Merge "[devstack] Allow cephfs daemon port access" into stable/train
This commit is contained in:
commit
74f0d5b436
@ -1018,20 +1018,29 @@ function install_libraries {
|
|||||||
|
|
||||||
function allow_host_ports_for_share_mounting {
|
function allow_host_ports_for_share_mounting {
|
||||||
|
|
||||||
TCP_PORTS=(2049 111 32803 892 875 662)
|
if [[ $MANILA_ENABLED_SHARE_PROTOCOLS =~ NFS ]]; then
|
||||||
UDP_PORTS=(111 32769 892 875 662)
|
# 111 and 2049 are for rpcbind and NFS
|
||||||
for ipcmd in iptables ip6tables; do
|
# Other ports are for NFSv3 statd, mountd and lockd daemons
|
||||||
# (aovchinnikov): extra rules are needed to allow instances talk to
|
MANILA_TCP_PORTS=(2049 111 32803 892 875 662)
|
||||||
# host.
|
MANILA_UDP_PORTS=(111 32769 892 875 662)
|
||||||
sudo $ipcmd -N manila-nfs
|
fi
|
||||||
sudo $ipcmd -I INPUT 1 -j manila-nfs
|
if [[ $MANILA_ENABLED_SHARE_PROTOCOLS =~ CEPHFS ]]; then
|
||||||
for port in ${TCP_PORTS[*]}; do
|
# clients need access to the ceph daemons
|
||||||
sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT
|
MANILA_TCP_PORTS=(${MANILA_TCP_PORTS[*]} 6789 6800:7300)
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -v MANILA_TCP_PORTS || -v MANILA_UDP_PORTS ]]; then
|
||||||
|
for ipcmd in iptables ip6tables; do
|
||||||
|
sudo $ipcmd -N manila-storage
|
||||||
|
sudo $ipcmd -I INPUT 1 -j manila-storage
|
||||||
|
for port in ${MANILA_TCP_PORTS[*]}; do
|
||||||
|
sudo $ipcmd -A manila-storage -m tcp -p tcp --dport $port -j ACCEPT
|
||||||
|
done
|
||||||
|
for port in ${MANILA_UDP_PORTS[*]}; do
|
||||||
|
sudo $ipcmd -A manila-storage -m udp -p udp --dport $port -j ACCEPT
|
||||||
|
done
|
||||||
done
|
done
|
||||||
for port in ${UDP_PORTS[*]}; do
|
fi
|
||||||
sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT
|
|
||||||
done
|
|
||||||
done
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function setup_ipv6 {
|
function setup_ipv6 {
|
||||||
|
Loading…
Reference in New Issue
Block a user