Browse Source

Enable firewall by default on the overcloud

We firewall the undercloud, which is only listening on the
provisioning network anyway, but our default settings leave the
overcloud, which needs to be publicly accessible (for a
deployment-specific definition of "public"), wide open.  This
seems like a bad default.

Anyone who is deploying additional services can either open the
firewall ports themselves as part of the deployment or can set the
ManageFirewall param to false.

Change-Id: I3731a0a7bc4be94c8e7a289c90d304599634e928
changes/33/321833/4
Ben Nemec 6 years ago
parent
commit
73c76b867d
  1. 2
      overcloud.yaml

2
overcloud.yaml

@ -411,7 +411,7 @@ parameters:
description: Template string to be used to generate instance names
type: string
ManageFirewall:
default: false
default: true
description: Whether to manage IPtables rules.
type: boolean
PurgeFirewallRules:

Loading…
Cancel
Save