Adds Firewall rules for swift access.

Allows connection to swift and rsync from this hosts: CONFIG_SWIFT_STORAGE_HOSTS and CONFIG_SWIFT_PROXY_HOSTS This patch is for swift only, rules for the other services are being developed since the bug addresses the entire openstack installation. The swift proxy service was not restricted because it's the connection to the outside world. Fixes (partially): rhbz#1002063 Change-Id: I1f8e46ff4eebe85d2d0a4bcded8e6ad8ed664a9b
2013-09-24 15:09:49 -06:00
parent 516338ffda
commit cf2df0f8c5
4 changed files with 18 additions and 15 deletions
--- a/packstack/plugins/swift_600.py
+++ b/packstack/plugins/swift_600.py
@@ -107,6 +107,7 @@ def initConfig(controllerObject):
                  "POST_CONDITION"        : False,
                  "POST_CONDITION_MATCH"  : True}

+
    controller.addGroup(groupDict, paramsList)


@@ -127,6 +128,7 @@ def initSequences(controller):
             {'title': 'Adding Swift storage manifest entries', 'functions':[createstoragemanifest]},
             {'title': 'Adding Swift common manifest entries', 'functions':[createcommonmanifest]},
    ]
+
    controller.addSequence("Installing OpenStack Swift", [], [], steps)


@@ -235,11 +237,25 @@ def createstoragemanifest(config):
        else:
            controller.CONF["SWIFT_STORAGE_DEVICES"] = "'%s'"%devicename
            manifestdata = "\n" + getManifestTemplate("swift_loopback.pp")
-        appendManifestFile(manifestfile, manifestdata)
+        # Allowed host list for firewall
+        hosts = set()
+        for host in config['CONFIG_SWIFT_STORAGE_HOSTS'].split(','):
+            hosts.add(host.strip())
+        for host in config['CONFIG_SWIFT_PROXY_HOSTS'].split(','):
+            hosts.add(host.strip())
+        for host in config['CONFIG_NOVA_COMPUTE_HOSTS'].split(','):
+            hosts.add(host.strip())
+        config['FIREWALL_ALLOWED'] = ",".join(["'%s'" % i for i in hosts])
+        # Firewall rules for storage and rsync
+        config['FIREWALL_SERVICE_NAME'] = "swift storage and rsync"
+        config['FIREWALL_PORTS'] = "'6000', '6001', '6002', '873'"
+        manifestdata += getManifestTemplate("firewall.pp")

+        appendManifestFile(manifestfile, manifestdata)

 def createcommonmanifest(config):
    for manifestfile, marker in manifestfiles.getFiles():
        if manifestfile.endswith("_swift.pp"):
            data = getManifestTemplate("swift_common.pp")
            appendManifestFile(os.path.split(manifestfile)[1], data)
+