|
|
@@ -326,86 +326,15 @@ resources:
|
|
|
params:
|
|
|
cluster_id: {{ openshift_openstack_full_dns_domain }}
|
|
|
rules:
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 4001
|
|
|
- port_range_max: 4001
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: {{ openshift_master_api_port|default(8443) }}
|
|
|
- port_range_max: {{ openshift_master_api_port|default(8443) }}
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: {{ openshift_master_console_port|default(8443) }}
|
|
|
- port_range_max: {{ openshift_master_console_port|default(8443) }}
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 8053
|
|
|
- port_range_max: 8053
|
|
|
- - direction: ingress
|
|
|
- protocol: udp
|
|
|
- port_range_min: 8053
|
|
|
- port_range_max: 8053
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 24224
|
|
|
- port_range_max: 24224
|
|
|
- - direction: ingress
|
|
|
- protocol: udp
|
|
|
- port_range_min: 24224
|
|
|
- port_range_max: 24224
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 2224
|
|
|
- port_range_max: 2224
|
|
|
- - direction: ingress
|
|
|
- protocol: udp
|
|
|
- port_range_min: 5404
|
|
|
- port_range_max: 5405
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 9090
|
|
|
- port_range_max: 9090
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 2379
|
|
|
- port_range_max: 2380
|
|
|
- remote_mode: remote_group_id
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 10250
|
|
|
- port_range_max: 10250
|
|
|
- remote_mode: remote_group_id
|
|
|
- - direction: ingress
|
|
|
- protocol: udp
|
|
|
- port_range_min: 10250
|
|
|
- port_range_max: 10250
|
|
|
- remote_mode: remote_group_id
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 10255
|
|
|
- port_range_max: 10255
|
|
|
- remote_mode: remote_group_id
|
|
|
- - direction: ingress
|
|
|
- protocol: udp
|
|
|
- port_range_min: 10255
|
|
|
- port_range_max: 10255
|
|
|
- remote_mode: remote_group_id
|
|
|
- - direction: ingress
|
|
|
- protocol: udp
|
|
|
- port_range_min: 4789
|
|
|
- port_range_max: 4789
|
|
|
- remote_mode: remote_group_id
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 30000
|
|
|
- port_range_max: 32767
|
|
|
- remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }}
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 30000
|
|
|
- port_range_max: 32767
|
|
|
- remote_ip_prefix: "{{ openshift_openstack_subnet_cidr }}"
|
|
|
+{% for rule in openshift_openstack_master_secgroup_rules|list %}
|
|
|
+ - {{ rule|to_json }}
|
|
|
+{% endfor %}
|
|
|
+{% for rule in openshift_openstack_etcd_flat_secgroup_rules|list %}
|
|
|
+ - {{ rule|to_json }}
|
|
|
+{% endfor %}
|
|
|
+{% for rule in openshift_openstack_node_secgroup_rules|list %}
|
|
|
+ - {{ rule|to_json }}
|
|
|
+{% endfor %}
|
|
|
{% else %}
|
|
|
master-secgrp:
|
|
|
type: OS::Neutron::SecurityGroup
|
|
|
@@ -420,53 +349,7 @@ resources:
|
|
|
template: Security group for cluster_id OpenShift cluster master
|
|
|
params:
|
|
|
cluster_id: {{ openshift_openstack_full_dns_domain }}
|
|
|
- rules:
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 4001
|
|
|
- port_range_max: 4001
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: {{ openshift_master_api_port|default(8443) }}
|
|
|
- port_range_max: {{ openshift_master_api_port|default(8443) }}
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: {{ openshift_master_console_port|default(8443) }}
|
|
|
- port_range_max: {{ openshift_master_console_port|default(8443) }}
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 8053
|
|
|
- port_range_max: 8053
|
|
|
- - direction: ingress
|
|
|
- protocol: udp
