Add firewall rule to octavia health mgmt iface

The Octavia amphora agent periodically sends heartbeat packets to the
Octavia health manager service which listens on udp/5555. A firewall
rule needs to be added to allow such traffic on interface
OctaviaMgmtPortDevName.

Change-Id: If6c98c18dfe02d5ab8af1806fed401ab945ed18a
This commit is contained in:
Carlos Goncalves 2018-03-29 17:54:40 +03:00
parent 31c2f7a7e4
commit 15c53698bc
1 changed files with 11 additions and 0 deletions

View File

@ -42,6 +42,12 @@ parameters:
type: string
description: Key to identify heartbeat messages for amphorae.
hidden: true
OctaviaMgmtPortDevName:
type: string
default: "o-hm0"
description: Name of the octavia management network interface using
for communication between octavia worker/health-manager
with the amphora machine.
resources:
@ -66,6 +72,11 @@ outputs:
- get_attr: [OctaviaBase, role_data, config_settings]
- octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey}
octavia::health_manager::event_streamer_driver: 'queue_event_streamer'
tripleo.octavia_api.firewall_rules:
'200 octavia health manager interface':
proto: udp
dport: 5555
iniface: {get_param: OctaviaMgmtPortDevName}
service_config_settings:
fluentd:
tripleo_fluentd_groups_octavia_health_manager: