# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- # OMNIA_UKP_US_VFKP_TC_007 # Execute k8s_firewalld role in manager and compute nodes with os installed centos 7.9 - name: OMNIA_UKP_US_VFKP_TC_007 hosts: manager, compute gather_facts: false vars_files: - test_vars/test_k8s_firewalld_vars.yml - ../roles/k8s_firewalld/vars/main.yml tasks: - block: - name: Call k8s_firewalld role include_role: name: ../roles/k8s_firewalld tags: TC_007 - name: Start and enable firewalld service: name: firewalld state: started enabled: yes tags: TC_007, VERIFY_007 - name: Checking firewalld open ports on manager node command: firewall-cmd --list-ports register: manager_firewalld_ports when: "'manager' in group_names" tags: TC_007, VERIFY_007 - name: Checking firewalld open ports on compute node command: firewall-cmd --list-ports register: compute_firewalld_ports when: "'compute' in group_names" tags: TC_007, VERIFY_007 - name: Validating K8s port on manager node assert: that: - "'6443' in manager_firewalld_ports.stdout" - "'2379-2380' in manager_firewalld_ports.stdout" - "'10250' in manager_firewalld_ports.stdout" - "'10251' in manager_firewalld_ports.stdout" - "'10252' in manager_firewalld_ports.stdout" fail_msg: "{{ manager_k8s_ports_status_fail_msg }}" success_msg: "{{ manager_k8s_ports_status_success_msg }}" when: "'manager' in group_names" tags: TC_007, VERIFY_007 - name: Validating K8s port on compute node assert: that: - "'10250' in compute_firewalld_ports.stdout" - "'30000-32767' in compute_firewalld_ports.stdout" fail_msg: "{{ compute_k8s_ports_status_fail_msg }}" success_msg: "{{ compute_k8s_ports_status_success_msg }}" when: "'compute' in group_names" tags: TC_007, VERIFY_007 - name: Validating Calico udp/tcp ports on manager nodes assert: that: - "'4789' in manager_firewalld_ports.stdout" - "'5473' in manager_firewalld_ports.stdout" - "'179' in manager_firewalld_ports.stdout" fail_msg: "{{ calico_ports_manager_fail_msg }}" success_msg: "{{ calico_ports_manager_success_msg }}" when: "k8s_cni == 'calico' and 'manager' in group_names" tags: TC_007, VERIFY_007 - name: Validating Calico udp/tcp ports on compute nodes assert: that: - "'4789' in compute_firewalld_ports.stdout" - "'5473' in compute_firewalld_ports.stdout" - "'179' in compute_firewalld_ports.stdout" fail_msg: "{{ calico_ports_compute_fail_msg }}" success_msg: "{{ calico_ports_compute_success_msg }}" when: "k8s_cni == 'calico' and 'compute' in group_names" tags: TC_007, VERIFY_007 - name: Validating Flannel ports on manager nodes assert: that: - "'8285' in manager_firewalld_ports.stdout" - "'8472' in manager_firewalld_ports.stdout" fail_msg: "{{ flannel_ports_manager_fail_msg }}" success_msg: "{{ flannel_ports_manager_success_msg }}" when: "k8s_cni == 'flannel' and 'manager' in group_names" tags: TC_007, VERIFY_007 - name: Validating Flannel ports on compute nodes assert: that: - "'8285' in compute_firewalld_ports.stdout" - "'8472' in compute_firewalld_ports.stdout" fail_msg: "{{ flannel_ports_compute_fail_msg }}" success_msg: "{{ flannel_ports_compute_success_msg }}" when: "k8s_cni == 'flannel' and 'compute' in group_names" tags: TC_007, VERIFY_007 - name: Stop and disable firewalld service: name: firewalld state: stopped enabled: no tags: TC_007, VERIFY_007 # OMNIA_UKP_US_VFKP_TC_008 # Execute k8s_firewalld role in manager and compute nodes with K8s ports already opened - name: OMNIA_UKP_US_VFKP_TC_008 hosts: manager, compute gather_facts: false vars_files: - test_vars/test_k8s_firewalld_vars.yml - ../roles/k8s_firewalld/vars/main.yml tasks: - block: - name: Call k8s_firewalld role include_role: name: ../roles/k8s_firewalld tags: TC_008 - name: Start and enable firewalld service: name: firewalld state: started enabled: yes tags: TC_008, VERIFY_008 - name: Checking firewalld open ports on manager node command: firewall-cmd --list-ports register: manager_firewalld_ports when: "'manager' in group_names" tags: TC_008, VERIFY_008 - name: Checking firewalld open ports on compute node command: firewall-cmd --list-ports register: compute_firewalld_ports when: "'compute' in group_names" tags: TC_008, VERIFY_008 - name: Validating K8s port on manager node assert: that: - "'6443' in manager_firewalld_ports.stdout" - "'2379-2380' in manager_firewalld_ports.stdout" - "'10250' in manager_firewalld_ports.stdout" - "'10251' in manager_firewalld_ports.stdout" - "'10252' in manager_firewalld_ports.stdout" fail_msg: "{{ manager_k8s_ports_status_fail_msg }}" success_msg: "{{ manager_k8s_ports_status_success_msg }}" when: "'manager' in group_names" tags: TC_008, VERIFY_008 - name: Validating K8s port on compute node assert: that: - "'10250' in compute_firewalld_ports.stdout" - "'30000-32767' in compute_firewalld_ports.stdout" fail_msg: "{{ compute_k8s_ports_status_fail_msg }}" success_msg: "{{ compute_k8s_ports_status_success_msg }}" when: "'compute' in group_names" tags: TC_008, VERIFY_008 - name: Validating Calico udp/tcp ports on manager nodes assert: that: - "'4789' in manager_firewalld_ports.stdout" - "'5473' in manager_firewalld_ports.stdout" - "'179' in manager_firewalld_ports.stdout" fail_msg: "{{ calico_ports_manager_fail_msg }}" success_msg: "{{ calico_ports_manager_success_msg }}" when: "k8s_cni == 'calico' and 'manager' in group_names" tags: TC_008, VERIFY_008 - name: Validating Calico udp/tcp ports on compute nodes assert: that: - "'4789' in compute_firewalld_ports.stdout" - "'5473' in compute_firewalld_ports.stdout" - "'179' in compute_firewalld_ports.stdout" fail_msg: "{{ calico_ports_compute_fail_msg }}" success_msg: "{{ calico_ports_compute_success_msg }}" when: "k8s_cni == 'calico' and 'compute' in group_names" tags: TC_008, VERIFY_008 - name: Validating Flannel ports on manager nodes assert: that: - "'8285' in manager_firewalld_ports.stdout" - "'8472' in manager_firewalld_ports.stdout" fail_msg: "{{ flannel_ports_manager_fail_msg }}" success_msg: "{{ flannel_ports_manager_success_msg }}" when: "k8s_cni == 'flannel' and 'manager' in group_names" tags: TC_008, VERIFY_008 - name: Validating Flannel ports on compute nodes assert: that: - "'8285' in compute_firewalld_ports.stdout" - "'8472' in compute_firewalld_ports.stdout" fail_msg: "{{ flannel_ports_compute_fail_msg }}" success_msg: "{{ flannel_ports_compute_success_msg }}" when: "k8s_cni == 'flannel' and 'compute' in group_names" tags: TC_008, VERIFY_008 - name: Stop and disable firewalld service: name: firewalld state: stopped enabled: no tags: TC_008, VERIFY_008