Re-align the OpenStack firewall rules with the iptables rules

1 files changed, 30 insertions, 0 deletions

diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
index 422e6dafe..2d0098784 100644
--- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
@@ -280,6 +280,10 @@ resources:
           port_range_max: 8443
         - direction: ingress
           protocol: tcp
+          port_range_min: 8444
+          port_range_max: 8444
+        - direction: ingress
+          protocol: tcp
           port_range_min: 53
           port_range_max: 53
         - direction: ingress
@@ -302,6 +306,22 @@ resources:
           protocol: udp
           port_range_min: 24224
           port_range_max: 24224
+        - direction: ingress
+          protocol: tcp
+          port_range_min: 2224
+          port_range_max: 2224
+        - direction: ingress
+          protocol: udp
+          port_range_min: 5404
+          port_range_max: 5404
+        - direction: ingress
+          protocol: udp
+          port_range_min: 5405
+          port_range_max: 5405
+        - direction: ingress
+          protocol: tcp
+          port_range_min: 9090
+          port_range_max: 9090
 
   etcd-secgrp:
     type: OS::Neutron::SecurityGroup
@@ -359,6 +379,16 @@ resources:
           port_range_max: 10250
           remote_mode: remote_group_id
         - direction: ingress
+          protocol: tcp
+          port_range_min: 10255
+          port_range_max: 10255
+          remote_mode: remote_group_id
+        - direction: ingress
+          protocol: udp
+          port_range_min: 10255
+          port_range_max: 10255
+          remote_mode: remote_group_id
+        - direction: ingress
           protocol: udp
           port_range_min: 4789
           port_range_max: 4789