Merge "Generate port referece from source"
This commit is contained in:
commit
0a514733b7
2
.gitignore
vendored
2
.gitignore
vendored
@ -70,7 +70,7 @@ tmp/
|
||||
# templates/events.yaml
|
||||
*-series-log-messages.rst
|
||||
*-series-alarm-messages.rst
|
||||
|
||||
doc/source/dist_cloud/kubernetes/FW_PORTS.csv
|
||||
|
||||
# API Reference Guide
|
||||
api-ref/build/
|
||||
|
5
_p_columns.py
Normal file
5
_p_columns.py
Normal file
@ -0,0 +1,5 @@
|
||||
columns = ["Source", "Protocol", "Port", "Desc", "Context", "Network", "Endpoints","Hosts", "Note", "HTTPS", "_stx", "_pl", "_os", "_an"]
|
||||
src_index = columns.index("Source")
|
||||
port_index = columns.index("Port")
|
||||
net_index = columns.index("Network")
|
||||
COL_COUNT = len(columns)
|
@ -4,6 +4,8 @@ openstackdocstheme>=2.2.1,<=2.3.1 # Apache-2.0
|
||||
docutils==0.18.1
|
||||
PyYAML==6.0
|
||||
sphinx-tabs<=3.4.1
|
||||
pandas
|
||||
openpyxl
|
||||
|
||||
# API Reference Guide
|
||||
os-api-ref>=1.5.0 # Apache-2.0
|
||||
|
@ -13,251 +13,9 @@ function correctly.
|
||||
|
||||
.. begin-dc-ports-table
|
||||
|
||||
.. table:: Table 1. |prod-dc| port requirements
|
||||
:widths: auto
|
||||
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| Protocol | Port | Network | Description | System Controller| Subcloud | Initiator | Destination | Notes |
|
||||
+==========+=======+=========+==================+==================+==================+==================================================+=====================================+=========================================+
|
||||
| tcp | 22 | oam | ssh | allowed | allowed | System Controller | Subclouds | For admin login |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 22 | oam | ssh | allowed | allowed | Subclouds | System Controller | For admin login |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 22 | mgmt | ssh | allowed | allowed | System Controller | Subclouds | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 22 | mgmt | ssh | allowed | allowed | Subclouds | System Controller | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| udp | 123 | oam | ntp | allowed | allowed | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| udp | 123 | mgmt | ntp | allowed | allowed | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| udp | 161 | oam | snmp | allowed | allowed | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| udp | 161 | mgmt | snmp | allowed | allowed | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| udp | 162 | oam | snmp trap | allowed | allowed | System Controller | Subclouds | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| udp | 162 | oam | snmp trap | allowed | allowed | Subclouds | System Controller | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| udp | 162 | mgmt | snmp trap | allowed | allowed | System Controller | Subclouds | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| udp | 162 | mgmt | snmp trap | allowed | allowed | Subclouds | System Controller | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 162 | oam | snmp trap | allowed | allowed | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 162 | mgmt | snmp trap | allowed | allowed | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 389 | oam | openLDAP | blocked(by gnp) | NA | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 389 | mgmt | openLDAP | allowed | NA | Subclouds | System Controller | LDAP service |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 636 | oam | openLDAP | blocked(by gnp) | NA | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 636 | mgmt | openLDAP | allowed | NA | Subclouds | System Controller | LDAP service, https enable |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 873 | oam | rsyncd | blocked(by gnp) | blocked(by gnp) | Not used between System Controller and Subclouds | | Used for synchronizing patches among |
|
||||
| | | | | | | | | nodes |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 873 | mgmt | rsyncd | allowed | allowed | Not used between System Controller and Subclouds | | Used for synchronizing patches among |
|
||||
| | | | | | | | | nodes |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp/udp | 2049 | oam | nfs | blocked (by gnp) | blocked (by gnp) | Not used between System Controller and Subclouds | | Used for sharing data among nodes |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp/udp | 2049 | mgmt | nfs | allowed | allowed | Not used between System Controller and Subclouds | | Used for sharing data among nodes |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| udp | 2222 | oam | sm | allowed | allowed | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| udp | 2222 | mgmt | sm | allowed | NA | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| udp | 2223 | oam | sm | allowed | NA | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp6 | 3300 | mgmt | ceph-mon | allowed | allowed | Not used between SystemController and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 4545 | oam | stx-nfv | allowed(service public endpoint) | Not used between System Controller and Subclouds | | vim-restapi public endpoint |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 4545 | mgmt | stx-nfv | allowed(service internal endpoint) | Not used between System Controller and Subclouds | | vim-restapi public endpoint |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 4546 | mgmt | stx-nfv | allowed(service admin endpoint) | System Controller | Subclouds |vim-restapi admin endpoint, https enabled|
