openstack/ironic
Code Issues Proposed changes

Ensure we allow Ironic API traffic from baremetal network

Browse Source 
In deployments with a separate baremetal network we need to ensure we
apply an iptables rule to allow traffic on port 80 to the Ironic API.

Change-Id: I468f511dd8ad9a25c17f2a2754f7a45f7147c483
Story: 2002788
Task: 22673
This commit is contained in:
Sam Betts 2018-07-02 14:31:17 +01:00
parent 4f9c9618c2
commit 2bb87c1b69
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
devstack/lib/ironic
View File

@ -2145,6 +2145,9 @@ function configure_iptables {
else
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true
# open ironic API on baremetal network
sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 80 -j ACCEPT || true
sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 443 -j ACCEPT || true
fi
if is_deployed_by_agent; then
# agent ramdisk gets instance image from swift