x/packstack
Code Issues Proposed changes

Fixed firewall protocols

Browse Source 
Resource provider for firewall does not accept array as value for
parameter 'proto'. This patch is fixing it.

Change-Id: Iba55657f35a5c79149b22873e8eb753b71b6ceda
Fixes: rhbz#1100993
This commit is contained in:
Martin Magr
2014-06-03 16:02:33 +02:00
parent cda9fcb00f
commit d794f98378
13 changed files with 25 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packstack/plugins/amqp_002.py
View File

@@ -246,8 +246,9 @@ def create_manifest(config, messages):
# All hosts should be able to talk to amqp
config['FIREWALL_SERVICE_NAME'] = "amqp"
config['FIREWALL_PORTS'] = "'5671', '5672'"
config['FIREWALL_PORTS'] = "['5671', '5672']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
for host in filtered_hosts(config, exclude=False):
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "amqp_%s" % host

2
packstack/plugins/ceilometer_800.py
View File

@@ -115,6 +115,7 @@ def create_manifest(config, messages):
config['FIREWALL_SERVICE_ID'] = 'ceilometer_api'
config['FIREWALL_PORTS'] = "'8777'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
# Add a template that creates a group for nova because the ceilometer
# class needs it
@@ -129,6 +130,7 @@ def create_mongodb_manifest(config, messages):
config['FIREWALL_ALLOWED'] = "'%s'" % config['CONFIG_CONTROLLER_HOST']
config['FIREWALL_SERVICE_NAME'] = 'mongodb-server'
config['FIREWALL_PORTS'] = "'27017'"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata, 'pre')

4
packstack/plugins/cinder_250.py
View File

@@ -360,9 +360,9 @@ def create_manifest(config, messages):
manifestdata += getManifestTemplate('cinder_backup.pp')
config['FIREWALL_SERVICE_NAME'] = "cinder"
config['FIREWALL_PORTS'] = "'3260', '8776'"
config['FIREWALL_PORTS'] = "['3260', '8776']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
if (config['CONFIG_NOVA_INSTALL'] == 'y' and
config['CONFIG_VMWARE_BACKEND'] == 'n'):
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):

1
packstack/plugins/glance_200.py
View File

@@ -95,6 +95,7 @@ def create_manifest(config, messages):
config['FIREWALL_SERVICE_NAME'] = "glance"
config['FIREWALL_PORTS'] = "'9292'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
if config['CONFIG_NOVA_INSTALL'] == 'y':
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
config['FIREWALL_ALLOWED'] = "'%s'" % host

3
packstack/plugins/keystone_100.py
View File

@@ -115,8 +115,9 @@ def create_manifest(config, messages):
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = "keystone"
config['FIREWALL_SERVICE_ID'] = "keystone"
config['FIREWALL_PORTS'] = "'5000', '35357'"
config['FIREWALL_PORTS'] = "['5000', '35357']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)

1
packstack/plugins/mysql_001.py
View File

@@ -112,6 +112,7 @@ def create_manifest(config, messages):
config['FIREWALL_SERVICE_NAME'] = "mysql"
config['FIREWALL_PORTS'] = "'3306'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
for host in hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "mysql_%s" % host

1
packstack/plugins/nagios_910.py
View File

@@ -189,6 +189,7 @@ def create_nrpe_manifests(config, messages):
config['FIREWALL_SERVICE_ID'] = "nagios_nrpe"
config['FIREWALL_PORTS'] = '5666'
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)

