diff options
| author |   Michele Baldessari <michele@acksyn.org> | 2017-01-05 20:27:46 +0100 |
|---|---|---|
| committer | Michele Baldessari <michele@acksyn.org> | 2017-01-09 11:45:03 +0100 |
| commit | 8eb99b868b71909132c6fc43d0d18940cc7ea9a1 (patch) | |
| tree | 2067e56cd828e0211c615fbb534ef841681a106e | |
| parent | 20ee458484b150e4f79044e3040dc9f0af0933bc (diff) | |
Add haproxy firewall rules for galera and redis
This change adds haproxy rules for galera and redis. They are not there
because these haproxy entries do not use the ::tripleo::haproxy::endpoint
function which does this automatically.
Rabbit does not need them because it does not go through haproxy.
Closes-Bug: #1654280
Change-Id: If995d5c36341f3c089cbda9a0827ea28c19c796b
| -rw-r--r-- | manifests/haproxy.pp | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 1e76733..b0c7734 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -1206,6 +1206,15 @@ class tripleo::haproxy ( server_names => hiera('mysql_node_names', $controller_hosts_names_real), options => $mysql_member_options_real, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $mysql_firewall_rules = { + '100 mysql_haproxy' => { + 'dport' => 3306, + } + } + create_resources('tripleo::firewall::rule', $mysql_firewall_rules) + } } if $rabbitmq { @@ -1265,6 +1274,15 @@ class tripleo::haproxy ( server_names => hiera('redis_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $redis_firewall_rules = { + '100 redis_haproxy' => { + 'dport' => 6379, + } + } + create_resources('tripleo::firewall::rule', $redis_firewall_rules) + } } $midonet_cluster_vip = hiera('midonet_cluster_vip', $controller_virtual_ip) |