Enable API services to all hosts

Open the API ports to all hosts.

Change-Id: I3363cf5f683595ce55d3bb2c57968c21b8f29cba
Fixes: rhbz#1099787

packstack/plugins/cinder_250.py

@@ -352,7 +352,7 @@ def create_manifest(config, messages):
         manifestdata += getManifestTemplate('cinder_backup.pp')
 
     config['FIREWALL_SERVICE_NAME'] = "cinder"
-    config['FIREWALL_PORTS'] = "['3260', '8776']"
+    config['FIREWALL_PORTS'] = "['3260']"
     config['FIREWALL_CHAIN'] = "INPUT"
     config['FIREWALL_PROTOCOL'] = 'tcp'
     if (config['CONFIG_NOVA_INSTALL'] == 'y' and
@@ -365,5 +365,10 @@ def create_manifest(config, messages):
         config['FIREWALL_ALLOWED'] = "'ALL'"
         config['FIREWALL_SERVICE_ID'] = "cinder_ALL"
         manifestdata += getManifestTemplate("firewall.pp")
-
+    # cinder API should be open for everyone
+    config['FIREWALL_SERVICE_NAME'] = "cinder-api"
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "cinder_API"
+    config['FIREWALL_PORTS'] = "['8776']"
+    manifestdata += getManifestTemplate("firewall.pp")
     appendManifestFile(manifestfile, manifestdata)

packstack/plugins/glance_200.py

@@ -96,14 +96,8 @@ def create_manifest(config, messages):
     config['FIREWALL_PORTS'] = "'9292'"
     config['FIREWALL_CHAIN'] = "INPUT"
     config['FIREWALL_PROTOCOL'] = 'tcp'
-    if config['CONFIG_NOVA_INSTALL'] == 'y':
+    config['FIREWALL_ALLOWED'] = "'ALL'"
-        for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
+    config['FIREWALL_SERVICE_ID'] = "glance_API"
-            config['FIREWALL_ALLOWED'] = "'%s'" % host
+    manifestdata += getManifestTemplate("firewall.pp")
-            config['FIREWALL_SERVICE_ID'] = "glance_%s" % host
-            manifestdata += getManifestTemplate("firewall.pp")
-    else:
-        config['FIREWALL_ALLOWED'] = "'ALL'"
-        config['FIREWALL_SERVICE_ID'] = "glance_ALL"
-        manifestdata += getManifestTemplate("firewall.pp")
 
     appendManifestFile(manifestfile, manifestdata)

packstack/plugins/heat_750.py

@@ -187,10 +187,15 @@ def create_manifest(config, messages):
     manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate(get_mq(config, "heat"))
     manifestdata += getManifestTemplate("heat.pp")
-
     if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y':
         manifestdata += getManifestTemplate("heat_trusts.pp")
-
+    config['FIREWALL_SERVICE_NAME'] = "heat"
+    config['FIREWALL_PORTS'] = "'8004'"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "heat"
+    manifestdata += getManifestTemplate("firewall.pp")
     appendManifestFile(manifestfile, manifestdata)
 
 
@@ -208,6 +213,13 @@ def create_cloudwatch_manifest(config, messages):
     manifestfile = "%s_heatcw.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate(get_mq(config, "heat"))
     manifestdata += getManifestTemplate("heat_cloudwatch.pp")
+    config['FIREWALL_SERVICE_NAME'] = "heat api cloudwatch"
+    config['FIREWALL_PORTS'] = "'8003'"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "heat_api_cloudwatch"
+    manifestdata += getManifestTemplate("firewall.pp")
     appendManifestFile(manifestfile, manifestdata, marker='heat')
 
 
@@ -215,4 +227,11 @@ def create_cfn_manifest(config, messages):
     manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate(get_mq(config, "heat"))
     manifestdata += getManifestTemplate("heat_cfn.pp")
+    config['FIREWALL_SERVICE_NAME'] = "heat_cfn"
+    config['FIREWALL_PORTS'] = "'8000'"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "heat_cfn"
+    manifestdata += getManifestTemplate("firewall.pp")
     appendManifestFile(manifestfile, manifestdata, marker='heat')

packstack/plugins/neutron_350.py

@@ -760,16 +760,15 @@ def create_manifests(config, messages):
             # XXX I am not completely sure about this, but it seems necessary:
             manifest_data += getManifestTemplate(plugin_manifest)
 
