Bug 1305123 - RFE: configure iptables rules on overcloud hosts [NEEDINFO]
RFE: configure iptables rules on overcloud hosts
Status: CLOSED WONTFIX
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
high Severity high
: y3
: 7.0 (Kilo)
Assigned To: Angus Thomas
yeylon@redhat.com
: FutureFeature, Triaged
Depends On: 1274196
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-05 12:59 EST by Omri Hochman
Modified: 2016-04-18 03:12 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Release Note
Doc Text:
OSP 7 does not configure iptables or any other firewall on the overcloud bare metal nodes. It is recommended that the provisioning network be protected with an Access Control List (ACL) that allows outbound traffic from the overcloud nodes for DNS, NTP, and updates, but that inbound access be limited. Since the provisioning network is typically the only routed data path for the compute nodes and storage nodes, this will ensure that the compute and storage nodes are protected. Customers may also wish to configure firwalls for the controller nodes, in order to limit access to the Public APIs. This can be done with either with a firewall in the data path above the controller nodes, or iptables may be configured on the controllers after deployment.
Story Points: ---
Clone Of: 1274196
Environment:
Last Closed: 2016-02-09 11:23:19 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
athomas: needinfo? (dmacpher)


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 191195 None None None 2016-02-05 12:59 EST

  None (edit)
Comment 2 Angus Thomas 2016-02-09 11:23:19 EST
Hi Dan,

Please note the OSP director doc text for 7.3


Regards,

Angus

Note You need to log in before you can comment on or make changes to this bug.