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 4546 | mgmt | stx-nfv | allowed(service admin endpoint) | Subclouds | System Controller |vim-restapi admin endpoint, https enabled|
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 5000 | oam | keystone-api | allowed(service public endpoint) | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 5000 | mgmt | keystone-api | allowed(service internal endpoint) | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 5001 | mgmt | keystone-api | allowed(service admin endpoint) | System Controller | Subclouds | https enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 5001 | mgmt | keystone-api | allowed(service admin endpoint) | Subclouds | System Controller | https enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 5432 | oam | postgres | blocked (by gnp) | blocked (by gnp) | Not used between System Controller and Subclouds | | postgres db serving port |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 5432 | mgmt | postgres | allowed(serving port) | Not used between System Controller and Subclouds | | postgres db serving port |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 5491 | oam | patching-api | blocked (by gnp) | blocked (by gnp) | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 5491 | mgmt | patching-api | allowed(service internal endpoint) | Not used between System Controller and Subclouds | | patching-api internal endpoint |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 5492 | mgmt | patching-api | allowed(service admin endpoint) | System Controller | Subclouds |patching-api admin endpoint,https enabled|
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 5492 | mgmt | patching-api | allowed(service admin endpoint) | Subclouds | System Controller |patching-api admin endpoint,https enabled|
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 15491 | oam | patching-api | allowed(service public endpoint) | Not used between System Controller and Subclouds | | patching-api public endpoint |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 6385 | oam | sysinv-api | allowed(service public endpoint) | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 6385 | mgmt | sysinv-api | allowed(service public endpoint) | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 6386 | mgmt | sysinv-api | allowed(service public endpoint) | System Controller | Subclouds | https enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 6386 | mgmt | sysinv-api | allowed(service public endpoint) | Subclouds | System Controller | https enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 6443 | oam | K8s API server | allowed | allowed | Not used between System Controller and Subclouds | | https enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 6443 | mgmt | K8s API server | allowed | allowed | Not used between System Controller and Subclouds | | https enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp6 | 6789 | mgmt | ceph-mon | allowed | allowed | Not used between SystemController and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp6 | 6800 | mgmt | ceph-mgr | allowed | allowed | Not used between SystemController and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp6 | 6801 | mgmt | ceph-mgr | allowed | allowed | Not used between SystemController and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp6 | 6802 | mgmt | ceph-mds | allowed | allowed | Not used between SystemController and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp6 | 6803 | mgmt | ceph-mds | allowed | allowed | Not used between SystemController and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 6804 | mgmt | ceph-mds | allowed | allowed | Not used between SystemController and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 6805 | mgmt | ceph-mds | allowed | allowed | Not used between SystemController and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 7777 | oam | stx-ha (sm) | allowed(service public endpoint) | Not used between System Controller and Subclouds | | sm-api public endpoint |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 7777 | mgmt | stx-ha (sm) | allowed(service internal endpoint) | Not used between System Controller and Subclouds | | sm-api public endpoint |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 7778 | mgmt | stx-ha (sm) | allowed(service admin endpoint) | Not used between System Controller and Subclouds | | sm-api admin endpoint, https enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp6 | 7999 | mgmt | ceph-mgr | allowed | allowed | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 8080 | oam | horizon http | allowed | blocked(by gnp) | Not used between System Controller and Subclouds | | Not required if using https |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 8080 | mgmt | horizon http | allowed | allowed | System Controller | Subclouds | Not required if using https |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 8080 | mgmt | horizon http | allowed | allowed | Subclouds | System Controller | Not required if using https |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 8119 | oam | stx-distcloud | allowed(service | NA | Not used between System Controller and Subclouds | | dcmanager-api |
