2.0 KiB
Firewalls
OpenStack-Ansible does not configure firewalls for its infrastructure. It is up to the deployer to define the perimeter and its firewall configuration.
By default, OpenStack-Ansible relies on Ansible SSH connections, and needs the TCP port 22 to be opened on all hosts internally.
For more information on generic OpenStack firewall configuration, see the Firewalls and default ports
In each of the role's respective documentatione you can find the default variables for the ports used within the scope of the role. Reviewing the documentation allow you to find the variable names if you want to use a different port.
Note
OpenStack-Ansible's group vars conveniently expose the vars outside of the role scope in case you are relying on the OpenStack-Ansible groups to configure your firewall.
Finding ports for your external load balancer
As explained in the previous section, you can find (in each roles documentation) the default variables used for the public interface endpoint ports.
For example, the os_glance
documentation lists the variable
glance_service_publicuri. This contains the port used for
the reaching the service externally. In this example, it is equal to
glance_service_port, whose value is 9292.
As a hint, you could find the list of all public URI defaults by executing the following:
cd /etc/ansible/roles
grep -R -e publicuri -e port *Note
Haproxy
can be configured with OpenStack-Ansible. The automatically generated
/etc/haproxy/haproxy.cfg file have enough information on
the ports to open for your environment.