a5da23b827
This adds nodes in a multi-node job to each other's firewalls so that they can communicate with each other without restrictions. Change-Id: Ic9eda6b951c5ecf5997fe9da3338980f2a8121b0
43 lines
1.1 KiB
YAML
43 lines
1.1 KiB
YAML
- name: Set up the host ip addresses
|
|
set_fact:
|
|
ipv4_addresses: >
|
|
{% set hosts = [] -%}
|
|
{% for host, vars in hostvars.items() -%}
|
|
{% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%}
|
|
{% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%}
|
|
{% endfor -%}
|
|
{{- hosts | sort | unique -}}
|
|
ipv6_addresses: >
|
|
{% set hosts = [] -%}
|
|
{% for host, vars in hostvars.items() -%}
|
|
{% if vars['nodepool']['public_ipv6'] -%}
|
|
{% set _ = hosts.append(vars['nodepool']['public_ipv6']) -%}
|
|
{% endif -%}
|
|
{% endfor -%}
|
|
{{- hosts | sort | unique -}}
|
|
|
|
- name: Set up ipv4 iptables rules
|
|
become: yes
|
|
iptables:
|
|
state: present
|
|
action: insert
|
|
chain: INPUT
|
|
ip_version: ipv4
|
|
source: "{{ item }}"
|
|
jump: ACCEPT
|
|
with_items: "{{ ipv4_addresses }}"
|
|
|
|
- name: Set up ipv6 iptables rules
|
|
become: yes
|
|
iptables:
|
|
state: present
|
|
action: insert
|
|
chain: INPUT
|
|
ip_version: ipv6
|
|
source: "{{ item }}"
|
|
jump: ACCEPT
|
|
with_items: "{{ ipv6_addresses }}"
|
|
when:
|
|
- ipv6_addresses is defined
|
|
- ipv6_addresses
|