diff --git a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml index 63bb1852dc..9733e08d24 100644 --- a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml +++ b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml @@ -55,6 +55,53 @@ outputs: step_config: | include ::tripleo::firewall + deploy_steps_tasks: + - when: step|int == 0 + block: + - name: create iptables service + copy: + dest: /etc/systemd/system/tripleo-iptables.service + content: | + [Unit] + Description=Initialize iptables + Before=iptables.service + AssertPathExists=/etc/sysconfig/iptables + + [Service] + Type=oneshot + ExecStart=/usr/sbin/iptables -t raw -nL + Environment=BOOTUP=serial + Environment=CONSOLETYPE=serial + StandardOutput=syslog + StandardError=syslog + [Install] + WantedBy=basic.target + - name: enable tripleo-iptables service + service: + enabled: yes + name: tripleo-iptables.service + - name: create ip6tables service + copy: + dest: /etc/systemd/system/tripleo-ip6tables.service + content: | + [Unit] + Description=Initialize ip6tables + Before=ip6tables.service + AssertPathExists=/etc/sysconfig/ip6tables + + [Service] + Type=oneshot + ExecStart=/usr/sbin/ip6tables -t raw -nL + Environment=BOOTUP=serial + Environment=CONSOLETYPE=serial + StandardOutput=syslog + StandardError=syslog + [Install] + WantedBy=basic.target + - name: enable tripleo-ip6tables service + service: + enabled: yes + name: tripleo-ip6tables.service upgrade_tasks: - when: step|int == 3 block: