| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The port parameter to puppetlabs-firewall is actually deprecated[1].
This adds support for using the new parameter names dport and sport. The
port parameter is still retained in puppet-tripleo for backwards
compatibily for anyone using that interface. It is marked deprecated in
the documentation, however no deprecation warning is needed because
there is already a warning from from puppetlabs-firewall.
blueprint undercloud-elements
Change-Id: I0598007f90018f80a3266193bb24dbf112de49b7
|
|
Specifying a destination cidr is already supported by
puppetlabs-firewall, we just need to pass through the parameter in
rule.pp in puppet-tripleo.
This will allow creating iptables rules that forward network traffic for
a given cidr via puppet-tripleo.
Change-Id: I23582a55cd97248be52f45e14de7e813ff499ff7
|
|
Change-Id: I10c0d35b473026a5e1ede265099f73c803402adc
Related-bug: #1517805
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
|
|
Currently firewalling is implemented in tripleo/init.pp this commit
moves it to its own scope tripleo/firewall.pp.
This is done so that in tripleo-heat-templates we can have a simple and
generic `include tripleo::firewall` in every manifest - unconditional.
The rest of the behavior will all be managed by hiera.
If a user wants to enable firewalling:
```
tripleo::firewall::manage_firewall: true
```
If a user wants to specify firewall rules:
```
tripleo::firewall::firewall_rules:
'103 mongod':
port: 27017
```
Change-Id: I144c60db2a568a94dce5b51257f1d10980173325
|
James Slagle
Gael Chamoulaud
Yanis Guenane