Merge "Prevent Bifrost from using firewalld"

This commit is contained in:
Zuul 2021-10-19 14:43:40 +00:00 committed by Gerrit Code Review
commit 0b1a052b0e
4 changed files with 27 additions and 0 deletions

View File

@ -11,6 +11,10 @@ kolla_bifrost_source_url: "https://opendev.org/openstack/bifrost"
# {{ openstack_branch }}. # {{ openstack_branch }}.
kolla_bifrost_source_version: "{{ openstack_branch }}" kolla_bifrost_source_version: "{{ openstack_branch }}"
# Whether Bifrost uses firewalld. Default value is false to avoid conflicting
# with iptables rules configured on the seed host by Kayobe.
kolla_bifrost_use_firewalld: False
# Firewalld zone used by Bifrost. Default is "trusted", to avoid blocking other # Firewalld zone used by Bifrost. Default is "trusted", to avoid blocking other
# services running on the seed host. # services running on the seed host.
kolla_bifrost_firewalld_internal_zone: trusted kolla_bifrost_firewalld_internal_zone: trusted

View File

@ -64,6 +64,9 @@ ipa_ramdisk_upstream_checksum_url: "{{ kolla_bifrost_ipa_ramdisk_checksum_url }}
# Algorithm of checksum of Ironic Python Agent (IPA) ramdisk image. # Algorithm of checksum of Ironic Python Agent (IPA) ramdisk image.
ipa_ramdisk_upstream_checksum_algo: "{{ kolla_bifrost_ipa_ramdisk_checksum_algorithm }}" ipa_ramdisk_upstream_checksum_algo: "{{ kolla_bifrost_ipa_ramdisk_checksum_algorithm }}"
# Whether Bifrost uses firewalld.
use_firewalld: "{{ kolla_bifrost_use_firewalld }}"
# Firewalld zone used by Bifrost. # Firewalld zone used by Bifrost.
firewalld_internal_zone: "{{ kolla_bifrost_firewalld_internal_zone }}" firewalld_internal_zone: "{{ kolla_bifrost_firewalld_internal_zone }}"

View File

@ -11,6 +11,10 @@
# {{ openstack_branch }}. # {{ openstack_branch }}.
#kolla_bifrost_source_version: #kolla_bifrost_source_version:
# Whether Bifrost uses firewalld. Default value is false to avoid conflicting
# with iptables rules configured on the seed host by Kayobe.
#kolla_bifrost_use_firewalld:
# Firewalld zone used by Bifrost. Default is "trusted", to avoid blocking other # Firewalld zone used by Bifrost. Default is "trusted", to avoid blocking other
# services running on the seed host. # services running on the seed host.
#kolla_bifrost_firewalld_internal_zone: #kolla_bifrost_firewalld_internal_zone:

View File

@ -0,0 +1,16 @@
---
features:
- |
Adds a new ``kolla_bifrost_use_firewalld`` variable used to define whether
Bifrost uses firewalld, which is now disabled by default.
upgrade:
- |
Bifrost is now configured to avoid using firewalld, to prevent conflicts
with firewall rules set by Kayobe on the seed host. The existing behaviour
can be retained by setting ``kolla_bifrost_use_firewalld`` to ``True`` in
``bifrost.yml``.
fixes:
- |
Prevents Bifrost from using firewalld to avoid conflicts with firewall
rules set by Kayobe on the seed host. See `story 2009252
<https://storyboard.openstack.org/#!/story/2009252>`__ for more details.