Current rules is open all icmp tcp udp ports.
Refine it later to just open specific used ports.
JIRA: BOTTLENECK-33
Change-Id: I2fb1b57760d1ebef681fa036af1c5a2249bcfc12
Signed-off-by: QiLiang <liangqi1@huawei.com>
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_control_floating_ip:
type: OS::Neutron::FloatingIP
rubbos_control_floating_ip:
type: OS::Neutron::FloatingIP
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_mysql1:
type: OS::Nova::Server
rubbos_mysql1:
type: OS::Nova::Server
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_tomcat1:
type: OS::Nova::Server
rubbos_tomcat1:
type: OS::Nova::Server
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_client1:
type: OS::Nova::Server
rubbos_client1:
type: OS::Nova::Server
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_client2:
type: OS::Nova::Server
rubbos_client2:
type: OS::Nova::Server
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_client3:
type: OS::Nova::Server
rubbos_client3:
type: OS::Nova::Server
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_client4:
type: OS::Nova::Server
rubbos_client4:
type: OS::Nova::Server
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_benchmark:
type: OS::Nova::Server
rubbos_benchmark:
type: OS::Nova::Server
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
+
+ server_security_group:
+ type: OS::Neutron::SecurityGroup
+ properties:
+ description: Rubbos group for servers access.
+ name: rubbos-security-group
+ rules: [
+ {remote_ip_prefix: 0.0.0.0/0,
+ protocol: tcp,
+ port_range_min: 1,
+ port_range_max: 65535},
+ {remote_ip_prefix: 0.0.0.0/0,
+ protocol: udp,
+ port_range_min: 1,
+ port_range_max: 65535},
+ {remote_ip_prefix: 0.0.0.0/0,
+ protocol: icmp}]
outputs:
rubbos_control_private_ip:
outputs:
rubbos_control_private_ip: