Add http/https SG rules to master SG when three nodes install

When install OCP with only 3 master nodes, ingress operator will be run on master nodes, which require TCP 80/443 SG rules. And set master nodes schedulable. Signed-off-by: Huang Rui <[email protected]>
IBM · May 30, 2023 · fd8129b · fd8129b
1 parent ef523f4
commit fd8129b
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/...provisioning/cloud_infra_center/ocp_upi/roles/configure-install-manifests/tasks/main.yaml b/...provisioning/cloud_infra_center/ocp_upi/roles/configure-install-manifests/tasks/main.yaml
@@ -22,3 +22,4 @@
   ansible.builtin.script: tools/make-control-plane-unschedulable.py
   args:
     executable: python3
+  when: os_compute_nodes_number > 0
diff --git a/...a_provisioning/cloud_infra_center/ocp_upi/roles/configure-security-groups/tasks/main.yaml b/...a_provisioning/cloud_infra_center/ocp_upi/roles/configure-security-groups/tasks/main.yaml
@@ -189,6 +189,21 @@
     protocol: '112'
     remote_ip_prefix: "{{ sunbet_range.stdout_lines[0] }}"
 
+- name: 'Create master-sg rule "Ingress HTTP"'
+  openstack.cloud.security_group_rule:
+    security_group: "{{ os_sg_master }}"
+    protocol: tcp
+    port_range_min: 80
+    port_range_max: 80
+  when: os_compute_nodes_number == 0
+
+- name: 'Create master-sg rule "Ingress HTTPS"'
+  openstack.cloud.security_group_rule:
+    security_group: "{{ os_sg_master }}"
+    protocol: tcp
+    port_range_min: 443
+    port_range_max: 443
+  when: os_compute_nodes_number == 0
 
 - name: 'Create worker-sg rule "ICMP"'
   openstack.cloud.security_group_rule: