Add security rule for octavia healthmanager

Amphora does report back it's status to Octavia healthmanager through octavia_health_manager_port. This outgoing traffic from Amphora must be allowed to show LB stats and operational_status. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017 Change-Id: Ib6b8547b69949f7af0ba0f7f436b4286d3baccb7
2023-10-04 12:56:41 +02:00 · 2023-10-04 12:56:41 +02:00 · ce5c701ab4
parent 3a7c5e6634
commit ce5c701ab4
1 changed files with 23 additions and 0 deletions
--- a/tasks/octavia_security_group.yml
+++ b/tasks/octavia_security_group.yml
@ -78,6 +78,29 @@
      retries: 5
      delay: 10

+    - name: Create security group rule for healthmanager
+      openstack.cloud.security_group_rule:
+        auth:
+          auth_url: "{{ keystone_service_adminurl }}"
+          username: "{{ octavia_service_user_name }}"
+          password: "{{ octavia_service_password }}"
+          project_name: "{{ octavia_service_project_name }}"
+          user_domain_name: "{{ octavia_service_user_domain_id }}"
+          project_domain_name: "{{ octavia_service_project_domain_id }}"
+        state: present
+        security_group: "{{ octavia_security_group_name }}"
+        protocol: udp
+        port_range_min: "{{ octavia_health_manager_port }}"
+        port_range_max: "{{ octavia_health_manager_port }}"
+        remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}"
+        direction: egress
+        interface: admin
+        verify: "{{ not keystone_service_adminuri_insecure }}"
+      register: add_security_group_rule
+      until: add_security_group_rule is success
+      retries: 5
+      delay: 10
+
    - name: Create security group rule for ssh
      openstack.cloud.security_group_rule:
        auth: