Add iptables rule to listen m-api
Bay will request Magnum API to get certificates, so $MAGNUM_SERVICE_PORT must be opened. This patch adds this rule to `devstack/lib/magnum` instead of `magnum/tests/contrib/post_test_hook.sh`. Ironic also adds same rules in devstack[1]. [1]: https://github.com/openstack-dev/devstack/blob/master/lib/ironic#L675 Change-Id: I24baf87475044a7f268811080b25032152152c39 Closes-Bug: #1515478
This commit is contained in:
parent
1078891c24
commit
2316016ccc
|
@ -281,6 +281,8 @@ function configure_iptables {
|
||||||
ROUTE_TO_INTERNET=$(ip route get 8.8.8.8)
|
ROUTE_TO_INTERNET=$(ip route get 8.8.8.8)
|
||||||
OBOUND_DEV=$(echo ${ROUTE_TO_INTERNET#*dev} | awk '{print $1}')
|
OBOUND_DEV=$(echo ${ROUTE_TO_INTERNET#*dev} | awk '{print $1}')
|
||||||
sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
|
sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
|
||||||
|
# bay nodes will access m-api (port $MAGNUM_SERVICE_PORT) to get CA certificate.
|
||||||
|
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $MAGNUM_SERVICE_PORT -j ACCEPT || true
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -99,16 +99,6 @@ nova keypair-add default
|
||||||
echo_summary "Create a flavor"
|
echo_summary "Create a flavor"
|
||||||
nova flavor-create m1.magnum 100 2048 8 1
|
nova flavor-create m1.magnum 100 2048 8 1
|
||||||
|
|
||||||
# FIXME(eliqao): workaround for allow 9511 can be accessed from VM.
|
|
||||||
# k8s nodes will access m-api (port 9511) to get CA certificate.
|
|
||||||
sudo iptables -D openstack-INPUT -j REJECT --reject-with icmp-host-prohibited
|
|
||||||
sudo iptables -D openstack-INPUT -m limit --limit 2/min -j LOG --log-prefix "iptables dropped: "
|
|
||||||
|
|
||||||
sudo iptables -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 9511 -j ACCEPT
|
|
||||||
sudo iptables -A openstack-INPUT -m limit --limit 2/min -j LOG --log-prefix "iptables dropped: "
|
|
||||||
sudo iptables -A openstack-INPUT -j REJECT --reject-with icmp-host-prohibited
|
|
||||||
|
|
||||||
|
|
||||||
# Run functional tests
|
# Run functional tests
|
||||||
# Currently we support functional-api, functional-k8s, will support swarm,
|
# Currently we support functional-api, functional-k8s, will support swarm,
|
||||||
# mesos later.
|
# mesos later.
|
||||||
|
|
Loading…
Reference in New Issue