|
|
- kolla-ansible-ubuntu-source
|
|
- kolla-ansible-oraclelinux-source
|
|
- kolla-ansible-ubuntu-source-ceph
|
|
- kolla-ansible-centos-source-ceph
|
|
- kolla-ansible-oraclelinux-source-ceph
|
|
|
|
- nodeset:
|
|
name: kolla-ansible-centos
|
|
nodes:
|
|
- name: primary
|
|
label: centos-7
|
|
|
|
- nodeset:
|
|
name: kolla-ansible-xenial
|
|
nodes:
|
|
- name: primary
|
|
label: ubuntu-xenial
|
|
|
|
- nodeset:
|
|
name: kolla-ansible-xenial-multi
|
|
nodes:
|
|
- name: primary
|
|
label: ubuntu-xenial
|
|
- name: secondary1
|
|
label: ubuntu-xenial
|
|
- name: secondary2
|
|
label: ubuntu-xenial
|
|
groups:
|
|
- name: switch
|
|
nodes:
|
|
- primary
|
|
- name: peers
|
|
nodes:
|
|
- secondary1
|
|
- secondary2
|
|
|
|
- nodeset:
|
|
name: kolla-ansible-centos-multi
|
|
nodes:
|
|
- name: primary
|
|
label: centos-7
|
|
- name: secondary1
|
|
label: centos-7
|
|
- name: secondary2
|
|
label: centos-7
|
|
groups:
|
|
- name: switch
|
|
nodes:
|
|
- primary
|
|
- name: peers
|
|
nodes:
|
|
- secondary1
|
|
- secondary2
|
|
|
|
- job:
|
|
name: kolla-ansible-base
|
|
pre-run: tests/pre.yml
|
|
run: tests/run.yml
|
|
post-run: tests/post.yml
|
|
attempts: 1
|
|
timeout: 5400
|
|
required-projects:
|
|
- openstack/kolla
|
|
- openstack/requirements
|
|
irrelevant-files:
|
|
- ^.*\.rst$
|
|
- ^doc/.*
|
|
vars:
|
|
scenario: aio
|
|
roles:
|
|
- zuul: openstack-infra/zuul-jobs
|
|
|
|
- job:
|
|
name: kolla-ansible-centos-source
|
|
parent: kolla-ansible-base
|
|
nodeset: kolla-ansible-centos
|
|
voting: false
|
|
vars:
|
|
base_distro: centos
|
|
install_type: source
|
|
|
|
- job:
|
|
name: kolla-ansible-ubuntu-source
|
|
parent: kolla-ansible-base
|
|
nodeset: kolla-ansible-xenial
|
|
voting: false
|
|
vars:
|
|
base_distro: ubuntu
|
|
install_type: source
|
|
|
|
- job:
|
|
name: kolla-ansible-oraclelinux-source
|
|
parent: kolla-ansible-base
|
|
nodeset: kolla-ansible-centos
|
|
voting: false
|
|
vars:
|
|
base_distro: oraclelinux
|
|
install_type: source
|
|
|
|
- job:
|
|
name: kolla-ansible-centos-binary
|
|
parent: kolla-ansible-base
|
|
nodeset: kolla-ansible-centos
|
|
voting: false
|
|
vars:
|
|
base_distro: centos
|
|
install_type: binary
|
|
|
|
- job:
|
|
name: kolla-ansible-ubuntu-binary
|
|
parent: kolla-ansible-base
|
|
nodeset: kolla-ansible-xenial
|
|
voting: false
|
|
vars:
|
|
base_distro: ubuntu
|
|
install_type: binary
|
|
|
|
- job:
|
|
name: kolla-ansible-oraclelinux-binary
|
|
parent: kolla-ansible-base
|
|
nodeset: kolla-ansible-centos
|
|
voting: false
|
|
vars:
|
|
base_distro: oraclelinux
|
|
install_type: binary
|
|
|
|
- job:
|
|
name: kolla-ansible-ubuntu-source-ceph
|
|
parent: kolla-ansible-base
|
|
nodeset: kolla-ansible-xenial-multi
|
|
voting: false
|
|
vars:
|
|
base_distro: ubuntu
|
|
install_type: source
|
|
scenario: ceph
|
|
|
|
- job:
|
|
name: kolla-ansible-centos-source-ceph
|
|
parent: kolla-ansible-base
|
|
nodeset: kolla-ansible-centos-multi
|
|
voting: false
|
|
vars:
|
|
base_distro: centos
|
|
install_type: source
|
|
scenario: ceph
|
|
|
|
- job:
|
|
name: kolla-ansible-oraclelinux-source-ceph
|
|
parent: kolla-ansible-base
|
|
nodeset: kolla-ansible-centos-multi
|
|
voting: false
|
|
vars:
|
|
base_distro: oraclelinux
|
|
install_type: source
|
|
scenario: ceph
|