openstack
/
ironic
Code Issues Proposed changes

[Devstack]: open firewall for ironic api on provision net 

For grenade job we need to open firewall on provision network IP on
subnode. This needed for grenade job to setup redirect from primary
node to subnode.

Change-Id: I026121121059768aa74389add7eee6e63fdb214d
This commit is contained in:
Vasyl Saienko 2017-04-19 19:54:57 +03:00
parent 7f1639e77e
commit 13eff665f0
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
devstack/lib/ironic
View File

@ -1612,6 +1612,8 @@ function configure_iptables {
# nodes boot from TFTP and callback to the API server listening on $HOST_IP
sudo iptables -I INPUT -d $IRONIC_TFTPSERVER_IP -p udp --dport 69 -j ACCEPT || true
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
sudo iptables -I FORWARD -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
if is_deployed_by_agent; then
# agent ramdisk gets instance image from swift
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true