|
|
|
- port_range_min: 8053
|
|
|
- port_range_max: 8053
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 24224
|
|
|
- port_range_max: 24224
|
|
|
- - direction: ingress
|
|
|
- protocol: udp
|
|
|
- port_range_min: 24224
|
|
|
- port_range_max: 24224
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 2224
|
|
|
- port_range_max: 2224
|
|
|
- - direction: ingress
|
|
|
- protocol: udp
|
|
|
- port_range_min: 5404
|
|
|
- port_range_max: 5405
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 9090
|
|
|
- port_range_max: 9090
|
|
|
-{% if openshift_use_flannel|default(False)|bool %}
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 2379
|
|
|
- port_range_max: 2379
|
|
|
-{% endif %}
|
|
|
+ rules: {{ openshift_openstack_master_secgroup_rules|to_json }}
|
|
|
|
|
|
etcd-secgrp:
|
|
|
type: OS::Neutron::SecurityGroup
|
|
|
@@ -481,18 +364,7 @@ resources:
|
|
|
template: Security group for cluster_id etcd cluster
|
|
|
params:
|
|
|
cluster_id: {{ openshift_openstack_full_dns_domain }}
|
|
|
- rules:
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 2379
|
|
|
- port_range_max: 2379
|
|
|
- remote_mode: remote_group_id
|
|
|
- remote_group_id: { get_resource: master-secgrp }
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 2380
|
|
|
- port_range_max: 2380
|
|
|
- remote_mode: remote_group_id
|
|
|
+ rules: {{ openshift_openstack_etcd_secgroup_rules|to_json }}
|
|
|
|
|
|
node-secgrp:
|
|
|
type: OS::Neutron::SecurityGroup
|
|
|
@@ -507,46 +379,7 @@ resources:
|
|
|
template: Security group for cluster_id OpenShift cluster nodes
|
|
|
params:
|
|
|
cluster_id: {{ openshift_openstack_full_dns_domain }}
|
|
|
- rules:
|
|
|
- # NOTE(shadower): the 53 rules are needed for Kuryr
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 53
|
|
|
- port_range_max: 53
|
|
|
- - direction: ingress
|
|
|
- protocol: udp
|
|
|
- port_range_min: 53
|
|
|
- port_range_max: 53
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 10250
|
|
|
- port_range_max: 10250
|
|
|
- remote_mode: remote_group_id
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 10255
|
|
|
- port_range_max: 10255
|
|
|
- remote_mode: remote_group_id
|
|
|
- - direction: ingress
|
|
|
- protocol: udp
|
|
|
- port_range_min: 10255
|
|
|
- port_range_max: 10255
|
|
|
- remote_mode: remote_group_id
|
|
|
- - direction: ingress
|
|
|
- protocol: udp
|
|
|
- port_range_min: 4789
|
|
|
- port_range_max: 4789
|
|
|
- remote_mode: remote_group_id
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 30000
|
|
|
- port_range_max: 32767
|
|
|
- remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }}
|
|
|
- - direction: ingress
|
|
|
- protocol: tcp
|
|
|
- port_range_min: 30000
|
|
|
- port_range_max: 32767
|
|
|
- remote_ip_prefix: "{{ openshift_openstack_subnet_cidr }}"
|
|
|
+ rules: {{ openshift_openstack_node_secgroup_rules|to_json }}
|
|
|
{% endif %}
|
|
|
|
|
|
infra-secgrp:
|
|
|
@@ -586,7 +419,10 @@ resources:
|
|
|
description: Security group for {{ openshift_openstack_full_dns_domain }} cluster Load Balancer
|
|
|
rules:
|
|
|
{% if openshift_master_console_port is defined and openshift_master_console_port != openshift_master_api_port %}
|
|
|
-{% for rule in openshift_openstack_lb_base_secgroup_rules|list + openshift_openstack_lb_console_secgroup_rules|list %}
|
|
|
+{% for rule in openshift_openstack_lb_base_secgroup_rules|list %}
|
|
|
+ - {{ rule|to_json }}
|
|
|
+{% endfor %}
|
|
|
+{% for rule in openshift_openstack_lb_console_secgroup_rules|list %}
|
|
|
- {{ rule|to_json }}
|
|
|
{% endfor %}
|
|
|
{% else %}
|
Tzu-Mainn Chen