x/packstack
Code Issues Proposed changes

Adds Firewall rules for neutron access.

Browse Source 
Allows connection to the neutron api service
only for:

CONFIG_NEUTRON_SERVER_HOST
CONFIG_NEUTRON_L3_HOSTS
CONFIG_NEUTRON_DHCP_HOSTS
CONFIG_NEUTRON_METADATA_HOSTS
CONFIG_NOVA_COMPUTE_HOSTS

This patch is for neutron only, rules for the other
services are being developed since the bug
addresses the entire openstack installation.

Fixes (partially): rhbz#1002063

Change-Id: I1e850ed9f205567a05e8115d1ce9c3644cd705a9
This commit is contained in:
Ivan Chavero
2013-09-21 19:12:47 -06:00
parent 6b19e22919
commit 750dd0019f
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
packstack/plugins/neutron_350.py
View File

@@ -377,6 +377,12 @@ def createManifest(config):
elif controller.CONF['CONFIG_NEUTRON_L2_PLUGIN'] == 'linuxbridge': elif controller.CONF['CONFIG_NEUTRON_L2_PLUGIN'] == 'linuxbridge':
manifest_data = getManifestTemplate("neutron_lb_plugin.pp") manifest_data = getManifestTemplate("neutron_lb_plugin.pp")
appendManifestFile(manifest_file, manifest_data, 'neutron') appendManifestFile(manifest_file, manifest_data, 'neutron')
# Firewall Rules
config['FIREWALL_ALLOWED'] = ",".join(["'%s'" % i for i in q_hosts])
config['FIREWALL_SERVICE_NAME'] = "neutron"
config['FIREWALL_PORTS'] = "'9696'"
manifest_data = getManifestTemplate("firewall.pp")
appendManifestFile(manifest_file, manifest_data, 'neutron')
def createKeystoneManifest(config): def createKeystoneManifest(config):
manifestfile = "%s_keystone.pp"%controller.CONF['CONFIG_KEYSTONE_HOST'] manifestfile = "%s_keystone.pp"%controller.CONF['CONFIG_KEYSTONE_HOST']

5
packstack/puppet/templates/neutron_api.pp
View File

@@ -4,8 +4,3 @@ class { 'neutron::server':
enabled => true, enabled => true,
} }
firewall { '001 neutron incoming':
proto => 'tcp',
dport => ['9696'],
action => 'accept',
}