Merge pull request openshift#7552 from shiftstack/upi-ds

openshift-ci[bot] · web-flow · commit 5d0755fe9486 · 2023-10-24T18:29:38.000Z
openstack: dual stack UPI - create security group rules for IPv6
diff --git a/upi/openstack/inventory.yaml b/upi/openstack/inventory.yaml
@@ -6,6 +6,8 @@ all:
 
       # User-provided values
       os_subnet_range: '10.0.0.0/16'
+      # uncomment for dual stack
+      # os_subnet6_range: 'd2e:6f44:5dd8:c956::/64'
       os_flavor_master: 'm1.xlarge'
       os_flavor_worker: 'm1.large'
       os_image_rhcos: 'rhcos'
diff --git a/upi/openstack/security-groups.yaml b/upi/openstack/security-groups.yaml
@@ -70,6 +70,17 @@
       port_range_min: 6443
       port_range_max: 6443
 
+  - name: 'Create master-sg IPv6 rule "OpenShift API"'
+    openstack.cloud.security_group_rule:
+      security_group: "{{ os_sg_master }}"
+      ether_type: IPv6
+      protocol: tcp
+      port_range_min: 6443
+      port_range_max: 6443
+    when:
+    - os_subnet6_range is defined
+    - "{{ os_subnet6_range|ansible.utils.ipv6 }}"
+
   - name: 'Create master-sg rule "VXLAN"'
     openstack.cloud.security_group_rule:
       security_group: "{{ os_sg_master }}"
@@ -201,13 +212,35 @@
       port_range_min: 80
       port_range_max: 80
 
+  - name: 'Create worker-sg IPv6 rule "Ingress HTTP"'
+    openstack.cloud.security_group_rule:
+      security_group: "{{ os_sg_worker }}"
+      ether_type: IPv6
+      protocol: tcp
+      port_range_min: 80
+      port_range_max: 80
+    when:
+    - os_subnet6_range is defined
+    - "{{ os_subnet6_range|ansible.utils.ipv6 }}"
+
   - name: 'Create worker-sg rule "Ingress HTTPS"'
     openstack.cloud.security_group_rule:
       security_group: "{{ os_sg_worker }}"
       protocol: tcp
       port_range_min: 443
       port_range_max: 443
 
+  - name: 'Create worker-sg IPv6 rule "Ingress HTTPS"'
+    openstack.cloud.security_group_rule:
+      security_group: "{{ os_sg_worker }}"
+      ether_type: IPv6
+      protocol: tcp
+      port_range_min: 443
+      port_range_max: 443
+    when:
+    - os_subnet6_range is defined
+    - "{{ os_subnet6_range|ansible.utils.ipv6 }}"
+
   - name: 'Create worker-sg rule "router"'
     openstack.cloud.security_group_rule:
       security_group: "{{ os_sg_worker }}"
