/* * * Copyright (c) 2011, Microsoft Corporation. * * This program is free software; you can redistribute it and/or modify it * under the terms and conditions of the GNU General Public License, * version 2, as published by the Free Software Foundation. * * This program is distributed in the hope it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * more details. * * You should have received a copy of the GNU General Public License along with * this program; if not, write to the Free Software Foundation, Inc., 59 Temple * Place - Suite 330, Boston, MA 02111-1307 USA. * * Authors: * Haiyang Zhang * Hank Janssen * K. Y. Srinivasan * */ #ifndef _HYPERV_VMBUS_H #define _HYPERV_VMBUS_H #include #include #include #include /* * Timeout for services such as KVP and fcopy. */ #define HV_UTIL_TIMEOUT 30 /* * The below CPUID leaves are present if VersionAndFeatures.HypervisorPresent * is set by CPUID(HVCPUID_VERSION_FEATURES). */ enum hv_cpuid_function { HVCPUID_VERSION_FEATURES = 0x00000001, HVCPUID_VENDOR_MAXFUNCTION = 0x40000000, HVCPUID_INTERFACE = 0x40000001, /* * The remaining functions depend on the value of * HVCPUID_INTERFACE */ HVCPUID_VERSION = 0x40000002, HVCPUID_FEATURES = 0x40000003, HVCPUID_ENLIGHTENMENT_INFO = 0x40000004, HVCPUID_IMPLEMENTATION_LIMITS = 0x40000005, }; #define HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE 0x400 #define HV_X64_MSR_CRASH_P0 0x40000100 #define HV_X64_MSR_CRASH_P1 0x40000101 #define HV_X64_MSR_CRASH_P2 0x40000102 #define HV_X64_MSR_CRASH_P3 0x40000103 #define HV_X64_MSR_CRASH_P4 0x40000104 #define HV_X64_MSR_CRASH_CTL 0x40000105 #define HV_CRASH_CTL_CRASH_NOTIFY (1ULL << 63) /* Define version of the synthetic interrupt controller. */ #define HV_SYNIC_VERSION (1) /* Define synthetic interrupt controller message constants. */ #define HV_MESSAGE_SIZE (256) #define HV_MESSAGE_PAYLOAD_BYTE_COUNT (240) #define HV_MESSAGE_PAYLOAD_QWORD_COUNT (30) #define HV_ANY_VP (0xFFFFFFFF) /* Define synthetic interrupt controller flag constants. */ #define HV_EVENT_FLAGS_COUNT (256 * 8) #define HV_EVENT_FLAGS_BYTE_COUNT (256) #define HV_EVENT_FLAGS_DWORD_COUNT (256 / sizeof(u32)) /* Define hypervisor message types. */ enum hv_message_type { HVMSG_NONE = 0x00000000, /* Memory access messages. */ HVMSG_UNMAPPED_GPA = 0x80000000, HVMSG_GPA_INTERCEPT = 0x80000001, /* Timer notification messages. */ HVMSG_TIMER_EXPIRED = 0x80000010, /* Error messages. */ HVMSG_INVALID_VP_REGISTER_VALUE = 0x80000020, HVMSG_UNRECOVERABLE_EXCEPTION = 0x80000021, HVMSG_UNSUPPORTED_FEATURE = 0x80000022, /* Trace buffer complete messages. */ HVMSG_EVENTLOG_BUFFERCOMPLETE = 0x80000040, /* Platform-specific processor intercept messages. */ HVMSG_X64_IOPORT_INTERCEPT = 0x80010000, HVMSG_X64_MSR_INTERCEPT = 0x80010001, HVMSG_X64_CPUID_INTERCEPT = 0x80010002, HVMSG_X64_EXCEPTION_INTERCEPT = 0x80010003, HVMSG_X64_APIC_EOI = 0x80010004, HVMSG_X64_LEGACY_FP_ERROR = 0x80010005 }; #define HV_SYNIC_STIMER_COUNT (4) /* Define invalid partition identifier. */ #define HV_PARTITION_ID_INVALID ((u64)0x0) /* Define port identifier type. */ union hv_port_id { u32 asu32; struct { u32 id:24; u32 reserved:8; } u ; }; /* Define port type. */ enum hv_port_type { HVPORT_MSG = 1, HVPORT_EVENT = 2, HVPORT_MONITOR = 3 }; /* Define port information structure. */ struct hv_port_info { enum hv_port_type port_type; u32 padding; union { struct { u32 target_sint; u32 target_vp; u64 rsvdz; } message_port_info; struct { u32 target_sint; u32 target_vp; u16 base_flag_number; u16 flag_count; u32 rsvdz; } event_port_info; struct { u64 monitor_address; u64 rsvdz; } monitor_port_info; }; }; struct hv_connection_info { enum hv_port_type port_type; u32 padding; union { struct { u64 rsvdz; } message_connection_info; struct { u64 