Merge "Prevent Bifrost from using firewalld"
This commit is contained in:
commit
0b1a052b0e
@ -11,6 +11,10 @@ kolla_bifrost_source_url: "https://opendev.org/openstack/bifrost"
|
|||||||
# {{ openstack_branch }}.
|
# {{ openstack_branch }}.
|
||||||
kolla_bifrost_source_version: "{{ openstack_branch }}"
|
kolla_bifrost_source_version: "{{ openstack_branch }}"
|
||||||
|
|
||||||
|
# Whether Bifrost uses firewalld. Default value is false to avoid conflicting
|
||||||
|
# with iptables rules configured on the seed host by Kayobe.
|
||||||
|
kolla_bifrost_use_firewalld: False
|
||||||
|
|
||||||
# Firewalld zone used by Bifrost. Default is "trusted", to avoid blocking other
|
# Firewalld zone used by Bifrost. Default is "trusted", to avoid blocking other
|
||||||
# services running on the seed host.
|
# services running on the seed host.
|
||||||
kolla_bifrost_firewalld_internal_zone: trusted
|
kolla_bifrost_firewalld_internal_zone: trusted
|
||||||
|
@ -64,6 +64,9 @@ ipa_ramdisk_upstream_checksum_url: "{{ kolla_bifrost_ipa_ramdisk_checksum_url }}
|
|||||||
# Algorithm of checksum of Ironic Python Agent (IPA) ramdisk image.
|
# Algorithm of checksum of Ironic Python Agent (IPA) ramdisk image.
|
||||||
ipa_ramdisk_upstream_checksum_algo: "{{ kolla_bifrost_ipa_ramdisk_checksum_algorithm }}"
|
ipa_ramdisk_upstream_checksum_algo: "{{ kolla_bifrost_ipa_ramdisk_checksum_algorithm }}"
|
||||||
|
|
||||||
|
# Whether Bifrost uses firewalld.
|
||||||
|
use_firewalld: "{{ kolla_bifrost_use_firewalld }}"
|
||||||
|
|
||||||
# Firewalld zone used by Bifrost.
|
# Firewalld zone used by Bifrost.
|
||||||
firewalld_internal_zone: "{{ kolla_bifrost_firewalld_internal_zone }}"
|
firewalld_internal_zone: "{{ kolla_bifrost_firewalld_internal_zone }}"
|
||||||
|
|
||||||
|
@ -11,6 +11,10 @@
|
|||||||
# {{ openstack_branch }}.
|
# {{ openstack_branch }}.
|
||||||
#kolla_bifrost_source_version:
|
#kolla_bifrost_source_version:
|
||||||
|
|
||||||
|
# Whether Bifrost uses firewalld. Default value is false to avoid conflicting
|
||||||
|
# with iptables rules configured on the seed host by Kayobe.
|
||||||
|
#kolla_bifrost_use_firewalld:
|
||||||
|
|
||||||
# Firewalld zone used by Bifrost. Default is "trusted", to avoid blocking other
|
# Firewalld zone used by Bifrost. Default is "trusted", to avoid blocking other
|
||||||
# services running on the seed host.
|
# services running on the seed host.
|
||||||
#kolla_bifrost_firewalld_internal_zone:
|
#kolla_bifrost_firewalld_internal_zone:
|
||||||
|
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Adds a new ``kolla_bifrost_use_firewalld`` variable used to define whether
|
||||||
|
Bifrost uses firewalld, which is now disabled by default.
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
Bifrost is now configured to avoid using firewalld, to prevent conflicts
|
||||||
|
with firewall rules set by Kayobe on the seed host. The existing behaviour
|
||||||
|
can be retained by setting ``kolla_bifrost_use_firewalld`` to ``True`` in
|
||||||
|
``bifrost.yml``.
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Prevents Bifrost from using firewalld to avoid conflicts with firewall
|
||||||
|
rules set by Kayobe on the seed host. See `story 2009252
|
||||||
|
<https://storyboard.openstack.org/#!/story/2009252>`__ for more details.
|
Loading…
Reference in New Issue
Block a user