diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-07-31 15:26:19 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-07-31 15:26:19 +0000 |
| commit | 48ead62f6fcb1b833c044f099644cb32a06c3206 (patch) | |
| tree | 9d71df86de85ecebbf9678451eac0d7110d0a6b6 /manifests/haproxy | |
| parent | 01ae50352519d80810739c0f9319f74aab2e786d (diff) | |
| parent | 50f160a148b6a973891ffc6d0882f4c0d597336e (diff) | |
Merge "Prevent haproxy to run iptables during docker-puppet configuration"
Diffstat (limited to 'manifests/haproxy')
| -rw-r--r-- | manifests/haproxy/endpoint.pp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index f1e80e8..9139061 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -86,6 +86,11 @@ # fetching the certificate for that specific network. # Defaults to undef # +# [*manage_firewall*] +# (optional) Enable or disable firewall settings for ports exposed by HAProxy +# (false means disabled, and true means enabled) +# Defaults to hiera('tripleo::firewall::manage_firewall', true) +# define tripleo::haproxy::endpoint ( $internal_ip, $service_port, @@ -103,6 +108,7 @@ define tripleo::haproxy::endpoint ( $use_internal_certificates = false, $internal_certificates_specs = {}, $service_network = undef, + $manage_firewall = hiera('tripleo::firewall::manage_firewall', true), ) { if $public_virtual_ip { # service exposed to the public network @@ -158,7 +164,7 @@ define tripleo::haproxy::endpoint ( server_names => $server_names, options => $member_options, } - if hiera('tripleo::firewall::manage_firewall', true) { + if $manage_firewall { include ::tripleo::firewall # This block will construct firewall rules only when we specify # a port for the regular service and also the ssl port for the service. |