From fb0e8f62fcfcbac0adc74fd9be725c9c354490d4 Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Mon, 12 Nov 2018 21:06:31 -0700 Subject: [PATCH] Convert dynamic lookups to use colon notation With the upgrade to puppet 5, we can no longer use dots in the hieradata key lookups. This change updates the THT for firewall_rules, haproxy_endpoints and haproxy_userlists to use the colon notation. Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878 Related-Bug: #1803024 --- ci/environments/multinode-core.yaml | 2 +- deployment/timesync/chrony-ansible.yaml | 2 +- docker/services/ceph-ansible/ceph-mds.yaml | 2 +- docker/services/ceph-ansible/ceph-mgr.yaml | 2 +- docker/services/ceph-ansible/ceph-mon.yaml | 2 +- docker/services/ceph-ansible/ceph-nfs.yaml | 2 +- docker/services/ceph-ansible/ceph-osd.yaml | 2 +- docker/services/ceph-ansible/ceph-rbdmirror.yaml | 2 +- docker/services/ceph-ansible/ceph-rgw.yaml | 2 +- docker/services/designate-api.yaml | 2 +- docker/services/messaging/rpc-qdrouterd.yaml | 2 +- docker/services/metrics/qdr.yaml | 2 +- docker/services/nova-metadata.yaml | 2 +- docker/services/novajoin.yaml | 2 +- docker/services/pacemaker/clustercheck.yaml | 2 +- docker/services/pacemaker/database/mysql.yaml | 2 +- docker/services/pacemaker/database/redis.yaml | 2 +- docker/services/pacemaker/notify-rabbitmq.yaml | 2 +- docker/services/pacemaker/rabbitmq.yaml | 2 +- docker/services/pacemaker/rpc-rabbitmq.yaml | 2 +- extraconfig/services/ipsec.yaml | 2 +- extraconfig/services/kubernetes-master.yaml | 2 +- extraconfig/services/kubernetes-worker.yaml | 2 +- extraconfig/services/skydive-analyzer.yaml | 2 +- puppet/services/aodh-api.yaml | 2 +- puppet/services/barbican-api.yaml | 2 +- puppet/services/cinder-api.yaml | 2 +- puppet/services/cinder-volume.yaml | 2 +- puppet/services/congress.yaml | 2 +- puppet/services/database/mongodb.yaml | 2 +- puppet/services/database/mysql.yaml | 2 +- puppet/services/database/redis.yaml | 2 +- puppet/services/designate-api.yaml | 2 +- puppet/services/designate-mdns.yaml | 2 +- puppet/services/designate-worker.yaml | 2 +- puppet/services/docker-registry.yaml | 2 +- puppet/services/ec2-api.yaml | 2 +- puppet/services/etcd.yaml | 2 +- puppet/services/glance-api.yaml | 2 +- puppet/services/gnocchi-api.yaml | 2 +- puppet/services/gnocchi-statsd.yaml | 2 +- puppet/services/haproxy.yaml | 2 +- puppet/services/heat-api-cfn.yaml | 2 +- puppet/services/heat-api.yaml | 2 +- puppet/services/horizon.yaml | 4 ++-- puppet/services/ironic-api.yaml | 2 +- puppet/services/ironic-conductor.yaml | 2 +- puppet/services/ironic-inspector.yaml | 2 +- puppet/services/keepalived.yaml | 2 +- puppet/services/keystone.yaml | 2 +- puppet/services/manila-api.yaml | 2 +- puppet/services/memcached.yaml | 2 +- puppet/services/messaging/notify-rabbitmq.yaml | 2 +- puppet/services/messaging/rpc-qdrouterd.yaml | 2 +- puppet/services/messaging/rpc-rabbitmq.yaml | 2 +- puppet/services/mistral-api.yaml | 2 +- puppet/services/neutron-api.yaml | 2 +- puppet/services/neutron-compute-plugin-nuage.yaml | 2 +- puppet/services/neutron-dhcp.yaml | 2 +- puppet/services/neutron-l2gw-agent.yaml | 2 +- puppet/services/neutron-l3.yaml | 2 +- puppet/services/neutron-ovs-agent.yaml | 2 +- puppet/services/neutron-ovs-dpdk-agent.yaml | 2 +- puppet/services/nova-api.yaml | 2 +- puppet/services/nova-libvirt.yaml | 2 +- puppet/services/nova-metadata.yaml | 2 +- puppet/services/nova-migration-target.yaml | 2 +- puppet/services/nova-placement.yaml | 2 +- puppet/services/nova-vnc-proxy.yaml | 2 +- puppet/services/octavia-api.yaml | 2 +- puppet/services/octavia-health-manager.yaml | 2 +- puppet/services/opendaylight-api.yaml | 2 +- puppet/services/opendaylight-ovs.yaml | 2 +- puppet/services/ovn-controller.yaml | 2 +- puppet/services/ovn-dbs.yaml | 2 +- puppet/services/pacemaker.yaml | 2 +- puppet/services/pacemaker_remote.yaml | 2 +- puppet/services/panko-api.yaml | 2 +- puppet/services/qdr.yaml | 2 +- puppet/services/rabbitmq.yaml | 2 +- puppet/services/sahara-api.yaml | 2 +- puppet/services/snmp.yaml | 2 +- puppet/services/swift-proxy.yaml | 2 +- puppet/services/swift-storage.yaml | 2 +- puppet/services/tacker.yaml | 2 +- puppet/services/time/ntp.yaml | 2 +- puppet/services/time/ptp.yaml | 2 +- puppet/services/zaqar-api.yaml | 2 +- ...ieradata-with-dots-deprecated-52d4c77e09821e87.yaml | 10 ++++++++++ 89 files changed, 99 insertions(+), 89 deletions(-) create mode 100644 releasenotes/notes/dynamic-hieradata-with-dots-deprecated-52d4c77e09821e87.yaml diff --git a/ci/environments/multinode-core.yaml b/ci/environments/multinode-core.yaml index 523cf1c995..f34cef3777 100644 --- a/ci/environments/multinode-core.yaml +++ b/ci/environments/multinode-core.yaml @@ -31,7 +31,7 @@ outputs: value: service_name: multinode_core config_settings: - tripleo.core.firewall_rules: + tripleo::core::firewall_rules: '999 core': proto: 'udp' dport: diff --git a/deployment/timesync/chrony-ansible.yaml b/deployment/timesync/chrony-ansible.yaml index 9b2af857f4..063b078b9f 100644 --- a/deployment/timesync/chrony-ansible.yaml +++ b/deployment/timesync/chrony-ansible.yaml @@ -107,7 +107,7 @@ outputs: value: service_name: chrony config_settings: - tripleo.ntp.firewall_rules: + tripleo::ntp::firewall_rules: '105 ntp': dport: 123 proto: udp diff --git a/docker/services/ceph-ansible/ceph-mds.yaml b/docker/services/ceph-ansible/ceph-mds.yaml index 62fa0614bb..e6d6ade688 100644 --- a/docker/services/ceph-ansible/ceph-mds.yaml +++ b/docker/services/ceph-ansible/ceph-mds.yaml @@ -104,7 +104,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_mds.firewall_rules: + - tripleo::ceph_mds::firewall_rules: '112 ceph_mds': dport: - '6800-7300' diff --git a/docker/services/ceph-ansible/ceph-mgr.yaml b/docker/services/ceph-ansible/ceph-mgr.yaml index 77af06f340..3a8ac71873 100644 --- a/docker/services/ceph-ansible/ceph-mgr.yaml +++ b/docker/services/ceph-ansible/ceph-mgr.yaml @@ -79,7 +79,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_mgr.firewall_rules: + - tripleo::ceph_mgr::firewall_rules: '113 ceph_mgr': dport: - '6800-7300' diff --git a/docker/services/ceph-ansible/ceph-mon.yaml b/docker/services/ceph-ansible/ceph-mon.yaml index 8cb0fe2c10..5020fedf31 100644 --- a/docker/services/ceph-ansible/ceph-mon.yaml +++ b/docker/services/ceph-ansible/ceph-mon.yaml @@ -97,7 +97,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_mon.firewall_rules: + - tripleo::ceph_mon::firewall_rules: '110 ceph_mon': dport: - 6789 diff --git a/docker/services/ceph-ansible/ceph-nfs.yaml b/docker/services/ceph-ansible/ceph-nfs.yaml index e30f540eb8..ae6e9df5e2 100644 --- a/docker/services/ceph-ansible/ceph-nfs.yaml +++ b/docker/services/ceph-ansible/ceph-nfs.yaml @@ -92,7 +92,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_nfs.firewall_rules: + - tripleo::ceph_nfs::firewall_rules: '120 ceph_nfs': dport: # We support only NFS 4.1 to start diff --git a/docker/services/ceph-ansible/ceph-osd.yaml b/docker/services/ceph-ansible/ceph-osd.yaml index 5a344f82fb..98a3aa8dce 100644 --- a/docker/services/ceph-ansible/ceph-osd.yaml +++ b/docker/services/ceph-ansible/ceph-osd.yaml @@ -93,7 +93,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_osd.firewall_rules: + - tripleo::ceph_osd::firewall_rules: '111 ceph_osd': dport: - '6800-7300' diff --git a/docker/services/ceph-ansible/ceph-rbdmirror.yaml b/docker/services/ceph-ansible/ceph-rbdmirror.yaml index 16e72d8c80..3cc5315687 100644 --- a/docker/services/ceph-ansible/ceph-rbdmirror.yaml +++ b/docker/services/ceph-ansible/ceph-rbdmirror.yaml @@ -106,7 +106,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_rbdmirror.firewall_rules: + - tripleo::ceph_rbdmirror::firewall_rules: '114 ceph_rbdmirror': dport: - '6800-7300' diff --git a/docker/services/ceph-ansible/ceph-rgw.yaml b/docker/services/ceph-ansible/ceph-rgw.yaml index 9ebbebc709..4645050a5c 100644 --- a/docker/services/ceph-ansible/ceph-rgw.yaml +++ b/docker/services/ceph-ansible/ceph-rgw.yaml @@ -90,7 +90,7 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} config_settings: map_merge: - - tripleo.ceph_rgw.firewall_rules: + - tripleo::ceph_rgw::firewall_rules: '122 ceph rgw': dport: {get_param: [EndpointMap, CephRgwInternal, port]} - {} diff --git a/docker/services/designate-api.yaml b/docker/services/designate-api.yaml index 5b708032b9..d1793d9845 100644 --- a/docker/services/designate-api.yaml +++ b/docker/services/designate-api.yaml @@ -92,7 +92,7 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} tripleo::profile::base::designate::api::listen_port: 9001 - tripleo.designate_api.firewall_rules: + tripleo::designate_api::firewall_rules: '139 designate api': dport: - 9001 diff --git a/docker/services/messaging/rpc-qdrouterd.yaml b/docker/services/messaging/rpc-qdrouterd.yaml index 6428177d4c..fe5d63fcfc 100644 --- a/docker/services/messaging/rpc-qdrouterd.yaml +++ b/docker/services/messaging/rpc-qdrouterd.yaml @@ -61,7 +61,7 @@ outputs: config_settings: map_merge: - {get_attr: [QdrouterdBase, role_data, config_settings]} - - tripleo.oslo_messaging_rpc.firewall_rules: + - tripleo::oslo_messaging_rpc::firewall_rules: '109 qdrouterd': dport: - 5672 diff --git a/docker/services/metrics/qdr.yaml b/docker/services/metrics/qdr.yaml index b121509466..74e24a6b72 100644 --- a/docker/services/metrics/qdr.yaml +++ b/docker/services/metrics/qdr.yaml @@ -132,7 +132,7 @@ outputs: tripleo_fluentd_sources_metrics_qdr: - {get_param: MetricsQdrLoggingSource} config_settings: - tripleo.metrics_qdr.firewall_rules: + tripleo::metrics_qdr::firewall_rules: '109 metrics qdr': dport: - {get_param: MetricsQdrPort} diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml index bf3858795d..764e85b752 100644 --- a/docker/services/nova-metadata.yaml +++ b/docker/services/nova-metadata.yaml @@ -84,7 +84,7 @@ outputs: - get_attr: [NovaMetadataBase, role_data, config_settings] - get_attr: [NovaMetadataLogging, config_settings] - apache::default_vhost: false - - tripleo.nova_metadata.firewall_rules: + - tripleo::nova_metadata::firewall_rules: if: - need_metadata_nat_rule - '144 undercloud metadata nat': diff --git a/docker/services/novajoin.yaml b/docker/services/novajoin.yaml index 665c198e1f..5326edb3ea 100644 --- a/docker/services/novajoin.yaml +++ b/docker/services/novajoin.yaml @@ -112,7 +112,7 @@ outputs: nova::metadata::novajoin::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} nova::metadata::novajoin::authtoken::password: {get_param: NovajoinPassword} nova::metadata::novajoin::authtoken::project_name: 'service' - tripleo.novajoin.firewall_rules: + tripleo::novajoin::firewall_rules: '119 novajoin': dport: - 9090 diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml index 2a189c62bf..39e38451b9 100644 --- a/docker/services/pacemaker/clustercheck.yaml +++ b/docker/services/pacemaker/clustercheck.yaml @@ -45,7 +45,7 @@ resources: type: ../containers-common.yaml # We import from the corresponding docker service because otherwise we risk -# rewriting the tripleo.mysql.firewall_rules key with the baremetal firewall +# rewriting the tripleo::mysql::firewall_rules key with the baremetal firewall # rules (see LP#1728918) MysqlPuppetBase: type: ../../../docker/services/pacemaker/database/mysql.yaml diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index cf54c3c994..81e83a4891 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -102,7 +102,7 @@ outputs: expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - 'pcmklatest' tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 - tripleo.mysql.firewall_rules: + tripleo::mysql::firewall_rules: '104 mysql