diff --git a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml index 0e49a71c1b..be39f9d82a 100644 --- a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml +++ b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml @@ -39,12 +39,6 @@ parameters: description: Whether IPtables rules should be purged before setting up the new ones. type: boolean -conditions: - get_ctlplane_from_hiera: - equals: - - get_param: [ServiceData, net_cidr_map, ctlplane] - - Null - outputs: role_data: description: Role data for the TripleO firewall settings @@ -54,23 +48,15 @@ outputs: tripleo::firewall::manage_firewall: {get_param: ManageFirewall} tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules} tripleo::tripleo_firewall::firewall_rules: - if: - - get_ctlplane_from_hiera - - - "004 accept ssh from ctlplane subnet %{hiera('ctlplane_subnet')}": - source: "%{hiera('ctlplane_subnet')}" - proto: 'tcp' - port: 22 - - - map_merge: - repeat: - for_each: - <%net_cidr%>: {get_param: [ServiceData, net_cidr_map, ctlplane]} - template: - '003 accept ssh from ctlplane subnet <%net_cidr%>': - source: <%net_cidr%> - proto: 'tcp' - dport: 22 + map_merge: + repeat: + for_each: + <%net_cidr%>: {get_param: [ServiceData, net_cidr_map, ctlplane]} + template: + '003 accept ssh from ctlplane subnet <%net_cidr%>': + source: <%net_cidr%> + proto: 'tcp' + dport: 22 step_config: | include ::tripleo::firewall