openstack
/
manila
Code Issues Proposed changes

[devstack] Allow cephfs daemon port access 

If the cephfs protocol is enabled, clients
need to access the ceph daemons.

We also don't need to enable access to NFS
ports when not using NFS.

Change-Id: I077d12785f94c940716f0e479d43dbb29ddc3c3c
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
(cherry picked from commit 341b5777b2)
(cherry picked from commit 5d1c30676e)
(cherry picked from commit 51b918a86a)
This commit is contained in:
Goutham Pacha Ravi 2020-05-27 10:25:21 -07:00
parent 913ef96e11
commit b983eda903
1 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
devstack/plugin.sh
View File

@ -1021,20 +1021,29 @@ function install_libraries {
function allow_host_ports_for_share_mounting { function allow_host_ports_for_share_mounting {
TCP_PORTS=(2049 111 32803 892 875 662) if [[ $MANILA_ENABLED_SHARE_PROTOCOLS =~ NFS ]]; then
UDP_PORTS=(111 32769 892 875 662) # 111 and 2049 are for rpcbind and NFS
for ipcmd in iptables ip6tables; do # Other ports are for NFSv3 statd, mountd and lockd daemons
# (aovchinnikov): extra rules are needed to allow instances talk to MANILA_TCP_PORTS=(2049 111 32803 892 875 662)
# host. MANILA_UDP_PORTS=(111 32769 892 875 662)
sudo $ipcmd -N manila-nfs fi
sudo $ipcmd -I INPUT 1 -j manila-nfs if [[ $MANILA_ENABLED_SHARE_PROTOCOLS =~ CEPHFS ]]; then
for port in ${TCP_PORTS[*]}; do # clients need access to the ceph daemons
sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT MANILA_TCP_PORTS=(${MANILA_TCP_PORTS[*]} 6789 6800:7300)
fi
if [[ -v MANILA_TCP_PORTS || -v MANILA_UDP_PORTS ]]; then
for ipcmd in iptables ip6tables; do
sudo $ipcmd -N manila-storage
sudo $ipcmd -I INPUT 1 -j manila-storage
for port in ${MANILA_TCP_PORTS[*]}; do
sudo $ipcmd -A manila-storage -m tcp -p tcp --dport $port -j ACCEPT
done
for port in ${MANILA_UDP_PORTS[*]}; do
sudo $ipcmd -A manila-storage -m udp -p udp --dport $port -j ACCEPT
done
done done
for port in ${UDP_PORTS[*]}; do fi
sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT
done
done
} }
function setup_ipv6 { function setup_ipv6 {