aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDmitry Tantsur <divius.inside@gmail.com>2016-08-17 17:12:26 +0200
committerDmitry Tantsur <divius.inside@gmail.com>2016-08-25 13:25:54 +0200
commitfc614ec1a3a6d10d75af46cd7915fbc0e45ffcc3 (patch)
tree1fefbf71a240c67b3f431cc49fbe84484e152e72
parent319c42475c3c8b611bf685ca0aff4e9b79d0b570 (diff)
Ironic: add missing haproxy and firewall configuration
Make sure Ironic API listens on a different IP than HAProxy. Also open firewall ports for Ironic API and TFTP. Change-Id: I9d843e76adcdb1085fd1e9fb7408a2387909382b
-rw-r--r--puppet/services/haproxy.yaml1
-rw-r--r--puppet/services/ironic-api.yaml6
-rw-r--r--puppet/services/ironic-conductor.yaml5
3 files changed, 12 insertions, 0 deletions
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 8ac669a..c0e1c11 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -75,6 +75,7 @@ outputs:
tripleo::haproxy::heat_cloudwatch: true
tripleo::haproxy::heat_cfn: true
tripleo::haproxy::horizon: true
+ tripleo::haproxy::ironic: true
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index 6b49425..d0516e1 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -50,6 +50,7 @@ outputs:
ironic::api::authtoken::username: 'ironic'
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ ironic::api::host_ip: {get_input: ironic_api_network}
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
@@ -59,5 +60,10 @@ outputs:
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'
+ tripleo.ironic_api.firewall_rules:
+ '133 ironic api':
+ dport:
+ - 6385
+ - 13385
step_config: |
include ::tripleo::profile::base::ironic::api
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index 9bc86a2..27479f7 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -41,10 +41,15 @@ outputs:
- get_attr: [IronicBase, role_data, config_settings]
# FIXME: I have no idea why neutron_url is in "api" manifest
- ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+ ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
ironic::enabled_drivers: {get_param: IronicEnabledDrivers}
# Prevent tftp_server from defaulting to my_ip setting, which is
# controller VIP, not a real IP.
ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network}
+ tripleo.ironic_conductor.firewall_rules:
+ '134 ironic conductor TFTP':
+ dport: 69
+ proto: udp
step_config: |
include ::tripleo::profile::base::ironic::conductor