From ce5c701ab4ad5553955b377943d71ed95b27c3de Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 4 Oct 2023 12:56:41 +0200 Subject: [PATCH] Add security rule for octavia healthmanager Amphora does report back it's status to Octavia healthmanager through octavia_health_manager_port. This outgoing traffic from Amphora must be allowed to show LB stats and operational_status. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017 Change-Id: Ib6b8547b69949f7af0ba0f7f436b4286d3baccb7 --- tasks/octavia_security_group.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tasks/octavia_security_group.yml b/tasks/octavia_security_group.yml index f8ed3d4b..a3134847 100644 --- a/tasks/octavia_security_group.yml +++ b/tasks/octavia_security_group.yml @@ -78,6 +78,29 @@ retries: 5 delay: 10 + - name: Create security group rule for healthmanager + openstack.cloud.security_group_rule: + auth: + auth_url: "{{ keystone_service_adminurl }}" + username: "{{ octavia_service_user_name }}" + password: "{{ octavia_service_password }}" + project_name: "{{ octavia_service_project_name }}" + user_domain_name: "{{ octavia_service_user_domain_id }}" + project_domain_name: "{{ octavia_service_project_domain_id }}" + state: present + security_group: "{{ octavia_security_group_name }}" + protocol: udp + port_range_min: "{{ octavia_health_manager_port }}" + port_range_max: "{{ octavia_health_manager_port }}" + remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}" + direction: egress + interface: admin + verify: "{{ not keystone_service_adminuri_insecure }}" + register: add_security_group_rule + until: add_security_group_rule is success + retries: 5 + delay: 10 + - name: Create security group rule for ssh openstack.cloud.security_group_rule: auth: