5 files changed, 38 insertions, 22 deletions

diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
index 2d0098784..458cf5ac7 100644
--- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
@@ -42,6 +42,12 @@ parameters:
     description: Source of legitimate ssh connections
     default: 0.0.0.0/0
 
+  node_port_incoming:
+    type: string
+    label: Source of node port connections
+    description: Authorized sources targetting node ports
+    default: 0.0.0.0/0
+
   num_etcd:
     type: number
     label: Number of etcd nodes
@@ -393,6 +399,11 @@ resources:
           port_range_min: 4789
           port_range_max: 4789
           remote_mode: remote_group_id
+        - direction: ingress
+          protocol: tcp
+          port_range_min: 30000
+          port_range_max: 32767
+          remote_ip_prefix: { get_param: node_port_incoming }
 
   infra-secgrp:
     type: OS::Neutron::SecurityGroup
diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml
index b9aae2f4c..5cf543204 100644
--- a/playbooks/openstack/openshift-cluster/launch.yml
+++ b/playbooks/openstack/openshift-cluster/launch.yml
@@ -33,6 +33,7 @@
              -P external_net={{ openstack_network_external_net }}
              -P ssh_public_key="{{ openstack_ssh_public_key }}"
              -P ssh_incoming={{ openstack_ssh_access_from }}
+             -P node_port_incoming={{ openstack_node_port_access_from }}
              -P num_etcd={{ num_etcd }}
              -P num_masters={{ num_masters }}
              -P num_nodes={{ num_nodes }}
@@ -48,6 +49,8 @@
              -P infra_flavor={{ openstack_flavor["infra"] }}
              -P dns_flavor={{ openstack_flavor["dns"] }}
              openshift-ansible-{{ cluster_id }}-stack'
+    args:
+      chdir: '{{ playbook_dir }}'
 
   - name: Wait for OpenStack Stack readiness
     shell: 'heat stack-show openshift-ansible-{{ cluster_id }}-stack | awk ''$2 == "stack_status" {print $4}'''
@@ -107,9 +110,9 @@
       openshift_node_labels:
         type: "etcd"
     with_together:
-      - parsed_outputs.etcd_names
-      - parsed_outputs.etcd_ips
-      - parsed_outputs.etcd_floating_ips
+      - '{{ parsed_outputs.etcd_names }}'
+      - '{{ parsed_outputs.etcd_ips }}'
+      - '{{ parsed_outputs.etcd_floating_ips }}'
 
   - name: Add new master instances groups and variables
     add_host:
@@ -121,9 +124,9 @@
       openshift_node_labels:
         type: "master"
     with_together:
-      - parsed_outputs.master_names
-      - parsed_outputs.master_ips
-      - parsed_outputs.master_floating_ips
+      - '{{ parsed_outputs.master_names }}'
+      - '{{ parsed_outputs.master_ips }}'
+      - '{{ parsed_outputs.master_floating_ips }}'
 
   - name: Add new node instances groups and variables
     add_host:
@@ -135,9 +138,9 @@
       openshift_node_labels:
         type: "compute"
     with_together:
-      - parsed_outputs.node_names
-      - parsed_outputs.node_ips
-      - parsed_outputs.node_floating_ips
+      - '{{ parsed_outputs.node_names }}'
+      - '{{ parsed_outputs.node_ips }}'
+      - '{{ parsed_outputs.node_floating_ips }}'
 
   - name: Add new infra instances groups and variables
     add_host:
@@ -149,9 +152,9 @@
       openshift_node_labels:
         type: "infra"
     with_together:
-      - parsed_outputs.infra_names
-      - parsed_outputs.infra_ips
-      - parsed_outputs.infra_floating_ips
+      - '{{ parsed_outputs.infra_names }}'
+      - '{{ parsed_outputs.infra_ips }}'
+      - '{{ parsed_outputs.infra_floating_ips }}'
 
