From: Ben Nemec <bnemec@redhat.com>
Date: Wed, 15 Jun 2016 22:25:18 +0000 (-0500)
Subject: Allow pacemaker ports in firewall
X-Git-Tag: opnfv-6.0.0~1939^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=a4c9e1b9f64544e5be971481e2df205dc6f7634b;p=apex-tripleo-heat-templates.git

Allow pacemaker ports in firewall

This is required to allow ha deployments with ManageFirewall: True
These are the ports documented in [1].

1: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Configuring_the_Red_Hat_High_Availability_Add-On_with_Pacemaker/index.html#s1-firewalls-HAAR

Change-Id: I446cc0ed863df15e28fa8ec1f5e2a06c5c03af8c
Closes-Bug: 1594470
---

diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 7581a52c..76335943 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -297,3 +297,12 @@ tripleo::firewall::firewall_rules:
     dport:
       - 8041
       - 13041
+  '130 pacemaker tcp':
+    proto: 'tcp'
+    dport:
+      - 2224
+      - 3121
+      - 21064
+  '131 pacemaker udp':
+    proto: 'udp'
+    dport: 5405