remove ssh from tripleo::firewall::pre

including global ssh access in tripleo::firewall::pre makes it
difficult for the operator to control ssh access to overcloud hosts.
This removes the hardcoded rule and the accompanying change in t-h-t
configures the default firewall rules via hiera config_settings.

Depends-On: I89cff59947dda3f51482486c41a3d67c4aa36a3e
Change-Id: I14b540e6564c5b7c5d54b4f1fd5368b000744135

manifests/firewall/pre.pp

@@ -52,12 +52,6 @@ class tripleo::firewall::pre(
     tag     => 'tripleo-firewall-prerule',
   }
 
-  tripleo::firewall::rule{ '003 accept ssh':
-    dport  => '22',
-    extras => $firewall_settings,
-    tag    => 'tripleo-firewall-prerule',
-  }
-
   tripleo::firewall::rule{ '004 accept ipv6 dhcpv6':
     dport       => '546',
     proto       => 'udp',

spec/classes/tripleo_firewall_spec.rb

@@ -69,19 +69,6 @@ describe 'tripleo::firewall' do
           :state    => ['NEW'],
           :provider => 'ip6tables',
         )
-        is_expected.to contain_firewall('003 accept ssh ipv4').with(
-          :dport   => '22',
-          :proto  => 'tcp',
-          :action => 'accept',
-          :state  => ['NEW'],
-        )
-        is_expected.to contain_firewall('003 accept ssh ipv6').with(
-          :dport    => '22',
-          :proto    => 'tcp',
-          :action   => 'accept',
-          :state    => ['NEW'],
-          :provider => 'ip6tables',
-        )
       end
 
       it 'configure basic post firewall rules' do