   - name: Add DNS groups and variables
     add_host:
@@ -166,10 +169,10 @@
       host: '{{ item }}'
       port: 22
     with_flattened:
-      - parsed_outputs.master_floating_ips
-      - parsed_outputs.node_floating_ips
-      - parsed_outputs.infra_floating_ips
-      - parsed_outputs.dns_floating_ip
+      - '{{ parsed_outputs.master_floating_ips }}'
+      - '{{ parsed_outputs.node_floating_ips }}'
+      - '{{ parsed_outputs.infra_floating_ips }}'
+      - '{{ parsed_outputs.dns_floating_ip }}'
 
   - name: Wait for user setup
     command: 'ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null {{ deployment_vars[deployment_type].ssh_user }}@{{ item }} echo {{ deployment_vars[deployment_type].ssh_user }} user is setup'
@@ -178,10 +181,10 @@
     retries: 30
     delay: 1
     with_flattened:
-      - parsed_outputs.master_floating_ips
-      - parsed_outputs.node_floating_ips
-      - parsed_outputs.infra_floating_ips
-      - parsed_outputs.dns_floating_ip
+      - '{{ parsed_outputs.master_floating_ips }}'
+      - '{{ parsed_outputs.node_floating_ips }}'
+      - '{{ parsed_outputs.infra_floating_ips }}'
+      - '{{ parsed_outputs.dns_floating_ip }}'
 
 - include: update.yml
 
diff --git a/playbooks/openstack/openshift-cluster/list.yml b/playbooks/openstack/openshift-cluster/list.yml
index ba9c6bf9c..60372e262 100644
--- a/playbooks/openstack/openshift-cluster/list.yml
+++ b/playbooks/openstack/openshift-cluster/list.yml
@@ -17,7 +17,7 @@
       ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
       ansible_ssh_host: "{{ hostvars[item].ansible_ssh_host | default(item) }}"
       ansible_become: "{{ deployment_vars[deployment_type].become }}"
-    with_items: groups[scratch_group] | default([]) | difference(['localhost'])
+    with_items: "{{ groups[scratch_group] | default([]) | difference(['localhost']) }}"
 
 - name: List Hosts
   hosts: oo_list_hosts
diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml
index 5bd8476f1..980ab7337 100644
--- a/playbooks/openstack/openshift-cluster/terminate.yml
+++ b/playbooks/openstack/openshift-cluster/terminate.yml
@@ -11,7 +11,7 @@
       groups: oo_hosts_to_terminate
       ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
       ansible_become: "{{ deployment_vars[deployment_type].become }}"
-    with_items: (groups['tag_environment_' ~ cluster_env]|default([])) | intersect(groups['tag_clusterid_' ~ cluster_id ]|default([]))
+    with_items: "{{ (groups['tag_environment_' ~ cluster_env]|default([])) | intersect(groups['tag_clusterid_' ~ cluster_id ]|default([])) }}"
 
 - name: Unsubscribe VMs
   hosts: oo_hosts_to_terminate
diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml
index bc53a51b0..17063ef34 100644
--- a/playbooks/openstack/openshift-cluster/vars.yml
+++ b/playbooks/openstack/openshift-cluster/vars.yml
@@ -12,6 +12,8 @@ openstack_ssh_public_key:       "{{ lookup('file', lookup('oo_option', 'public_k
                                     default('~/.ssh/id_rsa.pub',             True)) }}"
 openstack_ssh_access_from:      "{{ lookup('oo_option', 'ssh_from')          |
                                     default('0.0.0.0/0',                     True) }}"
+openstack_node_port_access_from: "{{ lookup('oo_option', 'node_port_from')   |
+                                    default('0.0.0.0/0',                     True) }}"
 openstack_flavor:
   dns:    "{{ lookup('oo_option', 'dns_flavor'       ) | default('m1.small',  True) }}"
   etcd:   "{{ lookup('oo_option', 'etcd_flavor'      ) | default('m1.small',  True) }}"