summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorQiLiang <liangqi1@huawei.com>2015-12-25 08:24:44 +0000
committerQiLiang <liangqi1@huawei.com>2015-12-25 08:24:44 +0000
commit0409b2b8b7e18efd94b6101c1a5e489f7a4f4bfc (patch)
tree52312cf8ebaa545f45f1a5b3310decbf1f7373c9
parentd279cef1affea34e8c542066c78f0f1046cd25f3 (diff)
Rubbos heat template add security_groups
Current rules is open all icmp tcp udp ports. Refine it later to just open specific used ports. JIRA: BOTTLENECK-33 Change-Id: I2fb1b57760d1ebef681fa036af1c5a2249bcfc12 Signed-off-by: QiLiang <liangqi1@huawei.com>
-rw-r--r--utils/infra_setup/heat_template/bottlenecks_rubbos_hot.yaml26
1 files changed, 26 insertions, 0 deletions
diff --git a/utils/infra_setup/heat_template/bottlenecks_rubbos_hot.yaml b/utils/infra_setup/heat_template/bottlenecks_rubbos_hot.yaml
index 8233356c..1b55de5a 100644
--- a/utils/infra_setup/heat_template/bottlenecks_rubbos_hot.yaml
+++ b/utils/infra_setup/heat_template/bottlenecks_rubbos_hot.yaml
@@ -88,6 +88,7 @@ resources:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_control_floating_ip:
type: OS::Neutron::FloatingIP
@@ -111,6 +112,7 @@ resources:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_mysql1:
type: OS::Nova::Server
@@ -128,6 +130,7 @@ resources:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_tomcat1:
type: OS::Nova::Server
@@ -145,6 +148,7 @@ resources:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_client1:
type: OS::Nova::Server
@@ -162,6 +166,7 @@ resources:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_client2:
type: OS::Nova::Server
@@ -179,6 +184,7 @@ resources:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_client3:
type: OS::Nova::Server
@@ -196,6 +202,7 @@ resources:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_client4:
type: OS::Nova::Server
@@ -213,6 +220,7 @@ resources:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
rubbos_benchmark:
type: OS::Nova::Server
@@ -230,6 +238,24 @@ resources:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
+ security_groups: [{ get_resource: server_security_group }]
+
+ server_security_group:
+ type: OS::Neutron::SecurityGroup
+ properties:
+ description: Rubbos group for servers access.
+ name: rubbos-security-group
+ rules: [
+ {remote_ip_prefix: 0.0.0.0/0,
+ protocol: tcp,
+ port_range_min: 1,
+ port_range_max: 65535},
+ {remote_ip_prefix: 0.0.0.0/0,
+ protocol: udp,
+ port_range_min: 1,
+ port_range_max: 65535},
+ {remote_ip_prefix: 0.0.0.0/0,
+ protocol: icmp}]
outputs:
rubbos_control_private_ip: