Enable API services to all hosts

Open the API ports to all hosts. Change-Id: I3363cf5f683595ce55d3bb2c57968c21b8f29cba Fixes: rhbz#1099787
2014-06-17 14:13:08 -06:00
parent f4b5965644
commit c656a3d896
11 changed files with 57 additions and 33 deletions
--- a/packstack/plugins/cinder_250.py
+++ b/packstack/plugins/cinder_250.py
@@ -352,7 +352,7 @@ def create_manifest(config, messages):
        manifestdata += getManifestTemplate('cinder_backup.pp')

    config['FIREWALL_SERVICE_NAME'] = "cinder"
-    config['FIREWALL_PORTS'] = "['3260', '8776']"
+    config['FIREWALL_PORTS'] = "['3260']"
    config['FIREWALL_CHAIN'] = "INPUT"
    config['FIREWALL_PROTOCOL'] = 'tcp'
    if (config['CONFIG_NOVA_INSTALL'] == 'y' and
@@ -365,5 +365,10 @@ def create_manifest(config, messages):
        config['FIREWALL_ALLOWED'] = "'ALL'"
        config['FIREWALL_SERVICE_ID'] = "cinder_ALL"
        manifestdata += getManifestTemplate("firewall.pp")
-
+    # cinder API should be open for everyone
+    config['FIREWALL_SERVICE_NAME'] = "cinder-api"
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "cinder_API"
+    config['FIREWALL_PORTS'] = "['8776']"
+    manifestdata += getManifestTemplate("firewall.pp")
    appendManifestFile(manifestfile, manifestdata)
--- a/packstack/plugins/glance_200.py
+++ b/packstack/plugins/glance_200.py
@@ -96,14 +96,8 @@ def create_manifest(config, messages):
    config['FIREWALL_PORTS'] = "'9292'"
    config['FIREWALL_CHAIN'] = "INPUT"
    config['FIREWALL_PROTOCOL'] = 'tcp'
-    if config['CONFIG_NOVA_INSTALL'] == 'y':
-        for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
-            config['FIREWALL_ALLOWED'] = "'%s'" % host
-            config['FIREWALL_SERVICE_ID'] = "glance_%s" % host
-            manifestdata += getManifestTemplate("firewall.pp")
-    else:
    config['FIREWALL_ALLOWED'] = "'ALL'"
-        config['FIREWALL_SERVICE_ID'] = "glance_ALL"
+    config['FIREWALL_SERVICE_ID'] = "glance_API"
    manifestdata += getManifestTemplate("firewall.pp")

    appendManifestFile(manifestfile, manifestdata)
--- a/packstack/plugins/heat_750.py
+++ b/packstack/plugins/heat_750.py
@@ -187,10 +187,15 @@ def create_manifest(config, messages):
    manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
    manifestdata = getManifestTemplate(get_mq(config, "heat"))
    manifestdata += getManifestTemplate("heat.pp")
-
    if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y':
        manifestdata += getManifestTemplate("heat_trusts.pp")
-
+    config['FIREWALL_SERVICE_NAME'] = "heat"
+    config['FIREWALL_PORTS'] = "'8004'"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "heat"
+    manifestdata += getManifestTemplate("firewall.pp")
    appendManifestFile(manifestfile, manifestdata)


@@ -208,6 +213,13 @@ def create_cloudwatch_manifest(config, messages):
    manifestfile = "%s_heatcw.pp" % config['CONFIG_CONTROLLER_HOST']
    manifestdata = getManifestTemplate(get_mq(config, "heat"))
    manifestdata += getManifestTemplate("heat_cloudwatch.pp")
+    config['FIREWALL_SERVICE_NAME'] = "heat api cloudwatch"
+    config['FIREWALL_PORTS'] = "'8003'"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "heat_api_cloudwatch"
+    manifestdata += getManifestTemplate("firewall.pp")
    appendManifestFile(manifestfile, manifestdata, marker='heat')


@@ -215,4 +227,11 @@ def create_cfn_manifest(config, messages):
    manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
    manifestdata = getManifestTemplate(get_mq(config, "heat"))
    manifestdata += getManifestTemplate("heat_cfn.pp")
+    config['FIREWALL_SERVICE_NAME'] = "heat_cfn"
+    config['FIREWALL_PORTS'] = "'8000'"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "heat_cfn"
+    manifestdata += getManifestTemplate("firewall.pp")
    appendManifestFile(manifestfile, manifestdata, marker='heat')
--- a/packstack/plugins/neutron_350.py
+++ b/packstack/plugins/neutron_350.py
@@ -760,15 +760,14 @@ def create_manifests(config, messages):
            # XXX I am not completely sure about this, but it seems necessary:
            manifest_data += getManifestTemplate(plugin_manifest)

