[ English | Deutsch | Indonesia | русский | English (United Kingdom) ]

Firewalls

OpenStack-Ansible does not configure firewalls for its infrastructure. It is up to the deployer to define the perimeter and its firewall configuration.

Standardmäßig stützt sich OpenStack-Ansible auf Ansible-SSH-Verbindungen und benötigt den TCP-Port 22, um intern auf allen Hosts geöffnet zu werden.

For more information on generic OpenStack firewall configuration, see the Firewalls and default ports

In each of the role’s respective documentatione you can find the default variables for the ports used within the scope of the role. Reviewing the documentation allow you to find the variable names if you want to use a different port.

Bemerkung

OpenStack-Ansible group vars conveniently expose the vars outside of the role scope in case you are relying on the OpenStack-Ansible groups to configure your firewall.

Suchen nach Ports für Ihren externen Load Balancer

As explained in the previous section, you can find (in each roles documentation) the default variables used for the public interface endpoint ports.

Zum Beispiel die os_glance documentation listet die Variable glance_service_publicuri. Diese beinhaltet den Port zur Erreichung des Dienstes extern. In diesem Beispiel ist es gleich dem glance_service_port, welcher den Wert 9292 hat.

As a hint, you could find the list of all public URI defaults by executing the following:

cd /etc/ansible/roles
grep -R -e publicuri -e port *

Bemerkung

HAProxy can be configured with OpenStack-Ansible. The automatically generated /etc/haproxy/haproxy.cfg file have enough information on the ports to open for your environment.