Fixing provisioning of separate etcd

playbooks/openstack/resources.py

@@ -49,7 +49,7 @@ def base_openshift_inventory(cluster_hosts):
                       if server.metadata['host-type'] == 'lb']
 
     # NOTE: everything that should go to the `[nodes]` group:
-    nodes = list(set(masters + etcd + infra_hosts + app + cns))
+    nodes = list(set(masters + infra_hosts + app + cns))
 
     # NOTE: all OpenShift nodes, including `[lb]`, `[nfs]`, etc.:
     osev3 = list(set(nodes + load_balancers))

roles/openshift_openstack/defaults/main.yml

@@ -14,6 +14,7 @@ openshift_openstack_use_provider_network: False
 openshift_openstack_stack_state: 'present'
 
 openshift_openstack_ssh_ingress_cidr: 0.0.0.0/0
+openshift_openstack_master_ingress_cidr: 0.0.0.0/0
 openshift_openstack_node_ingress_cidr: 0.0.0.0/0
 openshift_openstack_lb_ingress_cidr: 0.0.0.0/0
 openshift_openstack_num_etcd: 0
@@ -172,6 +173,11 @@ openshift_openstack_etcd_secgroup_rules:
   - direction: ingress
     protocol: tcp
     port_range_min: 2379
+    port_range_max: 2379
+    remote_ip_prefix: "{{ openshift_openstack_master_ingress_cidr }}"
+  - direction: ingress
+    protocol: tcp
+    port_range_min: 2380
     port_range_max: 2380
     remote_mode: remote_group_id
 openshift_openstack_node_secgroup_rules: