Add ironic-inspector TLS endpoint port to be reachable

In BMaaS configs, such as where one may use an undercloud or a remote host, one may use the legacy means of invoking introspection of a baremetal node, which is to call the inspector API directly. While ironic's API also supports this capability through a state change, people still do it, and it is easy to miss on an undercloud as your typically directly interacting with the software running locally. But when the API endpoint is remote, you cannot connect to it if it is not permitted via the firewall. Change-Id: I28343f260a8b9b1d4515ccd7e9e621cddac448b3
2022-01-11 14:32:51 -08:00 · 2022-01-11 14:32:51 -08:00 · d57f9a8778
commit d57f9a8778
parent 966150e23d
2 changed files with 6 additions and 0 deletions
--- a/deployment/ironic/ironic-inspector-container-puppet.yaml
+++ b/deployment/ironic/ironic-inspector-container-puppet.yaml
@ -234,6 +234,7 @@ outputs:
        '137 ironic-inspector':
          dport:
            - 5050
+            - 13050
        '137 ironic-inspector dhcp input':
          iniface: {get_param: IronicInspectorInterface}
          ipversion: 'ipv4'
--- a/releasenotes/notes/add-ironic-inspector-tls-port-4e59d0c2b2922f68.yaml
+++ b/releasenotes/notes/add-ironic-inspector-tls-port-4e59d0c2b2922f68.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Adds the port used for directly accessing Ironic-Inspector using TLS,
+    13050, to the list of ports to permit inbound connections on.