diff options
| author |   Emilien Macchi <emilien@redhat.com> | 2015-06-12 15:20:17 -0400 |
|---|---|---|
| committer | Emilien Macchi <emilien@redhat.com> | 2015-11-19 16:47:28 +0100 |
| commit | 4c9d0fc6da6ec156dfd4f4e8d371e1fa60274514 (patch) | |
| tree | 2d2ccfe11282dae2392945a962067fb7e6be05a3 /puppet/controller.yaml | |
| parent | f6ff1a819190877093a90fb97ef7c9c8f6ce5164 (diff) | |
Implement Advanced Firewalling support
Consume puppet-tripleo to create/manage IPtables from Heat templates.
This review put in place the logic to enable and setup firewall rules.
A known set of rules are applied. More to come.
Change-Id: Ib79c23fb27fe3fc03bf223e6922d896cb33dad22
Co-Authored-By: Yanis Guenane <yguenane@redhat.com>
Depends-On: I144c60db2a568a94dce5b51257f1d10980173325
Diffstat (limited to 'puppet/controller.yaml')
| -rw-r--r-- | puppet/controller.yaml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 2e8c3126..d3a8a93d 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -278,6 +278,14 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + ManageFirewall: + default: false + description: Whether to manage IPtables rules. + type: boolean + PurgeFirewallRules: + default: false + description: Whether IPtables rules should be purged before setting up the new ones. + type: boolean MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -819,6 +827,8 @@ resources: enable_galera: {get_param: EnableGalera} enable_ceph_storage: {get_param: EnableCephStorage} enable_swift_storage: {get_param: EnableSwiftStorage} + manage_firewall: {get_param: ManageFirewall} + purge_firewall_rules: {get_param: PurgeFirewallRules} mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} mysql_max_connections: {get_param: MysqlMaxConnections} mysql_root_password: {get_param: MysqlRootPassword} @@ -1274,6 +1284,9 @@ resources: # Redis redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} + # Firewall + tripleo::firewall::manage_firewall: {get_input: manage_firewall} + tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc memcached::listen_ip: {get_input: memcached_network} neutron_public_interface_ip: {get_input: neutron_public_interface_ip} |