Whitelist the infra hosts

Add the infra hosts to the haproxy global whitelist. This is needed
so that these hosts can access the endpoints for nova metadata api
as well as the apt-cacher-ng endpoint.

Change-Id: I27eee08ab6f3b1e5ec3bd9afcebbabce181526ee
This commit is contained in:
Logan V 2019-03-16 17:58:21 -05:00
parent 3ec7258163
commit c742cb182a

View File

@ -2,7 +2,10 @@
# Allow control node physical hosts to contact metadata endpoint
# since the Neutron agents are no longer containerized.
# Additionally, this is required to whitelist the bare-metal hosts
# communication with the apt-cacher-ng endpoint
haproxy_metal_networks:
- "{{ cidr_networks.external }}"
haproxy_nova_metadata_whitelist_networks: "{{ haproxy_whitelist_networks +
haproxy_metal_networks }}"
haproxy_whitelist_networks: "{{
['192.168.0.0/16', '172.16.0.0/12', '10.0.0.0/8'] +
haproxy_metal_networks }}"