Skip to content

Commit 614853b

Browse files
Alex-WelshAlex-Welsh
committed
Misc fixes
1 parent 38cf609 commit 614853b

File tree

1 file changed

+11
-9
lines changed
  • etc/kayobe/inventory/group_vars/all

1 file changed

+11
-9
lines changed

etc/kayobe/inventory/group_vars/all/firewall

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -155,11 +155,13 @@ stackhpc_compute_firewalld_rules_default:
155155
state: disabled
156156
zone: "{{ public_net_name | net_zone }}"
157157
network: "{{ public_net_name }}"
158+
enabled: true
159+
- rules:
158160
- service: ssh
159161
state: disabled
160162
zone: "{{ public_net_name | net_zone }}"
161163
network: "{{ public_net_name }}"
162-
enabled: true
164+
enabled: "{{ public_net_name | net_zone != provision_oc_net_name | net_zone }}"
163165
# GENEVE
164166
- rules:
165167
- port: 6081/udp
@@ -202,11 +204,13 @@ stackhpc_storage_firewalld_rules_default:
202204
zone: "{{ provision_oc_net_name | net_zone }}"
203205
network: "{{ provision_oc_net_name }}"
204206
state: enabled
207+
enabled: true
208+
- rules:
205209
- service: ssh
206210
zone: "{{ storage_net_name | net_zone }}"
207211
network: "{{ storage_net_name }}"
208212
state: disabled
209-
enabled: true
213+
enabled: "{{ storage_net_name | net_zone != provision_oc_net_name | net_zone }}"
210214
# Ceph
211215
- rules:
212216
- service: ceph
@@ -219,7 +223,7 @@ stackhpc_storage_firewalld_rules_default:
219223
state: "{{ 'enabled' if 'mons' in group_names else 'disabled' }}"
220224
enabled: "{{ stackhpc_enable_ceph | default(false) | bool }}"
221225

222-
stackhpc_storage_firewalld_extra: []
226+
stackhpc_storage_firewalld_rules_extra: []
223227

224228
###############################################################################
225229
# Monitoring firewalld rules
@@ -354,20 +358,18 @@ stackhpc_seed_firewalld_rules_default:
354358
zone: "{{ provision_oc_net_name | net_zone }}"
355359
network: "{{ provision_oc_net_name }}"
356360
state: enabled
357-
- service: ntp
358-
zone: "{{ switch_mgmt_net_name | net_zone }}"
359-
network: "{{ switch_mgmt_net_name }}"
360-
state: enabled
361361
# Disable default services in public zone
362362
- service: dhcpv6-client
363363
state: disabled
364364
zone: "{{ public_net_name | net_zone }}"
365365
network: "{{ public_net_name }}"
366+
enabled: true
367+
- rules:
366368
- service: ssh
367369
state: disabled
368370
zone: "{{ public_net_name | net_zone }}"
369371
network: "{{ public_net_name }}"
370-
enabled: true
372+
enabled: "{{ public_net_name | net_zone != provision_oc_net_name | net_zone }}"
371373
# Pulp server
372374
- rules:
373375
- service: http
@@ -399,7 +401,7 @@ stackhpc_seed_firewalld_rules_default:
399401
zone: "{{ provision_oc_net_name | net_zone }}"
400402
network: "{{ provision_oc_net_name }}"
401403
state: enabled
402-
enabled: "{{ kolla_enable_bifrost | bool }}"
404+
enabled: true #FIXME: Make rules conditional on Bifrost deployment
403405
# Redfish exporter
404406
- rules:
405407
- port: 9610/tcp

0 commit comments

Comments
 (0)