diff --git a/ci/environments/multinode-core.yaml b/ci/environments/multinode-core.yaml index 523cf1c995..f34cef3777 100644 --- a/ci/environments/multinode-core.yaml +++ b/ci/environments/multinode-core.yaml @@ -31,7 +31,7 @@ outputs: value: service_name: multinode_core config_settings: - tripleo.core.firewall_rules: + tripleo::core::firewall_rules: '999 core': proto: 'udp' dport: diff --git a/deployment/timesync/chrony-ansible.yaml b/deployment/timesync/chrony-ansible.yaml index 9b2af857f4..063b078b9f 100644 --- a/deployment/timesync/chrony-ansible.yaml +++ b/deployment/timesync/chrony-ansible.yaml @@ -107,7 +107,7 @@ outputs: value: service_name: chrony config_settings: - tripleo.ntp.firewall_rules: + tripleo::ntp::firewall_rules: '105 ntp': dport: 123 proto: udp diff --git a/docker/services/ceph-ansible/ceph-mds.yaml b/docker/services/ceph-ansible/ceph-mds.yaml index 62fa0614bb..e6d6ade688 100644 --- a/docker/services/ceph-ansible/ceph-mds.yaml +++ b/docker/services/ceph-ansible/ceph-mds.yaml @@ -104,7 +104,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_mds.firewall_rules: + - tripleo::ceph_mds::firewall_rules: '112 ceph_mds': dport: - '6800-7300' diff --git a/docker/services/ceph-ansible/ceph-mgr.yaml b/docker/services/ceph-ansible/ceph-mgr.yaml index 77af06f340..3a8ac71873 100644 --- a/docker/services/ceph-ansible/ceph-mgr.yaml +++ b/docker/services/ceph-ansible/ceph-mgr.yaml @@ -79,7 +79,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_mgr.firewall_rules: + - tripleo::ceph_mgr::firewall_rules: '113 ceph_mgr': dport: - '6800-7300' diff --git a/docker/services/ceph-ansible/ceph-mon.yaml b/docker/services/ceph-ansible/ceph-mon.yaml index 8cb0fe2c10..5020fedf31 100644 --- a/docker/services/ceph-ansible/ceph-mon.yaml +++ b/docker/services/ceph-ansible/ceph-mon.yaml @@ -97,7 +97,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_mon.firewall_rules: + - tripleo::ceph_mon::firewall_rules: '110 ceph_mon': dport: - 6789 diff --git a/docker/services/ceph-ansible/ceph-nfs.yaml b/docker/services/ceph-ansible/ceph-nfs.yaml index e30f540eb8..ae6e9df5e2 100644 --- a/docker/services/ceph-ansible/ceph-nfs.yaml +++ b/docker/services/ceph-ansible/ceph-nfs.yaml @@ -92,7 +92,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_nfs.firewall_rules: + - tripleo::ceph_nfs::firewall_rules: '120 ceph_nfs': dport: # We support only NFS 4.1 to start diff --git a/docker/services/ceph-ansible/ceph-osd.yaml b/docker/services/ceph-ansible/ceph-osd.yaml index 5a344f82fb..98a3aa8dce 100644 --- a/docker/services/ceph-ansible/ceph-osd.yaml +++ b/docker/services/ceph-ansible/ceph-osd.yaml @@ -93,7 +93,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_osd.firewall_rules: + - tripleo::ceph_osd::firewall_rules: '111 ceph_osd': dport: - '6800-7300' diff --git a/docker/services/ceph-ansible/ceph-rbdmirror.yaml b/docker/services/ceph-ansible/ceph-rbdmirror.yaml index 16e72d8c80..3cc5315687 100644 --- a/docker/services/ceph-ansible/ceph-rbdmirror.yaml +++ b/docker/services/ceph-ansible/ceph-rbdmirror.yaml @@ -106,7 +106,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_rbdmirror.firewall_rules: + - tripleo::ceph_rbdmirror::firewall_rules: '114 ceph_rbdmirror': dport: - '6800-7300' diff --git a/docker/services/ceph-ansible/ceph-rgw.yaml b/docker/services/ceph-ansible/ceph-rgw.yaml index 9ebbebc709..4645050a5c 100644 --- a/docker/services/ceph-ansible/ceph-rgw.yaml +++ b/docker/services/ceph-ansible/ceph-rgw.yaml @@ -90,7 +90,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_rgw.firewall_rules: + - tripleo::ceph_rgw::firewall_rules: '122 ceph rgw': dport: {get_param: [EndpointMap, CephRgwInternal, port]} - {} diff --git a/docker/services/designate-api.yaml b/docker/services/designate-api.yaml index 5b708032b9..d1793d9845 100644 --- a/docker/services/designate-api.yaml +++ b/docker/services/designate-api.yaml @@ -92,7 +92,7 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} tripleo::profile::base::designate::api::listen_port: 9001 - tripleo.designate_api.firewall_rules: + tripleo::designate_api::firewall_rules: '139 designate api': dport: - 9001 diff --git a/docker/services/messaging/rpc-qdrouterd.yaml b/docker/services/messaging/rpc-qdrouterd.yaml index 6428177d4c..fe5d63fcfc 100644 --- a/docker/services/messaging/rpc-qdrouterd.yaml +++ b/docker/services/messaging/rpc-qdrouterd.yaml @@ -61,7 +61,7 @@ outputs: config_settings: map_merge: - {get_attr: [QdrouterdBase, role_data, config_settings]} - - tripleo.oslo_messaging_rpc.firewall_rules: + - tripleo::oslo_messaging_rpc::firewall_rules: '109 qdrouterd': dport: - 5672 diff --git a/docker/services/metrics/qdr.yaml b/docker/services/metrics/qdr.yaml index b121509466..74e24a6b72 100644 --- a/docker/services/metrics/qdr.yaml +++ b/docker/services/metrics/qdr.yaml @@ -132,7 +132,7 @@ outputs: tripleo_fluentd_sources_metrics_qdr: - {get_param: MetricsQdrLoggingSource} config_settings: - tripleo.metrics_qdr.firewall_rules: + tripleo::metrics_qdr::firewall_rules: '109 metrics qdr': dport: - {get_param: MetricsQdrPort} diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml index bf3858795d..764e85b752 100644 --- a/docker/services/nova-metadata.yaml +++ b/docker/services/nova-metadata.yaml @@ -84,7 +84,7 @@ outputs: - get_attr: [NovaMetadataBase, role_data, config_settings] - get_attr: [NovaMetadataLogging, config_settings] - apache::default_vhost: false - - tripleo.nova_metadata.firewall_rules: + - tripleo::nova_metadata::firewall_rules: if: - need_metadata_nat_rule - '144 undercloud metadata nat': diff --git a/docker/services/novajoin.yaml b/docker/services/novajoin.yaml index 665c198e1f..5326edb3ea 100644 --- a/docker/services/novajoin.yaml +++ b/docker/services/novajoin.yaml @@ -112,7 +112,7 @@ outputs: nova::metadata::novajoin::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} nova::metadata::novajoin::authtoken::password: {get_param: NovajoinPassword} nova::metadata::novajoin::authtoken::project_name: 'service' - tripleo.novajoin.firewall_rules: + tripleo::novajoin::firewall_rules: '119 novajoin': dport: - 9090 diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml index 2a189c62bf..39e38451b9 100644 --- a/docker/services/pacemaker/clustercheck.yaml +++ b/docker/services/pacemaker/clustercheck.yaml @@ -45,7 +45,7 @@ resources: type: ../containers-common.yaml # We import from the corresponding docker service because otherwise we risk -# rewriting the tripleo.mysql.firewall_rules key with the baremetal firewall +# rewriting the tripleo::mysql::firewall_rules key with the baremetal firewall # rules (see LP#1728918) MysqlPuppetBase: type: ../../../docker/services/pacemaker/database/mysql.yaml diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index cf54c3c994..81e83a4891 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -102,7 +102,7 @@ outputs: expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - 'pcmklatest' tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 - tripleo.mysql.firewall_rules: + tripleo::mysql::firewall_rules: '104 mysql galera-bundle': dport: - 873 diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index f8b1c2a4e8..81260f271c 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -98,7 +98,7 @@ outputs: expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - 'pcmklatest' tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 - tripleo.redis.firewall_rules: + tripleo::redis::firewall_rules: '108 redis-bundle': dport: - 3124 diff --git a/docker/services/pacemaker/notify-rabbitmq.yaml b/docker/services/pacemaker/notify-rabbitmq.yaml index 89b3023135..fafd2e96ef 100644 --- a/docker/services/pacemaker/notify-rabbitmq.yaml +++ b/docker/services/pacemaker/notify-rabbitmq.yaml @@ -92,7 +92,7 @@ outputs: expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - 'pcmklatest' tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 - tripleo.oslo_messaging_notify.firewall_rules: + tripleo::oslo_messaging_notify::firewall_rules: '109 rabbitmq-bundle': dport: - 3122 diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index 26d253ecb9..11b7564bd7 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -91,7 +91,7 @@ outputs: expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - 'pcmklatest' tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 - tripleo.rabbitmq.firewall_rules: + tripleo::rabbitmq::firewall_rules: '109 rabbitmq-bundle': dport: - 3122 diff --git a/docker/services/pacemaker/rpc-rabbitmq.yaml b/docker/services/pacemaker/rpc-rabbitmq.yaml index d1c80342d2..a15880a4bf 100644 --- a/docker/services/pacemaker/rpc-rabbitmq.yaml +++ b/docker/services/pacemaker/rpc-rabbitmq.yaml @@ -92,7 +92,7 @@ outputs: expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - 'pcmklatest' tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 - tripleo.oslo_messaging_rpc.firewall_rules: + tripleo::oslo_messaging_rpc::firewall_rules: '109 rabbitmq-bundle': dport: - 3122 diff --git a/extraconfig/services/ipsec.yaml b/extraconfig/services/ipsec.yaml index 608e4d5f02..dc1f099d58 100644 --- a/extraconfig/services/ipsec.yaml +++ b/extraconfig/services/ipsec.yaml @@ -45,7 +45,7 @@ outputs: value: service_name: ipsec config_settings: - tripleo.ipsec.firewall_rules: + tripleo::ipsec::firewall_rules: '100 IPSEC IKE INPUT': dport: 500 sport: 500 diff --git a/extraconfig/services/kubernetes-master.yaml b/extraconfig/services/kubernetes-master.yaml index ab6f4c55aa..a554e7f0e6 100644 --- a/extraconfig/services/kubernetes-master.yaml +++ b/extraconfig/services/kubernetes-master.yaml @@ -44,7 +44,7 @@ outputs: value: service_name: kubernetes_master config_settings: - tripleo.kubernetes_master.firewall_rules: + tripleo::kubernetes_master::firewall_rules: '200 kubernetes-master api': dport: 6443 proto: tcp diff --git a/extraconfig/services/kubernetes-worker.yaml b/extraconfig/services/kubernetes-worker.yaml index 2667288c76..1d14fecf01 100644 --- a/extraconfig/services/kubernetes-worker.yaml +++ b/extraconfig/services/kubernetes-worker.yaml @@ -42,7 +42,7 @@ outputs: # kubernetes-master service template. service_name: kubernetes_worker config_settings: - tripleo.kubernetes_worker.firewall_rules: + tripleo::kubernetes_worker::firewall_rules: '200 kubernetes-worker kubelet': dport: - 10250 diff --git a/extraconfig/services/skydive-analyzer.yaml b/extraconfig/services/skydive-analyzer.yaml index 27f715aa5a..2fdc8bfcb7 100644 --- a/extraconfig/services/skydive-analyzer.yaml +++ b/extraconfig/services/skydive-analyzer.yaml @@ -63,7 +63,7 @@ outputs: step_config: '' docker_config: {} config_settings: - tripleo.skydive_analyzer.firewall_rules: + tripleo::skydive_analyzer::firewall_rules: '150 skydive_analyzer': dport: 8082 proto: tcp diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 90cdd0d939..92dfae9b65 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -91,7 +91,7 @@ outputs: aodh::api::enable_proxy_headers_parsing: true aodh::api::gnocchi_external_project_owner: {get_param: GnocchiExternalProject} aodh::policy::policies: {get_param: AodhApiPolicies} - tripleo.aodh_api.firewall_rules: + tripleo::aodh_api::firewall_rules: '128 aodh-api': dport: - 8042 diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 967293142a..97006a9a1f 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -156,7 +156,7 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - tripleo.barbican_api.firewall_rules: + tripleo::barbican_api::firewall_rules: '117 barbican': dport: - 9311 diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 6050723d89..06291e8093 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -127,7 +127,7 @@ outputs: DEFAULT/swift_catalog_info: value: 'object-store:swift:internalURL' tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge} - tripleo.cinder_api.firewall_rules: + tripleo::cinder_api::firewall_rules: '119 cinder': dport: - 8776 diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index 42248a1008..b2ae6d9f3a 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -174,7 +174,7 @@ outputs: tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools: {get_param: CinderRbdExtraPools} tripleo::profile::base::cinder::volume::rbd::cinder_rbd_secret_uuid: {get_param: CephClusterFSID} tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} - tripleo.cinder_volume.firewall_rules: + tripleo::cinder_volume::firewall_rules: '120 iscsi initiator': dport: 3260 # NOTE: bind IP is found in hiera replacing the network name with the local node IP diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 8531daed14..8b111527d3 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -132,7 +132,7 @@ outputs: - '%' - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} congress::policy::policies: {get_param: CongressPolicies} - tripleo.congress.firewall_rules: + tripleo::congress::firewall_rules: '113 congress': dport: - 1789 diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index 2ab101ba77..e0a8acd7a2 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -79,7 +79,7 @@ outputs: - tripleo::profile::base::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]} tripleo::profile::base::database::mongodb::memory_limit: {get_param: MongodbMemoryLimit} mongodb::server::service_manage: True - tripleo.mongodb.firewall_rules: + tripleo::mongodb::firewall_rules: '101 mongodb_config': dport: 27019 '102 mongodb_sharding': diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 25b0d341cf..4295be5503 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -83,7 +83,7 @@ outputs: mysql::server::package_name: 'mariadb-galera-server' mysql::server::manage_config_file: true mysql_ipv6: {get_param: MysqlIPv6} - tripleo.mysql.firewall_rules: + tripleo::mysql::firewall_rules: '104 mysql galera': dport: - 873 diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index 9dc51e8ba4..76dc81be46 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -58,7 +58,7 @@ outputs: config_settings: map_merge: - get_attr: [RedisBase, role_data, config_settings] - - tripleo.redis.firewall_rules: + - tripleo::redis::firewall_rules: '108 redis': dport: - 6379 diff --git a/puppet/services/designate-api.yaml b/puppet/services/designate-api.yaml index 93eef9e1a1..b7d234a335 100644 --- a/puppet/services/designate-api.yaml +++ b/puppet/services/designate-api.yaml @@ -90,7 +90,7 