Ensure we allow Ironic API traffic from baremetal network

In deployments with a separate baremetal network we need to ensure we apply an iptables rule to allow traffic on port 80 to the Ironic API. Change-Id: I468f511dd8ad9a25c17f2a2754f7a45f7147c483 Story: 2002788 Task: 22673
author: Sam Betts <sam@code-smash.net> 2018-07-02 14:31:17 +0100
committer: Sam Betts <sam@code-smash.net> 2018-07-02 16:32:34 +0100
commit: 2bb87c1b69839d969ac372044f95cc3bf2987d7e (patch)
tree: fb71683e4217a4949b9d755160817425cb837ccf /devstack
parent: 4f9c9618c21c1f23d866523f86d175dff70c210b (diff)
download: ironic-2bb87c1b69839d969ac372044f95cc3bf2987d7e.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/devstack/lib/ironic b/devstack/lib/ironic
index ca5e0e70e..7ff7177ce 100644
--- a/devstack/lib/ironic
+++ b/devstack/lib/ironic
@@ -2145,6 +2145,9 @@ function configure_iptables {
     else
         sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true
         sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true
+        # open ironic API on baremetal network
+        sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 80 -j ACCEPT || true
+        sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 443 -j ACCEPT || true
     fi
     if is_deployed_by_agent; then
         # agent ramdisk gets instance image from swift
author	Sam Betts <sam@code-smash.net>	2018-07-02 14:31:17 +0100
committer	Sam Betts <sam@code-smash.net>	2018-07-02 16:32:34 +0100
commit	2bb87c1b69839d969ac372044f95cc3bf2987d7e (patch)
tree	fb71683e4217a4949b9d755160817425cb837ccf /devstack
parent	4f9c9618c21c1f23d866523f86d175dff70c210b (diff)
download	ironic-2bb87c1b69839d969ac372044f95cc3bf2987d7e.tar.gz