1 files changed, 39 insertions, 0 deletions

diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml
new file mode 100644
index 00000000..f6ec458f
--- /dev/null
+++ b/puppet/services/tripleo-firewall.yaml
@@ -0,0 +1,39 @@
+heat_template_version: 2016-04-08
+
+description: >
+  TripleO Firewall settings
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ManageFirewall:
+    default: false
+    description: Whether to manage IPtables rules.
+    type: boolean
+  PurgeFirewallRules:
+    default: false
+    description: Whether IPtables rules should be purged before setting up the new ones.
+    type: boolean
+
+outputs:
+  role_data:
+    description: Role data for the TripleO firewall settings
+    value:
+      service_name: tripleo_firewall
+      config_settings:
+        tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
+        tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
+      step_config: |
+        include ::tripleo::firewall