Open the firewall port for the buildset registry

This is unecessary on v4 due to the way docker munges forwarding rules, but let's do it anyway for consistency and future-proofing. It does appear to be necessary for ipv6. Change-Id: I8ebb8352049aea7eabcc88ef9e016e41a90bff6c
2019-04-25 10:31:55 -07:00 · 2019-04-25 10:31:55 -07:00 · b3e579712e
commit b3e579712e
parent c9f558b14b
1 changed files with 20 additions and 0 deletions
--- a/playbooks/buildset-registry/pre.yaml
+++ b/playbooks/buildset-registry/pre.yaml
@ -3,6 +3,26 @@
    - name: Install docker
      include_role:
        name: install-docker
+    - name: Open the IPv4 port for the buildset registry
+      iptables:
+        action: insert
+        chain: openstack-INPUT
+        destination_port: 5000
+        jump: ACCEPT
+        match: tcp
+        ctstate: NEW
+        protocol: tcp
+        ip_version: ipv4
+    - name: Open the IPv6 port for the buildset registry
+      iptables:
+        action: insert
+        chain: openstack-INPUT
+        destination_port: 5000
+        jump: ACCEPT
+        match: tcp
+        ctstate: NEW
+        protocol: tcp
+        ip_version: ipv6
    - name: Run buildset registry (if not already running)
      when: buildset_registry is not defined
      include_role: