Ask Your Question
0

Best Practice CentOs 7 Firewalld on Controller

asked 2017-02-26 08:20:48 -0600

JathavanSriram gravatar image

Hi there, I am currently setting up a new OpenStack cluster (Newton) and was wondering, what are the best practices concerning Firewalld on CentOs 7 for the Controller Node?

In most guides that I have read people tend to turn off firewalld - is this because of laziness/simplicity or is this the general best practice when working with OpenStack?

Cheers Jatha

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2017-02-27 08:17:41 -0600

dbaxps gravatar image

Regarding filewalld setup for RDO Liberty see
Set up HAProxy/Keepalived 3 Node Controller on RDO Liberty per Javier Pena
https://github.com/beekhof/osp-ha-dep...
Consider Liberty Configs as samples for recent RDO releases.
For instance Nova configuration :-

systemctl start openstack-nova-consoleauth
systemctl start openstack-nova-novncproxy 
systemctl start openstack-nova-api
systemctl start openstack-nova-scheduler
systemctl start openstack-nova-conductor
systemctl enable openstack-nova-consoleauth
systemctl enable openstack-nova-novncproxy 
systemctl enable openstack-nova-api
systemctl enable openstack-nova-scheduler
systemctl enable openstack-nova-conductor

firewall-cmd --add-port=8773-8775/tcp
firewall-cmd --add-port=8773-8775/tcp --permanent
firewall-cmd --add-port=6080/tcp
firewall-cmd --add-port=6080/tcp --permanent
edit flag offensive delete link more
0

answered 2017-02-26 16:37:03 -0600

I believe this is because openstack uses iptables currently, not firewalld.

edit flag offensive delete link more
0

answered 2017-02-26 16:21:01 -0600

is this because of laziness/simplicity

Simplicity, allowing the guide to focus on OpenStack. Also, the install guide recommends to turn the firewall off during installation, not during production.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-02-26 08:20:48 -0600

Seen: 832 times

Last updated: Feb 27 '17