From d57f9a87782f12e8cc1736d8700d3bd251ea61f5 Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Tue, 11 Jan 2022 14:32:51 -0800 Subject: [PATCH] Add ironic-inspector TLS endpoint port to be reachable In BMaaS configs, such as where one may use an undercloud or a remote host, one may use the legacy means of invoking introspection of a baremetal node, which is to call the inspector API directly. While ironic's API also supports this capability through a state change, people still do it, and it is easy to miss on an undercloud as your typically directly interacting with the software running locally. But when the API endpoint is remote, you cannot connect to it if it is not permitted via the firewall. Change-Id: I28343f260a8b9b1d4515ccd7e9e621cddac448b3 --- deployment/ironic/ironic-inspector-container-puppet.yaml | 1 + .../add-ironic-inspector-tls-port-4e59d0c2b2922f68.yaml | 5 +++++ 2 files changed, 6 insertions(+) create mode 100644 releasenotes/notes/add-ironic-inspector-tls-port-4e59d0c2b2922f68.yaml diff --git a/deployment/ironic/ironic-inspector-container-puppet.yaml b/deployment/ironic/ironic-inspector-container-puppet.yaml index d0f571b07e..a6789a7716 100644 --- a/deployment/ironic/ironic-inspector-container-puppet.yaml +++ b/deployment/ironic/ironic-inspector-container-puppet.yaml @@ -234,6 +234,7 @@ outputs: '137 ironic-inspector': dport: - 5050 + - 13050 '137 ironic-inspector dhcp input': iniface: {get_param: IronicInspectorInterface} ipversion: 'ipv4' diff --git a/releasenotes/notes/add-ironic-inspector-tls-port-4e59d0c2b2922f68.yaml b/releasenotes/notes/add-ironic-inspector-tls-port-4e59d0c2b2922f68.yaml new file mode 100644 index 0000000000..fb49cfefb7 --- /dev/null +++ b/releasenotes/notes/add-ironic-inspector-tls-port-4e59d0c2b2922f68.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Adds the port used for directly accessing Ironic-Inspector using TLS, + 13050, to the list of ports to permit inbound connections on.