diff options
| author |   Dan Prince <dprince@redhat.com> | 2016-10-04 09:59:56 -0400 |
|---|---|---|
| committer |   Emilien Macchi <emilien@redhat.com> | 2016-10-06 15:08:53 +0000 |
| commit | ddd4d3cd9f5012b505c1ed2c4ee6a62dde37dbaf (patch) | |
| tree | 03762b8c2e73b15d089418acfbd2048dbac4b4c8 | |
| parent | f9c3481c3ef3e1be5a7c86dc3717d20824745399 (diff) | |
Re-enable ManageFirewall by default.
This default setting got lots in the composable roles/services patches.
Re-enable the ManageFirewall setting by default per what we did in
git commit 73c76b867ddc8a23a30b9a3cac4031189d4178c6.
We also fix a typo in neutron-api.yaml so that the firewall rules
matches to service_name. (otherwise it won't get loaded).
Also, drops the environments/manage-firewall.yaml which is
no longer needed if we enable firewall management by default.
Change-Id: Ie198e4efd190131d0722085b10ef77da9005bc1b
Closes-bug: 1629934
| -rw-r--r-- | environments/manage-firewall.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/neutron-api.yaml | 4 | ||||
| -rw-r--r-- | puppet/services/tripleo-firewall.yaml | 2 | ||||
| -rw-r--r-- | roles_data.yaml | 4 |
4 files changed, 6 insertions, 6 deletions
diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml deleted file mode 100644 index 5d48698e..00000000 --- a/environments/manage-firewall.yaml +++ /dev/null @@ -1,2 +0,0 @@ -parameter_defaults: - ManageFirewall: true diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 3b531ab3..af77dc05 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -145,8 +145,8 @@ outputs: neutron::server::notifications::password: {get_param: NovaPassword} neutron::keystone::authtoken::project_name: 'service' neutron::server::sync_db: true - tripleo.neutron_server.firewall_rules: - '114 neutron server': + tripleo.neutron_api.firewall_rules: + '114 neutron api': dport: - 9696 - 13696 diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index f6ec458f..7eb39905 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -19,7 +19,7 @@ parameters: via parameter_defaults in the resource registry. type: json ManageFirewall: - default: false + default: true description: Whether to manage IPtables rules. type: boolean PurgeFirewallRules: diff --git a/roles_data.yaml b/roles_data.yaml index f3b64475..23f8af45 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -114,7 +114,9 @@ - OS::TripleO::Services::ComputeNeutronL3Agent - OS::TripleO::Services::ComputeNeutronMetadataAgent - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall + # FIXME: This doesn't appear to have been enabled before + # so disabling it here until we can support it + #- OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::NeutronSriovAgent - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient |