From 9b18594c795124eceb6374c1513bd95e56eda1ca Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Mon, 15 Aug 2016 15:24:06 -0400 Subject: Add tripleo-firewall composable service This creates a new service to help manage the puppet-tripleo class that enables firewall features. Currently has no settings but this will keep our interfaces consistent. Change-Id: I5ac85fa1e460b19ee2b1a9280413aebefe300845 --- puppet/manifests/overcloud_cephstorage.pp | 2 -- puppet/manifests/overcloud_compute.pp | 2 -- puppet/manifests/overcloud_controller.pp | 2 -- puppet/manifests/overcloud_controller_pacemaker.pp | 2 -- puppet/manifests/overcloud_object.pp | 2 -- puppet/manifests/overcloud_volume.pp | 2 -- puppet/services/tripleo-firewall.yaml | 19 +++++++++++++++++++ 7 files changed, 19 insertions(+), 12 deletions(-) create mode 100644 puppet/services/tripleo-firewall.yaml (limited to 'puppet') diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index 39b7aca2..2653badf 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::firewall - if hiera('step') >= 4 { hiera_include('ceph_classes', []) } diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index b8f75c9c..f96c193c 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::firewall - if hiera('step') >= 4 { hiera_include('compute_classes', []) } diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 6290cac3..25bdbfb2 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::firewall - if hiera('step') >= 4 { hiera_include('controller_classes', []) } diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index ea6130c2..d329d5fc 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::firewall - if hiera('step') >= 4 { hiera_include('controller_classes', []) } diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 428ba0f2..414a06ba 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::firewall - if hiera('step') >= 4 { hiera_include('object_classes', []) } diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index 821474dc..e1cdadd5 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -include ::tripleo::firewall - if hiera('step') >= 4 { hiera_include('volume_classes', []) } diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml new file mode 100644 index 00000000..bd87eee8 --- /dev/null +++ b/puppet/services/tripleo-firewall.yaml @@ -0,0 +1,19 @@ +heat_template_version: 2016-04-08 + +description: > + TripleO Firewall settings + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the TripleO firewall settings + value: + service_name: tripleo_firewall + step_config: | + include ::tripleo::firewall -- cgit 1.2.3-korg