Commit 940d56d9 by Czémán Arnold Committed by cloud

fwdriver: open necessary ports for head machine installing

parent 363c00ff
...@@ -44,6 +44,7 @@ ...@@ -44,6 +44,7 @@
#fwdriver: #fwdriver:
# queue_name: cloud-6801 # queue_name: cloud-6801
# open_ports: False
# gateway: 10.0.255.254 # gateway: 10.0.255.254
# external_net: 10.0.0.115/16 # external_net: 10.0.0.115/16
# external_if: eth0 # external_if: eth0
......
rabbitmq_ports:
-
port: 5672
proto: tcp
libvirt_ports:
-
range:
- 49152
- 49215
proto: tcp
-
port: 16509
proto: tcp
nfs_server_ports:
-
port: 2049
proto: tcp
-
port: 2049
proto: udp
-
port: 111
proto: tcp
-
port: 111
proto: udp
-
port: 20048
proto: tcp
-
port: 20048
proto: udp
-
port: 33100
proto: tcp
-
port: 33100
proto: udp
-
port: 32803
proto: tcp
-
port: 32769
proto: udp
...@@ -12,3 +12,4 @@ base: ...@@ -12,3 +12,4 @@ base:
- manager - manager
- common - common
- installer - installer
- ports
#!/bin/bash
{% macro open_ports(port_list) -%}
{% for item in port_list %}
$ADDRULE\
{% if 'range' in item.keys() -%}
--port-range {{ item.range[0] }} {{ item.range[1] }}\
\{% else %}\
--port {{ item.port }}\
{%- endif %}
--protocol {{ item.proto }}\
--firewall {{ pillar['fwdriver']['queue_name'] }}\
--vlan-group net\
--owner {{ pillar['admin_user'] }}
{% endfor %}
{%- endmacro %}
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/activate
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate
ADDRULE="python /home/{{ pillar['user'] }}/circle/circle/manage.py add_rule"
# RabbitMQ ports
{{ open_ports(pillar['rabbitmq_ports']) }}
# libvirt ports
{{ open_ports(pillar['libvirt_ports']) }}
# NFS server ports
{{ open_ports(pillar['nfs_server_ports']) }}
...@@ -59,3 +59,13 @@ firewall-init: ...@@ -59,3 +59,13 @@ firewall-init:
service: service:
- enabled - enabled
{# TODO: standalone firewall mode #}
{% if pillar['fwdriver']['open_ports'] %}
salt://fwdriver/files/open_ports.sh:
cmd.script:
- template: jinja
- user: {{ pillar['user'] }}
- require:
- service: firewall
{% endif %}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment