openstack/ironic
Code Issues Proposed changes

Merge "Add a note about security groups in install guide"

Browse Source
This commit is contained in:
Jenkins 2016-09-21 16:00:30 +00:00 committed by Gerrit Code Review
commit c328dddd13
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/source/deploy/multitenancy.rst
View File

@ -88,7 +88,21 @@ interface as stated above):
.. note:: .. note::
The "provisioning" and "cleaning" networks may be the same neutron The "provisioning" and "cleaning" networks may be the same neutron
provider network, or may be distinct networks. provider network, or may be distinct networks. To ensure communication
between ironic and the deploy ramdisk works, it's important to ensure
that security groups are disabled for these networks, *or* the default
security groups allow:
* DHCP
* TFTP
* egress port used for ironic (6385 by default)
* ingress port used for ironic-python-agent (9999 by default)
* if using the iSCSI deploy method (``pxe_*`` and ``iscsi_*`` drivers),
the egress port used for iSCSI (3260 by default)
* if using the direct deploy method (``agent_*`` drivers), the egress
port used for swift (typically 80 or 443)
* if using iPXE, the egress port used for the HTTP server running
on the ironic conductor nodes (typically 80).
#. Install and configure a compatible ML2 mechanism driver which supports bare #. Install and configure a compatible ML2 mechanism driver which supports bare
metal provisioning for your switch. See `ML2 plugin configuration manual metal provisioning for your switch. See `ML2 plugin configuration manual