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} tripleo::profile::base::designate::api::listen_port: 9001 - tripleo.designate_api.firewall_rules: + tripleo::designate_api::firewall_rules: '139 designate api': dport: - 9001 diff --git a/puppet/services/designate-mdns.yaml b/puppet/services/designate-mdns.yaml index ae7e9968ed..0ae8cb74d0 100644 --- a/puppet/services/designate-mdns.yaml +++ b/puppet/services/designate-mdns.yaml @@ -79,7 +79,7 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - tripleo.designate_mdns.firewall_rules: + tripleo::designate_mdns::firewall_rules: '142 designate_mdns udp': proto: 'udp' dport: diff --git a/puppet/services/designate-worker.yaml b/puppet/services/designate-worker.yaml index 3d195c8d85..446882d851 100644 --- a/puppet/services/designate-worker.yaml +++ b/puppet/services/designate-worker.yaml @@ -105,7 +105,7 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} - tripleo.designate_worker.firewall_rules: + tripleo::designate_worker::firewall_rules: '140 designate_worker udp': proto: 'udp' dport: diff --git a/puppet/services/docker-registry.yaml b/puppet/services/docker-registry.yaml index 7cec328c87..e0c13ee307 100644 --- a/puppet/services/docker-registry.yaml +++ b/puppet/services/docker-registry.yaml @@ -44,7 +44,7 @@ outputs: value: service_name: docker_registry config_settings: - tripleo.docker_registry.firewall_rules: + tripleo::docker_registry::firewall_rules: '155 docker-registry': dport: - 8787 diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index c9988e5310..d1c713ff27 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -99,7 +99,7 @@ outputs: config_settings: map_merge: - get_attr: [TLSProxyBase, role_data, config_settings] - - tripleo.ec2_api.firewall_rules: + - tripleo::ec2_api::firewall_rules: '113 ec2_api': dport: - 8788 diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml index 31c78f258c..005b34297c 100644 --- a/puppet/services/etcd.yaml +++ b/puppet/services/etcd.yaml @@ -75,7 +75,7 @@ outputs: tripleo::profile::base::etcd::peer_port: '2380' etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken} etcd::manage_package: false - tripleo.etcd.firewall_rules: + tripleo::etcd::firewall_rules: '141 etcd': dport: - 2379 diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 70aca6d639..aec7bdf77c 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -246,7 +246,7 @@ outputs: - {get_param: Debug } - {get_param: GlanceDebug } glance::policy::policies: {get_param: GlanceApiPolicies} - tripleo.glance_api.firewall_rules: + tripleo::glance_api::firewall_rules: '112 glance_api': dport: - 9292 diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index b0f6c6dc11..647e955954 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -114,7 +114,7 @@ outputs: - {} - gnocchi::cors::allowed_origin: {get_param: GnocchiCorsAllowedOrigin} gnocchi::api::middlewares: 'oslo_middleware.cors.CORS' - - tripleo.gnocchi_api.firewall_rules: + - tripleo::gnocchi_api::firewall_rules: '129 gnocchi-api': dport: - 8041 diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index c2889a4353..13aac91fd4 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -54,7 +54,7 @@ outputs: config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] - - tripleo.gnocchi_statsd.firewall_rules: + - tripleo::gnocchi_statsd::firewall_rules: '140 gnocchi-statsd': dport: 8125 proto: 'udp' diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 859c1f132f..92699b61eb 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -136,7 +136,7 @@ outputs: monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy} config_settings: map_merge: - - tripleo.haproxy.firewall_rules: + - tripleo::haproxy::firewall_rules: '107 haproxy stats': dport: 1993 tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 08d209910e..5e6b111ac0 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -90,7 +90,7 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - - tripleo.heat_api_cfn.firewall_rules: + - tripleo::heat_api_cfn::firewall_rules: '125 heat_cfn': dport: - 8000 diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 60f2105d40..0dfbdcd574 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -96,7 +96,7 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - - tripleo.heat_api.firewall_rules: + - tripleo::heat_api::firewall_rules: '125 heat_api': dport: - 8004 diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 724a6380b8..b396d2c75e 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -103,7 +103,7 @@ outputs: config_settings: map_merge: - horizon::allowed_hosts: {get_param: HorizonAllowedHosts} - tripleo.horizon.firewall_rules: + tripleo::horizon::firewall_rules: '126 horizon': dport: - 80 @@ -171,7 +171,7 @@ outputs: service: name=httpd state=stopped service_config_settings: haproxy: - tripleo.horizon.firewall_rules: + tripleo::horizon::firewall_rules: '127 horizon': dport: - 80 diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index dded262cd9..37e7a5f9dc 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -139,7 +139,7 @@ outputs: ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' - tripleo.ironic_api.firewall_rules: + tripleo::ironic_api::firewall_rules: '133 ironic api': dport: - 6385 diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index a4b6573690..fcb1270d61 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -335,7 +335,7 @@ outputs: ironic::drivers::interfaces::enabled_vendor_interfaces: {get_param: IronicEnabledVendorInterfaces} ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface} ironic::drivers::interfaces::default_rescue_interface: {get_param: IronicDefaultRescueInterface} - tripleo.ironic_conductor.firewall_rules: + tripleo::ironic_conductor::firewall_rules: '134 ironic conductor TFTP': dport: 69 proto: udp diff --git a/puppet/services/ironic-inspector.yaml b/puppet/services/ironic-inspector.yaml index 5a94da6f5b..4d6fc550e6 100644 --- a/puppet/services/ironic-inspector.yaml +++ b/puppet/services/ironic-inspector.yaml @@ -175,7 +175,7 @@ outputs: ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH' ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' - tripleo.ironic_inspector.firewall_rules: + tripleo::ironic_inspector::firewall_rules: '137 ironic-inspector': dport: - 5050 diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index 9d610ba7d9..885121d258 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -61,7 +61,7 @@ outputs: monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived} config_settings: map_merge: - - tripleo.keepalived.firewall_rules: + - tripleo::keepalived::firewall_rules: '106 keepalived vrrp': proto: vrrp - diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index acb4277221..fee916bb0b 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -451,7 +451,7 @@ outputs: keystone::wsgi::apache::threads: 1 keystone::db::database_db_max_retries: -1 keystone::db::database_max_retries: -1 - tripleo.keystone.firewall_rules: + tripleo::keystone::firewall_rules: '111 keystone': dport: - 5000 diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index 338a299de1..ec4e6be2b2 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -68,7 +68,7 @@ outputs: manila::keystone::authtoken::project_name: 'service' manila::keystone::authtoken::user_domain_name: 'Default' manila::keystone::authtoken::project_domain_name: 'Default' - tripleo.manila_api.firewall_rules: + tripleo::manila_api::firewall_rules: '150 manila': dport: - 8786 diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index 1249474f21..6189477182 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -101,7 +101,7 @@ outputs: - 'v' - '' memcached::disable_cachedump: true - tripleo.memcached.firewall_rules: + tripleo::memcached::firewall_rules: '121 memcached': dport: 11211 # https://access.redhat.com/security/cve/cve-2018-1000115 diff --git a/puppet/services/messaging/notify-rabbitmq.yaml b/puppet/services/messaging/notify-rabbitmq.yaml index 39c9ac8663..b64d0dc5e1 100644 --- a/puppet/services/messaging/notify-rabbitmq.yaml +++ b/puppet/services/messaging/notify-rabbitmq.yaml @@ -84,7 +84,7 @@ outputs: - get_attr: [RabbitMQServiceBase, role_data, config_settings] - rabbitmq::default_user: {get_param: NotifyUserName} rabbitmq::default_pass: {get_param: NotifyPassword} - tripleo.oslo_messaging_notify.firewall_rules: + tripleo::oslo_messaging_notify::firewall_rules: '109 rabbitmq': dport: - 4369 diff --git a/puppet/services/messaging/rpc-qdrouterd.yaml b/puppet/services/messaging/rpc-qdrouterd.yaml index d0b3332cc3..a0e293d331 100644 --- a/puppet/services/messaging/rpc-qdrouterd.yaml +++ b/puppet/services/messaging/rpc-qdrouterd.yaml @@ -82,7 +82,7 @@ outputs: config_settings: map_merge: - get_attr: [QdrouterdServiceBase, role_data, config_settings] - - tripleo.oslo_messaging_rpc.firewall_rules: + - tripleo::oslo_messaging_rpc::firewall_rules: '109 qdrouterd': dport: - {get_param: RpcPort} diff --git a/puppet/services/messaging/rpc-rabbitmq.yaml b/puppet/services/messaging/rpc-rabbitmq.yaml index 093aae56d7..51ac141ef2 100644 --- a/puppet/services/messaging/rpc-rabbitmq.yaml +++ b/puppet/services/messaging/rpc-rabbitmq.yaml @@ -85,7 +85,7 @@ outputs: - get_attr: [RabbitMQServiceBase, role_data, config_settings] - rabbitmq::default_user: {get_param: RpcUserName} rabbitmq::default_pass: {get_param: RpcPassword} - tripleo.oslo_messaging_rpc.firewall_rules: + tripleo::oslo_messaging_rpc::firewall_rules: '109 rabbitmq': dport: - 4369 diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml index 03f246442d..818edcefad 100644 --- a/puppet/services/mistral-api.yaml +++ b/puppet/services/mistral-api.yaml @@ -106,7 +106,7 @@ outputs: mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' mistral::api::allow_action_execution_deletion: true - tripleo.mistral_api.firewall_rules: + tripleo::mistral_api::firewall_rules: '133 mistral': dport: - 8989 diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index d7fb4138f7..dc161a0ff9 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -184,7 +184,7 @@ outputs: neutron::keystone::authtoken::project_domain_name: 'Default' neutron::quota::quota_port: {get_param: NeutronPortQuota} neutron::server::sync_db: true - tripleo.neutron_api.firewall_rules: + tripleo::neutron_api::firewall_rules: '114 neutron api': dport: - 9696 diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml index d3d2c2f581..88b3b3b60d 100644 --- a/puppet/services/neutron-compute-plugin-nuage.yaml +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -96,7 +96,7 @@ outputs: tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service' tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword} tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]} - tripleo.neutron_compute_plugin_nuage.firewall_rules: + tripleo::neutron_compute_plugin_nuage::firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 1e2b5fc229..35fc5c1db3 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -126,7 +126,7 @@ outputs: - service_debug_unset - {get_param: Debug} - {get_param: NeutronDhcpAgentDebug} - tripleo.neutron_dhcp.firewall_rules: + tripleo::neutron_dhcp::firewall_rules: '115 neutron dhcp input': proto: 'udp' dport: 67 diff --git a/puppet/services/neutron-l2gw-agent.yaml b/puppet/services/neutron-l2gw-agent.yaml index 89b12526c3..bae886f434 100644 --- a/puppet/services/neutron-l2gw-agent.yaml +++ b/puppet/services/neutron-l2gw-agent.yaml @@ -99,7 +99,7 @@ outputs: - if: - internal_manager_enabled - - tripleo.neutron_l2gw_agent.firewall_rules: + - tripleo::neutron_l2gw_agent::firewall_rules: '142 neutron l2gw agent input': proto: 'tcp' dport: {get_param: L2gwAgentManagerTableListeningPort} diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 600d6bfcb3..2c05641ffb 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -116,7 +116,7 @@ outputs: - service_debug_unset - {get_param: Debug} - {get_param: NeutronL3AgentDebug} - tripleo.neutron_l3.firewall_rules: + tripleo::neutron_l3::firewall_rules: '106 neutron_l3 vrrp': proto: vrrp - diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index be2ba27013..44141e81bf 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -153,7 +153,7 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - tripleo.neutron_ovs_agent.firewall_rules: + tripleo::neutron_ovs_agent::firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index b42c7f25eb..989b09ec22 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -115,7 +115,7 @@ outputs: - map_replace: - get_attr: [NeutronOvsAgent, role_data, config_settings] - keys: - tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules + tripleo::neutron_ovs_agent::firewall_rules: tripleo::neutron_ovs_dpdk_agent::firewall_rules - neutron::agents::ml2::ovs::enable_dpdk: true - get_attr: [Ovs, role_data, config_settings] - get_attr: [RoleParametersValue, value] diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index add5f032db..bf66dd6059 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -148,7 +148,7 @@ outputs: - get_attr: [ApacheServiceBase, role_data, config_settings] - nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' - tripleo.nova_api.firewall_rules: + tripleo::nova_api::firewall_rules: '113 nova_api': dport: - 8774 diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 924e8c3303..54d66f00d4 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -242,7 +242,7 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} rbd_persistent_storage: {get_param: CinderEnableRbdBackend} - tripleo.nova_libvirt.firewall_rules: + tripleo::nova_libvirt::firewall_rules: '200 nova_libvirt': dport: - 16514 diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index bbca5aa043..4349056680 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -93,7 +93,7 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - - tripleo.nova_placement.firewall_rules: + - tripleo::nova_placement::firewall_rules: '139 nova_metadata': dport: - 8775 diff --git a/puppet/services/nova-migration-target.yaml b/puppet/services/nova-migration-target.yaml index 8aa67bf1d6..a4a3581a97 100644 --- a/puppet/services/nova-migration-target.yaml +++ b/puppet/services/nova-migration-target.yaml @@ -76,7 +76,7 @@ outputs: tripleo::profile::base::sshd::port: - 22 - {get_param: MigrationSshPort} - tripleo.nova_migration_target.firewall_rules: + tripleo::nova_migration_target::firewall_rules: '113 nova_migration_target': dport: - {get_param: MigrationSshPort} diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 69f707c429..9148b87197 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -89,7 +89,7 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - - tripleo.nova_placement.firewall_rules: + - tripleo::nova_placement::firewall_rules: '138 nova_placement': dport: - 8778 diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index aaca43ea07..e30fc6a83a 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -126,7 +126,7 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} - tripleo.nova_vnc_proxy.firewall_rules: + tripleo::nova_vnc_proxy::firewall_rules: '137 nova_vnc_proxy': dport: - 6080 diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml index c9e7b6f368..1b654bf044 100644 --- a/puppet/services/octavia-api.yaml +++ b/puppet/services/octavia-api.yaml @@ -117,7 +117,7 @@ outputs: octavia::keystone::authtoken::project_name: {get_param: OctaviaProjectName} octavia::keystone::authtoken::password: {get_param: OctaviaPassword} octavia::api::sync_db: true - tripleo.octavia_api.firewall_rules: + tripleo::octavia_api::firewall_rules: '120 octavia api': dport: - 9876 diff --git a/puppet/services/octavia-health-manager.yaml b/puppet/services/octavia-health-manager.yaml index dd30d08337..360a99b446 100644 --- a/puppet/services/octavia-health-manager.yaml +++ b/puppet/services/octavia-health-manager.yaml @@ -79,7 +79,7 @@ outputs: - get_attr: [OctaviaBase, role_data, config_settings] - octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey} octavia::health_manager::event_streamer_driver: {get_param: OctaviaEventStreamerDriver} - tripleo.octavia_api.firewall_rules: + tripleo::octavia_api::firewall_rules: '200 octavia health manager interface': proto: udp dport: 5555 diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index 2b01e2c0fe..0075e5620d 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -119,7 +119,7 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories} - tripleo.opendaylight_api.firewall_rules: + tripleo::opendaylight_api::firewall_rules: '137 opendaylight api': dport: - {get_param: [EndpointMap, OpenDaylightInternal, port]} diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 379b78d13b..8af30ca179 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -192,7 +192,7 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - tripleo.opendaylight_ovs.firewall_rules: + tripleo::opendaylight_ovs::firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 diff --git a/puppet/services/ovn-controller.yaml b/puppet/services/ovn-controller.yaml index 3891ac92b6..9e956c13ef 100644 --- a/puppet/services/ovn-controller.yaml +++ b/puppet/services/ovn-controller.yaml @@ -114,7 +114,7 @@ outputs: $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge} nova::compute::force_config_drive: {if: [force_config_drive, true, false]} - tripleo.ovn_controller.firewall_rules: + tripleo::ovn_controller::firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index 51933f99be..e64485d4d7 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -54,7 +54,7 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]} tripleo::haproxy::ovn_dbs_manage_lb: true - tripleo.ovn_dbs.firewall_rules: + tripleo::ovn_dbs::firewall_rules: '121 OVN DB server ports': proto: 'tcp' dport: diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 7c5f179c7c..90ef22de52 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -118,7 +118,7 @@ outputs: pacemaker::resource::bundle::deep_compare: true pacemaker::resource::ip::deep_compare: true pacemaker::resource::ocf::deep_compare: true - tripleo.pacemaker.firewall_rules: + tripleo::pacemaker::firewall_rules: '130 pacemaker tcp': proto: 'tcp' dport: diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml index 6113b8f307..cf4a0951b2 100644 --- a/puppet/services/pacemaker_remote.yaml +++ b/puppet/services/pacemaker_remote.yaml @@ -95,7 +95,7 @@ outputs: service_name: pacemaker_remote monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote} config_settings: - tripleo.pacemaker_remote.firewall_rules: + tripleo::pacemaker_remote::firewall_rules: '130 pacemaker_remote tcp': proto: 'tcp' dport: diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index b19afd7671..63f7c3f497 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -92,7 +92,7 @@ outputs: panko::api::service_name: 'httpd' panko::api::enable_proxy_headers_parsing: true panko::api::event_time_to_live: {get_param: PankoEventTTL} - tripleo.panko_api.firewall_rules: + tripleo::panko_api::firewall_rules: '140 panko-api': dport: - 8977 diff --git a/puppet/services/qdr.yaml b/puppet/services/qdr.yaml index 80bb4526e5..1e188f3cb4 100644 --- a/puppet/services/qdr.yaml +++ b/puppet/services/qdr.yaml @@ -57,7 +57,7 @@ outputs: messaging_rpc_service_name: 'amqp' keystone::messaging::amqp::amqp_pre_settled: 'notify' config_settings: - tripleo.rabbitmq.firewall_rules: + tripleo::rabbitmq::firewall_rules: '109 qdr': dport: - {get_param: RabbitClientPort} diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 33bb9eb83f..8554e9bd1a 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -94,7 +94,7 @@ outputs: rabbitmq::default_user: {get_param: RabbitUserName} rabbitmq::default_pass: {get_param: RabbitPassword} rabbit_ipv6: {get_param: RabbitIPv6} - tripleo.rabbitmq.firewall_rules: + tripleo::rabbitmq::firewall_rules: '109 rabbitmq': dport: - 4369 diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 00fe422e75..dcc89eb1bb 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -91,7 +91,7 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, SaharaApiNetwork]} - tripleo.sahara_api.firewall_rules: + tripleo::sahara_api::firewall_rules: '132 sahara': dport: - 8386 diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml index f8a8b9829b..369ea5c362 100644 --- a/puppet/services/snmp.yaml +++ b/puppet/services/snmp.yaml @@ -71,7 +71,7 @@ outputs: template: "%{hiera('$NETWORK_subnet')}" params: $NETWORK: {get_param: [ServiceNetMap, SnmpdNetwork]} - tripleo.snmp.firewall_rules: + tripleo::snmp::firewall_rules: '124 snmp': dport: 161 proto: 'udp' diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 67f538e471..8f16c221a2 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -164,7 +164,7 @@ outputs: tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RpcPort} tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RpcUseSSL} tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} - tripleo.swift_proxy.firewall_rules: + tripleo::swift_proxy::firewall_rules: '122 swift proxy': dport: - 8080 diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 7b057a53d1..572f58f3e5 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -113,7 +113,7 @@ outputs: - swift::storage::all::mount_check: {if: [swift_mount_check, true, false]} tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage} tripleo::profile::base::swift::storage::use_local_dir: {get_param: SwiftUseLocalDir} - tripleo.swift_storage.firewall_rules: + tripleo::swift_storage::firewall_rules: '123 swift storage': dport: - 873 diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 36a34032a5..c89bcb70e4 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -132,7 +132,7 @@ outputs: - '%' - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} tacker::policy::policies: {get_param: TackerPolicies} - tripleo.tacker.firewall_rules: + tripleo::tacker::firewall_rules: '113 tacker': dport: - 9890 diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml index 6ad77466e0..bf3a06ad29 100644 --- a/puppet/services/time/ntp.yaml +++ b/puppet/services/time/ntp.yaml @@ -79,7 +79,7 @@ outputs: ntp::iburst_enable: {get_param: NtpIburstEnable} ntp::maxpoll:: {get_param: MaxPoll} ntp::minpoll:: {get_param: MinPoll} - tripleo.ntp.firewall_rules: + tripleo::ntp::firewall_rules: '105 ntp': dport: 123 proto: udp diff --git a/puppet/services/time/ptp.yaml b/puppet/services/time/ptp.yaml index a4362453ff..6a2c8c50a8 100644 --- a/puppet/services/time/ptp.yaml +++ b/puppet/services/time/ptp.yaml @@ -79,7 +79,7 @@ outputs: config_settings: map_merge: - get_attr: [RoleParametersValue, value] - - tripleo.ptp.firewall_rules: + - tripleo::ptp::firewall_rules: '151 ptp': proto: udp dport: diff --git a/puppet/services/zaqar-api.yaml b/puppet/services/zaqar-api.yaml index 6495c6b752..eeed1681a1 100644 --- a/puppet/services/zaqar-api.yaml +++ b/puppet/services/zaqar-api.yaml @@ -199,7 +199,7 @@ outputs: zaqar::keystone::auth_websocket::tenant: 'service' zaqar::keystone::trust::password: {get_param: ZaqarPassword} zaqar::keystone::trust::user_domain_name: 'Default' - tripleo.zaqar_api.firewall_rules: + tripleo::zaqar_api::firewall_rules: '113 zaqar_api': dport: - 9000 diff --git a/releasenotes/notes/dynamic-hieradata-with-dots-deprecated-52d4c77e09821e87.yaml b/releasenotes/notes/dynamic-hieradata-with-dots-deprecated-52d4c77e09821e87.yaml new file mode 100644 index 0000000000..bbdc3842c6 --- /dev/null +++ b/releasenotes/notes/dynamic-hieradata-with-dots-deprecated-52d4c77e09821e87.yaml @@ -0,0 +1,10 @@ +--- +deprecations: + - | + The dynamic tripleo firewall_rules, haproxy_endpoints, haproxy_userlists + that are configured with dots are deprecated with the update to puppet 5. + They will no longer work and must be switched to the colon notation to + continue to function. For example `tripleo.core.firewall_rules` must + be converted to `tripleo::core::firewall_rules`. Similarly the haproxy + endpoints and userlists that are dynamic using dots must also be converted + to use colons.