[TRAIN ONLY] Fix the glance-api-edge firewall configuration

Add a firewall rule for the glance-api-edge service that opens glance's port 9292. This allows "scale out" nodes running at the edge to access a glance endpoint at the edge site. The glance-api-edge service tries to inherit most of its configuration from the base glance-api service. However, the puppet code that applies firewall rules requires the hiera key that defines the rule contain the actual service name [1]. Thus, a rule defined for the glance-api service will not be added when the service name is glance-api-edge. [1] https://opendev.org/openstack/puppet-tripleo/src/branch/stable/train/manifests/firewall/service_rules.pp#L35 Closes-Bug: #1883807 Change-Id: I6a3c77be03d5ad6b20c1eb11291340217544bff8
2020-06-21 09:55:43 -07:00 · 2020-06-21 09:55:43 -07:00 · 975e47f219
parent c61f22c828
commit 975e47f219
1 changed files with 7 additions and 0 deletions
--- a/deployment/glance/glance-api-edge-container-puppet.yaml
+++ b/deployment/glance/glance-api-edge-container-puppet.yaml
@ -72,6 +72,13 @@ outputs:
      map_merge:
        - get_attr: [GlanceApiBase, role_data]
        - service_name: glance_api_edge
+          config_settings:
+            map_merge:
+              - get_attr: [GlanceApiBase, role_data, config_settings]
+              - tripleo::glance_api_edge::firewall_rules:
+                  '112 glance_api_edge':
+                    dport:
+                      - 9292
          service_config_settings:
            map_merge:
              - get_attr: [GlanceApiBase, role_data, service_config_settings]