Merge "Revert "Ensure we get a subnet for ctlplane""

2019-08-13 14:59:21 +00:00 · 2019-08-13 14:59:21 +00:00 · 6a41ccef54
commit 6a41ccef54
parent 46f7644278 eb4b4a5489
1 changed files with 9 additions and 23 deletions
--- a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
+++ b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
@ -39,12 +39,6 @@ parameters:
    description: Whether IPtables rules should be purged before setting up the new ones.
    type: boolean

-conditions:
-  get_ctlplane_from_hiera:
-    equals:
-      - get_param: [ServiceData, net_cidr_map, ctlplane]
-      - Null
-
 outputs:
  role_data:
    description: Role data for the TripleO firewall settings
@ -54,23 +48,15 @@ outputs:
        tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
        tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
        tripleo::tripleo_firewall::firewall_rules:
-          if:
-            - get_ctlplane_from_hiera
-            -
-              "004 accept ssh from ctlplane subnet %{hiera('ctlplane_subnet')}":
-                source: "%{hiera('ctlplane_subnet')}"
-                proto: 'tcp'
-                port: 22
-            -
-              map_merge:
-                repeat:
-                  for_each:
-                    <%net_cidr%>: {get_param: [ServiceData, net_cidr_map, ctlplane]}
-                  template:
-                    '003 accept ssh from ctlplane subnet <%net_cidr%>':
-                      source: <%net_cidr%>
-                      proto: 'tcp'
-                      dport: 22
+          map_merge:
+            repeat:
+              for_each:
+                <%net_cidr%>: {get_param: [ServiceData, net_cidr_map, ctlplane]}
+              template:
+                '003 accept ssh from ctlplane subnet <%net_cidr%>':
+                  source: <%net_cidr%>
+                  proto: 'tcp'
+                  dport: 22

      step_config: |
        include ::tripleo::firewall