summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichele Baldessari <michele@acksyn.org>2017-07-21 10:41:41 +0200
committerMichele Baldessari <michele@acksyn.org>2017-07-21 12:17:23 +0200
commitfb901792ead26635fb2a791faee9fc99d91cfe5e (patch)
treeabdbeb08788b2e093f3dcebd9539995203bd3868
parentfdd4352375c24c189d028f34cc66b3b1f2d474ee (diff)
Open up firewall for the control-ports in the bundles
This is required when the bundles run on pacemaker remote nodes otherwise the cluster won't be able to connect to the control-ports of each bundle. The only services that need this are rabbit, redis and galera because those run pacemaker_remote inside the container (A/P resources and haproxy do not) Change-Id: I6a56d79319ef3d14973a0586dcda4d523adda7aa Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
-rw-r--r--docker/services/pacemaker/database/mysql.yaml11
-rw-r--r--docker/services/pacemaker/database/redis.yaml8
-rw-r--r--docker/services/pacemaker/rabbitmq.yaml8
3 files changed, 26 insertions, 1 deletions
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
index f38cccfc..86dcd30b 100644
--- a/docker/services/pacemaker/database/mysql.yaml
+++ b/docker/services/pacemaker/database/mysql.yaml
@@ -65,6 +65,17 @@ outputs:
map_merge:
- {get_attr: [MysqlPuppetBase, role_data, config_settings]}
- tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage}
+ tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
+ tripleo.mysql.firewall_rules:
+ '104 mysql galera-bundle':
+ dport:
+ - 873
+ - 3123
+ - 3306
+ - 4444
+ - 4567
+ - 4568
+ - 9200
step_config: ""
# BEGIN DOCKER SETTINGS #
puppet_config:
diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
index e124b045..087a5803 100644
--- a/docker/services/pacemaker/database/redis.yaml
+++ b/docker/services/pacemaker/database/redis.yaml
@@ -61,7 +61,13 @@ outputs:
redis::notify_service: false
redis::managed_by_cluster_manager: true
tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage}
-
+ tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124
+ tripleo.redis.firewall_rules:
+ '108 redis-bundle':
+ dport:
+ - 3124
+ - 6379
+ - 26379
step_config: ""
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
index 19af94b2..a2b635f7 100644
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -63,6 +63,14 @@ outputs:
- {get_attr: [RabbitmqBase, role_data, config_settings]}
- rabbitmq::service_manage: false
tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage}
+ tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
+ tripleo.rabbitmq.firewall_rules:
+ '109 rabbitmq-bundle':
+ dport:
+ - 3122
+ - 4369
+ - 5672
+ - 25672
step_config: &step_config
get_attr: [RabbitmqBase, role_data, step_config]
service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}