|
||||
| | | | | public endpoint) | | | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 8119 | mgmt | stx-distcloud | allowed(service | NA | Not used between System Controller and Subclouds | | dcmanager-api |
|
||||
| | | | | public endpoint) | | | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 8120 | mgmt | stx-distcloud | allowed(service | NA | Not used between System Controller and Subclouds | | dcmanager-api, https enabled |
|
||||
| | | | | public endpoint) | | | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 8219 | mgmt | dcdbsync-api | allowed(service internal endpoint) | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 8220 | mgmt | dcdbsync-api | allowed(service admin endpoint) | System Controller | Subclouds | https enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 8220 | mgmt | dcdbsync-api | allowed(service admin endpoint) | Subclouds | System Controller | https enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 8443 | oam | horizon https | allowed | blocked(by gnp) | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 8443 | mgmt | horizon https | allowed | allowed | System Controller | Subclouds | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 8443 | mgmt | horizon https | allowed | allowed | Subclouds | System Controller | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 9001 | oam | Docker registry | allowed(serving port) | System Controller | Subclouds | https enabled |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 9001 | oam | Docker registry | allowed(serving port) | Subclouds | System Controller | https enabled |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 9001 | mgmt | Docker registry | allowed(serving port) | System Controller | Subclouds | https enabled |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 9001 | mgmt | Docker registry | allowed(serving port) | Subclouds | System Controller | https enabled |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 9002 | oam | Registry token | allowed(serving port) | System Controller | Subclouds | https enabled |
|
||||
| | | | server | | | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 9002 | oam | Registry token | allowed(serving port) | Subclouds | System Controller | https enabled |
|
||||
| | | | server | | | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 9002 | mgmt | Registry token | allowed(serving port) | System Controller | Subclouds | https enabled |
|
||||
| | | | server | | | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 9002 | mgmt | Registry token | allowed(serving port) | Subclouds | System Controller | https enabled |
|
||||
| | | | server | | | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 9311 | oam | barbican-api | allowed(service public endpoint) | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 9311 | mgmt | barbican-api | allowed(service internal endpoint) | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 9312 | mgmt | barbican-api | allowed(service admin endpoint) | System Controller |Subclouds | https enabled |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 9312 | mgmt | barbican-api | allowed(service admin endpoint) | Subclouds |System Controller | https enabled |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 11211 | mgmt | memcached | allowed(keystone cache backend) | Not used between System Controller and Subclouds | | keystone cache backend |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 18002 | oam | stx-fault | allowed(service public endpoint) | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 18002 | mgmt | stx-fault | allowed(service internal endpoint) | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 18003 | mgmt | stx-fault | allowed(service admin endpoint) | System Controller | Subclouds | https enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 18003 | mgmt | stx-fault | allowed(service admin endpoint) | Subclouds | System Controller | https enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| icmp | NA | oam | icmp | allowed | allowed | Not used between System Controller and Subclouds | | |
|
||||
| | | | | | | | | |
|
||||
| | | | | | | **The only exception is when using ICMP during | | |
|
||||
| | | | | | | subcloud installs**. | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| icmp | NA | mgmt | icmp | allowed | allowed | Not used between System Controller and Subclouds | | |
|
||||
| | | | | | | | | |
|
||||
| | | | | | | **The only exception is when using ICMP during | | |
|
||||
| | | | | | | subcloud installs**. | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 25491 | oam | dcorch-patch | allowed (service | NA | Not used between System Controller and Subclouds | | dcorch-patch-api-proxy public endpoint |
|
||||
| | | | -api-proxy | public endpoint) | | | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 25491 | mgmt | dcorch-patch |allowed(service | NA | Not used between System Controller and Subclouds | | dcorch-patch-api-proxy internal endpoint|
|
||||
