diff options
| author |   Yanis Guenane <yguenane@redhat.com> | 2015-07-15 11:58:46 +0200 |
|---|---|---|
| committer | Yanis Guenane <yguenane@redhat.com> | 2015-07-15 11:58:46 +0200 |
| commit | c59650772c8d7d2e84a19782ef8d53cec02deb9b (patch) | |
| tree | aec45b9a2d425ee6bac3815a60a5171cc0d25d3b /manifests/init.pp | |
| parent | 9b22f9f4ddfd511d19f3e34d7be70092a79d18d7 (diff) | |
Implement firewalling in tripleo::firewall
Currently firewalling is implemented in tripleo/init.pp this commit
moves it to its own scope tripleo/firewall.pp.
This is done so that in tripleo-heat-templates we can have a simple and
generic `include tripleo::firewall` in every manifest - unconditional.
The rest of the behavior will all be managed by hiera.
If a user wants to enable firewalling:
```
tripleo::firewall::manage_firewall: true
```
If a user wants to specify firewall rules:
```
tripleo::firewall::firewall_rules:
'103 mongod':
port: 27017
```
Change-Id: I144c60db2a568a94dce5b51257f1d10980173325
Diffstat (limited to 'manifests/init.pp')
| -rw-r--r-- | manifests/init.pp | 70 |
1 files changed, 1 insertions, 69 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index cdaf95a..9f6d775 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,75 +17,7 @@ # # Installs the system requirements # -# === Parameters: -# -# [*manage_firewall*] -# (optional) Completely enable or disable firewall settings -# (false means disabled, and true means enabled) -# Defaults to false -# -# [*firewall_rules*] -# (optional) Allow to add custom firewall rules -# Should be an hash. -# Default to {} -# -# [*purge_firewall_rules*] -# (optional) Boolean, purge all firewall resources -# Defaults to false -# -# [*firewall_pre_extras*] -# (optional) Allow to add custom parameters to firewall rules (pre stage) -# Should be an hash. -# Default to {} -# -# [*firewall_post_extras*] -# (optional) Allow to add custom parameters to firewall rules (post stage) -# Should be an hash. -# Default to {} -# -class tripleo( - $manage_firewall = false, - $firewall_rules = {}, - $purge_firewall_rules = false, - $firewall_pre_extras = {}, - $firewall_post_extras = {}, -) { - - include ::stdlib - - if $manage_firewall { - - # Only purges IPv4 rules - if $purge_firewall_rules { - resources { 'firewall': - purge => true - } - } - - # anyone can add your own rules - # example with Hiera: - # - # tripleo::firewall::rules: - # '300 allow custom application 1': - # port: 999 - # proto: udp - # action: accept - # '301 allow custom application 2': - # port: 8081 - # proto: tcp - # action: accept - # - create_resources('tripleo::firewall::rule', $firewall_rules) - - ensure_resource('class', 'tripleo::firewall::pre', { - 'firewall_settings' => $firewall_pre_extras, - 'stage' => 'setup', - }) - ensure_resource('class', 'tripleo::firewall::post', { - 'stage' => 'runtime', - 'firewall_settings' => $firewall_post_extras, - }) - } +class tripleo{ } |