From: deepssin Date: Mon, 17 Nov 2025 13:48:35 +0000 (+0000) Subject: Add NTP security group rules for OpenStack instances X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=6d71acd4063c3e2a53e5e67f97627ee8151337ff;p=teuthology.git Add NTP security group rules for OpenStack instances Add UDP port 123 ingress and egress rules for both server and worker security groups to enable NTP time synchronization. Also refactor add_rule() to accept direction parameter instead of hardcoding ingress. Signed-off-by: deepssin --- diff --git a/teuthology/openstack/__init__.py b/teuthology/openstack/__init__.py index 11d8ff150..b9faffd8e 100644 --- a/teuthology/openstack/__init__.py +++ b/teuthology/openstack/__init__.py @@ -1233,10 +1233,10 @@ ssh access : ssh {identity}{username}@{ip} # logs in /usr/share/nginx/ server_sg = conn.network.create_security_group(name=self.server_group()) if not worker_sg: worker_sg = conn.network.create_security_group(name=self.worker_group()) - def add_rule(sg_id, protocol, port=None, remote_group_id=None): + def add_rule(sg_id, protocol, port=None, remote_group_id=None, direction='ingress'): rule_args = { 'security_group_id': sg_id, - 'direction': 'ingress', + 'direction': direction, 'protocol': protocol, 'ethertype': 'IPv4', } @@ -1262,6 +1262,12 @@ ssh access : ssh {identity}{username}@{ip} # logs in /usr/share/nginx/ # access within worker group add_rule(worker_sg.id, 'udp', port=65535, remote_group_id=worker_sg.id) + # NTP synchronization(UDP port 123) + add_rule(server_sg.id, 'udp', port=123, direction='egress') + add_rule(worker_sg.id, 'udp', port=123, direction='egress') + add_rule(server_sg.id, 'udp', port=123, direction='ingress') + add_rule(worker_sg.id, 'udp', port=123, direction='ingress') + @staticmethod def get_unassociated_floating_ip(): """