Allow nova servers to reach heat services on port 80

When we run heat api services with apache+uwsgi(mod_proxy_uwsgi),
we would need the services to be reachable from the neutron public
net on port 80.

Change-Id: I7c227b3fe580b2a60aa50a043200f4e4f270a5a3
This commit is contained in:
rabi 2017-05-24 23:40:49 +05:30
parent f600d002c0
commit d0b3c9076c

View File

@ -58,8 +58,9 @@ cat > $ipv4_rules << EOF
# the ironic API from the neutron public net # the ironic API from the neutron public net
-A openstack-INPUT -s 172.24.4.0/23 -p udp -m udp --dport 69 -j ACCEPT -A openstack-INPUT -s 172.24.4.0/23 -p udp -m udp --dport 69 -j ACCEPT
-A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 6385 -j ACCEPT -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 6385 -j ACCEPT
# Ports 8000, 8003, 8004 from the devstack neutron public net to allow # Ports 80, 8000, 8003, 8004 from the devstack neutron public net to allow
# nova servers to reach heat-api-cfn, heat-api-cloudwatch, heat-api # nova servers to reach heat-api-cfn, heat-api-cloudwatch, heat-api
-A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 80 -j ACCEPT
-A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 8000 -j ACCEPT -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 8000 -j ACCEPT
-A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 8003 -j ACCEPT -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 8003 -j ACCEPT
-A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 8004 -j ACCEPT -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 8004 -j ACCEPT