diff options
| author |   Emilien Macchi <emilien@redhat.com> | 2016-06-16 17:03:27 -0400 |
|---|---|---|
| committer | Emilien Macchi <emilien@redhat.com> | 2016-07-06 15:28:53 -0400 |
| commit | 71f2a53cb9e1385b22e3a47524fcc5531743ec90 (patch) | |
| tree | d6c0cab22e741e16b0a1070104ec8aa56dcf6f96 | |
| parent | 9f0ab60383509548e91740ec6559ab9af0f04199 (diff) | |
deploy composable firewall rules for HAproxy
Deploy composable iptables rules for HAproxy.
Note: we can't use Hiera here because we have some logic in
puppet-tripelo that select the services that we actually deploy.
Using this code in the Define will easily create IPtables rules that we
actually need. Some other services will be able to create IPtables rules
in Hiera (in THT), but not HAproxy now.
Change-Id: If03b18992c68461e97789c0318078a0b243c84fe
| -rw-r--r-- | manifests/haproxy/endpoint.pp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index 94bfcff..ac6cb6c 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -117,4 +117,16 @@ define tripleo::haproxy::endpoint ( server_names => $server_names, options => $member_options, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $firewall_rules = { + "100 ${name}_haproxy" => { + 'dport' => $service_port, + }, + "100 ${name}_haproxy_ssl" => { + 'dport' => $public_ssl_port, + }, + } + create_resources('tripleo::firewall::rule', $firewall_rules) + } } |