Last active
August 29, 2015 14:01
-
-
Save carsongee/b63e08df1133ed1a4629 to your computer and use it in GitHub Desktop.
OpenStack Network Playbook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Creates Networks, subnets, security groups, etc. | |
| - name: Create networks | |
| hosts: localhost | |
| gather_facts: False | |
| pre_tasks: | |
| - include_vars: "{{ playbook_dir }}/environments/{{ env }}.yml" | |
| - name: Create network | |
| local_action: | |
| module: quantum_network | |
| auth_url: "{{ os_auth_url }}" | |
| login_tenant_name: "{{ os_tenant_name }}" | |
| login_username: "{{ os_login_user }}" | |
| login_password: "{{ os_login_password }}" | |
| router_external: false | |
| state: present | |
| name: "{{ env }}-network" | |
| register: os_net | |
| tags: vpc | |
| - name: Create subnets | |
| local_action: | |
| module: quantum_subnet | |
| auth_url: "{{ os_auth_url }}" | |
| login_tenant_name: "{{ os_tenant_name }}" | |
| login_username: "{{ os_login_user }}" | |
| login_password: "{{ os_login_password }}" | |
| network_name: "{{ env }}-network" | |
| dns_nameservers: "{{ dns_nameservers }}" | |
| cidr: "{{ vpc_cidr_top }}{{ item.net }}" | |
| name: "{{ item.name }}" | |
| with_items: | |
| - net: "254.0/24" | |
| name: "Admin {{ env }}" | |
| - net: "0.0/23" | |
| name: "Load Balancers {{ env }}" | |
| - net: "16.0/23" | |
| name: "Application servers {{ env }}" | |
| - net: "128.0/22" | |
| name: "Common cluster {{ env }}" | |
| tags: vpc | |
| - name: Create router | |
| local_action: | |
| module: quantum_router | |
| auth_url: "{{ os_auth_url }}" | |
| login_tenant_name: "{{ os_tenant_name }}" | |
| login_username: "{{ os_login_user }}" | |
| login_password: "{{ os_login_password }}" | |
| name: "{{ env }}-router" | |
| tags: vpc | |
| - name: Create router gateway | |
| local_action: | |
| module: quantum_router_gateway | |
| auth_url: "{{ os_auth_url }}" | |
| login_tenant_name: "{{ os_tenant_name }}" | |
| login_username: "{{ os_login_user }}" | |
| login_password: "{{ os_login_password }}" | |
| router_name: "{{ env }}-router" | |
| network_name: "external.network" | |
| tags: vpc | |
| - name: Create router interaces | |
| local_action: | |
| module: quantum_router_interface | |
| auth_url: "{{ os_auth_url }}" | |
| login_tenant_name: "{{ os_tenant_name }}" | |
| login_username: "{{ os_login_user }}" | |
| login_password: "{{ os_login_password }}" | |
| router_name: "{{ env }}-router" | |
| subnet_name: "{{ item }}" | |
| with_items: | |
| - "Admin {{ env }}" | |
| - "Load Balancers {{ env }}" | |
| - "Application servers {{ env }}" | |
| - "Common cluster {{ env }}" | |
| tags: vpc | |
| - name: Create sshonly group | |
| local_action: | |
| module: ec2_group | |
| name: "ssh_only_{{ env }}" | |
| description: Allows SSH from everywhere only | |
| rules: | |
| - proto: tcp | |
| from_port: 22 | |
| to_port: 22 | |
| cidr_ip: 0.0.0.0/0 | |
