cluster sg

40f39b0f · matt01671 · f66639fc · 40f39b0f · 40f39b0f · 40f39b0f
Commit 40f39b0f authored Apr 29, 2020 by matt01671
--- a/ansible/all-in-one.yaml
+++ b/ansible/all-in-one.yaml
@@ -7,6 +7,7 @@
    - role: openstack-common
    - role: openstack-volume
    - role: openstack-security-group
+    - role: cluster-security-group
    - role: openstack-instance

 - hosts: instances
@@ -27,3 +28,6 @@

  roles:
    - role: react-build
+
+- hosts: dbs
+  
\ No newline at end of file
--- a/ansible/host_vars/nectar.yaml
+++ b/ansible/host_vars/nectar.yaml
@@ -25,6 +25,13 @@ security_groups:
    port_range_max: 80
    remote_ip_prefix: 0.0.0.0/0

+cluster_security_group:
+  - name: couchDB-cluster
+    description: "Security group for CouchDB cluster"
+    protocol: tcp
+    port_name_mix: 3306
+    port_name_max: 3306
+
 # Instance
 instances:
  # - name: harvester

--- a/ansible/roles/cluster-security-group/tasks/main.yaml
+++ b/ansible/roles/cluster-security-group/tasks/main.yaml
+---
+  # Create a security group
+  - name: Create a security group
+    os_security_group:
+      name: '{{ item.name }}'
+      description: '{{ item.description }}'
+      state: present
+    loop: '{{ cluster_security_group }}'
+  
+  - name: Create a list of security group names
+    set_fact:
+      sg_names: '{{ sg_names|default([]) + [ item.name ] }}'
+    loop: '{{ cluster_security_group }}'
+  
+  - debug:
+      msg: "Security group(s) {{ sg_names }} have been created."
+  
+  # Create security group rules
+  - name: Create security group rules
+    os_security_group_rule:
+      security_group: '{{ item.name }}'
+      protocol: '{{ item.protocol }}'
+      port_range_min: '{{ item.port_range_min }}'
+      port_range_max: '{{ item.port_range_max }}'
+      remote_group: '{{ sg_names }}'
+      state: present
+    loop: '{{ cluster_security_group }}'