Ask Your Question

Best Practice CentOs 7 Firewalld on Controller

asked 2017-02-26 08:20:48 -0500

JathavanSriram gravatar image

Hi there, I am currently setting up a new OpenStack cluster (Newton) and was wondering, what are the best practices concerning Firewalld on CentOs 7 for the Controller Node?

In most guides that I have read people tend to turn off firewalld - is this because of laziness/simplicity or is this the general best practice when working with OpenStack?

Cheers Jatha

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2017-02-26 16:21:01 -0500

is this because of laziness/simplicity

Simplicity, allowing the guide to focus on OpenStack. Also, the install guide recommends to turn the firewall off during installation, not during production.

edit flag offensive delete link more

answered 2017-02-26 16:37:03 -0500

I believe this is because openstack uses iptables currently, not firewalld.

edit flag offensive delete link more

answered 2017-02-27 08:17:41 -0500

dbaxps gravatar image

Regarding filewalld setup for RDO Liberty see
Set up HAProxy/Keepalived 3 Node Controller on RDO Liberty per Javier Pena
Consider Liberty Configs as samples for recent RDO releases.
For instance Nova configuration :-

systemctl start openstack-nova-consoleauth
systemctl start openstack-nova-novncproxy 
systemctl start openstack-nova-api
systemctl start openstack-nova-scheduler
systemctl start openstack-nova-conductor
systemctl enable openstack-nova-consoleauth
systemctl enable openstack-nova-novncproxy 
systemctl enable openstack-nova-api
systemctl enable openstack-nova-scheduler
systemctl enable openstack-nova-conductor

firewall-cmd --add-port=8773-8775/tcp
firewall-cmd --add-port=8773-8775/tcp --permanent
firewall-cmd --add-port=6080/tcp
firewall-cmd --add-port=6080/tcp --permanent
edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2017-02-26 08:20:48 -0500

Seen: 1,064 times

Last updated: Feb 27 '17