diff options
| author |   Emilien Macchi <emilien@redhat.com> | 2016-11-21 09:57:09 -0500 |
|---|---|---|
| committer | Emilien Macchi <emilien@redhat.com> | 2016-11-21 14:24:20 -0500 |
| commit | 2ca3cb03ad5f05469e5ae181981e559ccc77371f (patch) | |
| tree | b86f7d60996869343e9a052b9975d222052836cd /manifests/firewall.pp | |
| parent | 92f9c952d6cbb0c11c8457de0e49748f3adf667e (diff) | |
firewall: stop using stdlib stages
Using Puppet stdlib in TripleO is risky because it exposes deployments
to dependency cycles in the catalog.
We should rather use native functions to make orchestrations, like
ordering and dependencies management.
This patch:
- removes usage of stages from stdlib
- use ordering to make sure we run pre rules before post
- use ordering to make sure we start all Services in catalog before post
rules. It ensure that we don't drop all traffic before starting the
services, which could lead to services errors (e.g. trying to reach database
or amqp)
Change-Id: Iec4705d6b785a40ccf6f43809b94b726ccd47fef
Closes-Bug: #1643575
Diffstat (limited to 'manifests/firewall.pp')
| -rw-r--r-- | manifests/firewall.pp | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/manifests/firewall.pp b/manifests/firewall.pp index 3184cd3..8c6a53b 100644 --- a/manifests/firewall.pp +++ b/manifests/firewall.pp @@ -51,8 +51,6 @@ class tripleo::firewall( $firewall_post_extras = {}, ) { - include ::stdlib - if $manage_firewall { # Only purges IPv4 rules @@ -79,14 +77,15 @@ class tripleo::firewall( ensure_resource('class', 'tripleo::firewall::pre', { 'firewall_settings' => $firewall_pre_extras, - 'stage' => 'setup', }) ensure_resource('class', 'tripleo::firewall::post', { - 'stage' => 'runtime', 'firewall_settings' => $firewall_post_extras, }) + Class['tripleo::firewall::pre'] -> Class['tripleo::firewall::post'] + Service<||> -> Class['tripleo::firewall::post'] + # Allow composable services to load their own custom # example with Hiera. # NOTE(dprince): In the future when we have a better hiera |