Add ironic-inspector TLS endpoint port to be reachable

In BMaaS configs, such as where one may use an undercloud or a remote host, one may use the legacy means of invoking introspection of a baremetal node, which is to call the inspector API directly. While ironic's API also supports this capability through a state change, people still do it, and it is easy to miss on an undercloud as your typically directly interacting with the software running locally. But when the API endpoint is remote, you cannot connect to it if it is not permitted via the firewall. Resolves: rhbz#2039515 Change-Id: I28343f260a8b9b1d4515ccd7e9e621cddac448b3 (cherry picked from commit d57f9a8778)
2022-01-11 14:32:51 -08:00 · 2022-01-11 14:32:51 -08:00 · de25a83b76
parent 91bf7b11aa
commit de25a83b76
2 changed files with 6 additions and 0 deletions
--- a/deployment/ironic/ironic-inspector-container-puppet.yaml
+++ b/deployment/ironic/ironic-inspector-container-puppet.yaml
@ -218,6 +218,7 @@ outputs:
        '137 ironic-inspector':
          dport:
            - 5050
+            - 13050
        '137 ironic-inspector dhcp input':
          iniface: {get_param: IronicInspectorInterface}
          ipversion: 'ipv4'
--- a/releasenotes/notes/add-ironic-inspector-tls-port-4e59d0c2b2922f68.yaml
+++ b/releasenotes/notes/add-ironic-inspector-tls-port-4e59d0c2b2922f68.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Adds the port used for directly accessing Ironic-Inspector using TLS,
+    13050, to the list of ports to permit inbound connections on.