Open up firewall for the control-ports in the bundles

This is required when the bundles run on pacemaker remote nodes otherwise the cluster won't be able to connect to the control-ports of each bundle. The only services that need this are rabbit, redis and galera because those run pacemaker_remote inside the container (A/P resources and haproxy do not) Change-Id: I6a56d79319ef3d14973a0586dcda4d523adda7aa Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
2017-07-21 10:41:41 +02:00 · 2017-07-21 10:41:41 +02:00 · fb901792ea
parent fdd4352375
commit fb901792ea
3 changed files with 26 additions and 1 deletions
--- a/docker/services/pacemaker/database/mysql.yaml
+++ b/docker/services/pacemaker/database/mysql.yaml
@ -65,6 +65,17 @@ outputs:
        map_merge:
          - {get_attr: [MysqlPuppetBase, role_data, config_settings]}
          - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage}
+            tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
+            tripleo.mysql.firewall_rules:
+              '104 mysql galera-bundle':
+                dport:
+                  - 873
+                  - 3123
+                  - 3306
+                  - 4444
+                  - 4567
+                  - 4568
+                  - 9200
      step_config: ""
      # BEGIN DOCKER SETTINGS #
      puppet_config:
--- a/docker/services/pacemaker/database/redis.yaml
+++ b/docker/services/pacemaker/database/redis.yaml
@ -61,7 +61,13 @@ outputs:
            redis::notify_service: false
            redis::managed_by_cluster_manager: true
            tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage}
-
+            tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124
+            tripleo.redis.firewall_rules:
+              '108 redis-bundle':
+                dport:
+                  - 3124
+                  - 6379
+                  - 26379
      step_config: ""
      service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
      # BEGIN DOCKER SETTINGS
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@ -63,6 +63,14 @@ outputs:
          - {get_attr: [RabbitmqBase, role_data, config_settings]}
          - rabbitmq::service_manage: false
            tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage}
+            tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
+            tripleo.rabbitmq.firewall_rules:
+              '109 rabbitmq-bundle':
+                dport:
+                  - 3122
+                  - 4369
+                  - 5672
+                  - 25672
      step_config: &step_config
        get_attr: [RabbitmqBase, role_data, step_config]
      service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}