-            # Firewall Rules
-            for f_host in q_hosts:
+            #Firewall
            config['FIREWALL_SERVICE_NAME'] = "neutron server"
            config['FIREWALL_PORTS'] = "'9696'"
            config['FIREWALL_CHAIN'] = "INPUT"
            config['FIREWALL_PROTOCOL'] = 'tcp'
-                config['FIREWALL_ALLOWED'] = "'%s'" % f_host
-                config['FIREWALL_SERVICE_ID'] = ("neutron_server_%s_%s"
-                                                 % (host, f_host))
+            config['FIREWALL_ALLOWED'] = "'ALL'"
+            config['FIREWALL_SERVICE_ID'] = ("neutron_server_%s"
+                                                 % (host))
            manifest_data += getManifestTemplate("firewall.pp")

            appendManifestFile(manifest_file, manifest_data, 'neutron')
--- a/packstack/plugins/nova_300.py
+++ b/packstack/plugins/nova_300.py
@@ -428,6 +428,13 @@ def create_api_manifest(config, messages):
            "'%s'" % config['CONFIG_NEUTRON_METADATA_PW']
    manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST']
    manifestdata = getManifestTemplate("nova_api.pp")
+    config['FIREWALL_SERVICE_NAME'] = "nova api"
+    config['FIREWALL_PORTS'] = "['8773', '8774', '8775']"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "nova_api"
+    manifestdata += getManifestTemplate("firewall.pp")
    appendManifestFile(manifestfile, manifestdata, 'novaapi')


--- a/packstack/plugins/swift_600.py
+++ b/packstack/plugins/swift_600.py
@@ -276,6 +276,13 @@ def create_builder_manifest(config, messages):
 def create_proxy_manifest(config, messages):
    manifestfile = "%s_swift.pp" % config['CONFIG_CONTROLLER_HOST']
    manifestdata = getManifestTemplate("swift_proxy.pp")
+    config['FIREWALL_SERVICE_NAME'] = "swift proxy"
+    config['FIREWALL_PORTS'] = "'8080'"
+    config['FIREWALL_CHAIN'] = "INPUT"
+    config['FIREWALL_PROTOCOL'] = 'tcp'
+    config['FIREWALL_ALLOWED'] = "'ALL'"
+    config['FIREWALL_SERVICE_ID'] = "swift_proxy"
+    manifestdata += getManifestTemplate("firewall.pp")
    appendManifestFile(manifestfile, manifestdata)


--- a/packstack/puppet/templates/heat.pp
+++ b/packstack/puppet/templates/heat.pp
@@ -18,3 +18,4 @@ class { 'heat::keystone::domain':
  domain_admin      => '%(CONFIG_HEAT_DOMAIN_ADMIN)s',
  domain_password   => '%(CONFIG_HEAT_DOMAIN_PASSWORD)s',
 }
+
--- a/packstack/puppet/templates/heat_cfn.pp
+++ b/packstack/puppet/templates/heat_cfn.pp
@@ -8,3 +8,4 @@ class { 'heat::keystone::auth_cfn':
  internal_address   => '%(CONFIG_CONTROLLER_HOST)s',
  password           => '%(CONFIG_HEAT_KS_PW)s'
 }
+
--- a/packstack/puppet/templates/heat_cloudwatch.pp
+++ b/packstack/puppet/templates/heat_cloudwatch.pp
@@ -1,3 +1,4 @@

 class { 'heat::api_cloudwatch':
 }
+
--- a/packstack/puppet/templates/nova_api.pp
+++ b/packstack/puppet/templates/nova_api.pp
@@ -9,8 +9,3 @@ class {"nova::api":

 Package<| title == 'nova-common' |> -> Class['nova::api']

-firewall { '001 novaapi incoming':
-    proto    => 'tcp',
-    dport    => ['8773', '8774', '8775'],
-    action   => 'accept',
-}
--- a/packstack/puppet/templates/swift_proxy.pp
+++ b/packstack/puppet/templates/swift_proxy.pp
@@ -67,8 +67,3 @@ class { 'swift::proxy::authtoken':
    auth_host         => '%(CONFIG_CONTROLLER_HOST)s',
 }

-firewall { '001 swift proxy incoming':
-    proto    => 'tcp',
-    dport    => ['8080'],
-    action   => 'accept',
-}