nova: add missing vnc console port in firewall

- Remove vncproxy firewall rules from nova-api service - Add vncproxy firewall rules to nova-vncproxy service - Add console port range firewall rules to nova-libvirt service Change-Id: I421ae21c130cac6f25e7c0869b941ba77441172c (cherry picked from commit fa5a9add9f)
2016-11-02 13:37:07 -04:00 · 2016-11-02 13:37:07 -04:00 · 945406b71d
parent 2609686d13
commit 945406b71d
3 changed files with 6 additions and 2 deletions
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@ -78,8 +78,6 @@ outputs:
            tripleo.nova_api.firewall_rules:
              '113 nova_api':
                dport:
-                  - 6080
-                  - 13080
                  - 8773
                  - 3773
                  - 8774
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@ -56,6 +56,7 @@ outputs:
                  - 16509
                  - 16514
                  - '49152-49215'
+                  - '5900-5999'

      step_config: |
        include tripleo::profile::base::nova::libvirt
--- a/puppet/services/nova-vnc-proxy.yaml
+++ b/puppet/services/nova-vnc-proxy.yaml
@ -57,5 +57,10 @@ outputs:
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
            nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]}
+            tripleo.nova_vnc_proxy.firewall_rules:
+              '137 nova_vnc_proxy':
+                dport:
+                  - 6080
+                  - 13080
      step_config: |
        include tripleo::profile::base::nova::vncproxy