diff --git a/inventory/groups.yaml b/inventory/groups.yaml index a8f59ef383..8e8d183716 100644 --- a/inventory/groups.yaml +++ b/inventory/groups.yaml @@ -96,6 +96,8 @@ groups: - health*.open*.org kdc: - kdc[0-9]*.open*.org + kubernetes: + - opendev-k8s*.opendev.org logstash: - logstash[0-9]*.open*.org logstash-worker: diff --git a/inventory/openstack.yaml b/inventory/openstack.yaml index 368652aad9..f68a643d61 100644 --- a/inventory/openstack.yaml +++ b/inventory/openstack.yaml @@ -679,6 +679,36 @@ all: region_name: ca-ymq-1 public_v4: 162.253.55.16 public_v6: 2604:e100:1:0:f816:3eff:fe2c:7447 + opendev-k8s-master.opendev.org: + ansible_host: 38.108.68.20 + location: + cloud: openstackci-vexxhost + region_name: sjc1 + public_v4: 38.108.68.20 + opendev-k8s-1.opendev.org: + ansible_host: 38.108.68.70 + location: + cloud: openstackci-vexxhost + region_name: sjc1 + public_v4: 38.108.68.70 + opendev-k8s-2.opendev.org: + ansible_host: 38.108.68.91 + location: + cloud: openstackci-vexxhost + region_name: sjc1 + public_v4: 38.108.68.91 + opendev-k8s-3.opendev.org: + ansible_host: 38.108.68.72 + location: + cloud: openstackci-vexxhost + region_name: sjc1 + public_v4: 38.108.68.72 + opendev-k8s-4.opendev.org: + ansible_host: 38.108.68.125 + location: + cloud: openstackci-vexxhost + region_name: sjc1 + public_v4: 38.108.68.125 openstackid-dev.openstack.org: ansible_host: 2001:4800:7819:103:be76:4eff:fe05:3d location: diff --git a/playbooks/base.yaml b/playbooks/base.yaml index 6463c5e1d8..0be64f631c 100644 --- a/playbooks/base.yaml +++ b/playbooks/base.yaml @@ -13,8 +13,15 @@ - timezone - unbound - exim - - iptables + +# Do not run firewall rules on kubernetes hosts, they are managed by k8s-on-openstack. +# TODO(mordred) snmpd should be able to be re-added to kubernetes hosts but we will +# need to add cacti to sg-opendev-nodes and sg-opendev-master security groups first. +- hosts: "!disabled:!kubernetes" + name: "Base: set up firewall rules" + roles: - snmpd + - iptables - hosts: bridge.openstack.org:!disabled name: "Base: configure cloud credentials on bridge"