aboutsummaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
authorMichele Baldessari <michele@acksyn.org>2017-01-05 20:27:46 +0100
committerMichele Baldessari <michele@acksyn.org>2017-01-09 11:45:03 +0100
commit8eb99b868b71909132c6fc43d0d18940cc7ea9a1 (patch)
tree2067e56cd828e0211c615fbb534ef841681a106e /manifests
parent20ee458484b150e4f79044e3040dc9f0af0933bc (diff)
Add haproxy firewall rules for galera and redis
This change adds haproxy rules for galera and redis. They are not there because these haproxy entries do not use the ::tripleo::haproxy::endpoint function which does this automatically. Rabbit does not need them because it does not go through haproxy. Closes-Bug: #1654280 Change-Id: If995d5c36341f3c089cbda9a0827ea28c19c796b
Diffstat (limited to 'manifests')
-rw-r--r--manifests/haproxy.pp18
1 files changed, 18 insertions, 0 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 1e76733..b0c7734 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -1206,6 +1206,15 @@ class tripleo::haproxy (
server_names => hiera('mysql_node_names', $controller_hosts_names_real),
options => $mysql_member_options_real,
}
+ if hiera('manage_firewall', true) {
+ include ::tripleo::firewall
+ $mysql_firewall_rules = {
+ '100 mysql_haproxy' => {
+ 'dport' => 3306,
+ }
+ }
+ create_resources('tripleo::firewall::rule', $mysql_firewall_rules)
+ }
}
if $rabbitmq {
@@ -1265,6 +1274,15 @@ class tripleo::haproxy (
server_names => hiera('redis_node_names', $controller_hosts_names_real),
options => $haproxy_member_options,
}
+ if hiera('manage_firewall', true) {
+ include ::tripleo::firewall
+ $redis_firewall_rules = {
+ '100 redis_haproxy' => {
+ 'dport' => 6379,
+ }
+ }
+ create_resources('tripleo::firewall::rule', $redis_firewall_rules)
+ }
}
$midonet_cluster_vip = hiera('midonet_cluster_vip', $controller_virtual_ip)