| | | | -api-proxy |internal endpoint)| | | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 25492 | mgmt | dcorch-patch | allowed(service | NA | Not used between System Controller and Subclouds | | dcorch-patch-api-proxy admin endpoint |
|
||||
| | | | -api-proxy | admin endpoint) | | | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 30001-| mgmt | VIM | allowed | allowed | Not used between System Controller and Subclouds | | |
|
||||
| | 30004 | | | | | | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 30555 | oam | OIDC Client | blocked(by gnp) | Not used between System Controller and Subclouds | | Only when OIDC app is applied |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 30555 | mgmt | OIDC Client | allowed(serving port) | Not used between System Controller and Subclouds | | Only when OIDC app is applied |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 30556 | oam | DEX OIDC Provider| blocked(by gnp) | Not used between System Controller and Subclouds | | Only when OIDC app is applied |
|
||||
+----------+-------+---------+------------------+-------------------------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 30556 | mgmt | DEX OIDC Provider| allowed(serving port) | Not used between System Controller and Subclouds | | Only when OIDC app is applied |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 31001 | oam | Elastic Dashboard| allowed(NodePort)| NA | System Controller | Subclouds | Only when Analytics is applied, https |
|
||||
| | | | and API | | | | | enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 31001 | oam | Elastic Dashboard| allowed(NodePort)| NA | Subclouds | System Controller | Only when Analytics is applied, https |
|
||||
| | | | and API | | | | | enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 31001 | mgmt | Elastic Dashboard| allowed(NodePort)| NA | System Controller | Subclouds | Only when Analytics is applied, https |
|
||||
| | | | and API | | | | | enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 31001 | mgmt | Elastic Dashboard| allowed(NodePort)| NA | Subclouds | System Controller | Only when Analytics is applied, https |
|
||||
| | | | and API | | | | | enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 31090-| oam | Kafka Brokers | allowed(NodePort)| NA | Not used between System Controller and Subclouds | | Only when Analytics is applied, https |
|
||||
| | 31099 | | (NodePort) | | | | | enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 31090-| mgmt | Kafka Brokers | allowed(NodePort)| NA | Subclouds | System Controller | Only when Analytics is applied, https |
|
||||
| | 31099 | | (NodePort) | | | | | enabled |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 32000 | oam | Kubernetes | allowed(NodePort)| allowed | Not used between System Controller and Subclouds | | Only when Kubernetes Dashboard |
|
||||
| | | | dashboard | | | | | is installed |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 32000 | mgmt | Kubernetes | allowed(NodePort)| allowed | Not used between System Controller and Subclouds | | Only when Kubernetes Dashboard |
|
||||
| | | | dashboard | | | | | is installed |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
| tcp | 32323 | oam | vim-webserver | blocked(by gnp) | blocked(by gnp) | Not used between System Controller and Subclouds | | |
|
||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||
.. csv-table:: Table 1. |prod-dc| port requirements
|
||||
:file: /dist_cloud/kubernetes/FW_PORTS.csv
|
||||
:header-rows: 1
|
||||
|
||||
.. end-dc-ports-table
|
||||
|
||||
|
6
fetch-ports-files.sh
Executable file
6
fetch-ports-files.sh
Executable file
@ -0,0 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# HTML
|
||||
|
||||
curl https://opendev.org/starlingx/config/raw/branch/master/sysinv/sysinv/sysinv/sysinv/common/platform_firewall.py --create-dirs -o tmp/platform_firewall.py
|
||||
curl https://opendev.org/starlingx/config/raw/branch/master/sysinv/sysinv/sysinv/sysinv/common/constants.py --create-dirs -o tmp/constants.py
|
124
py_2_xlsx.py
Executable file
124
py_2_xlsx.py
Executable file
@ -0,0 +1,124 @@
|
||||
import re
|
||||
import os
|
||||
import sys
|
||||
import pandas as pd
|
||||
|
||||
from _p_columns import columns, port_index, src_index, net_index
|
||||
|
||||
df = pd.DataFrame(columns=columns)
|
||||
|
||||
def convert_to_uppercase(input_string):
|
||||
return input_string.upper()
|
||||
|
||||
# Look up a port number assigned to a constant in another file
|
||||
def find_port_number(filename, search_string):
|
||||
found_port = None
|
||||
with open(filename, 'r') as file:
|
||||
for line in file:
|
||||
match = re.search(rf'{search_string}\s*=\s*(\d+)', line)
|
||||
if match:
|
||||
found_port = int(match.group(1))
|
||||
break
|
||||
return found_port
|
||||
|
||||
def remove_prefix(input_string):
|
||||
# Find the index of the first period
|
||||
period_index = input_string.find('.')
|
||||
|
||||
if period_index != -1:
|
||||
return input_string[period_index + 1:]
|
||||
else:
|
||||
# Return the original string
|
||||
return input_string
|
||||
|
||||
def delete_file(file_path):
|
||||
try:
|
||||
# Check if the file exists
|
||||
if os.path.exists(file_path):
|
||||
# Delete the file
|
||||
os.remove(file_path)
|
||||
print(f"File '{file_path}' deleted successfully.")
