Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: f754c57)
Add firewall rules for manila api service
authorTom Barron <tpb@dyncloud.net>
Wed, 9 Nov 2016 19:01:23 +0000 (14:01 -0500)
committerTom Barron <tpb@dyncloud.net>
Wed, 9 Nov 2016 19:09:44 +0000 (14:09 -0500)
When the manila api service is deployed
on a different role than the controller the
iptables rules on that role fail to ACCEPT
tcp at the manila API ports.

Add tripleo.manila_api.firewall_rules to
the relevant puppet services module.

Change-Id: I1c5459f5ba989657fd99fd72c7ac9f8781cc7206
Closes-Bug: #1640568

puppet/services/manila-api.yaml patch | blob | history

diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
index 5f4ab6b..b4b3d48 100644 (file)
--- a/puppet/services/manila-api.yaml
+++ b/puppet/services/manila-api.yaml
@@ -51,6 +51,11 @@ outputs:
             manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
             manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
             manila::keystone::authtoken::project_name: 'service'
+            tripleo.manila_api.firewall_rules:
+              '150 manila':
+                dport:
+                  - 8786
+                  - 13786
             # NOTE: bind IP is found in Heat replacing the network name with the
             # local node IP for the given network; replacement examples
             # (eg. for internal_api):