Merge "Add nova vnc firewall rule for compute nodes"

2015-12-30 11:42:14 +00:00 · 2015-12-30 11:42:14 +00:00 · c5637dd157
parent 1989aa805d bb44e7113f
commit c5637dd157
2 changed files with 18 additions and 0 deletions
--- a/deployment/puppet/osnailyfacter/modular/firewall/firewall.pp
+++ b/deployment/puppet/osnailyfacter/modular/firewall/firewall.pp
@ -342,6 +342,13 @@ if member($roles, 'primary-controller') or member($roles, 'controller') {

 if member($roles, 'compute') {

+  openstack::firewall::multi_net {'105 nova vnc':
+    port        => $nova_api_vnc_ports,
+    proto       => 'tcp',
+    action      => 'accept',
+    source_nets => $nova_networks,
+  }
+
  openstack::firewall::multi_net {'118 libvirt':
    port        => $libvirt_port,
    proto       => 'tcp',
--- a/tests/noop/spec/hosts/firewall/firewall_spec.rb
+++ b/tests/noop/spec/hosts/firewall/firewall_spec.rb
@ -126,6 +126,17 @@ describe manifest do
        )
      end
    elsif Noop.puppet_function 'member', roles, 'compute'
+      it 'should accept connections to nova without ssl' do
+        management_nets.each do |source|
+          should contain_firewall("105 nova vnc from #{source}").with(
+            'port'        => [ '5900-6100' ],
+            'proto'       => 'tcp',
+            'action'      => 'accept',
+            'source'      => source,
+          )
+        end
+      end
+
      it 'should accept connections to libvirt' do
        management_nets.each do |source|
          should contain_firewall("118 libvirt from #{source}").with(