Merge "Fix horizon firewall rules in composable roles"
This commit is contained in:
commit
0ca8882dca
|
@ -1277,6 +1277,7 @@ class tripleo::haproxy (
|
|||
use_internal_certificates => $use_internal_certificates,
|
||||
internal_certificates_specs => $internal_certificates_specs,
|
||||
service_network => $horizon_network,
|
||||
manage_firewall => $manage_firewall,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -66,6 +66,11 @@
|
|||
# fetching the certificate for that specific network.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*manage_firewall*]
|
||||
# (optional) Enable or disable firewall settings for ports exposed by HAProxy
|
||||
# (false means disabled, and true means enabled)
|
||||
# Defaults to hiera('tripleo::firewall::manage_firewall', true)
|
||||
#
|
||||
class tripleo::haproxy::horizon_endpoint (
|
||||
$internal_ip,
|
||||
$ip_addresses,
|
||||
|
@ -77,6 +82,7 @@ class tripleo::haproxy::horizon_endpoint (
|
|||
$use_internal_certificates = false,
|
||||
$internal_certificates_specs = {},
|
||||
$service_network = undef,
|
||||
$manage_firewall = hiera('tripleo::firewall::manage_firewall', true),
|
||||
) {
|
||||
# Let users override the options on a per-service basis
|
||||
$custom_options = hiera('tripleo::haproxy::horizon::options', undef)
|
||||
|
@ -158,4 +164,25 @@ class tripleo::haproxy::horizon_endpoint (
|
|||
options => union($member_options, ["cookie ${server}"]),
|
||||
}
|
||||
}
|
||||
if $manage_firewall {
|
||||
include ::tripleo::firewall
|
||||
$haproxy_horizon_firewall_rules = {
|
||||
'100 horizon_haproxy' => {
|
||||
'dport' => 80,
|
||||
},
|
||||
}
|
||||
if $public_certificate {
|
||||
$haproxy_horizon_ssl_firewall_rules = {
|
||||
'100 horizon_haproxy_ssl' => {
|
||||
'dport' => 443,
|
||||
},
|
||||
}
|
||||
} else {
|
||||
$haproxy_horizon_ssl_firewall_rules = {}
|
||||
}
|
||||
$horizon_firewall_rules = merge($haproxy_horizon_firewall_rules, $haproxy_horizon_ssl_firewall_rules)
|
||||
if !empty($horizon_firewall_rules) {
|
||||
create_resources('tripleo::firewall::rule', $horizon_firewall_rules)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue