openstack/openstack-ansible-os_octavia
Code Issues Proposed changes
openstack-ansible-os_octavia/tasks/octavia_security_group.yml
Jesse Pretorius 89764e4aaf Add retries to all os_* module tasks 
Given that the API response may include transient failures,
we ensure that all these tasks have retries to handle them.

Change-Id: I22846b9fed77c409c48a9d2e34e9207484c08b47
2018-08-07 13:12:47 +01:00

113 lines
4.5 KiB
YAML
Raw Blame History

---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# We set the python interpreter to the ansible runtime venv if
# the delegation is to localhost so that we get access to the
# appropriate python libraries in that venv. If the delegation
# is to another host, we assume that it is accessible by the
# system python instead.
- name: Setup the security groups
delegate_to: "{{ octavia_service_setup_host }}"
vars:
ansible_python_interpreter: >-
{{ (octavia_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
block:
- name: Create Octavia security group
os_security_group:
auth:
auth_url: "{{ keystone_service_adminurl }}"
username: "{{ octavia_service_user_name }}"
password: "{{ octavia_service_password }}"
project_name: "{{ octavia_service_project_name }}"
user_domain_name: "{{ octavia_service_user_domain_id }}"
project_domain_name: "{{ octavia_service_project_domain_id }}"
state: present
name: "{{ octavia_security_group_name }}"
description: "security group for octavia amphora"
interface: admin
verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_security_group
until: add_security_group is success
retries: 5
delay: 10
- name: Create security group rule for agent
os_security_group_rule:
auth:
auth_url: "{{ keystone_service_adminurl }}"
username: "{{ octavia_service_user_name }}"
password: "{{ octavia_service_password }}"
project_name: "{{ octavia_service_project_name }}"
user_domain_name: "{{ octavia_service_user_domain_id }}"
project_domain_name: "{{ octavia_service_project_domain_id }}"
state: present
protocol: "tcp"
port_range_min: "{{ octavia_agent_port }}"
port_range_max: "{{ octavia_agent_port }}"
remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}"
security_group: "{{ octavia_security_group_name }}"
interface: admin
verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_security_group_rule
until: add_security_group_rule is success
retries: 5
delay: 10
- name: Create security group rule for ssh
os_security_group_rule:
auth:
auth_url: "{{ keystone_service_adminurl }}"
username: "{{ octavia_service_user_name }}"
password: "{{ octavia_service_password }}"
project_name: "{{ octavia_service_project_name }}"
user_domain_name: "{{ octavia_service_user_domain_id }}"
project_domain_name: "{{ octavia_service_project_domain_id }}"
state: present
security_group: "{{ octavia_security_group_name }}"
protocol: tcp
port_range_min: 22
port_range_max: 22
remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}"
interface: admin
verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_security_group_rule
until: add_security_group_rule is success
retries: 5
delay: 10
when:
- octavia_ssh_enabled | bool
- name: Create security group rule for icmp
os_security_group_rule:
auth:
auth_url: "{{ keystone_service_adminurl }}"
username: "{{ octavia_service_user_name }}"
password: "{{ octavia_service_password }}"
project_name: "{{ octavia_service_project_name }}"
user_domain_name: "{{ octavia_service_user_domain_id }}"
project_domain_name: "{{ octavia_service_project_domain_id }}"
state: present
security_group: "{{ octavia_security_group_name }}"
protocol: icmp
remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}"
interface: admin
verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_security_group_rule
until: add_security_group_rule is success
retries: 5
delay: 10
when:
- debug | bool
View Git Blame Copy Permalink