Open OpenStack security group for the service node port range

With OpenShift 3.2, creating a service accessible from the outside of the
cluster thanks to `nodePort` automatically opens the “local” `iptables`
firewall to allow incoming connection on the `nodePort` of the service.

In order to benefit from this improvement, the OpenStack security group
shouldn’t block those incoming connections.

This change opens, on the OS nodes, the port range dedicated to service
node ports.

1 files changed, 2 insertions, 0 deletions

diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml
index bc53a51b0..17063ef34 100644
--- a/playbooks/openstack/openshift-cluster/vars.yml
+++ b/playbooks/openstack/openshift-cluster/vars.yml
@@ -12,6 +12,8 @@ openstack_ssh_public_key:       "{{ lookup('file', lookup('oo_option', 'public_k
                                     default('~/.ssh/id_rsa.pub',             True)) }}"
 openstack_ssh_access_from:      "{{ lookup('oo_option', 'ssh_from')          |
                                     default('0.0.0.0/0',                     True) }}"
+openstack_node_port_access_from: "{{ lookup('oo_option', 'node_port_from')   |
+                                    default('0.0.0.0/0',                     True) }}"
 openstack_flavor:
   dns:    "{{ lookup('oo_option', 'dns_flavor'       ) | default('m1.small',  True) }}"
   etcd:   "{{ lookup('oo_option', 'etcd_flavor'      ) | default('m1.small',  True) }}"