From fa5a9add9f456c020db28fbba28f665734fd608b Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Wed, 2 Nov 2016 13:37:07 -0400 Subject: nova: add missing vnc console port in firewall - Remove vncproxy firewall rules from nova-api service - Add vncproxy firewall rules to nova-vncproxy service - Add console port range firewall rules to nova-libvirt service Change-Id: I421ae21c130cac6f25e7c0869b941ba77441172c --- puppet/services/nova-api.yaml | 2 -- puppet/services/nova-libvirt.yaml | 1 + puppet/services/nova-vnc-proxy.yaml | 5 +++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index bf479437..3cc238c1 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -88,8 +88,6 @@ outputs: tripleo.nova_api.firewall_rules: '113 nova_api': dport: - - 6080 - - 13080 - 8773 - 3773 - 8774 diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 241e6057..70774bac 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -56,6 +56,7 @@ outputs: - 16509 - 16514 - '49152-49215' + - '5900-5999' step_config: | include tripleo::profile::base::nova::libvirt diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index 85d59ae6..e6b0703f 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -57,5 +57,10 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]} + tripleo.nova_vnc_proxy.firewall_rules: + '137 nova_vnc_proxy': + dport: + - 6080 + - 13080 step_config: | include tripleo::profile::base::nova::vncproxy -- cgit 1.2.3-korg