summaryrefslogtreecommitdiffstats
path: root/manifests/firewall.pp
AgeCommit message (Collapse)AuthorFilesLines
2016-10-04Cleanup the firewall logic.Dan Prince1-1/+1
We added code in t-h-t to strip empty services from the service_names list. (These are often the result of a service set to OS::Heat::None). As such we can now drop this puppet reject statement. Change-Id: Ie66f14f183de7e44a1f69af862f7d4be9a14c904
2016-07-21Add firewall::service_rules defineDan Prince1-0/+18
This patch updates the tripleo::firewall class so that it will support loading firewall rules defined in composable services via the following hiera keys (for nova-api for example): tripleo.nova_api.firewall_rules This patch relies on a new 'service_names' hiera array that should be provided on all TripleO overcloud nodes. Depends-On: I60861c5aa760534db3e314bba16a13b90ea72f0c Change-Id: Id370362ab57347b75b1ab25afda877885b047263
2015-07-15Implement firewalling in tripleo::firewallYanis Guenane1-0/+91
Currently firewalling is implemented in tripleo/init.pp this commit moves it to its own scope tripleo/firewall.pp. This is done so that in tripleo-heat-templates we can have a simple and generic `include tripleo::firewall` in every manifest - unconditional. The rest of the behavior will all be managed by hiera. If a user wants to enable firewalling: ``` tripleo::firewall::manage_firewall: true ``` If a user wants to specify firewall rules: ``` tripleo::firewall::firewall_rules: '103 mongod': port: 27017 ``` Change-Id: I144c60db2a568a94dce5b51257f1d10980173325