Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: f9c3481)
Re-enable ManageFirewall by default.
authorDan Prince <dprince@redhat.com>
Tue, 4 Oct 2016 13:59:56 +0000 (09:59 -0400)
committerEmilien Macchi <emilien@redhat.com>
Thu, 6 Oct 2016 15:08:53 +0000 (15:08 +0000)
This default setting got lots in the composable roles/services patches.

Re-enable the ManageFirewall setting by default per what we did in
git commit 73c76b867ddc8a23a30b9a3cac4031189d4178c6.

We also fix a typo in neutron-api.yaml so that the firewall rules
matches to service_name. (otherwise it won't get loaded).

Also, drops the environments/manage-firewall.yaml which is
no longer needed if we enable firewall management by default.

Change-Id: Ie198e4efd190131d0722085b10ef77da9005bc1b
Closes-bug: 1629934

environments/manage-firewall.yaml [deleted file] patch | blob | history
puppet/services/neutron-api.yaml patch | blob | history
puppet/services/tripleo-firewall.yaml patch | blob | history
roles_data.yaml patch | blob | history

diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml
deleted file mode 100644 (file)
index 5d48698..0000000
--- a/environments/manage-firewall.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-parameter_defaults:
-  ManageFirewall: true
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index 3b531ab..af77dc0 100644 (file)
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -145,8 +145,8 @@ outputs:
             neutron::server::notifications::password: {get_param: NovaPassword}
             neutron::keystone::authtoken::project_name: 'service'
             neutron::server::sync_db: true
-            tripleo.neutron_server.firewall_rules:
-              '114 neutron server':
+            tripleo.neutron_api.firewall_rules:
+              '114 neutron api':
                 dport:
                   - 9696
                   - 13696
diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml
index f6ec458..7eb3990 100644 (file)
--- a/puppet/services/tripleo-firewall.yaml
+++ b/puppet/services/tripleo-firewall.yaml
@@ -19,7 +19,7 @@ parameters:
                  via parameter_defaults in the resource registry.
     type: json
   ManageFirewall:
-    default: false
+    default: true
     description: Whether to manage IPtables rules.
     type: boolean
   PurgeFirewallRules:
diff --git a/roles_data.yaml b/roles_data.yaml
index f3b6447..23f8af4 100644 (file)
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -114,7 +114,9 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::TripleoPackages
-    - OS::TripleO::Services::TripleoFirewall
+    # FIXME: This doesn't appear to have been enabled before
+    # so disabling it here until we can support it
+    #- OS::TripleO::Services::TripleoFirewall
     - OS::TripleO::Services::NeutronSriovAgent
     - OS::TripleO::Services::OpenDaylightOvs
     - OS::TripleO::Services::SensuClient