Ask Your Question
0

Best Practice CentOs 7 Firewalld on Controller

asked 2017-02-26 08:20:48 -0500

JathavanSriram gravatar image

Hi there, I am currently setting up a new OpenStack cluster (Newton) and was wondering, what are the best practices concerning Firewalld on CentOs 7 for the Controller Node?

In most guides that I have read people tend to turn off firewalld - is this because of laziness/simplicity or is this the general best practice when working with OpenStack?

Cheers Jatha

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2017-02-26 16:21:01 -0500

is this because of laziness/simplicity

Simplicity, allowing the guide to focus on OpenStack. Also, the install guide recommends to turn the firewall off during installation, not during production.

edit flag offensive delete link more
0

answered 2017-02-26 16:37:03 -0500

I believe this is because openstack uses iptables currently, not firewalld.

edit flag offensive delete link more
0

answered 2017-02-27 08:17:41 -0500

dbaxps gravatar image

Regarding filewalld setup for RDO Liberty see
Set up HAProxy/Keepalived 3 Node Controller on RDO Liberty per Javier Pena
https://github.com/beekhof/osp-ha-dep...
Consider Liberty Configs as samples for recent RDO releases.
For instance Nova configuration :-

systemctl start openstack-nova-consoleauth
systemctl start openstack-nova-novncproxy 
systemctl start openstack-nova-api
systemctl start openstack-nova-scheduler
systemctl start openstack-nova-conductor
systemctl enable openstack-nova-consoleauth
systemctl enable openstack-nova-novncproxy 
systemctl enable openstack-nova-api
systemctl enable openstack-nova-scheduler
systemctl enable openstack-nova-conductor

firewall-cmd --add-port=8773-8775/tcp
firewall-cmd --add-port=8773-8775/tcp --permanent
firewall-cmd --add-port=6080/tcp
firewall-cmd --add-port=6080/tcp --permanent
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-02-26 08:20:48 -0500

Seen: 723 times

Last updated: Feb 27 '17