enable-logging-suspicious-packets-d5545586f917d2ca.yaml « notes « releasenotes - apex-tripleo-heat-templates - Unnamed repository

Linux Foundation Collaborative Projects

summary refs log tree commit diff stats

path: root/releasenotes/notes/enable-logging-suspicious-packets-d5545586f917d2ca.yaml

blob: bb2543f2aeaf5e1cfea7c57800564dd53e833a5c (plain)

---
upgrade:
  - |
    The net.ipv4.conf.default.log_martians & net.ipv4.conf.all.log_martians are
    now set to 1 to enable logging of suspicious packets.
security:
  - |
    Logging of suspicious packets allows an administrator to investigate the
    spoofed packets sent to their system.

© 2015 Open Platform for NFV Project, Inc., a Linux Foundation Collaborative Project. All Rights Reserved.

Open Platform for NFV and OPNFV are trademarks of the Open Platform for NFV Project, Inc.

Linux Foundation is a registered trademark of The Linux Foundation. Linux is a registered trademark of Linus Torvalds.

Please see our terms of use, trademark policy, and privacy policy.

tring.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ }

heat_template_version: ocata

description: >
  OpenStack containerized Zaqar services

parameters:
  DockerNamespace:
    description: namespace
    default: 'tripleoupstream'
    type: string
  DockerZaqarImage:
    description: image
    default: 'centos-binary-zaqar:latest'
    type: string
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json

resources:

  ZaqarBase:
    type: ../../puppet/services/zaqar.yaml
    properties:
      EndpointMap: {get_param: EndpointMap}
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}

outputs:
  role_data:
    description: Role data for the Zaqar API role.
    value:
      service_name: {get_attr: [ZaqarBase, role_data, service_name]}
      config_settings: {get_attr: [ZaqarBase, role_data, config_settings]}
      step_config: &step_config
       get_attr: [ZaqarBase, role_data, step_config]
      service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]}
      # BEGIN DOCKER SETTINGS
      puppet_config:
        config_volume: zaqar
        puppet_tags: zaqar_config
        step_config: *step_config
        config_image: &zaqar_image
          list_join:
            - '/'
            - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ]
      kolla_config:
        /var/lib/kolla/config_files/zaqar.json:
          command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf
          config_files:
          - dest: /etc/zaqar/zaqar.conf
            owner: zaqar
            perm: '0640'
            source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf
        /var/lib/kolla/config_files/zaqar_websocket.json:
          command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf
          config_files:
          - dest: /etc/zaqar/zaqar.conf
            owner: zaqar
            perm: '0640'
            source: /var/lib/kolla/config_files/src/etc/zaqar/zaqar.conf
          - dest: /etc/zaqar/1.conf
            owner: zaqar
            perm: '0640'
            source: /var/lib/kolla/config_files/src/etc/zaqar/1.conf
      docker_config:
        step_4:
          zaqar:
            image: *zaqar_image
            net: host
            privileged: false
            restart: always
            volumes:
              - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
              - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro
              - /etc/hosts:/etc/hosts:ro
              - /etc/localtime:/etc/localtime:ro
            environment:
              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
          zaqar_websocket:
            image: *zaqar_image
            net: host
            privileged: false
            restart: always
            volumes:
              - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro
              - /var/lib/config-data/zaqar/:/var/lib/kolla/config_files/src:ro
              - /etc/hosts:/etc/hosts:ro
              - /etc/localtime:/etc/localtime:ro
            environment:
              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
      upgrade_tasks:
        - name: Stop and disable zaqar service
          tags: step2
          service: name=openstack-zaqar.service state=stopped enabled=no

© 2015 Open Platform for NFV Project, Inc., a Linux Foundation Collaborative Project. All Rights Reserved.

Open Platform for NFV and OPNFV are trademarks of the Open Platform for NFV Project, Inc.

Linux Foundation is a registered trademark of The Linux Foundation. Linux is a registered trademark of Linus Torvalds.

Please see our terms of use, trademark policy, and privacy policy.