From 6d71acd4063c3e2a53e5e67f97627ee8151337ff Mon Sep 17 00:00:00 2001 From: deepssin Date: Mon, 17 Nov 2025 13:48:35 +0000 Subject: [PATCH] Add NTP security group rules for OpenStack instances Add UDP port 123 ingress and egress rules for both server and worker security groups to enable NTP time synchronization. Also refactor add_rule() to accept direction parameter instead of hardcoding ingress. Signed-off-by: deepssin --- teuthology/openstack/__init__.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/teuthology/openstack/__init__.py b/teuthology/openstack/__init__.py index 11d8ff150..b9faffd8e 100644 --- a/teuthology/openstack/__init__.py +++ b/teuthology/openstack/__init__.py @@ -1233,10 +1233,10 @@ ssh access : ssh {identity}{username}@{ip} # logs in /usr/share/nginx/ server_sg = conn.network.create_security_group(name=self.server_group()) if not worker_sg: worker_sg = conn.network.create_security_group(name=self.worker_group()) - def add_rule(sg_id, protocol, port=None, remote_group_id=None): + def add_rule(sg_id, protocol, port=None, remote_group_id=None, direction='ingress'): rule_args = { 'security_group_id': sg_id, - 'direction': 'ingress', + 'direction': direction, 'protocol': protocol, 'ethertype': 'IPv4', } @@ -1262,6 +1262,12 @@ ssh access : ssh {identity}{username}@{ip} # logs in /usr/share/nginx/ # access within worker group add_rule(worker_sg.id, 'udp', port=65535, remote_group_id=worker_sg.id) + # NTP synchronization(UDP port 123) + add_rule(server_sg.id, 'udp', port=123, direction='egress') + add_rule(worker_sg.id, 'udp', port=123, direction='egress') + add_rule(server_sg.id, 'udp', port=123, direction='ingress') + add_rule(worker_sg.id, 'udp', port=123, direction='ingress') + @staticmethod def get_unassociated_floating_ip(): """ -- 2.47.3