Add tripleo-firewall composable service

author Dan Prince <dprince@redhat.com>

Mon, 15 Aug 2016 19:24:06 +0000 (15:24 -0400)

committer Dan Prince <dprince@redhat.com>

Wed, 17 Aug 2016 12:25:39 +0000 (08:25 -0400)
author Dan Prince <dprince@redhat.com>
Mon, 15 Aug 2016 19:24:06 +0000 (15:24 -0400)
committer Dan Prince <dprince@redhat.com>
Wed, 17 Aug 2016 12:25:39 +0000 (08:25 -0400)
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml

index 10d4b25..ca3c3cd 100644 (file)
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -212,6 +212,7 @@ resource_registry:
    OS::TripleO::Services::IronicConductor: OS::Heat::None
    OS::TripleO::Services::NovaIronic: OS::Heat::None
    OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml
+  OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml
  
  parameter_defaults:
    EnablePackageInstall: false
diff --git a/overcloud.yaml b/overcloud.yaml

index e873485..d96fd68 100644 (file)
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -171,6 +171,7 @@ parameters:
        - OS::TripleO::Services::IronicConductor
        - OS::TripleO::Services::NovaIronic
        - OS::TripleO::Services::TripleoPackages
+      - OS::TripleO::Services::TripleoFirewall
      description: A list of service resources (configured in the Heat
                   resource_registry) which represent nested stacks
                   for each service that should get installed on the Controllers.
@@ -192,6 +193,7 @@ parameters:
        - OS::TripleO::Services::ComputeNeutronL3Agent
        - OS::TripleO::Services::ComputeNeutronMetadataAgent
        - OS::TripleO::Services::TripleoPackages
+      - OS::TripleO::Services::TripleoFirewall
      description: A list of service resources (configured in the Heat
                   resource_registry) which represent nested stacks
                   for each service that should get installed on the Compute Nodes.
@@ -215,6 +217,7 @@ parameters:
        - OS::TripleO::Services::Timezone
        - OS::TripleO::Services::Snmp
        - OS::TripleO::Services::TripleoPackages
+      - OS::TripleO::Services::TripleoFirewall
      description: A list of service resources (configured in the Heat
                   resource_registry) which represent nested stacks
                   for each service that should get installed on the BlockStorage nodes.
@@ -239,6 +242,7 @@ parameters:
        - OS::TripleO::Services::Snmp
        - OS::TripleO::Services::Timezone
        - OS::TripleO::Services::TripleoPackages
+      - OS::TripleO::Services::TripleoFirewall
      description: A list of service resources (configured in the Heat
                   resource_registry) which represent nested stacks
                   for each service that should get installed on the ObjectStorage nodes.
@@ -263,6 +267,7 @@ parameters:
        - OS::TripleO::Services::Ntp
        - OS::TripleO::Services::Timezone
        - OS::TripleO::Services::TripleoPackages
+      - OS::TripleO::Services::TripleoFirewall
      description: A list of service resources (configured in the Heat
                   resource_registry) which represent nested stacks
                   for each service that should get installed on the CephStorage nodes.
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp

index 39b7aca..2653bad 100644 (file)
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ b/puppet/manifests/overcloud_cephstorage.pp
@@ -13,8 +13,6 @@
  # License for the specific language governing permissions and limitations
  # under the License.
  
-include ::tripleo::firewall
-
  if hiera('step') >= 4 {
    hiera_include('ceph_classes', [])
  }
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp

index b8f75c9..f96c193 100644 (file)
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -13,8 +13,6 @@
  # License for the specific language governing permissions and limitations
  # under the License.
  
-include ::tripleo::firewall
-
  if hiera('step') >= 4 {
    hiera_include('compute_classes', [])
  }
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp

index 6290cac..25bdbfb 100644 (file)
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -13,8 +13,6 @@
  # License for the specific language governing permissions and limitations
  # under the License.
  
-include ::tripleo::firewall
-
  if hiera('step') >= 4 {
    hiera_include('controller_classes', [])
  }
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp

index ea6130c..d329d5f 100644 (file)
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -13,8 +13,6 @@
  # License for the specific language governing permissions and limitations
  # under the License.
  
-include ::tripleo::firewall
-
  if hiera('step') >= 4 {
    hiera_include('controller_classes', [])
  }
diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp

index 428ba0f..414a06b 100644 (file)
--- a/puppet/manifests/overcloud_object.pp
+++ b/puppet/manifests/overcloud_object.pp
@@ -13,8 +13,6 @@
  # License for the specific language governing permissions and limitations
  # under the License.
  
-include ::tripleo::firewall
-
  if hiera('step') >= 4 {
    hiera_include('object_classes', [])
  }
diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp

index 821474d..e1cdadd 100644 (file)
--- a/puppet/manifests/overcloud_volume.pp
+++ b/puppet/manifests/overcloud_volume.pp
@@ -13,8 +13,6 @@
  # License for the specific language governing permissions and limitations
  # under the License.
  
-include ::tripleo::firewall
-
  if hiera('step') >= 4 {
    hiera_include('volume_classes', [])
  }
diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml

new file mode 100644 (file)

index 0000000..bd87eee
--- /dev/null
+++ b/puppet/services/tripleo-firewall.yaml
@@ -0,0 +1,19 @@
+heat_template_version: 2016-04-08
+
+description: >
+  TripleO Firewall settings
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+outputs:
+  role_data:
+    description: Role data for the TripleO firewall settings
+    value:
+      service_name: tripleo_firewall
+      step_config: |
+        include ::tripleo::firewall
author	Dan Prince <dprince@redhat.com>
	Mon, 15 Aug 2016 19:24:06 +0000 (15:24 -0400)
committer	Dan Prince <dprince@redhat.com>
	Wed, 17 Aug 2016 12:25:39 +0000 (08:25 -0400)
overcloud-resource-registry-puppet.yaml		patch \| blob \| history
overcloud.yaml		patch \| blob \| history
puppet/manifests/overcloud_cephstorage.pp		patch \| blob \| history
puppet/manifests/overcloud_compute.pp		patch \| blob \| history
puppet/manifests/overcloud_controller.pp		patch \| blob \| history
puppet/manifests/overcloud_controller_pacemaker.pp		patch \| blob \| history
puppet/manifests/overcloud_object.pp		patch \| blob \| history
puppet/manifests/overcloud_volume.pp		patch \| blob \| history
puppet/services/tripleo-firewall.yaml	[new file with mode: 0644]	patch \| blob