From 5195d7f8910f7d1ce0895caa133b028a727f8622 Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince@redhat.com>
Date: Wed, 20 Jul 2016 10:48:23 -0400
Subject: Composable firewall rules

Split out the firewall rules in puppet/hieradata/controller.yaml
into the composable services

Depends-On: Id370362ab57347b75b1ab25afda877885b047263
Change-Id: Icaecab100d3f278035fbbb3facb9bf6c62c76c03
---
 puppet/services/neutron-server.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'puppet/services/neutron-server.yaml')

diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml
index 61af11f9..253a6bfe 100644
--- a/puppet/services/neutron-server.yaml
+++ b/puppet/services/neutron-server.yaml
@@ -72,5 +72,15 @@ outputs:
             neutron::db::mysql::allowed_hosts:
               - '%'
               - "%{hiera('mysql_bind_host')}"
+            tripleo.neutron_server.firewall_rules:
+              '114 neutron server':
+                dport:
+                  - 9696
+                  - 13696
+              '118 neutron vxlan networks':
+                proto: 'udp'
+                dport: 4789
+              '106 vrrp':
+                proto: vrrp
       step_config: |
         include tripleo::profile::base::neutron::server
-- 
cgit 1.2.3-korg