| - proto: tcp # ansible accelerate port | |
| from_port: 5099 | |
| to_port: 5099 | |
| cidr_ip: 0.0.0.0/0 | |
| register: ssh_only | |
| tags: vpc | |
| - name: Create snmpd group | |
| local_action: | |
| module: ec2_group | |
| name: "snmpd_monitor_{{ env }}" | |
| description: Allows SNMP and ICMP from monitoring machine | |
| rules: | |
| - proto: udp | |
| from_port: 161 | |
| to_port: 161 | |
| cidr_ip: "{{ vpc_monitor_server }}" | |
| - proto: tcp | |
| from_port: 8000 | |
| to_port: 8200 | |
| cidr_ip: "{{ vpc_monitor_server }}" | |
| - proto: tcp | |
| from_port: 27017 | |
| to_port: 27017 | |
| cidr_ip: "{{ vpc_monitor_server }}" | |
| - proto: tcp | |
| from_port: 5672 | |
| to_port: 5672 | |
| cidr_ip: "{{ vpc_monitor_server }}" | |
| - proto: tcp | |
| from_port: 4567 | |
| to_port: 4567 | |
| cidr_ip: "{{ vpc_monitor_server }}" | |
| - proto: icmp | |
| from_port: -1 | |
| to_port: -1 | |
| cidr_ip: "{{ vpc_monitor_server }}" | |
| register: snmpd_monitor | |
| tags: vpc | |
| - name: Create RDS Group | |
| local_action: | |
| module: ec2_group | |
| name: "rds_access_{{ env }}" | |
| description: Allows Access to RDS | |
| rules: | |
| - proto: tcp | |
| from_port: 3306 | |
| to_port: 3306 | |
| cidr_ip: "{{ vpc_cidr_top }}254.0/24" | |
| - proto: tcp | |
| from_port: 3306 | |
| to_port: 3306 | |
| cidr_ip: "{{ vpc_cidr_top }}16.0/23" | |
| - proto: tcp | |
| from_port: 3306 | |
| to_port: 3306 | |
| cidr_ip: "{{ vpc_cidr_top }}128.0/22" | |
| register: rds_access | |
| tags: vpc | |
| - name: load balancer group | |
| local_action: | |
| module: ec2_group | |
| name: "load_balancer_{{ env }}" | |
| description: Allows Web from everywhere | |
| rules: | |
| - proto: tcp | |
| from_port: 443 | |
| to_port: 443 | |
| cidr_ip: 0.0.0.0/0 | |
| - proto: tcp | |
| from_port: 80 | |
| to_port: 80 | |
| cidr_ip: 0.0.0.0/0 | |
| register: load_balancer_group | |
| tags: vpc | |
| - name: Create mongo group | |
| local_action: | |
| module: ec2_group | |
| name: "mongo_{{ env }}" | |
| description: Allows access to mongo from data, app, and admin | |
| rules: | |
| - proto: tcp | |
| from_port: 27017 | |
| to_port: 27017 | |
| cidr_ip: "{{ vpc_cidr_top }}254.0/24" | |
| - proto: tcp | |
| from_port: 28017 | |
| to_port: 28017 | |
| cidr_ip: "{{ vpc_cidr_top }}254.0/24" | |
| - proto: tcp | |
| from_port: 27017 | |
| to_port: 27017 | |
| cidr_ip: "{{ vpc_cidr_top }}16.0/23" | |
| - proto: tcp | |
| from_port: 28017 | |
| to_port: 28017 | |
| cidr_ip: "{{ vpc_cidr_top }}16.0/23" | |
| - proto: tcp | |
| from_port: 27017 | |
| to_port: 27017 | |
| cidr_ip: "{{ vpc_cidr_top }}128.0/22" | |
| - proto: tcp | |
| from_port: 28017 | |
| to_port: 28017 | |
| cidr_ip: "{{ vpc_cidr_top }}128.0/22" | |
| register: mongo_group | |
| tags: vpc | |
| - name: rabbit mq group | |
| local_action: | |
| module: ec2_group | |
| name: "rabbitmq_{{ env }}" | |
| description: Allows access to rabbit from data, app, and admin | |
