Browse Source

Merge "[devstack] Allow cephfs daemon port access" into stable/queens

changes/74/743974/1
Zuul 1 month ago
committed by Gerrit Code Review
parent
commit
99cfae9d5a
1 changed files with 22 additions and 13 deletions
  1. +22
    -13
      devstack/plugin.sh

+ 22
- 13
devstack/plugin.sh View File

@@ -963,20 +963,29 @@ function install_libraries {

function allow_host_ports_for_share_mounting {

TCP_PORTS=(2049 111 32803 892 875 662)
UDP_PORTS=(111 32769 892 875 662)
for ipcmd in iptables ip6tables; do
# (aovchinnikov): extra rules are needed to allow instances talk to
# host.
sudo $ipcmd -N manila-nfs
sudo $ipcmd -I INPUT 1 -j manila-nfs
for port in ${TCP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT
done
for port in ${UDP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT
if [[ $MANILA_ENABLED_SHARE_PROTOCOLS =~ NFS ]]; then
# 111 and 2049 are for rpcbind and NFS
# Other ports are for NFSv3 statd, mountd and lockd daemons
MANILA_TCP_PORTS=(2049 111 32803 892 875 662)
MANILA_UDP_PORTS=(111 32769 892 875 662)
fi
if [[ $MANILA_ENABLED_SHARE_PROTOCOLS =~ CEPHFS ]]; then
# clients need access to the ceph daemons
MANILA_TCP_PORTS=(${MANILA_TCP_PORTS[*]} 6789 6800:7300)
fi

if [[ -v MANILA_TCP_PORTS || -v MANILA_UDP_PORTS ]]; then
for ipcmd in iptables ip6tables; do
sudo $ipcmd -N manila-storage
sudo $ipcmd -I INPUT 1 -j manila-storage
for port in ${MANILA_TCP_PORTS[*]}; do
sudo $ipcmd -A manila-storage -m tcp -p tcp --dport $port -j ACCEPT
done
for port in ${MANILA_UDP_PORTS[*]}; do
sudo $ipcmd -A manila-storage -m udp -p udp --dport $port -j ACCEPT
done
done
done
fi
}

function setup_ipv6 {


Loading…
Cancel
Save