openstack/devstack
Code Issues Proposed changes

Add iptables rule for Ironic VMs -> Swift

Browse Source 
The agent ramdisk gets instance images from swift, set firewall
rules to allow this.

Also configure Ironic API port using the correct variable, and
use SWIFT_DEFAULT_BIND_PORT for Swift ports everywhere.

Change-Id: Ieec8cc64e504b04a21daa49e90e2d4925f4838ee
This commit is contained in:
Jim Rollenhagen
2014-10-29 14:15:22 -07:00
parent 483940350e
commit 74b28bc43b
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/ironic
View File

@@ -279,7 +279,7 @@ function configure_ironic_conductor {
else else
die $LINENO "SWIFT_ENABLE_TEMPURLS must be True to use agent_ssh driver in Ironic." die $LINENO "SWIFT_ENABLE_TEMPURLS must be True to use agent_ssh driver in Ironic."
fi fi
iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:8080 iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:${SWIFT_DEFAULT_BIND_PORT:-8080}
iniset $IRONIC_CONF_FILE glance swift_api_version v1 iniset $IRONIC_CONF_FILE glance swift_api_version v1
local tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME) local tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME)
iniset $IRONIC_CONF_FILE glance swift_account AUTH_${tenant_id} iniset $IRONIC_CONF_FILE glance swift_account AUTH_${tenant_id}
@@ -523,7 +523,11 @@ function configure_iptables {
sudo modprobe nf_nat_tftp sudo modprobe nf_nat_tftp
# nodes boot from TFTP and callback to the API server listening on $HOST_IP # nodes boot from TFTP and callback to the API server listening on $HOST_IP
sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 6385 -j ACCEPT || true sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_HOSTPORT -j ACCEPT || true
if [ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]; then
# agent ramdisk gets instance image from swift
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true
fi
} }
function configure_tftpd { function configure_tftpd {
@@ -678,6 +682,10 @@ function cleanup_baremetal_basic_ops {
restart_service xinetd restart_service xinetd
sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
sudo iptables -D INPUT -d $HOST_IP -p tcp --dport 6385 -j ACCEPT || true sudo iptables -D INPUT -d $HOST_IP -p tcp --dport 6385 -j ACCEPT || true
if [ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]; then
# agent ramdisk gets instance image from swift
sudo iptables -D INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true
fi
sudo rmmod nf_conntrack_tftp || true sudo rmmod nf_conntrack_tftp || true
sudo rmmod nf_nat_tftp || true sudo rmmod nf_nat_tftp || true
} }