Use correct manage_firewall hieradata
authorBen Nemec <bnemec@redhat.com>
Mon, 3 Apr 2017 14:04:47 +0000 (14:04 +0000)
committerBen Nemec <bnemec@redhat.com>
Mon, 3 Apr 2017 14:04:47 +0000 (14:04 +0000)
The manage_firewall hieradata was moved to
tripleo::firewall::manage_firewall but some of the references to it
were not updated, which makes it impossible to completely disable
the firewall rules.

Change-Id: I5f40f3b8b07bd312cce862aa319b8a1ef331ee49
Closes-Bug: 1679189

manifests/haproxy.pp
manifests/haproxy/endpoint.pp

index 92edd71..5712f9f 100644 (file)
@@ -1377,7 +1377,7 @@ class tripleo::haproxy (
       server_names      => hiera('mysql_node_names', $controller_hosts_names_real),
       options           => $mysql_member_options_real,
     }
-    if hiera('manage_firewall', true) {
+    if hiera('tripleo::firewall::manage_firewall', true) {
       include ::tripleo::firewall
       $mysql_firewall_rules = {
         '100 mysql_haproxy' => {
@@ -1462,7 +1462,7 @@ class tripleo::haproxy (
       server_names      => hiera('redis_node_names', $controller_hosts_names_real),
       options           => $haproxy_member_options,
     }
-    if hiera('manage_firewall', true) {
+    if hiera('tripleo::firewall::manage_firewall', true) {
       include ::tripleo::firewall
       $redis_firewall_rules = {
         '100 redis_haproxy' => {
index da2aba3..16e0bd1 100644 (file)
@@ -147,7 +147,7 @@ define tripleo::haproxy::endpoint (
     server_names      => $server_names,
     options           => $member_options,
   }
-  if hiera('manage_firewall', true) {
+  if hiera('tripleo::firewall::manage_firewall', true) {
     include ::tripleo::firewall
     # This block will construct firewall rules only when we specify
     # a port for the regular service and also the ssl port for the service.