aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/firewall.pp
AgeCommit message (Collapse)AuthorFilesLines
2016-11-21firewall: stop using stdlib stagesEmilien Macchi1-4/+3
Using Puppet stdlib in TripleO is risky because it exposes deployments to dependency cycles in the catalog. We should rather use native functions to make orchestrations, like ordering and dependencies management. This patch: - removes usage of stages from stdlib - use ordering to make sure we run pre rules before post - use ordering to make sure we start all Services in catalog before post rules. It ensure that we don't drop all traffic before starting the services, which could lead to services errors (e.g. trying to reach database or amqp) Change-Id: Iec4705d6b785a40ccf6f43809b94b726ccd47fef Closes-Bug: #1643575
2016-10-04Cleanup the firewall logic.Dan Prince1-1/+1
We added code in t-h-t to strip empty services from the service_names list. (These are often the result of a service set to OS::Heat::None). As such we can now drop this puppet reject statement. Change-Id: Ie66f14f183de7e44a1f69af862f7d4be9a14c904
2016-07-21Add firewall::service_rules defineDan Prince1-0/+18
This patch updates the tripleo::firewall class so that it will support loading firewall rules defined in composable services via the following hiera keys (for nova-api for example): tripleo.nova_api.firewall_rules This patch relies on a new 'service_names' hiera array that should be provided on all TripleO overcloud nodes. Depends-On: I60861c5aa760534db3e314bba16a13b90ea72f0c Change-Id: Id370362ab57347b75b1ab25afda877885b047263
2015-07-15Implement firewalling in tripleo::firewallYanis Guenane1-0/+91
Currently firewalling is implemented in tripleo/init.pp this commit moves it to its own scope tripleo/firewall.pp. This is done so that in tripleo-heat-templates we can have a simple and generic `include tripleo::firewall` in every manifest - unconditional. The rest of the behavior will all be managed by hiera. If a user wants to enable firewalling: ``` tripleo::firewall::manage_firewall: true ``` If a user wants to specify firewall rules: ``` tripleo::firewall::firewall_rules: '103 mongod': port: 27017 ``` Change-Id: I144c60db2a568a94dce5b51257f1d10980173325