From 5d22ea34c003eae18c8d7c66cca054303cacad22 Mon Sep 17 00:00:00 2001 From: Kuo-tung Kao Date: Thu, 24 Aug 2017 16:40:23 +0800 Subject: [PATCH] let openvswitch_db listener localhost Openvswitch_db is not necessary to listener api_address. Just let openvswitch_db listener localhost to avoid security issues. Change-Id: If4912d90abae933a1ed9e2d14336b89b7c7179dd Closes-Bug: #1712767 --- ansible/roles/neutron/templates/dhcp_agent.ini.j2 | 2 +- ansible/roles/neutron/templates/l3_agent.ini.j2 | 2 +- ansible/roles/neutron/templates/ml2_conf.ini.j2 | 2 +- .../roles/openvswitch/templates/openvswitch-db-server.json.j2 | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/neutron/templates/dhcp_agent.ini.j2 b/ansible/roles/neutron/templates/dhcp_agent.ini.j2 index 240482db44..d489f385eb 100644 --- a/ansible/roles/neutron/templates/dhcp_agent.ini.j2 +++ b/ansible/roles/neutron/templates/dhcp_agent.ini.j2 @@ -22,4 +22,4 @@ interface_driver = openvswitch [ovs] ovsdb_interface = native -ovsdb_connection = tcp:{{ api_interface_address }}:6640 +ovsdb_connection = tcp:127.0.0.1:{{ ovsdb_port }} diff --git a/ansible/roles/neutron/templates/l3_agent.ini.j2 b/ansible/roles/neutron/templates/l3_agent.ini.j2 index 30dc29fcae..99282dee7b 100644 --- a/ansible/roles/neutron/templates/l3_agent.ini.j2 +++ b/ansible/roles/neutron/templates/l3_agent.ini.j2 @@ -19,4 +19,4 @@ extensions = fwaas [ovs] ovsdb_interface = native -ovsdb_connection = tcp:{{ api_interface_address }}:6640 +ovsdb_connection = tcp:127.0.0.1:{{ ovsdb_port }} diff --git a/ansible/roles/neutron/templates/ml2_conf.ini.j2 b/ansible/roles/neutron/templates/ml2_conf.ini.j2 index 279423ba3a..5e02d6061a 100644 --- a/ansible/roles/neutron/templates/ml2_conf.ini.j2 +++ b/ansible/roles/neutron/templates/ml2_conf.ini.j2 @@ -78,7 +78,7 @@ extensions = {{ neutron_agent_extensions|map(attribute='name')|join(',') }} bridge_mappings = {% for bridge in neutron_bridge_name.split(',') %}physnet{{ loop.index0 + 1 }}:{{ bridge }}{% if not loop.last %},{% endif %}{% endfor %} {% endif %} -ovsdb_connection = tcp:{{ api_interface_address }}:6640 +ovsdb_connection = tcp:127.0.0.1:{{ ovsdb_port }} {% if enable_nova_fake | bool %} integration_bridge = br-int-{{ item }} {% endif %} diff --git a/ansible/roles/openvswitch/templates/openvswitch-db-server.json.j2 b/ansible/roles/openvswitch/templates/openvswitch-db-server.json.j2 index 955131cf81..7e113fe6b3 100644 --- a/ansible/roles/openvswitch/templates/openvswitch-db-server.json.j2 +++ b/ansible/roles/openvswitch/templates/openvswitch-db-server.json.j2 @@ -1,5 +1,5 @@ { - "command": "start-ovsdb-server {{ api_interface_address }}", + "command": "start-ovsdb-server 127.0.0.1", "config_files": [ { "source": "{{ container_config_directory }}/start-ovsdb-server",