Remove security group from extra node port template

These extra nodes are likely to need to run arbitrary services, so it's not ideal to have a security group that only allows port 22. Also, the floating ip version of this template doesn't have a security group and that one actually exposes the port on an external network, so there's no need to lock down this one that only exposes it to the private network.
2018-09-13 16:43:24 -05:00 · 2018-09-13 16:43:24 -05:00 · 9f93f422c3
parent 405cf53ed1
commit 9f93f422c3
1 changed files with 0 additions and 19 deletions
--- a/templates/baremetal-ports-extra-node-port-security.yaml
+++ b/templates/baremetal-ports-extra-node-port-security.yaml
@ -21,23 +21,6 @@ parameters:

 resources:

-  extra_node_sg:
-    type: OS::Neutron::SecurityGroup
-    properties:
-      name:
-        list_join:
-        - '_'
-        - - 'extranode'
-        - - {get_param: baremetal_prefix}
-          - {get_param: suffix}
-          - 'sg'
-      description: Ping, SSH
-      rules:
-      - protocol: icmp
-      - protocol: tcp
-        port_range_min: 22
-        port_range_max: 22
-
  private_port:
    type: OS::Neutron::Port
    properties:
@ -48,8 +31,6 @@ resources:
          - {get_param: baremetal_prefix}
          - {get_param: suffix}
      network: {get_param: private_net}
-      security_groups:
-      - {get_resource: extra_node_sg}

  provision_port:
    type: OS::Neutron::Port