Merge "Allow ssh from all for undercloud"
This commit is contained in:
commit
4d617a85ed
@ -65,6 +65,10 @@ parameters:
|
||||
default: 'no'
|
||||
description: Whether or not disable password authentication
|
||||
type: string
|
||||
SshFirewallAllowAll:
|
||||
default: false
|
||||
description: Set this to true to open up ssh access from all sources.
|
||||
type: boolean
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
@ -72,9 +76,18 @@ outputs:
|
||||
value:
|
||||
service_name: sshd
|
||||
config_settings:
|
||||
tripleo::profile::base::sshd::bannertext: {get_param: BannerText}
|
||||
tripleo::profile::base::sshd::motd: {get_param: MessageOfTheDay}
|
||||
tripleo::profile::base::sshd::options: {get_param: SshServerOptions}
|
||||
tripleo::profile::base::sshd::password_authentication: {get_param: PasswordAuthentication}
|
||||
map_merge:
|
||||
- tripleo::profile::base::sshd::bannertext: {get_param: BannerText}
|
||||
tripleo::profile::base::sshd::motd: {get_param: MessageOfTheDay}
|
||||
tripleo::profile::base::sshd::options: {get_param: SshServerOptions}
|
||||
tripleo::profile::base::sshd::password_authentication: {get_param: PasswordAuthentication}
|
||||
- if:
|
||||
- {get_param: SshFirewallAllowAll}
|
||||
- tripleo::sshd::firewall_rules:
|
||||
'003 accept ssh from all':
|
||||
proto: 'tcp'
|
||||
dport: 22
|
||||
- null
|
||||
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::sshd
|
||||
|
@ -44,6 +44,10 @@ parameter_defaults:
|
||||
# Type: string
|
||||
SoftwareConfigTransport: POLL_SERVER_HEAT
|
||||
|
||||
# Set this to true to open up ssh access from all sources.
|
||||
# Type: boolean
|
||||
SshFirewallAllowAll: True
|
||||
|
||||
# Heat action on performed top-level stack. Note StackUpdateType is set to UPGRADE when a major-version upgrade is in progress.
|
||||
# Mandatory. This parameter must be set by the user.
|
||||
# Type: string
|
||||
|
@ -156,3 +156,4 @@ parameter_defaults:
|
||||
# TODO(emilien) Remove when Keepalived 2.0.6 is out
|
||||
# https://bugs.launchpad.net/tripleo/+bug/1791238
|
||||
KeepalivedRestart: true
|
||||
SshFirewallAllowAll: true
|
||||
|
@ -34,6 +34,9 @@ environments:
|
||||
deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml:
|
||||
parameters:
|
||||
- EnablePackageInstall
|
||||
deployment/sshd/sshd-baremetal-puppet.yaml:
|
||||
parameters:
|
||||
- SshFirewallAllowAll
|
||||
# TODO(aschultz): hack to pull in this config transport, not sure it is
|
||||
# still neded.
|
||||
puppet/controller-role.yaml:
|
||||
@ -51,6 +54,7 @@ environments:
|
||||
SoftwareConfigTransport: POLL_SERVER_HEAT
|
||||
EnablePackageInstall: true
|
||||
SwiftReplicas: 1
|
||||
SshFirewallAllowAll: true
|
||||
resource_registry:
|
||||
# this network config is assumed by the tripleo deploy command
|
||||
OS::TripleO::Network::Ports::RedisVipPort: ../../network/ports/noop.yaml
|
||||
|
Loading…
x
Reference in New Issue
Block a user