f6dd406621
From now on, tripleo_nftables will use a directory containing rules snippets instead of a parameter. This will allow to push snippets from other roles during the deploy, and then configure the firewall. We therefore add two new modules: - tripleo_nftables_snippet: creates files with the relevant content, as YAML - tripleo_nftables_from_files: gather snippets, merge the contents, sorts the rules and pass the whole list to its output. The tripleo_firewall role is now creating a snippet based on the current parameter, so that we're still 100% compatible with tripleo-heat-templates way of pushing things in. This new usage is especially interesting for the standalone roles/playbooks deploy, since each service role will just need to: - ensure the destination directory exists - push its rule snippet in there, in the tripleo_nftables format, in YAML - call the "configure.yaml" from tripleo_nftables in order to get the rules added/processed (and, eventually, the playbook will call the run.yaml to apply things) Depends-On: https://review.opendev.org/c/openstack/tripleo-ansible/+/864392 Change-Id: I38deaff740b2fcdcd7bc74ce81a2164121de11af |
||
---|---|---|
.. | ||
defaults | ||
meta | ||
molecule/nftables | ||
tasks | ||
vars |