galera-bundle': dport: - 873 diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index f8b1c2a4e8..81260f271c 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -98,7 +98,7 @@ outputs: expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - 'pcmklatest' tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 - tripleo.redis.firewall_rules: + tripleo::redis::firewall_rules: '108 redis-bundle': dport: - 3124 diff --git a/docker/services/pacemaker/notify-rabbitmq.yaml b/docker/services/pacemaker/notify-rabbitmq.yaml index 89b3023135..fafd2e96ef 100644 --- a/docker/services/pacemaker/notify-rabbitmq.yaml +++ b/docker/services/pacemaker/notify-rabbitmq.yaml @@ -92,7 +92,7 @@ outputs: expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - 'pcmklatest' tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 - tripleo.oslo_messaging_notify.firewall_rules: + tripleo::oslo_messaging_notify::firewall_rules: '109 rabbitmq-bundle': dport: - 3122 diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index 26d253ecb9..11b7564bd7 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -91,7 +91,7 @@ outputs: expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - 'pcmklatest' tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 - tripleo.rabbitmq.firewall_rules: + tripleo::rabbitmq::firewall_rules: '109 rabbitmq-bundle': dport: - 3122 diff --git a/docker/services/pacemaker/rpc-rabbitmq.yaml b/docker/services/pacemaker/rpc-rabbitmq.yaml index d1c80342d2..a15880a4bf 100644 --- a/docker/services/pacemaker/rpc-rabbitmq.yaml +++ b/docker/services/pacemaker/rpc-rabbitmq.yaml @@ -92,7 +92,7 @@ outputs: expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] - 'pcmklatest' tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 - tripleo.oslo_messaging_rpc.firewall_rules: + tripleo::oslo_messaging_rpc::firewall_rules: '109 rabbitmq-bundle': dport: - 3122 diff --git a/extraconfig/services/ipsec.yaml b/extraconfig/services/ipsec.yaml index 608e4d5f02..dc1f099d58 100644 --- a/extraconfig/services/ipsec.yaml +++ b/extraconfig/services/ipsec.yaml @@ -45,7 +45,7 @@ outputs: value: service_name: ipsec config_settings: - tripleo.ipsec.firewall_rules: + tripleo::ipsec::firewall_rules: '100 IPSEC IKE INPUT': dport: 500 sport: 500 diff --git a/extraconfig/services/kubernetes-master.yaml b/extraconfig/services/kubernetes-master.yaml index ab6f4c55aa..a554e7f0e6 100644 --- a/extraconfig/services/kubernetes-master.yaml +++ b/extraconfig/services/kubernetes-master.yaml @@ -44,7 +44,7 @@ outputs: value: service_name: kubernetes_master config_settings: - tripleo.kubernetes_master.firewall_rules: + tripleo::kubernetes_master::firewall_rules: '200 kubernetes-master api': dport: 6443 proto: tcp diff --git a/extraconfig/services/kubernetes-worker.yaml b/extraconfig/services/kubernetes-worker.yaml index 2667288c76..1d14fecf01 100644 --- a/extraconfig/services/kubernetes-worker.yaml +++ b/extraconfig/services/kubernetes-worker.yaml @@ -42,7 +42,7 @@ outputs: # kubernetes-master service template. service_name: kubernetes_worker config_settings: - tripleo.kubernetes_worker.firewall_rules: + tripleo::kubernetes_worker::firewall_rules: '200 kubernetes-worker kubelet': dport: - 10250 diff --git a/extraconfig/services/skydive-analyzer.yaml b/extraconfig/services/skydive-analyzer.yaml index 27f715aa5a..2fdc8bfcb7 100644 --- a/extraconfig/services/skydive-analyzer.yaml +++ b/extraconfig/services/skydive-analyzer.yaml @@ -63,7 +63,7 @@ outputs: step_config: '' docker_config: {} config_settings: - tripleo.skydive_analyzer.firewall_rules: + tripleo::skydive_analyzer::firewall_rules: '150 skydive_analyzer': dport: 8082 proto: tcp diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 90cdd0d939..92dfae9b65 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -91,7 +91,7 @@ outputs: aodh::api::enable_proxy_headers_parsing: true aodh::api::gnocchi_external_project_owner: {get_param: GnocchiExternalProject} aodh::policy::policies: {get_param: AodhApiPolicies} - tripleo.aodh_api.firewall_rules: + tripleo::aodh_api::firewall_rules: '128 aodh-api': dport: - 8042 diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 967293142a..97006a9a1f 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -156,7 +156,7 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - tripleo.barbican_api.firewall_rules: + tripleo::barbican_api::firewall_rules: '117 barbican': dport: - 9311 diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 6050723d89..06291e8093 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -127,7 +127,7 @@ outputs: DEFAULT/swift_catalog_info: value: 'object-store:swift:internalURL' tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge} - tripleo.cinder_api.firewall_rules: + tripleo::cinder_api::firewall_rules: '119 cinder': dport: - 8776 diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index 42248a1008..b2ae6d9f3a 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -174,7 +174,7 @@ outputs: tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools: {get_param: CinderRbdExtraPools} tripleo::profile::base::cinder::volume::rbd::cinder_rbd_secret_uuid: {get_param: CephClusterFSID} tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} - tripleo.cinder_volume.firewall_rules: + tripleo::cinder_volume::firewall_rules: '120 iscsi initiator': dport: 3260 # NOTE: bind IP is found in hiera replacing the network name with the local node IP diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 8531daed14..8b111527d3 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -132,7 +132,7 @@ outputs: - '%' - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} congress::policy::policies: {get_param: CongressPolicies} - tripleo.congress.firewall_rules: + tripleo::congress::firewall_rules: '113 congress': dport: - 1789 diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index 2ab101ba77..e0a8acd7a2 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -79,7 +79,7 @@ outputs: - tripleo::profile::base::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]} tripleo::profile::base::database::mongodb::memory_limit: {get_param: MongodbMemoryLimit} mongodb::server::service_manage: True - tripleo.mongodb.firewall_rules: + tripleo::mongodb::firewall_rules: '101 mongodb_config': dport: 27019 '102 mongodb_sharding': diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 25b0d341cf..4295be5503 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -83,7 +83,7 @@ outputs: mysql::server::package_name: 'mariadb-galera-server' mysql::server::manage_config_file: true mysql_ipv6: {get_param: MysqlIPv6} - tripleo.mysql.firewall_rules: + tripleo::mysql::firewall_rules: '104 mysql galera': dport: - 873 diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index 9dc51e8ba4..76dc81be46 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -58,7 +58,7 @@ outputs: config_settings: map_merge: - get_attr: [RedisBase, role_data, config_settings] - - tripleo.redis.firewall_rules: + - tripleo::redis::firewall_rules: '108 redis': dport: - 6379 diff --git a/puppet/services/designate-api.yaml b/puppet/services/designate-api.yaml index 93eef9e1a1..b7d234a335 100644 --- a/puppet/services/designate-api.yaml +++ b/puppet/services/designate-api.yaml @@ -90,7 +90,7 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} tripleo::profile::base::designate::api::listen_port: 9001 - tripleo.designate_api.firewall_rules: + tripleo::designate_api::firewall_rules: '139 designate api': dport: - 9001 diff --git a/puppet/services/designate-mdns.yaml b/puppet/services/designate-mdns.yaml index ae7e9968ed..0ae8cb74d0 100644 --- a/puppet/services/designate-mdns.yaml +++ b/puppet/services/designate-mdns.yaml @@ -79,7 +79,7 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - tripleo.designate_mdns.firewall_rules: + tripleo::designate_mdns::firewall_rules: '142 designate_mdns udp': proto: 'udp' dport: diff --git a/puppet/services/designate-worker.yaml b/puppet/services/designate-worker.yaml index 3d195c8d85..446882d851 100644 --- a/puppet/services/designate-worker.yaml +++ b/puppet/services/designate-worker.yaml @@ -105,7 +105,7 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} - tripleo.designate_worker.firewall_rules: + tripleo::designate_worker::firewall_rules: '140 designate_worker udp': proto: 'udp' dport: diff --git a/puppet/services/docker-registry.yaml b/puppet/services/docker-registry.yaml index 7cec328c87..e0c13ee307 100644 --- a/puppet/services/docker-registry.yaml +++ b/puppet/services/docker-registry.yaml @@ -44,7 +44,7 @@ outputs: value: service_name: docker_registry config_settings: - tripleo.docker_registry.firewall_rules: + tripleo::docker_registry::firewall_rules: '155 docker-registry': dport: - 8787 diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index c9988e5310..d1c713ff27 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -99,7 +99,7 @@ outputs: config_settings: map_merge: - get_attr: [TLSProxyBase, role_data, config_settings] - - tripleo.ec2_api.firewall_rules: + - tripleo::ec2_api::firewall_rules: '113 ec2_api': dport: - 8788 diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml index 31c78f258c..005b34297c 100644 --- a/puppet/services/etcd.yaml +++ b/puppet/services/etcd.yaml @@ -75,7 +75,7 @@ outputs: tripleo::profile::base::etcd::peer_port: '2380' etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken} etcd::manage_package: false - tripleo.etcd.firewall_rules: + tripleo::etcd::firewall_rules: '141 etcd': dport: - 2379 diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 70aca6d639..aec7bdf77c 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -246,7 +246,7 @@ outputs: - {get_param: Debug } - {get_param: GlanceDebug } glance::policy::policies: {get_param: GlanceApiPolicies} - tripleo.glance_api.firewall_rules: + tripleo::glance_api::firewall_rules: '112 glance_api': dport: - 9292 diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index b0f6c6dc11..647e955954 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -114,7 +114,7 @@ outputs: - {} - gnocchi::cors::allowed_origin: {get_param: GnocchiCorsAllowedOrigin} gnocchi::api::middlewares: 'oslo_middleware.cors.CORS' - - tripleo.gnocchi_api.firewall_rules: + - tripleo::gnocchi_api::firewall_rules: '129 gnocchi-api': dport: - 8041 diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index c2889a4353..13aac91fd4 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -54,7 +54,7 @@ outputs: config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] - - tripleo.gnocchi_statsd.firewall_rules: + - tripleo::gnocchi_statsd::firewall_rules: '140 gnocchi-statsd': dport: 8125 proto: 'udp' diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 859c1f132f..92699b61eb 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -136,7 +136,7 @@ outputs: monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy} config_settings: map_merge: - - tripleo.haproxy.firewall_rules: + - tripleo::haproxy::firewall_rules: '107 haproxy stats': dport: 1993 tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 08d209910e..5e6b111ac0 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -90,7 +90,7 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - - tripleo.heat_api_cfn.firewall_rules: + - tripleo::heat_api_cfn::firewall_rules: '125 heat_cfn': dport: - 8000 diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 60f2105d40..0dfbdcd574 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -96,7 +96,7 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - - tripleo.heat_api.firewall_rules: + - tripleo::heat_api::firewall_rules: '125 heat_api': dport: - 8004 diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 