diff options
author | Tomas Sedovic <tomas@sedovic.cz> | 2017-06-28 14:46:49 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-06-28 14:46:49 +0200 |
commit | 3a84bfb50fc5923f8c104422467e85984edc78b4 (patch) | |
tree | 510130103362f10cb90d97c92593b20f5451d8e2 | |
parent | 3719941b62c3a688d8ca425966d6a68428b13f4f (diff) | |
parent | 8af0a60120689267515d7766c432a414eb55d51c (diff) | |
download | openshift-3a84bfb50fc5923f8c104422467e85984edc78b4.tar.gz openshift-3a84bfb50fc5923f8c104422467e85984edc78b4.tar.bz2 openshift-3a84bfb50fc5923f8c104422467e85984edc78b4.tar.xz openshift-3a84bfb50fc5923f8c104422467e85984edc78b4.zip |
Merge pull request #502 from bogdando/sec_groups
Modify sec groups for provisioned openstack servers
-rw-r--r-- | roles/openstack-stack/templates/heat_stack.yaml.j2 | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/roles/openstack-stack/templates/heat_stack.yaml.j2 b/roles/openstack-stack/templates/heat_stack.yaml.j2 index 02bc3b49b..00a46896c 100644 --- a/roles/openstack-stack/templates/heat_stack.yaml.j2 +++ b/roles/openstack-stack/templates/heat_stack.yaml.j2 @@ -152,7 +152,7 @@ resources: cluster_id: {{ stack_name }} description: str_replace: - template: Basic ssh/dns security group for cluster_id OpenShift cluster + template: Basic ssh/icmp security group for cluster_id OpenShift cluster params: cluster_id: {{ stack_name }} rules: @@ -162,13 +162,8 @@ resources: port_range_max: 22 remote_ip_prefix: {{ ssh_ingress_cidr }} - direction: ingress - protocol: tcp - port_range_min: 53 - port_range_max: 53 - - direction: ingress - protocol: udp - port_range_min: 53 - port_range_max: 53 + protocol: icmp + remote_ip_prefix: {{ ssh_ingress_cidr }} {% if openstack_flat_secgrp|bool %} flat-secgrp: @@ -423,11 +418,6 @@ resources: cluster_id: {{ stack_name }} rules: - direction: ingress - protocol: tcp - port_range_min: 22 - port_range_max: 22 - remote_ip_prefix: {{ ssh_ingress_cidr }} - - direction: ingress protocol: udp port_range_min: 53 port_range_max: 53 @@ -723,6 +713,7 @@ resources: subnet: { get_resource: subnet } secgrp: - { get_resource: dns-secgrp } + - { get_resource: common-secgrp } floating_network: {{ external_network }} net_name: str_replace: |