| rules: | |
| - proto: tcp | |
| from_port: 5672 | |
| to_port: 5672 | |
| cidr_ip: "{{ vpc_cidr_top }}254.0/24" | |
| - proto: tcp | |
| from_port: 5672 | |
| to_port: 5672 | |
| cidr_ip: "{{ vpc_cidr_top }}16.0/23" | |
| - proto: tcp | |
| from_port: 5672 | |
| to_port: 5672 | |
| cidr_ip: "{{ vpc_cidr_top }}128.0/22" | |
| - proto: tcp | |
| from_port: 15672 | |
| to_port: 15672 | |
| cidr_ip: "{{ vpc_cidr_top }}254.0/24" | |
| - proto: tcp | |
| from_port: 4369 | |
| to_port: 4369 | |
| cidr_ip: "{{ vpc_cidr_top }}128.0/22" | |
| - proto: tcp | |
| from_port: 4369 | |
| to_port: 4369 | |
| cidr_ip: "{{ vpc_cidr_top }}254.0/24" | |
| - proto: tcp | |
| from_port: 35197 | |
| to_port: 35197 | |
| cidr_ip: "{{ vpc_cidr_top }}128.0/22" | |
| register: rabbitmq_group | |
| tags: vpc | |
| - name: Create app group | |
| local_action: | |
| module: ec2_group | |
| name: "apps_{{ env }}" | |
| description: Allows access from the load balancers to app servers | |
| rules: | |
| # cms_app_port, lms_app_port, lms_xml_app_port lms_preview_app_port | |
| - proto: tcp | |
| from_port: 8000 | |
| to_port: 8100 | |
| cidr_ip: "{{ vpc_cidr_top }}0.0/23" | |
| - proto: tcp | |
| from_port: 8000 | |
| to_port: 8100 | |
| cidr_ip: "{{ vpc_cidr_top }}254.0/24" | |
| - proto: tcp | |
| from_port: 8000 | |
| to_port: 8200 | |
| cidr_ip: "{{ vpc_cidr_top }}16.0/23" | |
| register: apps_group | |
| tags: vpc | |
| - name: Create gluster group | |
| local_action: | |
| module: ec2_group | |
| name: "gluster_{{ env }}" | |
| description: Gluster port access among members | |
| rules: | |
| - proto: tcp | |
| from_port: 24007 | |
| to_port: 24100 | |
| cidr_ip: "{{ vpc_cidr_top }}0.0/19" | |
| - proto: tcp | |
| from_port: 34865 | |
| to_port: 34867 | |
| cidr_ip: "{{ vpc_cidr_top }}0.0/19" | |
| - proto: udp | |
| from_port: 111 | |
| to_port: 111 | |
| cidr_ip: "{{ vpc_cidr_top }}0.0/19" | |
| - proto: tcp | |
| from_port: 111 | |
| to_port: 111 | |
| cidr_ip: "{{ vpc_cidr_top }}0.0/19" | |
| - proto: tcp | |
| from_port: 24007 | |
| to_port: 24100 | |
| cidr_ip: "{{ vpc_cidr_top }}254.0/24" | |
| - proto: tcp | |
| from_port: 34865 | |
| to_port: 34867 | |
| cidr_ip: "{{ vpc_cidr_top }}254.0/24" | |
| - proto: udp | |
| from_port: 111 | |
| to_port: 111 | |
| cidr_ip: "{{ vpc_cidr_top }}254.0/24" | |
| - proto: tcp | |
| from_port: 111 | |
| to_port: 111 | |
| cidr_ip: "{{ vpc_cidr_top }}254.0/24" | |
| register: gluster_group | |
| tags: vpc | |
| - name: Create syslog group | |
| local_action: | |
| module: ec2_group | |
| name: "syslog_{{ env }}" | |
| description: Syslog elastic search and logstash | |
| rules: | |
| - proto: tcp | |
| from_port: 514 | |
| to_port: 514 | |
| cidr_ip: "{{ vpc_cidr_top }}0.0/16" | |
| - proto: udp | |
| from_port: 514 | |
| to_port: 514 | |
| cidr_ip: "{{ vpc_cidr_top }}0.0/16" | |
| register: syslog_group | |
| tags: vpc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment