Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Cloud:OpenStack:Juno:Staging
openstack-nova
openstack-nova-network-init-bnc777488.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openstack-nova-network-init-bnc777488.patch of Package openstack-nova
--- openstack-nova-network +++ openstack-nova-network @@ -22,6 +22,27 @@ . /etc/rc.status +iptables_setup() +{ + mode=$1 + if [ -n "$ADMINNETWORK" ] && grep -qx 'enabled_apis=metadata' /etc/nova/nova.conf ; then # this must not run outside of compute nodes + interface=$(perl -ne 'm/flat_network_bridge=([0-9a-z.-]+)/ && print $1' /etc/nova/nova.conf) + if [ -z "$interface" ] ; then + echo "error: no flat_network_bridge interface found in nova.conf" + echo "can not set iptables rules" + else + PATH="/sbin:/usr/sbin:/usr/bin:/bin" + c="nova-filter-FORWARD-sitelocl" + iptables -N $c 2>/dev/null + iptables -$mode $c -d $STORAGENETWORK/$STORAGENETMASK -j REJECT + iptables -$mode INPUT -d $STORAGENETWORK/$STORAGENETMASK -i $interface -j REJECT + iptables -$mode $c -d $ADMINNETWORK/$ADMINNETMASK -j REJECT + iptables -$mode INPUT -d $ADMINNETWORK/$ADMINNETMASK -i $interface -j REJECT + iptables -$mode INPUT -p tcp --dport 8775 -i $interface -j ACCEPT # metadata api + fi + fi +} + case "$1" in start) if [ "$DAEMON" == "api" ]; then @@ -31,6 +52,7 @@ fi echo -n "Starting nova-$DAEMON" + iptables_setup I /sbin/startproc -q -s -u $USER /usr/bin/nova-$DAEMON --config-file=$CONFFILE rc_status -v ;; @@ -38,6 +60,7 @@ echo -n "Shutting down nova-$DAEMON" /sbin/killproc /usr/bin/nova-$DAEMON rc_status -v + iptables_setup D ;; restart) $0 stop
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
