Merge "Revert "Ensure we get a subnet for ctlplane""

This commit is contained in:
Zuul 2019-08-13 14:59:21 +00:00 committed by Gerrit Code Review
commit 6a41ccef54

View File

@ -39,12 +39,6 @@ parameters:
description: Whether IPtables rules should be purged before setting up the new ones. description: Whether IPtables rules should be purged before setting up the new ones.
type: boolean type: boolean
conditions:
get_ctlplane_from_hiera:
equals:
- get_param: [ServiceData, net_cidr_map, ctlplane]
- Null
outputs: outputs:
role_data: role_data:
description: Role data for the TripleO firewall settings description: Role data for the TripleO firewall settings
@ -54,23 +48,15 @@ outputs:
tripleo::firewall::manage_firewall: {get_param: ManageFirewall} tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules} tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
tripleo::tripleo_firewall::firewall_rules: tripleo::tripleo_firewall::firewall_rules:
if: map_merge:
- get_ctlplane_from_hiera repeat:
- for_each:
"004 accept ssh from ctlplane subnet %{hiera('ctlplane_subnet')}": <%net_cidr%>: {get_param: [ServiceData, net_cidr_map, ctlplane]}
source: "%{hiera('ctlplane_subnet')}" template:
proto: 'tcp' '003 accept ssh from ctlplane subnet <%net_cidr%>':
port: 22 source: <%net_cidr%>
- proto: 'tcp'
map_merge: dport: 22
repeat:
for_each:
<%net_cidr%>: {get_param: [ServiceData, net_cidr_map, ctlplane]}
template:
'003 accept ssh from ctlplane subnet <%net_cidr%>':
source: <%net_cidr%>
proto: 'tcp'
dport: 22
step_config: | step_config: |
include ::tripleo::firewall include ::tripleo::firewall