|
||||
else:
|
||||
print(f"File '{file_path}' does not exist.")
|
||||
except Exception as e:
|
||||
print(f"An error occurred: {e}")
|
||||
|
||||
def is_numeric(array, index):
|
||||
array = [element.strip() for element in array]
|
||||
# Check if the array has an integer at the element to be tested
|
||||
if len(array) > index:
|
||||
return array[index].isnumeric()
|
||||
else:
|
||||
return False
|
||||
|
||||
def prepend_string(main_string, prepend_string):
|
||||
return prepend_string + main_string
|
||||
|
||||
def append_string(*args, **kwargs):
|
||||
return prepend_string(*args, **kwargs)
|
||||
|
||||
def extract_docu_comments(input_file, out_file):
|
||||
sect = "N/A"
|
||||
prot = "N/A"
|
||||
with open(input_file, 'r') as file:
|
||||
lines = file.readlines()
|
||||
|
||||
for line in lines:
|
||||
|
||||
match = re.search(r'^(\S+)\s*=\s*(\{|\\)', line)
|
||||
if match:
|
||||
sect = match.group(1).strip()
|
||||
sect = append_string(',', sect)
|
||||
prot = "N/A, "
|
||||
match = re.search(r'("tcp":|"udp":)', line)
|
||||
if match:
|
||||
prot = match.group(1).strip()
|
||||
prot = prot.replace(':', '').strip()
|
||||
prot = convert_to_uppercase(prot)
|
||||
prot = append_string(',', prot)
|
||||
|
||||
# Check if the line contains a comment starting with 'docu' followed by
|
||||
# a colon
|
||||
if '#' in line and 'docu:' in line.lstrip():
|
||||
docu_line = re.sub(r',?\s*#\s*(noqa: E501)?\s+docu:\s*', ',', line).strip()
|
||||
docu_line = docu_line.replace(':', ',').strip()
|
||||
docu_line = prepend_string(docu_line, prot)
|
||||
docu_line = prepend_string(docu_line, sect)
|
||||
docu_line = docu_line.replace('"', '').strip()
|
||||
column_values = docu_line.split(',')
|
||||
|
||||
if not is_numeric(column_values, port_index):
|
||||
const = column_values[port_index]
|
||||
column_values[port_index] = find_port_number(const_file, remove_prefix(column_values[port_index]))
|
||||
print("Replaced " + const.strip() + " with " + str(column_values[port_index]))
|
||||
|
||||
if 'OAM' in column_values[src_index]:
|
||||
column_values[net_index] = 'oam'
|
||||
|
||||
# print("Processing: " + line)
|
||||
df.loc[len(df)] = column_values
|
||||
|
||||
ports_column_name = df.columns[port_index]
|
||||
df[ports_column_name] = pd.to_numeric(df[ports_column_name], errors='coerce')
|
||||
df.to_excel(excel_file, index=False)
|
||||
|
||||
print(f"Ports list successfully extracted to '{excel_file}'.")
|
||||
|
||||
if len(sys.argv) != 4:
|
||||
print(f"""\
|
||||
This script reads a python file to create an Excel sheet of firewall
|
||||
port definitions.
