fix firewall rules with multiple network hosts

If CONFIG_NETWORK_HOSTS contained hosts other than CONFIG_CONTROLLER_HOST, the fact that the config keys for Neutron API access... config['FIREWALL_PORTS'] = "'9696'" ...were set outside the 'for host in q_hosts' loop meant that they could be overwritten by the tunnel-related configuration later on in the loop. This patch sets the keys immediately before reading in the firewall template. See also: https://bugzilla.redhat.com/show_bug.cgi?id=1105248 Change-Id: I71f50b9aadab6f903ee0941deae2f13ed3467104
2014-06-06 10:51:27 -04:00
parent 62525b5e4e
commit 1627136230
1 changed files with 4 additions and 4 deletions
--- a/packstack/plugins/neutron_350.py
+++ b/packstack/plugins/neutron_350.py
@@ -718,10 +718,6 @@ def create_manifests(config, messages):
    elif config['CONFIG_NEUTRON_L2_PLUGIN'] == 'ml2':
        plugin_manifest = 'neutron_ml2_plugin.pp'

-    config['FIREWALL_SERVICE_NAME'] = "neutron server"
-    config['FIREWALL_PORTS'] = "'9696'"
-    config['FIREWALL_CHAIN'] = "INPUT"
-    config['FIREWALL_PROTOCOL'] = 'tcp'
    for host in q_hosts:
        manifest_file = "%s_neutron.pp" % (host,)
        manifest_data = getManifestTemplate("neutron.pp")
@@ -735,6 +731,10 @@ def create_manifests(config, messages):

            # Firewall Rules
            for f_host in q_hosts:
+                config['FIREWALL_SERVICE_NAME'] = "neutron server"
+                config['FIREWALL_PORTS'] = "'9696'"
+                config['FIREWALL_CHAIN'] = "INPUT"
+                config['FIREWALL_PROTOCOL'] = 'tcp'
                config['FIREWALL_ALLOWED'] = "'%s'" % f_host
                config['FIREWALL_SERVICE_ID'] = ("neutron_server_%s_%s"
                                                 % (host, f_host))