Browse Source

Whitelist the infra hosts

Add the infra hosts to the haproxy global whitelist. This is needed
so that these hosts can access the endpoints for nova metadata api
as well as the apt-cacher-ng endpoint.

Change-Id: I27eee08ab6f3b1e5ec3bd9afcebbabce181526ee
Logan V 1 month ago
parent
commit
c742cb182a
1 changed files with 5 additions and 2 deletions
  1. 5
    2
      openstack_deploy/group_vars/haproxy.yml

+ 5
- 2
openstack_deploy/group_vars/haproxy.yml View File

@@ -2,7 +2,10 @@
2 2
 
3 3
 # Allow control node physical hosts to contact metadata endpoint
4 4
 # since the Neutron agents are no longer containerized.
5
+# Additionally, this is required to whitelist the bare-metal hosts
6
+# communication with the apt-cacher-ng endpoint
5 7
 haproxy_metal_networks:
6 8
   - "{{ cidr_networks.external }}"
7
-haproxy_nova_metadata_whitelist_networks: "{{ haproxy_whitelist_networks +
8
-                                              haproxy_metal_networks }}"
9
+haproxy_whitelist_networks: "{{
10
+  ['192.168.0.0/16', '172.16.0.0/12', '10.0.0.0/8'] +
11
+  haproxy_metal_networks }}"

Loading…
Cancel
Save