Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Implement Advanced Firewalling support
[apex-tripleo-heat-templates.git] / puppet / controller.yaml
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 920bd88..d3a8a93 100644 (file)
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -278,6 +278,14 @@ parameters:
     type: string
     default: 'regionOne'
     description: Keystone region for endpoint
+  ManageFirewall:
+    default: false
+    description: Whether to manage IPtables rules.
+    type: boolean
+  PurgeFirewallRules:
+    default: false
+    description: Whether IPtables rules should be purged before setting up the new ones.
+    type: boolean
   MysqlClusterUniquePart:
     description: A unique identifier of the MySQL cluster the controller is in.
     type: string
@@ -366,6 +374,10 @@ parameters:
     default: 'True'
     description: Allow automatic l3-agent failover
     type: string
+  NeutronEnableIsolatedMetadata:
+    default: 'False'
+    description: If True, DHCP provide metadata route to VM.
+    type: string
   NeutronEnableTunnelling:
     type: string
     default: "True"
@@ -712,6 +724,7 @@ resources:
         bootstack_nodeid: {get_attr: [Controller, name]}
         neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
         neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
+        neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
         haproxy_log_address: {get_param: HAProxySyslogAddress}
         heat.watch_server_url:
           list_join:
@@ -814,6 +827,8 @@ resources:
         enable_galera: {get_param: EnableGalera}
         enable_ceph_storage: {get_param: EnableCephStorage}
         enable_swift_storage: {get_param: EnableSwiftStorage}
+        manage_firewall: {get_param: ManageFirewall}
+        purge_firewall_rules: {get_param: PurgeFirewallRules}
         mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
         mysql_max_connections: {get_param: MysqlMaxConnections}
         mysql_root_password: {get_param: MysqlRootPassword}
@@ -1172,6 +1187,7 @@ resources:
                 neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
                 neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
                 neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
+                neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata}
                 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
                 neutron_flat_networks: {get_input: neutron_flat_networks}
                 neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
@@ -1268,6 +1284,9 @@ resources:
                 # Redis
                 redis::bind: {get_input: redis_network}
                 redis_vip: {get_input: redis_vip}
+                # Firewall
+                tripleo::firewall::manage_firewall: {get_input: manage_firewall}
+                tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
                 # Misc
                 memcached::listen_ip: {get_input: memcached_network}
                 neutron_public_interface_ip: {get_input: neutron_public_interface_ip}