diff options
Diffstat (limited to 'manifests/haproxy/endpoint.pp')
| -rw-r--r-- | manifests/haproxy/endpoint.pp | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index 94bfcff..b7403a4 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -88,7 +88,8 @@ define tripleo::haproxy::endpoint ( # service exposed to the public network if $public_certificate { - $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) + $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"), + union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) } else { $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${service_port}"), $haproxy_listen_bind_param) } @@ -98,7 +99,8 @@ define tripleo::haproxy::endpoint ( } if $internal_certificate { - $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) + $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), + union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) } else { $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), $haproxy_listen_bind_param) } @@ -117,4 +119,16 @@ define tripleo::haproxy::endpoint ( server_names => $server_names, options => $member_options, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $firewall_rules = { + "100 ${name}_haproxy" => { + 'dport' => $service_port, + }, + "100 ${name}_haproxy_ssl" => { + 'dport' => $public_ssl_port, + }, + } + create_resources('tripleo::firewall::rule', $firewall_rules) + } } |