Ensure ocp is reachable from ocpbm before deploying

Since we now run the shifstack deployment using the reproducer by toggling `cifmw_deploy_architecture` we must ensure the iptables change we do is done before reaching the deployment step.
openstack-k8s-operators · Aug 1, 2024 · 1ae0913 · 1ae0913
1 parent ad0110d
commit 1ae0913
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 8 deletions.
diff --git a/reproducer.yml b/reproducer.yml
@@ -61,10 +61,3 @@
   roles:
     - role: ci_setup
     - role: reproducer
-
-  post_tasks:
-    - name: Allow traffic from OSP VMs to OSP API (needed for shiftstack)
-      become: true
-      when: cifmw_allow_vms_to_reach_osp_api | default ('false') | bool
-      ansible.builtin.command: # noqa: command-instead-of-module
-        cmd: iptables -I LIBVIRT_FWI 1 -o ocpbm -j ACCEPT
diff --git a/roles/libvirt_manager/tasks/generate_networking_data.yml b/roles/libvirt_manager/tasks/generate_networking_data.yml
@@ -287,3 +287,9 @@
 - name: Ensure dnsmasq is reloaded now
   ansible.builtin.meta: flush_handlers
 # END inject reserved IPs
+
+- name: Allow traffic from OSP VMs to OSP API (needed for shiftstack)
+  become: true
+  when: cifmw_libvirt_manager_allow_ocp_traffic | default ('false') | bool
+  ansible.builtin.command: # noqa: command-instead-of-module
+    cmd: iptables -I LIBVIRT_FWI 1 -o ocpbm -j ACCEPT
diff --git a/scenarios/reproducers/dt-osasinfra.yml b/scenarios/reproducers/dt-osasinfra.yml
@@ -38,7 +38,7 @@ cifmw_ceph_spec_public_network: "{{ cifmw_networking_definition.networks.ctlplan
 #
 # cifmw_deploy_architecture_stopper:
 
-cifmw_allow_vms_to_reach_osp_api: true
+cifmw_libvirt_manager_allow_ocp_traffic: true
 cifmw_networking_mapper_definition_patches_01:
   networks:
     tenant: