From e0c44beaec9628b1d4f97e6aa750ebce0947db0b Mon Sep 17 00:00:00 2001 From: Alexander Kislitsky Date: Wed, 15 Feb 2017 18:53:45 +0300 Subject: [PATCH] Port for distributed serialization added We allow connections to 8002 port in the admin network for incoming connections from distributed serialization workers. Distributed serialization workers should be installed and run on slave and bootstrap nodes. Change-Id: Idae764bde0b0dd482e6b08d69a97cd5d0717547d Implements: blueprint distributed-serialization (cherry picked from commit 97c9ca2c5fca12adaa2da8f777898af3f60823fc) --- deployment/puppet/fuel/manifests/iptables.pp | 49 ++++++++++++-------- deployment/puppet/fuel/manifests/params.pp | 1 + 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/deployment/puppet/fuel/manifests/iptables.pp b/deployment/puppet/fuel/manifests/iptables.pp index b3ac965e72..a6f05462c8 100644 --- a/deployment/puppet/fuel/manifests/iptables.pp +++ b/deployment/puppet/fuel/manifests/iptables.pp @@ -2,25 +2,26 @@ class fuel::iptables ( $network_address, $network_cidr, - $admin_iface = $::fuel::params::admin_interface, - $ssh_port = '22', - $ssh_network = '0.0.0.0/0', - $ssh_rseconds = 60, - $ssh_rhitcount = 4, - $nailgun_web_port = $::fuel::params::nailgun_port, - $nailgun_internal_port = $::fuel::params::nailgun_internal_port, - $nailgun_repo_port = $::fuel::params::repo_port, - $postgres_port = $::fuel::params::db_port, - $ostf_port = $::fuel::params::ostf_port, - $rsync_port = '873', - $rsyslog_port = '514', - $ntp_port = '123', - $rabbitmq_ports = ['4369','5672','61613'], - $rabbitmq_admin_port = '15672', - $fuelweb_port = $::fuel::params::nailgun_ssl_port, - $keystone_port = $::fuel::params::keystone_port, - $keystone_admin_port = $::fuel::params::keystone_admin_port, - $chain = 'INPUT', + $admin_iface = $::fuel::params::admin_interface, + $ssh_port = '22', + $ssh_network = '0.0.0.0/0', + $ssh_rseconds = 60, + $ssh_rhitcount = 4, + $nailgun_web_port = $::fuel::params::nailgun_port, + $nailgun_internal_port = $::fuel::params::nailgun_internal_port, + $nailgun_serialization_port = $::fuel::params::nailgun_serialization_port, + $nailgun_repo_port = $::fuel::params::repo_port, + $postgres_port = $::fuel::params::db_port, + $ostf_port = $::fuel::params::ostf_port, + $rsync_port = '873', + $rsyslog_port = '514', + $ntp_port = '123', + $rabbitmq_ports = ['4369','5672','61613'], + $rabbitmq_admin_port = '15672', + $fuelweb_port = $::fuel::params::nailgun_ssl_port, + $keystone_port = $::fuel::params::keystone_port, + $keystone_admin_port = $::fuel::params::keystone_admin_port, + $chain = 'INPUT', ) inherits fuel::params { include ::provision::iptables @@ -184,6 +185,16 @@ class fuel::iptables ( state => ['NEW'], } + firewall { '065 nailgun_serialization_port': + chain => $chain, + table => 'filter', + dport => $nailgun_serialization_port, + proto => 'tcp', + iniface => $admin_iface, + action => 'accept', + state => ['NEW'], + } + firewall { '070 nailgun_internal_block_ext': chain => $chain, table => 'filter', diff --git a/deployment/puppet/fuel/manifests/params.pp b/deployment/puppet/fuel/manifests/params.pp index e82a6af602..fe5847724e 100644 --- a/deployment/puppet/fuel/manifests/params.pp +++ b/deployment/puppet/fuel/manifests/params.pp @@ -120,6 +120,7 @@ class fuel::params { $nailgun_host = '127.0.0.1' $nailgun_port = '8000' $nailgun_internal_port = '8001' + $nailgun_serialization_port = '8002' $nailgun_ssl_port = '8443' $ostf_host = '127.0.0.1'