From fb901792ead26635fb2a791faee9fc99d91cfe5e Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Fri, 21 Jul 2017 10:41:41 +0200
Subject: Open up firewall for the control-ports in the bundles

This is required when the bundles run on pacemaker remote nodes
otherwise the cluster won't be able to connect to the control-ports
of each bundle. The only services that need this are rabbit, redis and
galera because those run pacemaker_remote inside the container
(A/P resources and haproxy do not)

Change-Id: I6a56d79319ef3d14973a0586dcda4d523adda7aa
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
---
 docker/services/pacemaker/rabbitmq.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'docker/services/pacemaker/rabbitmq.yaml')

diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
index 19af94b2..a2b635f7 100644
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -63,6 +63,14 @@ outputs:
           - {get_attr: [RabbitmqBase, role_data, config_settings]}
           - rabbitmq::service_manage: false
             tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage}
+            tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
+            tripleo.rabbitmq.firewall_rules:
+              '109 rabbitmq-bundle':
+                dport:
+                  - 3122
+                  - 4369
+                  - 5672
+                  - 25672
       step_config: &step_config
         get_attr: [RabbitmqBase, role_data, step_config]
       service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
-- 
cgit 1.2.3-korg