| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
When using a bastion and a single master, use the lb-secgrp
to access UI port allowed from the ingress bastion node cidr.
For HA (masters>1), UI still should be accessed via
the LB node's ingress cidr, omitting the bastion.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
| |
Add openstack_private_network_name to filter by a wanted private
network.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* At the provisioning stage, allow users to auto-generate SSH config,
when using a static inventory.
* Run playbooks to provsion and post-provision as a separate, when
using a bastion. This re-applies the SSH config, which ansible can't
do on the fly.
* Support a pre-installed bastion node, colocated with the 1st infra
node.
* With a bastion enabled, reduce floating IP footprint to infra and
dns nodes only, effectively isolating a cluster in a private
network.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
|
|
|
| |
* Autogenerate SSH config for static inventory and bastion.
* When using bastion, use FQDN for inventory's ansible_host and SSH
config's Hostname. Simplifies accessing nodes by names instead of
private IPs.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
* Add the static-inventory role that configures the inventory/hosts
file by the given path, or creates it for you.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|