X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Ftripleo-firewall.yaml;h=f6ec458f4338349585dc4d87c23f06d93c587773;hb=dc9c4c2ad9f8ee08d3b97f09641f580bb32c1592;hp=eb7c58ac9d18e11581ef19d23344263cc49ebb2c;hpb=9b2281f8de84e730910342d40b12e37886203087;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml
index eb7c58ac..f6ec458f 100644
--- a/puppet/services/tripleo-firewall.yaml
+++ b/puppet/services/tripleo-firewall.yaml
@@ -10,16 +10,30 @@ parameters:
                  via parameter_defaults in the resource registry.  This
                  mapping overrides those in ServiceNetMapDefaults.
     type: json
+  DefaultPasswords:
+    default: {}
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  ManageFirewall:
+    default: false
+    description: Whether to manage IPtables rules.
+    type: boolean
+  PurgeFirewallRules:
+    default: false
+    description: Whether IPtables rules should be purged before setting up the new ones.
+    type: boolean
 
 outputs:
   role_data:
     description: Role data for the TripleO firewall settings
     value:
       service_name: tripleo_firewall
+      config_settings:
+        tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
+        tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
       step_config: |
         include ::tripleo::firewall