diff options
| -rw-r--r-- | environments/manage-firewall.yaml | 2 | ||||
| -rw-r--r-- | puppet/role.role.j2.yaml | 45 | ||||
| -rw-r--r-- | puppet/services/ceph-base.yaml | 6 | ||||
| -rw-r--r-- | puppet/services/keepalived.yaml | 3 | ||||
| -rw-r--r-- | puppet/services/neutron-api.yaml | 9 | ||||
| -rw-r--r-- | puppet/services/neutron-l3.yaml | 3 | ||||
| -rw-r--r-- | puppet/services/neutron-ovs-agent.yaml | 6 | ||||
| -rw-r--r-- | puppet/services/tripleo-firewall.yaml | 2 |
8 files changed, 66 insertions, 10 deletions
diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml deleted file mode 100644 index 5d48698e..00000000 --- a/environments/manage-firewall.yaml +++ /dev/null @@ -1,2 +0,0 @@ -parameter_defaults: - ManageFirewall: true diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 66b754f3..e4307001 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -325,6 +325,51 @@ outputs: hostname: description: Hostname of the server value: {get_attr: [{{role}}, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - external + - {get_param: CloudDomain} + internal_api: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - internalapi + - {get_param: CloudDomain} + storage: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storage + - {get_param: CloudDomain} + storage_mgmt: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storagemgmt + - {get_param: CloudDomain} + tenant: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - tenant + - {get_param: CloudDomain} + management: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - management + - {get_param: CloudDomain} + ctlplane: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - ctlplane + - {get_param: CloudDomain} hosts_entry: value: str_replace: diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index ce8d9158..adb17b26 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -75,6 +75,12 @@ outputs: ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx ceph::profile::params::fsid: {get_param: CephClusterFSID} + # FIXME(gfidente): we should not have to list the packages explicitly in the templates, + # but this has to stay until https://bugs.launchpad.net/puppet-ceph/+bug/1629933 is fixed + ceph::params::packages: + - ceph-base + - ceph-mon + - ceph-osd # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index 2b069d67..38cfbe22 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -41,5 +41,8 @@ outputs: config_settings: tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} + tripleo.keepalived.firewall_rules: + '106 keepalived vrrp': + proto: vrrp step_config: | include ::tripleo::profile::base::keepalived diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 3b531ab3..c2b6b6f7 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -145,16 +145,11 @@ outputs: neutron::server::notifications::password: {get_param: NovaPassword} neutron::keystone::authtoken::project_name: 'service' neutron::server::sync_db: true - tripleo.neutron_server.firewall_rules: - '114 neutron server': + tripleo.neutron_api.firewall_rules: + '114 neutron api': dport: - 9696 - 13696 - '118 neutron vxlan networks': - proto: 'udp' - dport: 4789 - '106 vrrp': - proto: vrrp neutron::server::router_distributed: {get_param: NeutronEnableDVR} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 9e223374..a89e3d75 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -67,5 +67,8 @@ outputs: - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} neutron::agents::l3::router_delete_namespaces: True neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode} + tripleo.neutron_l3.firewall_rules: + '106 neutron_l3 vrrp': + proto: vrrp step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index cbe65638..cca0deee 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -117,5 +117,11 @@ outputs: # internal_api_subnet - > IP/CIDR neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} + tripleo.neutron_ovs_agent.firewall_rules: + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '136 neutron gre networks': + proto: 'gre' step_config: | include ::tripleo::profile::base::neutron::ovs diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index f6ec458f..7eb39905 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -19,7 +19,7 @@ parameters: via parameter_defaults in the resource registry. type: json ManageFirewall: - default: false + default: true description: Whether to manage IPtables rules. type: boolean PurgeFirewallRules: |