Implement Advanced Firewalling support

Consume puppet-tripleo to create/manage IPtables from Heat templates.

This review put in place the logic to enable and setup firewall rules.

A known set of rules are applied. More to come.

Change-Id: Ib79c23fb27fe3fc03bf223e6922d896cb33dad22
Co-Authored-By: Yanis Guenane <yguenane@redhat.com>
Depends-On: I144c60db2a568a94dce5b51257f1d10980173325

1 files changed, 10 insertions, 0 deletions

diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index f679c6bb..8efdc173 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -457,6 +457,14 @@ parameters:
     type: string
     constraints:
       - allowed_values: [ 'basic', 'cadf' ]
+  ManageFirewall:
+    default: false
+    description: Whether to manage IPtables rules.
+    type: boolean
+  PurgeFirewallRules:
+    default: false
+    description: Whether IPtables rules should be purged before setting up the ones.
+    type: boolean
   MysqlInnodbBufferPoolSize:
     description: >
         Specifies the size of the buffer pool in megabytes. Setting to
@@ -811,6 +819,8 @@ resources:
           ControllerExtraConfig: {get_param: controllerExtraConfig}
           Debug: {get_param: Debug}
           EnableFencing: {get_param: EnableFencing}
+          ManageFirewall: {get_param: ManageFirewall}
+          PurgeFirewallRules: {get_param: PurgeFirewallRules}
           EnableGalera: {get_param: EnableGalera}
           EnableCephStorage: {get_param: ControllerEnableCephStorage}
           EnableSwiftStorage: {get_param: ControllerEnableSwiftStorage}