From fc614ec1a3a6d10d75af46cd7915fbc0e45ffcc3 Mon Sep 17 00:00:00 2001
From: Dmitry Tantsur <divius.inside@gmail.com>
Date: Wed, 17 Aug 2016 17:12:26 +0200
Subject: Ironic: add missing haproxy and firewall configuration

Make sure Ironic API listens on a different IP than HAProxy.

Also open firewall ports for Ironic API and TFTP.

Change-Id: I9d843e76adcdb1085fd1e9fb7408a2387909382b
---
 puppet/services/ironic-conductor.yaml | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'puppet/services/ironic-conductor.yaml')

diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index 9bc86a2c..27479f79 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -41,10 +41,15 @@ outputs:
           - get_attr: [IronicBase, role_data, config_settings]
           # FIXME: I have no idea why neutron_url is in "api" manifest
           - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+            ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
             ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
             ironic::enabled_drivers: {get_param: IronicEnabledDrivers}
             # Prevent tftp_server from defaulting to my_ip setting, which is
             # controller VIP, not a real IP.
             ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network}
+            tripleo.ironic_conductor.firewall_rules:
+              '134 ironic conductor TFTP':
+                dport: 69
+                proto: udp
       step_config: |
         include ::tripleo::profile::base::ironic::conductor
-- 
cgit 1.2.3-korg