fwdriver: open necessary ports for head machine installing

940d56d9 · Czémán Arnold · cloud · 363c00ff · 940d56d9 · 940d56d9
Commit 940d56d9 authored Aug 26, 2015 by Czémán Arnold Committed by cloud Feb 26, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 105 additions and 0 deletions

pillar/installer.sls
+1 -0

pillar/ports.sls
+61 -0

pillar/top.sls
+1 -0

salt/fwdriver/files/open_ports.sh
+32 -0

salt/fwdriver/init.sls
+10 -0

No files found.
--- a/pillar/installer.sls
+++ b/pillar/installer.sls
@@ -44,6 +44,7 @@
 #fwdriver:
 #  queue_name: cloud-6801
+#  open_ports: False
 #  gateway: 10.0.255.254
 #  external_net: 10.0.0.115/16
 #  external_if: eth0

--- a/pillar/ports.sls
+++ b/pillar/ports.sls
+rabbitmq_ports:
+  - 
+    port: 5672
+    proto: tcp
+libvirt_ports:
+  - 
+    range: 
+      - 49152
+      - 49215
+    proto: tcp
+  - 
+    port: 16509
+    proto: tcp
+nfs_server_ports:
+  - 
+    port: 2049
+    proto: tcp
+  - 
+    port: 2049
+    proto: udp
+  - 
+    port: 111
+    proto: tcp
+  - 
+    port: 111
+    proto: udp
+  - 
+    port: 20048
+    proto: tcp
+  - 
+    port: 20048
+    proto: udp
+  - 
+    port: 33100
+    proto: tcp
+  - 
+    port: 33100
+    proto: udp
+  - 
+    port: 32803
+    proto: tcp
+  - 
+    port: 32769
+    proto: udp
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -12,3 +12,4 @@ base:
    - manager
    - common
    - installer
+    - ports
--- a/salt/fwdriver/files/open_ports.sh
+++ b/salt/fwdriver/files/open_ports.sh
+#!/bin/bash
+{% macro open_ports(port_list) -%}
+    {% for item in port_list %}
+        $ADDRULE\
+                 {% if 'range' in item.keys() -%}
+                     --port-range {{ item.range[0] }} {{ item.range[1] }}\
+                \{% else %}\
+                     --port {{ item.port }}\
+                 {%- endif %}
+                 --protocol {{ item.proto }}\
+                 --firewall {{ pillar['fwdriver']['queue_name']  }}\
+                 --vlan-group net\
+                 --owner {{ pillar['admin_user'] }}
+    {% endfor %}
+{%- endmacro %}
+source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/activate
+source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate
+ADDRULE="python /home/{{ pillar['user'] }}/circle/circle/manage.py add_rule"
+# RabbitMQ ports
+{{ open_ports(pillar['rabbitmq_ports']) }}
+# libvirt ports
+{{ open_ports(pillar['libvirt_ports']) }}
+# NFS server ports
+{{ open_ports(pillar['nfs_server_ports']) }}
--- a/salt/fwdriver/init.sls
+++ b/salt/fwdriver/init.sls
@@ -59,3 +59,13 @@ firewall-init:
  service:
    - enabled
+{# TODO: standalone firewall mode #}
+{% if pillar['fwdriver']['open_ports'] %}
+salt://fwdriver/files/open_ports.sh:
+  cmd.script:
+    - template: jinja
+    - user: {{ pillar['user'] }}
+    - require:
+      - service: firewall
+{% endif %}