diff --git a/files/apts/ironic b/files/apts/ironic index a749ad762e..b77a6b1a9b 100644 --- a/files/apts/ironic +++ b/files/apts/ironic @@ -1,3 +1,4 @@ +iptables libguestfs0 libvirt-bin openssh-client diff --git a/files/rpms/ironic b/files/rpms/ironic index 54b98299ee..6534095c20 100644 --- a/files/rpms/ironic +++ b/files/rpms/ironic @@ -1,6 +1,8 @@ +iptables libguestfs libvirt libvirt-python +net-tools openssh-clients openvswitch python-libguestfs diff --git a/lib/ironic b/lib/ironic index ec9447db14..b684b4410f 100644 --- a/lib/ironic +++ b/lib/ironic @@ -379,11 +379,16 @@ function enroll_vms { neutron port-delete $PORT_ID } -function configure_tftpd { - # enable tftp natting for allowing connections to SERVICE_HOST's tftp server +function configure_iptables { + # enable tftp natting for allowing connections to HOST_IP's tftp server sudo modprobe nf_conntrack_tftp sudo modprobe nf_nat_tftp + # nodes boot from TFTP and callback to the API server listening on $HOST_IP + sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true + sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 6385 -j ACCEPT || true +} +function configure_tftpd { if is_ubuntu; then PXEBIN=/usr/lib/syslinux/pxelinux.0 elif is_fedora; then @@ -527,6 +532,7 @@ function prepare_baremetal_basic_ops { create_bridge_and_vms enroll_vms configure_tftpd + configure_iptables # restart nova-compute to ensure its resource tracking is up to # date with newly enrolled nodes @@ -546,6 +552,10 @@ function cleanup_baremetal_basic_ops { sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/cleanup-nodes $IRONIC_VM_COUNT $IRONIC_VM_NETWORK_BRIDGE" sudo rm -rf /etc/xinetd.d/tftp /etc/init/tftpd-hpa.override restart_service xinetd + sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true + sudo iptables -D INPUT -d $HOST_IP -p tcp --dport 6385 -j ACCEPT || true + sudo rmmod nf_conntrack_tftp || true + sudo rmmod nf_nat_tftp || true } # Restore xtrace + pipefail