Fix horizon's iptables rules for haproxy when split off a separate role
This should have been fixed via:
https://review.openstack.org/#/c/460175/2
where we did:
service_config_settings:
haproxy:
tripleo.horizon.firewall_rules:
'127 horizon':
dport:
- 80
- 443
The problem is that the above does not work. Reason for this is the way
tripleo::firewall works. It will only apply iptables rules for that
show up in hiera('service_names'):
$service_names = hiera('service_names', [])
tripleo::firewall::service_rules { $service_names: }
And since horizon is not in the service running on the haproxy role, the
above rule would never have been created.
Tested this change and now I correctly get the iptables rules on the
haproxy role for horizon:
[root@overcloud-core-0 ~]# iptables -nvL |grep horizon
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 state NEW /* 127 horizon ipv4 */
[root@overcloud-core-0 ~]# hiera -c /etc/puppet/hiera.yaml service_names |grep horizon
[root@overcloud-core-0 ~]#
Closes-Bug: #1808530
Change-Id: Ia4a795d1a7fb926f5900c739c1932b20d81ed7fc
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
(cherry picked from commit 3114300c9c
)
This commit is contained in:
parent
a19a0b0ad8
commit
e770e364fb
@ -171,7 +171,7 @@ outputs:
|
||||
service: name=httpd state=stopped
|
||||
service_config_settings:
|
||||
haproxy:
|
||||
tripleo.horizon.firewall_rules:
|
||||
tripleo.haproxy.firewall_rules:
|
||||
'127 horizon':
|
||||
dport:
|
||||
- 80
|
||||
|
Loading…
Reference in New Issue
Block a user