[mesos]remove redundant security group
This patch move security group out of mesos slave resource group. Security group should only declear once, and use it for the rest part. Closes-Bug: #1646676 Change-Id: I4ea5af1fda5eea452a21151daad5ec2815389824
This commit is contained in:
parent
efdb2022da
commit
5116948fe6
|
@ -233,7 +233,7 @@ resources:
|
|||
# sorts.
|
||||
#
|
||||
|
||||
secgroup_base:
|
||||
secgroup_master:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
|
@ -243,11 +243,6 @@ resources:
|
|||
port_range_max: 22
|
||||
- protocol: tcp
|
||||
remote_mode: remote_group_id
|
||||
|
||||
secgroup_mesos:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
- protocol: tcp
|
||||
port_range_min: 5050
|
||||
port_range_max: 5050
|
||||
|
@ -255,6 +250,14 @@ resources:
|
|||
port_range_min: 8080
|
||||
port_range_max: 8080
|
||||
|
||||
secgroup_slave_all_open:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
- protocol: udp
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# Master SoftwareConfig.
|
||||
|
@ -412,8 +415,7 @@ resources:
|
|||
external_network: {get_param: external_network}
|
||||
fixed_network: {get_resource: fixed_network}
|
||||
fixed_subnet: {get_resource: fixed_subnet}
|
||||
secgroup_base_id: {get_resource: secgroup_base}
|
||||
secgroup_mesos_id: {get_resource: secgroup_mesos}
|
||||
secgroup_mesos_id: {get_resource: secgroup_master}
|
||||
api_pool_id: {get_resource: api_pool}
|
||||
|
||||
######################################################################
|
||||
|
@ -441,7 +443,7 @@ resources:
|
|||
external_network: {get_param: external_network}
|
||||
wait_condition_timeout: {get_param: wait_condition_timeout}
|
||||
executor_registration_timeout: {get_param: executor_registration_timeout}
|
||||
secgroup_base_id: {get_resource: secgroup_base}
|
||||
secgroup_slave_all_open_id: {get_resource: secgroup_slave_all_open}
|
||||
http_proxy: {get_param: http_proxy}
|
||||
https_proxy: {get_param: https_proxy}
|
||||
no_proxy: {get_param: no_proxy}
|
||||
|
|
|
@ -31,10 +31,6 @@ parameters:
|
|||
type: string
|
||||
description: Subnet from which to allocate fixed addresses.
|
||||
|
||||
secgroup_base_id:
|
||||
type: string
|
||||
description: ID of the security group for base.
|
||||
|
||||
secgroup_mesos_id:
|
||||
type: string
|
||||
description: ID of the security group for mesos master.
|
||||
|
@ -68,7 +64,6 @@ resources:
|
|||
properties:
|
||||
network: {get_param: fixed_network}
|
||||
security_groups:
|
||||
- {get_param: secgroup_base_id}
|
||||
- {get_param: secgroup_mesos_id}
|
||||
fixed_ips:
|
||||
- subnet: {get_param: fixed_subnet}
|
||||
|
|
|
@ -127,9 +127,9 @@ parameters:
|
|||
type: string
|
||||
description: Subnet from which to allocate fixed addresses.
|
||||
|
||||
secgroup_base_id:
|
||||
secgroup_slave_all_open_id:
|
||||
type: string
|
||||
description: ID of the security group for base.
|
||||
description: ID of the security group for slave.
|
||||
|
||||
resources:
|
||||
|
||||
|
@ -143,14 +143,6 @@ resources:
|
|||
handle: {get_resource: slave_wait_handle}
|
||||
timeout: {get_param: wait_condition_timeout}
|
||||
|
||||
secgroup_all_open:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
- protocol: udp
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# software configs. these are components that are combined into
|
||||
|
@ -254,8 +246,7 @@ resources:
|
|||
properties:
|
||||
network: {get_param: fixed_network}
|
||||
security_groups:
|
||||
- get_resource: secgroup_all_open
|
||||
- get_param: secgroup_base_id
|
||||
- get_param: secgroup_slave_all_open_id
|
||||
fixed_ips:
|
||||
- subnet: {get_param: fixed_subnet}
|
||||
replacement_policy: AUTO
|
||||
|
|
Loading…
Reference in New Issue