openstack/openstack-ansible
Code Issues Proposed changes

[Docs] Recommendations for firewalld

Browse Source 
This docs patch recommends that deployers disable firewalld on their
deployments until rulesets can be developed.

Related-bug: 1657518
Change-Id: I3b8030fde4edc35145ad42ba59a6721631fddcd7
This commit is contained in:
Major Hayden 2017-06-23 08:18:05 -05:00
parent a139f0e172
commit 46ccb91841
No known key found for this signature in database
GPG Key ID: 737051E0C1011FB1
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
deploy-guide/source/deploymenthost.rst
View File

@ -85,6 +85,23 @@ Before you begin, we recommend upgrading your system packages and kernel.
#. Configure NTP to synchronize with a suitable time source.
#. The ``firewalld`` service is enabled on most CentOS systems by default and
its default ruleset prevents OpenStack components from communicating
properly. Stop the ``firewalld`` service and mask it to prevent it from
starting:
.. code-block:: shell-session
# systemctl stop firewalld
# systemctl mask firewalld
.. note::
There is `future work planned <https://bugs.launchpad.net/openstack-ansible/+bug/1657518>`_
to create proper firewall rules for OpenStack services in OpenStack-Ansible
deployments. Until that work is complete, deployers must maintain their
own firewall rulesets or disable the firewall entirely.
Configure the network
~~~~~~~~~~~~~~~~~~~~~