diff options
| author | Jason DeTiberus <detiber@gmail.com> | 2016-08-19 14:07:01 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-08-19 14:07:01 -0400 |
| commit | 4a48123bf6889279cbbd6f6aeb8317fd0cf1b827 (patch) | |
| tree | a1ebfdc563abd4142544e88a5577a47e5963cee9 | |
| parent | 48e187e22207e395f742eee541f47f5a0153a25b (diff) | |
| parent | 9ad145998702ecb8651df73d06dc99bdd2343b57 (diff) | |
| download | openshift-4a48123bf6889279cbbd6f6aeb8317fd0cf1b827.tar.gz openshift-4a48123bf6889279cbbd6f6aeb8317fd0cf1b827.tar.bz2 openshift-4a48123bf6889279cbbd6f6aeb8317fd0cf1b827.tar.xz openshift-4a48123bf6889279cbbd6f6aeb8317fd0cf1b827.zip | |
Merge pull request #2330 from lhuard1A/open_node_ports
Open OpenStack security group for the service node port range
| -rw-r--r-- | README_openstack.md | 1 | ||||
| -rw-r--r-- | playbooks/openstack/openshift-cluster/files/heat_stack.yaml | 11 | ||||
| -rw-r--r-- | playbooks/openstack/openshift-cluster/launch.yml | 1 | ||||
| -rw-r--r-- | playbooks/openstack/openshift-cluster/vars.yml | 2 |
4 files changed, 15 insertions, 0 deletions
diff --git a/README_openstack.md b/README_openstack.md index e3cc7cc93..7a6b24145 100644 --- a/README_openstack.md +++ b/README_openstack.md @@ -43,6 +43,7 @@ The following options are used only by `heat_stack.yaml`. They are so used only * `external_net` (default to `external`): Name of the external network to connect to * `floating_ip_pool` (default to `external`): comma separated list of floating IP pools * `ssh_from` (default to `0.0.0.0/0`): IPs authorized to connect to the VMs via ssh +* `node_port_from` (default to `0.0.0.0/0`): IPs authorized to connect to the services exposed via nodePort Creating a cluster diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml index 2d0098784..458cf5ac7 100644 --- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml +++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml @@ -42,6 +42,12 @@ parameters: description: Source of legitimate ssh connections default: 0.0.0.0/0 + node_port_incoming: + type: string + label: Source of node port connections + description: Authorized sources targetting node ports + default: 0.0.0.0/0 + num_etcd: type: number label: Number of etcd nodes @@ -393,6 +399,11 @@ resources: port_range_min: 4789 port_range_max: 4789 remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: { get_param: node_port_incoming } infra-secgrp: type: OS::Neutron::SecurityGroup diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index 36ac7513d..5cf543204 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -33,6 +33,7 @@ -P external_net={{ openstack_network_external_net }} -P ssh_public_key="{{ openstack_ssh_public_key }}" -P ssh_incoming={{ openstack_ssh_access_from }} + -P node_port_incoming={{ openstack_node_port_access_from }} -P num_etcd={{ num_etcd }} -P num_masters={{ num_masters }} -P num_nodes={{ num_nodes }} diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml index bc53a51b0..17063ef34 100644 --- a/playbooks/openstack/openshift-cluster/vars.yml +++ b/playbooks/openstack/openshift-cluster/vars.yml @@ -12,6 +12,8 @@ openstack_ssh_public_key: "{{ lookup('file', lookup('oo_option', 'public_k default('~/.ssh/id_rsa.pub', True)) }}" openstack_ssh_access_from: "{{ lookup('oo_option', 'ssh_from') | default('0.0.0.0/0', True) }}" +openstack_node_port_access_from: "{{ lookup('oo_option', 'node_port_from') | + default('0.0.0.0/0', True) }}" openstack_flavor: dns: "{{ lookup('oo_option', 'dns_flavor' ) | default('m1.small', True) }}" etcd: "{{ lookup('oo_option', 'etcd_flavor' ) | default('m1.small', True) }}" |