diff options
author | Jenkins <jenkins@review.openstack.org> | 2015-11-23 18:22:48 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2015-11-23 18:22:48 +0000 |
commit | 5e301a6a3154236e04d7117382c6b6cf3b94cb7f (patch) | |
tree | 148f0b31a69673e11926ae58e90cb46c22cdb855 /puppet/controller.yaml | |
parent | 705a6401a6db2fe9f78ee5f6584026179e64c7ae (diff) | |
parent | 4c9d0fc6da6ec156dfd4f4e8d371e1fa60274514 (diff) |
Merge "Implement Advanced Firewalling support"
Diffstat (limited to 'puppet/controller.yaml')
-rw-r--r-- | puppet/controller.yaml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 0c921eb6..d47e013e 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -278,6 +278,14 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + ManageFirewall: + default: false + description: Whether to manage IPtables rules. + type: boolean + PurgeFirewallRules: + default: false + description: Whether IPtables rules should be purged before setting up the new ones. + type: boolean MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -825,6 +833,8 @@ resources: enable_galera: {get_param: EnableGalera} enable_ceph_storage: {get_param: EnableCephStorage} enable_swift_storage: {get_param: EnableSwiftStorage} + manage_firewall: {get_param: ManageFirewall} + purge_firewall_rules: {get_param: PurgeFirewallRules} mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} mysql_max_connections: {get_param: MysqlMaxConnections} mysql_root_password: {get_param: MysqlRootPassword} @@ -1280,6 +1290,9 @@ resources: # Redis redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} + # Firewall + tripleo::firewall::manage_firewall: {get_input: manage_firewall} + tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc memcached::listen_ip: {get_input: memcached_network} neutron_public_interface_ip: {get_input: neutron_public_interface_ip} |