|
||||
|
||||
Usage: {os.path.basename(__file__)} <ports_file> <constants_file> <excel_file>
|
||||
Example: python ./py_2_xlsx.py platform_firewall.py constants.py FW_PORTS.xlsx
|
||||
""")
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
input_file = str(sys.argv[1])
|
||||
const_file = str(sys.argv[2])
|
||||
excel_file = str(sys.argv[3])
|
||||
|
||||
# Extract lines with docu comments
|
||||
extract_docu_comments(input_file, excel_file)
|
||||
|
7
tox.ini
7
tox.ini
@ -23,6 +23,9 @@ commands =
|
||||
python parser.py -l templates/logs_template.rst -e tmp/events.yaml -s 100,200,300,400,500,700,800,900 -ts = -type Log -outputPath doc/source/fault-mgmt/openstack/ -sort Yes -product openstack -replace "|,OR"
|
||||
bash ./normalize-includes.sh
|
||||
bash ./dup-abbr-check.sh
|
||||
bash ./fetch-ports-files.sh
|
||||
python py_2_xlsx.py tmp/platform_firewall.py tmp/constants.py tmp/FW_PORTS.xlsx
|
||||
python xlst_2_csv.py tmp/FW_PORTS.xlsx doc/source/dist_cloud/kubernetes/FW_PORTS.csv --columns Source Port Protocol Network Desc HTTPS Note _stx --sort_orders Port=asc --filters _stx=y
|
||||
|
||||
[testenv:postbuild-docs]
|
||||
commands =
|
||||
@ -32,6 +35,7 @@ commands =
|
||||
bash hide-empty-rows.sh doc/build/html
|
||||
bash htmlChecks.sh doc/build/html
|
||||
|
||||
|
||||
[testenv:docs]
|
||||
deps =
|
||||
# -c{env:TOX_CONSTRAINTS_FILE:doc/upper-constraints.txt}
|
||||
@ -45,6 +49,9 @@ allowlist_externals = bash
|
||||
./hide-empty-rows.sh
|
||||
./htmlChecks.sh
|
||||
./get-remote-files.sh
|
||||
./fetch-ports-files.sh
|
||||
./py_2_xlsx.py
|
||||
./xlst_2_csv.py
|
||||
git
|
||||
# hw-updates.sh
|
||||
|
||||
|
64
xlst_2_csv.py
Executable file
64
xlst_2_csv.py
Executable file
@ -0,0 +1,64 @@
|
||||
import pandas as pd
|
||||
import argparse
|
||||
import re
|
||||
|
||||
from _p_columns import columns, port_index
|
||||
|
||||
def export_to_csv(input_file, output_file, columns, filters, sort_orders):
|
||||
# Load the Excel file
|
||||
df = pd.read_excel(input_file)
|
||||
|
||||
# Filter columns
|
||||
df = df[columns]
|
||||
|
||||
# Apply filters
|
||||
for column, value in filters.items():
|
||||
if isinstance(value, list):
|
||||
df = df[df[column].isin(value)]
|
||||
else:
|
||||
df = df[df[column] == value]
|
||||
|
||||
# Apply sort orders
|
||||
sort_columns = [col for col, order in sort_orders.items()]
|
||||
sort_ascending = [order == 'asc' for order in sort_orders.values()]
|
||||
df = df.sort_values(by=sort_columns, ascending=sort_ascending)
|
||||
|
||||
# Drop filter-only columns that begin with an underscore
|
||||
pattern = re.compile("^_[a-z]+$")
|
||||
for c in columns:
|
||||
if pattern.match(c):
|
||||
df.pop(c)
|
||||
|
||||
# Export to CSV
|
||||
df.to_csv(output_file, index=False)
|
||||
|
||||
if __name__ == "__main__":
|
||||
parser = argparse.ArgumentParser(description="Export a CSV list of ports from Excel with specified columns, filters, and sort orders.")
|
||||
parser.add_argument("input_file", help="Path to the input Excel file. Positioned BEFORE options.")
|
||||
parser.add_argument("output_file", help="Path to the output CSV file. Positioned BEFORE options.")
|
||||
parser.add_argument("--columns", nargs='+', required=True, help="Space separated list of columns to include in the CSV file")
|
||||
parser.add_argument("--filters", nargs='*', required=True, action='append', help="Column filters in the format column=value or column=[value1,value2,...]")
|
||||
parser.add_argument("--sort_orders", nargs='*', required=True, action='append', help="Sort orders in the format column=asc/desc")
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
# Process filters argument
|
||||
filters = {}
|
||||
for filt in args.filters:
|
||||
for f in filt:
|
||||
column, value = f.split('=')
|
||||
if value.startswith('[') and value.endswith(']'):
|
||||
value = value.strip('[]').split(',')
|
||||
filters[column] = value
|
||||
|
||||
# Process sort orders argument
|
||||
sort_orders = {}
|
||||
for sort in args.sort_orders:
|
||||
for s in sort:
|
||||
column, order = s.split('=')
|
||||
sort_orders[column] = order
|
||||
|
||||
export_to_csv(args.input_file, args.output_file, args.columns, filters, sort_orders)
|
||||
|
||||
# Note that positional args are first. Hidden filter columns must be listed in --columns
|
||||
# e.g: python3.10 xlst_2_csv.py FW_PORTS.xlsx FW_PORTS.csv --columns Source Port Protocol Network Desc HTTPS Note _pl --sort_orders Port=asc --filters _pl=y
|
Loading…
Reference in New Issue
Block a user