This default setting got lots in the composable roles/services patches.
Re-enable the ManageFirewall setting by default per what we did in
git commit
73c76b867ddc8a23a30b9a3cac4031189d4178c6.
We also fix a typo in neutron-api.yaml so that the firewall rules
matches to service_name. (otherwise it won't get loaded).
Also, drops the environments/manage-firewall.yaml which is
no longer needed if we enable firewall management by default.
Change-Id: Ie198e4efd190131d0722085b10ef77da9005bc1b
Closes-bug:
1629934
+++ /dev/null
-parameter_defaults:
- ManageFirewall: true
neutron::server::notifications::password: {get_param: NovaPassword}
neutron::keystone::authtoken::project_name: 'service'
neutron::server::sync_db: true
- tripleo.neutron_server.firewall_rules:
- '114 neutron server':
+ tripleo.neutron_api.firewall_rules:
+ '114 neutron api':
dport:
- 9696
- 13696
via parameter_defaults in the resource registry.
type: json
ManageFirewall:
- default: false
+ default: true
description: Whether to manage IPtables rules.
type: boolean
PurgeFirewallRules:
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
- OS::TripleO::Services::TripleoPackages
- - OS::TripleO::Services::TripleoFirewall
+ # FIXME: This doesn't appear to have been enabled before
+ # so disabling it here until we can support it
+ #- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::NeutronSriovAgent
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::SensuClient