Merge "Improve security for swarm"
This commit is contained in:
commit
d3277af787
|
@ -272,7 +272,26 @@ resources:
|
||||||
# sorts.
|
# sorts.
|
||||||
#
|
#
|
||||||
|
|
||||||
secgroup_manager:
|
secgroup_swarm_manager:
|
||||||
|
type: "OS::Neutron::SecurityGroup"
|
||||||
|
properties:
|
||||||
|
rules:
|
||||||
|
- protocol: icmp
|
||||||
|
- protocol: tcp
|
||||||
|
port_range_min: 22
|
||||||
|
port_range_max: 22
|
||||||
|
- protocol: tcp
|
||||||
|
port_range_min: 2376
|
||||||
|
port_range_max: 2376
|
||||||
|
- protocol: tcp
|
||||||
|
remote_ip_prefix: {get_param: fixed_network_cidr}
|
||||||
|
port_range_min: 1
|
||||||
|
port_range_max: 65535
|
||||||
|
- protocol: udp
|
||||||
|
port_range_min: 53
|
||||||
|
port_range_max: 53
|
||||||
|
|
||||||
|
secgroup_swarm_node:
|
||||||
type: "OS::Neutron::SecurityGroup"
|
type: "OS::Neutron::SecurityGroup"
|
||||||
properties:
|
properties:
|
||||||
rules:
|
rules:
|
||||||
|
@ -332,7 +351,7 @@ resources:
|
||||||
cluster_uuid: {get_param: cluster_uuid}
|
cluster_uuid: {get_param: cluster_uuid}
|
||||||
magnum_url: {get_param: magnum_url}
|
magnum_url: {get_param: magnum_url}
|
||||||
tls_disabled: {get_param: tls_disabled}
|
tls_disabled: {get_param: tls_disabled}
|
||||||
secgroup_swarm_master_id: {get_resource: secgroup_manager}
|
secgroup_swarm_master_id: {get_resource: secgroup_swarm_manager}
|
||||||
network_driver: {get_param: network_driver}
|
network_driver: {get_param: network_driver}
|
||||||
flannel_network_cidr: {get_param: flannel_network_cidr}
|
flannel_network_cidr: {get_param: flannel_network_cidr}
|
||||||
flannel_network_subnetlen: {get_param: flannel_network_subnetlen}
|
flannel_network_subnetlen: {get_param: flannel_network_subnetlen}
|
||||||
|
@ -375,7 +394,7 @@ resources:
|
||||||
cluster_uuid: {get_param: cluster_uuid}
|
cluster_uuid: {get_param: cluster_uuid}
|
||||||
magnum_url: {get_param: magnum_url}
|
magnum_url: {get_param: magnum_url}
|
||||||
tls_disabled: {get_param: tls_disabled}
|
tls_disabled: {get_param: tls_disabled}
|
||||||
secgroup_swarm_node_id: {get_resource: secgroup_manager}
|
secgroup_swarm_node_id: {get_resource: secgroup_swarm_node}
|
||||||
flannel_network_cidr: {get_param: flannel_network_cidr}
|
flannel_network_cidr: {get_param: flannel_network_cidr}
|
||||||
network_driver: {get_param: network_driver}
|
network_driver: {get_param: network_driver}
|
||||||
etcd_server_ip: {get_attr: [etcd_address_lb_switch, private_ip]}
|
etcd_server_ip: {get_attr: [etcd_address_lb_switch, private_ip]}
|
||||||
|
|
Loading…
Reference in New Issue