Merge "Revert "Ensure we get a subnet for ctlplane""
This commit is contained in:
commit
6a41ccef54
@ -39,12 +39,6 @@ parameters:
|
|||||||
description: Whether IPtables rules should be purged before setting up the new ones.
|
description: Whether IPtables rules should be purged before setting up the new ones.
|
||||||
type: boolean
|
type: boolean
|
||||||
|
|
||||||
conditions:
|
|
||||||
get_ctlplane_from_hiera:
|
|
||||||
equals:
|
|
||||||
- get_param: [ServiceData, net_cidr_map, ctlplane]
|
|
||||||
- Null
|
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the TripleO firewall settings
|
description: Role data for the TripleO firewall settings
|
||||||
@ -54,23 +48,15 @@ outputs:
|
|||||||
tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
|
tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
|
||||||
tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
|
tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
|
||||||
tripleo::tripleo_firewall::firewall_rules:
|
tripleo::tripleo_firewall::firewall_rules:
|
||||||
if:
|
map_merge:
|
||||||
- get_ctlplane_from_hiera
|
repeat:
|
||||||
-
|
for_each:
|
||||||
"004 accept ssh from ctlplane subnet %{hiera('ctlplane_subnet')}":
|
<%net_cidr%>: {get_param: [ServiceData, net_cidr_map, ctlplane]}
|
||||||
source: "%{hiera('ctlplane_subnet')}"
|
template:
|
||||||
proto: 'tcp'
|
'003 accept ssh from ctlplane subnet <%net_cidr%>':
|
||||||
port: 22
|
source: <%net_cidr%>
|
||||||
-
|
proto: 'tcp'
|
||||||
map_merge:
|
dport: 22
|
||||||
repeat:
|
|
||||||
for_each:
|
|
||||||
<%net_cidr%>: {get_param: [ServiceData, net_cidr_map, ctlplane]}
|
|
||||||
template:
|
|
||||||
'003 accept ssh from ctlplane subnet <%net_cidr%>':
|
|
||||||
source: <%net_cidr%>
|
|
||||||
proto: 'tcp'
|
|
||||||
dport: 22
|
|
||||||
|
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::firewall
|
include ::tripleo::firewall
|
||||||
|
Loading…
Reference in New Issue
Block a user