From 5195d7f8910f7d1ce0895caa133b028a727f8622 Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince@redhat.com>
Date: Wed, 20 Jul 2016 10:48:23 -0400
Subject: Composable firewall rules

Split out the firewall rules in puppet/hieradata/controller.yaml
into the composable services

Depends-On: Id370362ab57347b75b1ab25afda877885b047263
Change-Id: Icaecab100d3f278035fbbb3facb9bf6c62c76c03
---
 puppet/services/database/mongodb.yaml | 9 ++++++++-
 puppet/services/database/mysql.yaml   | 9 +++++++++
 puppet/services/database/redis.yaml   | 5 +++++
 3 files changed, 22 insertions(+), 1 deletion(-)

(limited to 'puppet/services/database')

diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index c2d36fc7..6885cfd6 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -25,5 +25,12 @@ outputs:
           - get_attr: [MongoDbBase, role_data, config_settings]
           - tripleo::profile::base::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]}
             mongodb::server::service_manage: True
+            tripleo.mongodb.firewall_rules:
+              '101 mongodb_config':
+                dport: 27019
+              '102 mongodb_sharding':
+                dport: 27018
+              '103 mongod':
+                dport: 27017
       step_config: |
-        include ::tripleo::profile::base::database::mongodb
\ No newline at end of file
+        include ::tripleo::profile::base::database::mongodb
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index 992dc11e..0a19b2a7 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -17,5 +17,14 @@ outputs:
     value:
       service_name: mysql
       config_settings:
+        tripleo.mysql.firewall_rules:
+          '104 mysql galera':
+            dport:
+              - 873
+              - 3306
+              - 4444
+              - 4567
+              - 4568
+              - 9200
       step_config: |
         include ::tripleo::profile::base::database::mysql
diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml
index 080f72b6..ef005f77 100644
--- a/puppet/services/database/redis.yaml
+++ b/puppet/services/database/redis.yaml
@@ -22,5 +22,10 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [RedisBase, role_data, config_settings]
+          - tripleo.redis.firewall_rules:
+              '108 redis':
+                dport:
+                  - 6379
+                  - 26379
       step_config: |
         include ::tripleo::profile::base::database::redis
-- 
cgit 1.2.3-korg