From 97c9ca2c5fca12adaa2da8f777898af3f60823fc Mon Sep 17 00:00:00 2001 From: Alexander Kislitsky Date: Wed, 15 Feb 2017 18:53:45 +0300 Subject: [PATCH] Port for distributed serialization added We allow connections to 8002 port in the admin network for incoming connections from distributed serialization workers. Distributed serialization workers should be installed and run on slave and bootstrap nodes. Change-Id: Idae764bde0b0dd482e6b08d69a97cd5d0717547d Implements: blueprint distributed-serialization --- deployment/puppet/fuel/manifests/iptables.pp | 49 ++++++++++++-------- deployment/puppet/fuel/manifests/params.pp | 1 + 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/deployment/puppet/fuel/manifests/iptables.pp b/deployment/puppet/fuel/manifests/iptables.pp index fc0afb7176..e731d1079f 100644 --- a/deployment/puppet/fuel/manifests/iptables.pp +++ b/deployment/puppet/fuel/manifests/iptables.pp @@ -2,25 +2,26 @@ class fuel::iptables ( $network_address, $network_cidr, - $admin_iface = $::fuel::params::admin_interface, - $ssh_port = '22', - $ssh_network = '0.0.0.0/0', - $ssh_rseconds = 60, - $ssh_rhitcount = 4, - $nailgun_web_port = $::fuel::params::nailgun_port, - $nailgun_internal_port = $::fuel::params::nailgun_internal_port, - $nailgun_repo_port = $::fuel::params::repo_port, - $postgres_port = $::fuel::params::db_port, - $ostf_port = $::fuel::params::ostf_port, - $rsync_port = '873', - $rsyslog_port = '514', - $ntp_port = '123', - $rabbitmq_ports = ['4369','5672','61613'], - $rabbitmq_admin_port = '15672', - $fuelweb_port = $::fuel::params::nailgun_ssl_port, - $keystone_port = $::fuel::params::keystone_port, - $keystone_admin_port = $::fuel::params::keystone_admin_port, - $chain = 'INPUT', + $admin_iface = $::fuel::params::admin_interface, + $ssh_port = '22', + $ssh_network = '0.0.0.0/0', + $ssh_rseconds = 60, + $ssh_rhitcount = 4, + $nailgun_web_port = $::fuel::params::nailgun_port, + $nailgun_internal_port = $::fuel::params::nailgun_internal_port, + $nailgun_serialization_port = $::fuel::params::nailgun_serialization_port, + $nailgun_repo_port = $::fuel::params::repo_port, + $postgres_port = $::fuel::params::db_port, + $ostf_port = $::fuel::params::ostf_port, + $rsync_port = '873', + $rsyslog_port = '514', + $ntp_port = '123', + $rabbitmq_ports = ['4369','5672','61613'], + $rabbitmq_admin_port = '15672', + $fuelweb_port = $::fuel::params::nailgun_ssl_port, + $keystone_port = $::fuel::params::keystone_port, + $keystone_admin_port = $::fuel::params::keystone_admin_port, + $chain = 'INPUT', ) inherits fuel::params { #Enable cobbler's iptables rules even if Cobbler not called @@ -185,6 +186,16 @@ class fuel::iptables ( state => ['NEW'], } + firewall { '065 nailgun_serialization_port': + chain => $chain, + table => 'filter', + dport => $nailgun_serialization_port, + proto => 'tcp', + iniface => $admin_iface, + action => 'accept', + state => ['NEW'], + } + firewall { '070 nailgun_internal_block_ext': chain => $chain, table => 'filter', diff --git a/deployment/puppet/fuel/manifests/params.pp b/deployment/puppet/fuel/manifests/params.pp index e82a6af602..fe5847724e 100644 --- a/deployment/puppet/fuel/manifests/params.pp +++ b/deployment/puppet/fuel/manifests/params.pp @@ -120,6 +120,7 @@ class fuel::params { $nailgun_host = '127.0.0.1' $nailgun_port = '8000' $nailgun_internal_port = '8001' + $nailgun_serialization_port = '8002' $nailgun_ssl_port = '8443' $ostf_host = '127.0.0.1'