X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Ftripleo-firewall.yaml;h=18835255f9f231b86ab22373f6afc499eaf5884f;hb=refs%2Fheads%2Fmaster;hp=67e14d9c3bb26048398f826affbbe2a921dd5709;hpb=2da6d7f1c2f5be486f78afc28ba5d0517fe0d954;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml
index 67e14d9c..18835255 100644
--- a/puppet/services/tripleo-firewall.yaml
+++ b/puppet/services/tripleo-firewall.yaml
@@ -1,9 +1,13 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   TripleO Firewall settings
 
 parameters:
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -13,6 +17,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -37,3 +49,9 @@ outputs:
         tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
       step_config: |
         include ::tripleo::firewall
+      upgrade_tasks:
+        - name: blank ipv6 rule before activating ipv6 firewall.
+          tags: step3
+          shell: cat /etc/sysconfig/ip6tables > /etc/sysconfig/ip6tables.n-o-upgrade; cat</dev/null>/etc/sysconfig/ip6tables
+          args:
+            creates: /etc/sysconfig/ip6tables.n-o-upgrade