diff options
author | Emilien Macchi <emilien@redhat.com> | 2016-06-16 17:03:27 -0400 |
---|---|---|
committer | Emilien Macchi <emilien@redhat.com> | 2016-07-06 15:28:53 -0400 |
commit | 71f2a53cb9e1385b22e3a47524fcc5531743ec90 (patch) | |
tree | d6c0cab22e741e16b0a1070104ec8aa56dcf6f96 /manifests/haproxy | |
parent | 9f0ab60383509548e91740ec6559ab9af0f04199 (diff) |
deploy composable firewall rules for HAproxy
Deploy composable iptables rules for HAproxy.
Note: we can't use Hiera here because we have some logic in
puppet-tripelo that select the services that we actually deploy.
Using this code in the Define will easily create IPtables rules that we
actually need. Some other services will be able to create IPtables rules
in Hiera (in THT), but not HAproxy now.
Change-Id: If03b18992c68461e97789c0318078a0b243c84fe
Diffstat (limited to 'manifests/haproxy')
-rw-r--r-- | manifests/haproxy/endpoint.pp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index 94bfcff..ac6cb6c 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -117,4 +117,16 @@ define tripleo::haproxy::endpoint ( server_names => $server_names, options => $member_options, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $firewall_rules = { + "100 ${name}_haproxy" => { + 'dport' => $service_port, + }, + "100 ${name}_haproxy_ssl" => { + 'dport' => $public_ssl_port, + }, + } + create_resources('tripleo::firewall::rule', $firewall_rules) + } } |