[devstack] Allow cephfs daemon port access
If the cephfs protocol is enabled, clients need to access the ceph daemons. We also don't need to enable access to NFS ports when not using NFS. Change-Id: I077d12785f94c940716f0e479d43dbb29ddc3c3c Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com> (cherry picked from commit341b5777b2
) (cherry picked from commit5d1c30676e
) (cherry picked from commit51b918a86a
)
This commit is contained in:
parent
913ef96e11
commit
b983eda903
|
@ -1021,20 +1021,29 @@ function install_libraries {
|
||||||
|
|
||||||
function allow_host_ports_for_share_mounting {
|
function allow_host_ports_for_share_mounting {
|
||||||
|
|
||||||
TCP_PORTS=(2049 111 32803 892 875 662)
|
if [[ $MANILA_ENABLED_SHARE_PROTOCOLS =~ NFS ]]; then
|
||||||
UDP_PORTS=(111 32769 892 875 662)
|
# 111 and 2049 are for rpcbind and NFS
|
||||||
|
# Other ports are for NFSv3 statd, mountd and lockd daemons
|
||||||
|
MANILA_TCP_PORTS=(2049 111 32803 892 875 662)
|
||||||
|
MANILA_UDP_PORTS=(111 32769 892 875 662)
|
||||||
|
fi
|
||||||
|
if [[ $MANILA_ENABLED_SHARE_PROTOCOLS =~ CEPHFS ]]; then
|
||||||
|
# clients need access to the ceph daemons
|
||||||
|
MANILA_TCP_PORTS=(${MANILA_TCP_PORTS[*]} 6789 6800:7300)
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -v MANILA_TCP_PORTS || -v MANILA_UDP_PORTS ]]; then
|
||||||
for ipcmd in iptables ip6tables; do
|
for ipcmd in iptables ip6tables; do
|
||||||
# (aovchinnikov): extra rules are needed to allow instances talk to
|
sudo $ipcmd -N manila-storage
|
||||||
# host.
|
sudo $ipcmd -I INPUT 1 -j manila-storage
|
||||||
sudo $ipcmd -N manila-nfs
|
for port in ${MANILA_TCP_PORTS[*]}; do
|
||||||
sudo $ipcmd -I INPUT 1 -j manila-nfs
|
sudo $ipcmd -A manila-storage -m tcp -p tcp --dport $port -j ACCEPT
|
||||||
for port in ${TCP_PORTS[*]}; do
|
|
||||||
sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT
|
|
||||||
done
|
done
|
||||||
for port in ${UDP_PORTS[*]}; do
|
for port in ${MANILA_UDP_PORTS[*]}; do
|
||||||
sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT
|
sudo $ipcmd -A manila-storage -m udp -p udp --dport $port -j ACCEPT
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function setup_ipv6 {
|
function setup_ipv6 {
|
||||||
|
|
Loading…
Reference in New Issue