Multi-node: Set up firewalls

This adds nodes in a multi-node job to each other's firewalls so that
they can communicate with each other without restrictions.

Change-Id: Ic9eda6b951c5ecf5997fe9da3338980f2a8121b0
This commit is contained in:
David Moreau-Simard 2017-09-15 22:40:32 -06:00
parent 974b5d7dac
commit a5da23b827
No known key found for this signature in database
GPG Key ID: 33A07694CBB71ECC
3 changed files with 48 additions and 0 deletions

View File

@ -12,3 +12,7 @@
- name: Set up multi-node hosts file
include_role:
name: multi-node-hosts-file
- name: Set up multi-node firewall
include_role:
name: multi-node-firewall

View File

@ -0,0 +1,2 @@
Configures the inventory private and public addresses in a multi-node job in
iptables in order to allow traffic to and from each node without restrictions.

View File

@ -0,0 +1,42 @@
- name: Set up the host ip addresses
set_fact:
ipv4_addresses: >
{% set hosts = [] -%}
{% for host, vars in hostvars.items() -%}
{% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%}
{% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%}
{% endfor -%}
{{- hosts | sort | unique -}}
ipv6_addresses: >
{% set hosts = [] -%}
{% for host, vars in hostvars.items() -%}
{% if vars['nodepool']['public_ipv6'] -%}
{% set _ = hosts.append(vars['nodepool']['public_ipv6']) -%}
{% endif -%}
{% endfor -%}
{{- hosts | sort | unique -}}
- name: Set up ipv4 iptables rules
become: yes
iptables:
state: present
action: insert
chain: INPUT
ip_version: ipv4
source: "{{ item }}"
jump: ACCEPT
with_items: "{{ ipv4_addresses }}"
- name: Set up ipv6 iptables rules
become: yes
iptables:
state: present
action: insert
chain: INPUT
ip_version: ipv6
source: "{{ item }}"
jump: ACCEPT
with_items: "{{ ipv6_addresses }}"
when:
- ipv6_addresses is defined
- ipv6_addresses