Open all ports for private network for auto SG
Closes-bug: #1394988
Change-Id: I07485c286a501bff52f8c67ffd0cc841814a5c9c
(cherry picked from commit 7c4ea57548
)
This commit is contained in:
parent
e89af5f729
commit
ebb865d2ec
|
@ -29,6 +29,7 @@ from sahara.service import engine as e
|
|||
from sahara.service import networks
|
||||
from sahara.service import volumes
|
||||
from sahara.utils import general as g
|
||||
from sahara.utils.openstack import neutron
|
||||
from sahara.utils.openstack import nova
|
||||
|
||||
|
||||
|
@ -344,6 +345,16 @@ class DirectEngine(e.Engine):
|
|||
nova_client.security_group_rules.create(
|
||||
security_group.id, 'tcp', SSH_PORT, SSH_PORT, "0.0.0.0/0")
|
||||
|
||||
# open all traffic for private networks
|
||||
if CONF.use_neutron:
|
||||
for cidr in neutron.get_private_network_cidrs(node_group.cluster):
|
||||
for protocol in ['tcp', 'udp']:
|
||||
nova_client.security_group_rules.create(
|
||||
security_group.id, protocol, 1, 65535, cidr)
|
||||
|
||||
nova_client.security_group_rules.create(
|
||||
security_group.id, 'icmp', -1, -1, cidr)
|
||||
|
||||
# enable ports returned by plugin
|
||||
for port in node_group.open_ports:
|
||||
nova_client.security_group_rules.create(
|
||||
|
|
|
@ -25,6 +25,7 @@ from sahara.openstack.common import log as logging
|
|||
from sahara.utils import files as f
|
||||
from sahara.utils import general as g
|
||||
from sahara.utils.openstack import base
|
||||
from sahara.utils.openstack import neutron
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
@ -176,13 +177,24 @@ class ClusterTemplate(object):
|
|||
yield _load_template('security_group.heat', fields)
|
||||
|
||||
def _serialize_auto_security_group_rules(self, ng):
|
||||
create_rule = lambda cidr, proto, from_port, to_port: {
|
||||
'remote_ip_prefix': cidr,
|
||||
'protocol': proto,
|
||||
'port_range_min': from_port,
|
||||
'port_range_max': to_port}
|
||||
|
||||
rules = []
|
||||
for port in ng.open_ports:
|
||||
rules.append({"remote_ip_prefix": "0.0.0.0/0", "protocol": "tcp",
|
||||
"port_range_min": port, "port_range_max": port})
|
||||
rules.append(create_rule('0.0.0.0/0', 'tcp', port, port))
|
||||
|
||||
rules.append({"remote_ip_prefix": "0.0.0.0/0", "protocol": "tcp",
|
||||
"port_range_min": SSH_PORT, "port_range_max": SSH_PORT})
|
||||
rules.append(create_rule('0.0.0.0/0', 'tcp', SSH_PORT, SSH_PORT))
|
||||
|
||||
# open all traffic for private networks
|
||||
if CONF.use_neutron:
|
||||
for cidr in neutron.get_private_network_cidrs(ng.cluster):
|
||||
for protocol in ['tcp', 'udp']:
|
||||
rules.append(create_rule(cidr, protocol, 1, 65535))
|
||||
rules.append(create_rule(cidr, 'icmp', -1, -1))
|
||||
|
||||
return json.dumps(rules)
|
||||
|
||||
|
|
|
@ -210,3 +210,16 @@ class NetcatSocket:
|
|||
def reset(self):
|
||||
self._terminate()
|
||||
self._create_process()
|
||||
|
||||
|
||||
def get_private_network_cidrs(cluster):
|
||||
neutron_client = client()
|
||||
private_net = neutron_client.show_network(
|
||||
cluster.neutron_management_network)
|
||||
|
||||
cidrs = []
|
||||
for subnet_id in private_net['network']['subnets']:
|
||||
subnet = neutron_client.show_subnet(subnet_id)
|
||||
cidrs.append(subnet['subnet']['cidr'])
|
||||
|
||||
return cidrs
|
||||
|
|
Loading…
Reference in New Issue