summaryrefslogtreecommitdiffstats
path: root/manifests/haproxy
diff options
context:
space:
mode:
authorEmilien Macchi <emilien@redhat.com>2016-06-16 17:03:27 -0400
committerEmilien Macchi <emilien@redhat.com>2016-07-06 15:28:53 -0400
commit71f2a53cb9e1385b22e3a47524fcc5531743ec90 (patch)
treed6c0cab22e741e16b0a1070104ec8aa56dcf6f96 /manifests/haproxy
parent9f0ab60383509548e91740ec6559ab9af0f04199 (diff)
deploy composable firewall rules for HAproxy
Deploy composable iptables rules for HAproxy. Note: we can't use Hiera here because we have some logic in puppet-tripelo that select the services that we actually deploy. Using this code in the Define will easily create IPtables rules that we actually need. Some other services will be able to create IPtables rules in Hiera (in THT), but not HAproxy now. Change-Id: If03b18992c68461e97789c0318078a0b243c84fe
Diffstat (limited to 'manifests/haproxy')
-rw-r--r--manifests/haproxy/endpoint.pp12
1 files changed, 12 insertions, 0 deletions
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp
index 94bfcff..ac6cb6c 100644
--- a/manifests/haproxy/endpoint.pp
+++ b/manifests/haproxy/endpoint.pp
@@ -117,4 +117,16 @@ define tripleo::haproxy::endpoint (
server_names => $server_names,
options => $member_options,
}
+ if hiera('manage_firewall', true) {
+ include ::tripleo::firewall
+ $firewall_rules = {
+ "100 ${name}_haproxy" => {
+ 'dport' => $service_port,
+ },
+ "100 ${name}_haproxy_ssl" => {
+ 'dport' => $public_ssl_port,
+ },
+ }
+ create_resources('tripleo::firewall::rule', $firewall_rules)
+ }
}