rsvdz; } event_connection_info; struct { u64 monitor_address; } monitor_connection_info; }; }; /* Define synthetic interrupt controller message flags. */ union hv_message_flags { u8 asu8; struct { u8 msg_pending:1; u8 reserved:7; }; }; /* Define synthetic interrupt controller message header. */ struct hv_message_header { enum hv_message_type message_type; u8 payload_size; union hv_message_flags message_flags; u8 reserved[2]; union { u64 sender; union hv_port_id port; }; }; /* * Timer configuration register. */ union hv_timer_config { u64 as_uint64; struct { u64 enable:1; u64 periodic:1; u64 lazy:1; u64 auto_enable:1; u64 reserved_z0:12; u64 sintx:4; u64 reserved_z1:44; }; }; /* Define timer message payload structure. */ struct hv_timer_message_payload { u32 timer_index; u32 reserved; u64 expiration_time; /* When the timer expired */ u64 delivery_time; /* When the message was delivered */ }; /* Define synthetic interrupt controller message format. */ struct hv_message { struct hv_message_header header; union { u64 payload[HV_MESSAGE_PAYLOAD_QWORD_COUNT]; } u ; }; /* Define the number of message buffers associated with each port. */ #define HV_PORT_MESSAGE_BUFFER_COUNT (16) /* Define the synthetic interrupt message page layout. */ struct hv_message_page { struct hv_message sint_message[HV_SYNIC_SINT_COUNT]; }; /* Define the synthetic interrupt controller event flags format. */ union hv_synic_event_flags { u8 flags8[HV_EVENT_FLAGS_BYTE_COUNT]; u32 flags32[HV_EVENT_FLAGS_DWORD_COUNT]; }; /* Define the synthetic interrupt flags page layout. */ struct hv_synic_event_flags_page { union hv_synic_event_flags sintevent_flags[HV_SYNIC_SINT_COUNT]; }; /* Define SynIC control register. */ union hv_synic_scontrol { u64 as_uint64; struct { u64 enable:1; u64 reserved:63; }; }; /* Define synthetic interrupt source. */ union hv_synic_sint { u64 as_uint64; struct { u64 vector:8; u64 reserved1:8; u64 masked:1; u64 auto_eoi:1; u64 reserved2:46; }; }; /* Define the format of the SIMP register */ union hv_synic_simp { u64 as_uint64; struct { u64 simp_enabled:1; u64 preserved:11; u64 base_simp_gpa:52; }; }; /* Define the format of the SIEFP register */ union hv_synic_siefp { u64 as_uint64; struct { u64 siefp_enabled:1; u64 preserved:11; u64 base_siefp_gpa:52; }; }; /* Definitions for the monitored notification facility */ union hv_monitor_trigger_group { u64 as_uint64; struct { u32 pending; u32 armed; }; }; struct hv_monitor_parameter { union hv_connection_id connectionid; u16 flagnumber; u16 rsvdz; }; union hv_monitor_trigger_state { u32 asu32; struct { u32 group_enable:4; u32 rsvdz:28; }; }; /* struct hv_monitor_page Layout */ /* ------------------------
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo
#
# Configure the TripleO firewall
#
# === Parameters:
#
# [*manage_firewall*]
#  (optional) Completely enable or disable firewall settings
#  (false means disabled, and true means enabled)
#  Defaults to false
#
# [*firewall_rules*]
#   (optional) Allow to add custom firewall rules
#   Should be an hash.
#   Default to {}
#
# [*purge_firewall_rules*]
#   (optional) Boolean, purge all firewall resources
#   Defaults to false
#
# [*firewall_pre_extras*]
#   (optional) Allow to add custom parameters to firewall rules (pre stage)
#   Should be an hash.
#   Default to {}
#
# [*firewall_post_extras*]
#   (optional) Allow to add custom parameters to firewall rules (post stage)
#   Should be an hash.
#   Default to {}
#
class tripleo::firewall(
  $manage_firewall      = false,
  $firewall_rules       = {},
  $purge_firewall_rules = false,
  $firewall_pre_extras  = {},
  $firewall_post_extras = {},
) {

  if $manage_firewall {

    # Only purges IPv4 rules
    if $purge_firewall_rules {
      resources { 'firewall':