724a6380b8..b396d2c75e 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -103,7 +103,7 @@ outputs: config_settings: map_merge: - horizon::allowed_hosts: {get_param: HorizonAllowedHosts} - tripleo.horizon.firewall_rules: + tripleo::horizon::firewall_rules: '126 horizon': dport: - 80 @@ -171,7 +171,7 @@ outputs: service: name=httpd state=stopped service_config_settings: haproxy: - tripleo.horizon.firewall_rules: + tripleo::horizon::firewall_rules: '127 horizon': dport: - 80 diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index dded262cd9..37e7a5f9dc 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -139,7 +139,7 @@ outputs: ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' - tripleo.ironic_api.firewall_rules: + tripleo::ironic_api::firewall_rules: '133 ironic api': dport: - 6385 diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index a4b6573690..fcb1270d61 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -335,7 +335,7 @@ outputs: ironic::drivers::interfaces::enabled_vendor_interfaces: {get_param: IronicEnabledVendorInterfaces} ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface} ironic::drivers::interfaces::default_rescue_interface: {get_param: IronicDefaultRescueInterface} - tripleo.ironic_conductor.firewall_rules: + tripleo::ironic_conductor::firewall_rules: '134 ironic conductor TFTP': dport: 69 proto: udp diff --git a/puppet/services/ironic-inspector.yaml b/puppet/services/ironic-inspector.yaml index 5a94da6f5b..4d6fc550e6 100644 --- a/puppet/services/ironic-inspector.yaml +++ b/puppet/services/ironic-inspector.yaml @@ -175,7 +175,7 @@ outputs: ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH' ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' - tripleo.ironic_inspector.firewall_rules: + tripleo::ironic_inspector::firewall_rules: '137 ironic-inspector': dport: - 5050 diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index 9d610ba7d9..885121d258 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -61,7 +61,7 @@ outputs: monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived} config_settings: map_merge: - - tripleo.keepalived.firewall_rules: + - tripleo::keepalived::firewall_rules: '106 keepalived vrrp': proto: vrrp - diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index acb4277221..fee916bb0b 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -451,7 +451,7 @@ outputs: keystone::wsgi::apache::threads: 1 keystone::db::database_db_max_retries: -1 keystone::db::database_max_retries: -1 - tripleo.keystone.firewall_rules: + tripleo::keystone::firewall_rules: '111 keystone': dport: - 5000 diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index 338a299de1..ec4e6be2b2 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -68,7 +68,7 @@ outputs: manila::keystone::authtoken::project_name: 'service' manila::keystone::authtoken::user_domain_name: 'Default' manila::keystone::authtoken::project_domain_name: 'Default' - tripleo.manila_api.firewall_rules: + tripleo::manila_api::firewall_rules: '150 manila': dport: - 8786 diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index 1249474f21..6189477182 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -101,7 +101,7 @@ outputs: - 'v' - '' memcached::disable_cachedump: true - tripleo.memcached.firewall_rules: + tripleo::memcached::firewall_rules: '121 memcached': dport: 11211 # https://access.redhat.com/security/cve/cve-2018-1000115 diff --git a/puppet/services/messaging/notify-rabbitmq.yaml b/puppet/services/messaging/notify-rabbitmq.yaml index 39c9ac8663..b64d0dc5e1 100644 --- a/puppet/services/messaging/notify-rabbitmq.yaml +++ b/puppet/services/messaging/notify-rabbitmq.yaml @@ -84,7 +84,7 @@ outputs: - get_attr: [RabbitMQServiceBase, role_data, config_settings] - rabbitmq::default_user: {get_param: NotifyUserName} rabbitmq::default_pass: {get_param: