summaryrefslogtreecommitdiffstats
path: root/roles/openstack-stack
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openstack-stack')
-rw-r--r--roles/openstack-stack/defaults/main.yml1
-rw-r--r--roles/openstack-stack/templates/heat_stack.yaml.j220
2 files changed, 16 insertions, 5 deletions
diff --git a/roles/openstack-stack/defaults/main.yml b/roles/openstack-stack/defaults/main.yml
index 803a96389..c8529612e 100644
--- a/roles/openstack-stack/defaults/main.yml
+++ b/roles/openstack-stack/defaults/main.yml
@@ -13,3 +13,4 @@ num_infra: 1
nodes_to_remove: []
etcd_volume_size: 2
use_bastion: False
+ui_ssh_tunnel: False
diff --git a/roles/openstack-stack/templates/heat_stack.yaml.j2 b/roles/openstack-stack/templates/heat_stack.yaml.j2
index c41bf15be..a670ff0e3 100644
--- a/roles/openstack-stack/templates/heat_stack.yaml.j2
+++ b/roles/openstack-stack/templates/heat_stack.yaml.j2
@@ -439,7 +439,7 @@ resources:
port_range_min: 53
port_range_max: 53
remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
-{% if num_masters > 1 %}
+{% if num_masters > 1 or ui_ssh_tunnel|bool %}
lb-secgrp:
type: OS::Neutron::SecurityGroup
properties:
@@ -450,14 +450,21 @@ resources:
protocol: tcp
port_range_min: {{ openshift_master_api_port | default(8443) }}
port_range_max: {{ openshift_master_api_port | default(8443) }}
- remote_ip_prefix: {{ lb_ingress_cidr }}
- {% if openshift_master_console_port is defined and openshift_master_console_port != openshift_master_api_port %}
+ remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }}
+{% if ui_ssh_tunnel|bool %}
+ - direction: ingress
+ protocol: tcp
+ port_range_min: {{ openshift_master_api_port | default(8443) }}
+ port_range_max: {{ openshift_master_api_port | default(8443) }}
+ remote_ip_prefix: {{ ssh_ingress_cidr }}
+{% endif %}
+{% if openshift_master_console_port is defined and openshift_master_console_port != openshift_master_api_port %}
- direction: ingress
protocol: tcp
port_range_min: {{ openshift_master_console_port | default(8443) }}
port_range_max: {{ openshift_master_console_port | default(8443) }}
- remote_ip_prefix: {{ lb_ingress_cidr }}
- {% endif %}
+ remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }}
+{% endif %}
{% endif %}
etcd:
@@ -696,6 +703,9 @@ resources:
{% else %}
- { get_resource: node-secgrp }
{% endif %}
+{% if ui_ssh_tunnel|bool and num_masters < 2 %}
+ - { get_resource: lb-secgrp }
+{% endif %}
- { get_resource: infra-secgrp }
- { get_resource: common-secgrp }
floating_network: {{ external_network }}