-            # Firewall Rules
+            #Firewall
-            for f_host in q_hosts:
+            config['FIREWALL_SERVICE_NAME'] = "neutron server"
-                config['FIREWALL_SERVICE_NAME'] = "neutron server"
+            config['FIREWALL_PORTS'] = "'9696'"
-                config['FIREWALL_PORTS'] = "'9696'"
+            config['FIREWALL_CHAIN'] = "INPUT"
-                config['FIREWALL_CHAIN'] = "INPUT"
+            config['FIREWALL_PROTOCOL'] = 'tcp'
-                config['FIREWALL_PROTOCOL'] = 'tcp'
+            config['FIREWALL_ALLOWED'] = "'ALL'"
-                config['FIREWALL_ALLOWED'] = "'%s'" % f_host
+            config['FIREWALL_SERVICE_ID'] = ("neutron_server_%s"
-                config['FIREWALL_SERVICE_ID'] = ("neutron_server_%s_%s"
+                                                 % (host))
-                                                 % (host, f_host))
+            manifest_data += getManifestTemplate("firewall.pp")
-                manifest_data += getManifestTemplate("firewall.pp")
 
             appendManifestFile(manifest_file, manifest_data, 'neutron')
 

packstack/plugins/nova_300.py

@@ -428,6 +428,13 @@ def create_api_manifest(config, messages):
             "'%s'" % config['CONFIG_NEUTRON_METADATA_PW']
     manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate("nova_api.pp")
+    config['FIREWALL_SERVICE_NAME'] = "nova api"
+    config['FIREWALL_PORTS'] = "['8773', '8774', '8775']"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "nova_api"
+    manifestdata += getManifestTemplate("firewall.pp")
     appendManifestFile(manifestfile, manifestdata, 'novaapi')
 
 

packstack/plugins/swift_600.py

@@ -276,6 +276,13 @@ def create_builder_manifest(config, messages):
 def create_proxy_manifest(config, messages):
     manifestfile = "%s_swift.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate("swift_proxy.pp")
+    config['FIREWALL_SERVICE_NAME'] = "swift proxy"
+    config['FIREWALL_PORTS'] = "'8080'"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "swift_proxy"
+    manifestdata += getManifestTemplate("firewall.pp")
     appendManifestFile(manifestfile, manifestdata)
 
 

packstack/puppet/templates/heat.pp

@@ -18,3 +18,4 @@ class { 'heat::keystone::domain':
   domain_admin      => '%(CONFIG_HEAT_DOMAIN_ADMIN)s',
   domain_password   => '%(CONFIG_HEAT_DOMAIN_PASSWORD)s',
 }
+

packstack/puppet/templates/heat_cfn.pp

@@ -8,3 +8,4 @@ class { 'heat::keystone::auth_cfn':
   internal_address   => '%(CONFIG_CONTROLLER_HOST)s',
   password           => '%(CONFIG_HEAT_KS_PW)s'
 }
+

packstack/puppet/templates/heat_cloudwatch.pp

@@ -1,3 +1,4 @@
 
 class { 'heat::api_cloudwatch':
 }
+

packstack/puppet/templates/nova_api.pp

@@ -9,8 +9,3 @@ class {"nova::api":
 
 Package<| title == 'nova-common' |> -> Class['nova::api']
 
-firewall { '001 novaapi incoming':
-    proto    => 'tcp',
-    dport    => ['8773', '8774', '8775'],
-    action   => 'accept',
-}

packstack/puppet/templates/swift_proxy.pp

@@ -67,8 +67,3 @@ class { 'swift::proxy::authtoken':
     auth_host         => '%(CONFIG_CONTROLLER_HOST)s',
 }
 
-firewall { '001 swift proxy incoming':
-    proto    => 'tcp',
-    dport    => ['8080'],
-    action   => 'accept',
-}