15
packstack/plugins/neutron_350.py
View File

@@ -701,7 +701,7 @@ def create_manifests(config, messages):
config['FIREWALL_SERVICE_NAME'] = "neutron server"
config['FIREWALL_PORTS'] = "'9696'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
for host in q_hosts:
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron.pp")
@@ -727,14 +727,14 @@ def create_manifests(config, messages):
manifest_data = getManifestTemplate(plugin_manifest)
# We also need to open VXLAN/GRE port for agent
firewall_template = "firewall.pp"
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
if use_openvswitch_vxlan(config):
tunnel_port = "'4789'"
config['FIREWALL_PROTOCOL'] = 'udp'
tunnel_port = ("'%s'"
% config['CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'])
else:
config['FIREWALL_PROTOCOL'] = "'gre'"
firewall_template = "firewall_proto.pp"
tunnel_port = ""
config['FIREWALL_PROTOCOL'] = 'gre'
tunnel_port = 'undef'
for f_host in q_hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % f_host
config['FIREWALL_SERVICE_NAME'] = "neutron tunnel port"
@@ -742,7 +742,7 @@ def create_manifests(config, messages):
% (host, f_host))
config['FIREWALL_PORTS'] = tunnel_port
config['FIREWALL_CHAIN'] = "INPUT"
manifest_data += getManifestTemplate(firewall_template)
manifest_data += getManifestTemplate('firewall.pp')
appendManifestFile(manifest_file, manifest_data, 'neutron')
@@ -786,6 +786,7 @@ def create_dhcp_manifests(config, messages):
manifest_file = "%s_neutron.pp" % (host,)
# Firewall Rules
config['FIREWALL_PROTOCOL'] = 'tcp'
for f_host in q_hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % f_host
config['FIREWALL_SERVICE_NAME'] = "neutron dhcp in"

1
packstack/plugins/nova_300.py
View File

@@ -496,6 +496,7 @@ def create_compute_manifest(config, messages):
config['FIREWALL_SERVICE_ID'] = "nova_compute"
config['FIREWALL_PORTS'] = "'5900-5999'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
manifestdata += "\n" + nova_config_options.getManifestEntry()

4
packstack/plugins/swift_600.py
View File

@@ -295,9 +295,9 @@ def create_storage_manifest(config, messages):
hosts |= split_hosts(config['CONFIG_COMPUTE_HOSTS'])
config['FIREWALL_SERVICE_NAME'] = "swift storage and rsync"
config['FIREWALL_PORTS'] = "'6000', '6001', '6002', '873'"
config['FIREWALL_PORTS'] = "['6000', '6001', '6002', '873']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
for host in hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "swift_storage_and_rsync_%s" % host

2
packstack/puppet/modules/packstack/manifests/firewall.pp
View File

@@ -2,7 +2,7 @@
# hosts that need to connect via FIREWALL_PORTS
# using FIREWALL_CHAIN
define packstack::firewall($host, $service_name, $chain = "INPUT", $ports = undef, $proto = ['tcp', 'udp']) {
define packstack::firewall($host, $service_name, $chain = "INPUT", $ports = undef, $proto = 'tcp') {
$source = $host ? {
'ALL' => '0.0.0.0/0',
default => $host,

4
packstack/puppet/templates/firewall.pp
View File

@@ -6,6 +6,6 @@ packstack::firewall {'%(FIREWALL_SERVICE_ID)s':
host => %(FIREWALL_ALLOWED)s,
service_name => '%(FIREWALL_SERVICE_NAME)s',
chain => '%(FIREWALL_CHAIN)s',
ports => [%(FIREWALL_PORTS)s],
ports => %(FIREWALL_PORTS)s,
proto => '%(FIREWALL_PROTOCOL)s',
}

11
packstack/puppet/templates/firewall_proto.pp
View File

@@ -1,11 +0,0 @@
# Create firewall rules to allow only the FIREWALL_ALLOWED
# hosts that need to connect via FIREWALL_PORTS
# using FIREWALL_CHAIN
packstack::firewall {'%(FIREWALL_SERVICE_ID)s':
host => %(FIREWALL_ALLOWED)s,
service_name => '%(FIREWALL_SERVICE_NAME)s',
chain => '%(FIREWALL_CHAIN)s',
proto => [%(FIREWALL_PROTOCOL)s],
}