From 1627136230f57ee5fceed10af74532b1fc8e59a5 Mon Sep 17 00:00:00 2001 From: Lars Kellogg-Stedman Date: Fri, 6 Jun 2014 10:51:27 -0400 Subject: [PATCH] fix firewall rules with multiple network hosts If CONFIG_NETWORK_HOSTS contained hosts other than CONFIG_CONTROLLER_HOST, the fact that the config keys for Neutron API access... config['FIREWALL_PORTS'] = "'9696'" ...were set outside the 'for host in q_hosts' loop meant that they could be overwritten by the tunnel-related configuration later on in the loop. This patch sets the keys immediately before reading in the firewall template. See also: https://bugzilla.redhat.com/show_bug.cgi?id=1105248 Change-Id: I71f50b9aadab6f903ee0941deae2f13ed3467104 --- packstack/plugins/neutron_350.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packstack/plugins/neutron_350.py b/packstack/plugins/neutron_350.py index 941fa9f30..ef1d732c3 100644 --- a/packstack/plugins/neutron_350.py +++ b/packstack/plugins/neutron_350.py @@ -718,10 +718,6 @@ def create_manifests(config, messages): elif config['CONFIG_NEUTRON_L2_PLUGIN'] == 'ml2': plugin_manifest = 'neutron_ml2_plugin.pp' - config['FIREWALL_SERVICE_NAME'] = "neutron server" - config['FIREWALL_PORTS'] = "'9696'" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' for host in q_hosts: manifest_file = "%s_neutron.pp" % (host,) manifest_data = getManifestTemplate("neutron.pp") @@ -735,6 +731,10 @@ def create_manifests(config, messages): # Firewall Rules for f_host in q_hosts: + config['FIREWALL_SERVICE_NAME'] = "neutron server" + config['FIREWALL_PORTS'] = "'9696'" + config['FIREWALL_CHAIN'] = "INPUT" + config['FIREWALL_PROTOCOL'] = 'tcp' config['FIREWALL_ALLOWED'] = "'%s'" % f_host config['FIREWALL_SERVICE_ID'] = ("neutron_server_%s_%s" % (host, f_host))