Browse Source

Use zuul firewall rules in gate

Till now we've been flusing iptables in the gates to allow cross node
communication in the multi node ceph jobs. This raised security
concerns, in particular it exposed memcached to the external net.

This patch uses the infra provided role 'multi-node-firewall' in order
to correctly configure iptables. Thanks to Jeremy Stanley and Jeffrey
for help with this.

Closes-Bug: #1749326
Change-Id: Iafaf1cf1d9b0227b0f869969d0bd52fbde3791a0
tags/7.0.0.0b2
Paul Bourke 1 year ago
parent
commit
404d4d0a50
2 changed files with 4 additions and 7 deletions
  1. 2
    0
      .zuul.yaml
  2. 2
    7
      tests/pre.yml

+ 2
- 0
.zuul.yaml View File

@@ -71,6 +71,8 @@
71 71
       - ^doc/.*
72 72
     vars:
73 73
       scenario: aio
74
+    roles:
75
+        - zuul: openstack-infra/zuul-jobs
74 76
 
75 77
 - job:
76 78
     name: kolla-ansible-centos-source

+ 2
- 7
tests/pre.yml View File

@@ -29,10 +29,5 @@
29 29
       hostname:
30 30
         name: "{{ inventory_hostname }}"
31 31
       become: true
32
-
33
-# TODO(inc0): we're dropping iptables rules but in fact we should create
34
-# linuxbridge-managed tunnels for control and dataplane
35
-
36
-    - name: Drop iptables rules
37
-      command: "iptables -F"
38
-      become: true
32
+  roles:
33
+    - multi-node-firewall

Loading…
Cancel
Save