diff options
author | Dmitry Tantsur <divius.inside@gmail.com> | 2016-08-17 17:12:26 +0200 |
---|---|---|
committer | Dmitry Tantsur <divius.inside@gmail.com> | 2016-08-25 13:25:54 +0200 |
commit | fc614ec1a3a6d10d75af46cd7915fbc0e45ffcc3 (patch) | |
tree | 1fefbf71a240c67b3f431cc49fbe84484e152e72 /puppet/services | |
parent | 319c42475c3c8b611bf685ca0aff4e9b79d0b570 (diff) |
Ironic: add missing haproxy and firewall configuration
Make sure Ironic API listens on a different IP than HAProxy.
Also open firewall ports for Ironic API and TFTP.
Change-Id: I9d843e76adcdb1085fd1e9fb7408a2387909382b
Diffstat (limited to 'puppet/services')
-rw-r--r-- | puppet/services/haproxy.yaml | 1 | ||||
-rw-r--r-- | puppet/services/ironic-api.yaml | 6 | ||||
-rw-r--r-- | puppet/services/ironic-conductor.yaml | 5 |
3 files changed, 12 insertions, 0 deletions
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 8ac669a9..c0e1c113 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -75,6 +75,7 @@ outputs: tripleo::haproxy::heat_cloudwatch: true tripleo::haproxy::heat_cfn: true tripleo::haproxy::horizon: true + tripleo::haproxy::ironic: true tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 6b494256..d0516e1b 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -50,6 +50,7 @@ outputs: ironic::api::authtoken::username: 'ironic' ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + ironic::api::host_ip: {get_input: ironic_api_network} ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} @@ -59,5 +60,10 @@ outputs: ironic::keystone::auth::auth_name: 'ironic' ironic::keystone::auth::password: {get_param: IronicPassword } ironic::keystone::auth::tenant: 'service' + tripleo.ironic_api.firewall_rules: + '133 ironic api': + dport: + - 6385 + - 13385 step_config: | include ::tripleo::profile::base::ironic::api diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 9bc86a2c..27479f79 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -41,10 +41,15 @@ outputs: - get_attr: [IronicBase, role_data, config_settings] # FIXME: I have no idea why neutron_url is in "api" manifest - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} ironic::enabled_drivers: {get_param: IronicEnabledDrivers} # Prevent tftp_server from defaulting to my_ip setting, which is # controller VIP, not a real IP. ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network} + tripleo.ironic_conductor.firewall_rules: + '134 ironic conductor TFTP': + dport: 69 + proto: udp step_config: | include ::tripleo::profile::base::ironic::conductor |