Remove security group from extra node port template
These extra nodes are likely to need to run arbitrary services, so it's not ideal to have a security group that only allows port 22. Also, the floating ip version of this template doesn't have a security group and that one actually exposes the port on an external network, so there's no need to lock down this one that only exposes it to the private network.
This commit is contained in:
parent
405cf53ed1
commit
9f93f422c3
|
@ -21,23 +21,6 @@ parameters:
|
|||
|
||||
resources:
|
||||
|
||||
extra_node_sg:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '_'
|
||||
- - 'extranode'
|
||||
- - {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
- 'sg'
|
||||
description: Ping, SSH
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
port_range_min: 22
|
||||
port_range_max: 22
|
||||
|
||||
private_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
|
@ -48,8 +31,6 @@ resources:
|
|||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: private_net}
|
||||
security_groups:
|
||||
- {get_resource: extra_node_sg}
|
||||
|
||||
provision_port:
|
||||
type: OS::Neutron::Port
|
||||
|
|
Loading…
Reference in New Issue