summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomas Sedovic <tomas@sedovic.cz>2017-06-28 14:46:49 +0200
committerGitHub <noreply@github.com>2017-06-28 14:46:49 +0200
commit3a84bfb50fc5923f8c104422467e85984edc78b4 (patch)
tree510130103362f10cb90d97c92593b20f5451d8e2
parent3719941b62c3a688d8ca425966d6a68428b13f4f (diff)
parent8af0a60120689267515d7766c432a414eb55d51c (diff)
downloadopenshift-3a84bfb50fc5923f8c104422467e85984edc78b4.tar.gz
openshift-3a84bfb50fc5923f8c104422467e85984edc78b4.tar.bz2
openshift-3a84bfb50fc5923f8c104422467e85984edc78b4.tar.xz
openshift-3a84bfb50fc5923f8c104422467e85984edc78b4.zip
Merge pull request #502 from bogdando/sec_groups
Modify sec groups for provisioned openstack servers
-rw-r--r--roles/openstack-stack/templates/heat_stack.yaml.j217
1 files changed, 4 insertions, 13 deletions
diff --git a/roles/openstack-stack/templates/heat_stack.yaml.j2 b/roles/openstack-stack/templates/heat_stack.yaml.j2
index 02bc3b49b..00a46896c 100644
--- a/roles/openstack-stack/templates/heat_stack.yaml.j2
+++ b/roles/openstack-stack/templates/heat_stack.yaml.j2
@@ -152,7 +152,7 @@ resources:
cluster_id: {{ stack_name }}
description:
str_replace:
- template: Basic ssh/dns security group for cluster_id OpenShift cluster
+ template: Basic ssh/icmp security group for cluster_id OpenShift cluster
params:
cluster_id: {{ stack_name }}
rules:
@@ -162,13 +162,8 @@ resources:
port_range_max: 22
remote_ip_prefix: {{ ssh_ingress_cidr }}
- direction: ingress
- protocol: tcp
- port_range_min: 53
- port_range_max: 53
- - direction: ingress
- protocol: udp
- port_range_min: 53
- port_range_max: 53
+ protocol: icmp
+ remote_ip_prefix: {{ ssh_ingress_cidr }}
{% if openstack_flat_secgrp|bool %}
flat-secgrp:
@@ -423,11 +418,6 @@ resources:
cluster_id: {{ stack_name }}
rules:
- direction: ingress
- protocol: tcp
- port_range_min: 22
- port_range_max: 22
- remote_ip_prefix: {{ ssh_ingress_cidr }}
- - direction: ingress
protocol: udp
port_range_min: 53
port_range_max: 53
@@ -723,6 +713,7 @@ resources:
subnet: { get_resource: subnet }
secgrp:
- { get_resource: dns-secgrp }
+ - { get_resource: common-secgrp }
floating_network: {{ external_network }}
net_name:
str_replace: