aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Prince <dprince@redhat.com>2016-08-15 15:24:06 -0400
committerDan Prince <dprince@redhat.com>2016-08-17 08:25:39 -0400
commit9b18594c795124eceb6374c1513bd95e56eda1ca (patch)
treee22d0c86bf89ac7fae2c008f1b94785a82736108
parent0df577c6f0acc672b53d470e4cfedb1d7d9c53d1 (diff)
Add tripleo-firewall composable service
This creates a new service to help manage the puppet-tripleo class that enables firewall features. Currently has no settings but this will keep our interfaces consistent. Change-Id: I5ac85fa1e460b19ee2b1a9280413aebefe300845
-rw-r--r--overcloud-resource-registry-puppet.yaml1
-rw-r--r--overcloud.yaml5
-rw-r--r--puppet/manifests/overcloud_cephstorage.pp2
-rw-r--r--puppet/manifests/overcloud_compute.pp2
-rw-r--r--puppet/manifests/overcloud_controller.pp2
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp2
-rw-r--r--puppet/manifests/overcloud_object.pp2
-rw-r--r--puppet/manifests/overcloud_volume.pp2
-rw-r--r--puppet/services/tripleo-firewall.yaml19
9 files changed, 25 insertions, 12 deletions
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index 10d4b25..ca3c3cd 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -212,6 +212,7 @@ resource_registry:
OS::TripleO::Services::IronicConductor: OS::Heat::None
OS::TripleO::Services::NovaIronic: OS::Heat::None
OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml
+ OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml
parameter_defaults:
EnablePackageInstall: false
diff --git a/overcloud.yaml b/overcloud.yaml
index e873485..d96fd68 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -171,6 +171,7 @@ parameters:
- OS::TripleO::Services::IronicConductor
- OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the Controllers.
@@ -192,6 +193,7 @@ parameters:
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
- OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the Compute Nodes.
@@ -215,6 +217,7 @@ parameters:
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the BlockStorage nodes.
@@ -239,6 +242,7 @@ parameters:
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the ObjectStorage nodes.
@@ -263,6 +267,7 @@ parameters:
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the CephStorage nodes.
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp
index 39b7aca..2653bad 100644
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ b/puppet/manifests/overcloud_cephstorage.pp
@@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::firewall
-
if hiera('step') >= 4 {
hiera_include('ceph_classes', [])
}
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index b8f75c9..f96c193 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::firewall
-
if hiera('step') >= 4 {
hiera_include('compute_classes', [])
}
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 6290cac..25bdbfb 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::firewall
-
if hiera('step') >= 4 {
hiera_include('controller_classes', [])
}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index ea6130c..d329d5f 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::firewall
-
if hiera('step') >= 4 {
hiera_include('controller_classes', [])
}
diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp
index 428ba0f..414a06b 100644
--- a/puppet/manifests/overcloud_object.pp
+++ b/puppet/manifests/overcloud_object.pp
@@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::firewall
-
if hiera('step') >= 4 {
hiera_include('object_classes', [])
}
diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp
index 821474d..e1cdadd 100644
--- a/puppet/manifests/overcloud_volume.pp
+++ b/puppet/manifests/overcloud_volume.pp
@@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::firewall
-
if hiera('step') >= 4 {
hiera_include('volume_classes', [])
}
diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml
new file mode 100644
index 0000000..bd87eee
--- /dev/null
+++ b/puppet/services/tripleo-firewall.yaml
@@ -0,0 +1,19 @@
+heat_template_version: 2016-04-08
+
+description: >
+ TripleO Firewall settings
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the TripleO firewall settings
+ value:
+ service_name: tripleo_firewall
+ step_config: |
+ include ::tripleo::firewall