Ironic: add missing haproxy and firewall configuration

Make sure Ironic API listens on a different IP than HAProxy.

Also open firewall ports for Ironic API and TFTP.

Change-Id: I9d843e76adcdb1085fd1e9fb7408a2387909382b

1 files changed, 6 insertions, 0 deletions

diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index 6b494256..d0516e1b 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -50,6 +50,7 @@ outputs:
             ironic::api::authtoken::username: 'ironic'
             ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
             ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+            ironic::api::host_ip: {get_input: ironic_api_network}
             ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
             # This is used to build links in responses
             ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
@@ -59,5 +60,10 @@ outputs:
             ironic::keystone::auth::auth_name: 'ironic'
             ironic::keystone::auth::password: {get_param: IronicPassword }
             ironic::keystone::auth::tenant: 'service'
+            tripleo.ironic_api.firewall_rules:
+              '133 ironic api':
+                dport:
+                  - 6385
+                  - 13385
       step_config: |
         include ::tripleo::profile::base::ironic::api