releasenotes/notes/bifrost-firewalld-zone-09a29651a058531a.yaml · 5b91451391cef311f235d983fd8ec43ac78af5b0 · Very Demiurge Very Mindful / Kayobe

4 years ago

Configure bifrost to use firewalld trusted zone · 9df0f00b

Pierre Riteau authored 4 years ago

Without this setting, bifrost creates a bifrost firewalld zone only
allowing network traffic for Ironic services and assigns the
provisioning network interface to it, potentially causing loss of
connectivity.

Using the public zone is suggested as a workaround [1] but is not
sufficient: it allows SSH traffic, but blocks other services deployed on
the seed, such as Docker registry traffic.

[1] https://review.opendev.org/#/c/754406/

Change-Id: I80f9d95f02e11fda5916f9a9dd257b688a9db7e2
Story: 2008153
Task: 40899

9df0f00b

History

Configure bifrost to use firewalld trusted zone

Pierre Riteau authored 4 years ago

Without this setting, bifrost creates a bifrost firewalld zone only
allowing network traffic for Ironic services and assigns the
provisioning network interface to it, potentially causing loss of
connectivity.

Using the public zone is suggested as a workaround [1] but is not
sufficient: it allows SSH traffic, but blocks other services deployed on
the seed, such as Docker registry traffic.

[1] https://review.opendev.org/#/c/754406/

Change-Id: I80f9d95f02e11fda5916f9a9dd257b688a9db7e2
Story: 2008153
Task: 40899