NotifyPassword} - tripleo.oslo_messaging_notify.firewall_rules: + tripleo::oslo_messaging_notify::firewall_rules: '109 rabbitmq': dport: - 4369 diff --git a/puppet/services/messaging/rpc-qdrouterd.yaml b/puppet/services/messaging/rpc-qdrouterd.yaml index d0b3332cc3..a0e293d331 100644 --- a/puppet/services/messaging/rpc-qdrouterd.yaml +++ b/puppet/services/messaging/rpc-qdrouterd.yaml @@ -82,7 +82,7 @@ outputs: config_settings: map_merge: - get_attr: [QdrouterdServiceBase, role_data, config_settings] - - tripleo.oslo_messaging_rpc.firewall_rules: + - tripleo::oslo_messaging_rpc::firewall_rules: '109 qdrouterd': dport: - {get_param: RpcPort} diff --git a/puppet/services/messaging/rpc-rabbitmq.yaml b/puppet/services/messaging/rpc-rabbitmq.yaml index 093aae56d7..51ac141ef2 100644 --- a/puppet/services/messaging/rpc-rabbitmq.yaml +++ b/puppet/services/messaging/rpc-rabbitmq.yaml @@ -85,7 +85,7 @@ outputs: - get_attr: [RabbitMQServiceBase, role_data, config_settings] - rabbitmq::default_user: {get_param: RpcUserName} rabbitmq::default_pass: {get_param: RpcPassword} - tripleo.oslo_messaging_rpc.firewall_rules: + tripleo::oslo_messaging_rpc::firewall_rules: '109 rabbitmq': dport: - 4369 diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml index 03f246442d..818edcefad 100644 --- a/puppet/services/mistral-api.yaml +++ b/puppet/services/mistral-api.yaml @@ -106,7 +106,7 @@ outputs: mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' mistral::api::allow_action_execution_deletion: true - tripleo.mistral_api.firewall_rules: + tripleo::mistral_api::firewall_rules: '133 mistral': dport: - 8989 diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index d7fb4138f7..dc161a0ff9 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -184,7 +184,7 @@ outputs: neutron::keystone::authtoken::project_domain_name: 'Default' neutron::quota::quota_port: {get_param: NeutronPortQuota} neutron::server::sync_db: true - tripleo.neutron_api.firewall_rules: + tripleo::neutron_api::firewall_rules: '114 neutron api': dport: - 9696 diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml index d3d2c2f581..88b3b3b60d 100644 --- a/puppet/services/neutron-compute-plugin-nuage.yaml +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -96,7 +96,7 @@ outputs: tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service' tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword} tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]} - tripleo.neutron_compute_plugin_nuage.firewall_rules: + tripleo::neutron_compute_plugin_nuage::firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 1e2b5fc229..35fc5c1db3 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -126,7 +126,7 @@ outputs: - service_debug_unset - {get_param: Debug} - {get_param: NeutronDhcpAgentDebug} - tripleo.neutron_dhcp.firewall_rules: + tripleo::neutron_dhcp::firewall_rules: '115 neutron dhcp input': proto: 'udp' dport: 67 diff --git a/puppet/services/neutron-l2gw-agent.yaml b/puppet/services/neutron-l2gw-agent.yaml index 89b12526c3..bae886f434 100644 --- a/puppet/services/neutron-l2gw-agent.yaml +++ b/puppet/services/neutron-l2gw-agent.yaml @@ -99,7 +99,7 @@ outputs: - if: - internal_manager_enabled - - tripleo.neutron_l2gw_agent.firewall_rules: + - tripleo::neutron_l2gw_agent::firewall_rules: '142 neutron l2gw agent input': proto: 'tcp' dport: {get_param: L2gwAgentManagerTableListeningPort} diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 600d6bfcb3..2c05641ffb 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -116,7 +116,7 @@ outputs: - service_debug_unset - {get_param: Debug} - {get_param: NeutronL3AgentDebug} - tripleo.neutron_l3.firewall_rules: + tripleo::neutron_l3::firewall_rules: '106 neutron_l3 vrrp': proto: vrrp - diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index be2ba27013..44141e81bf 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -153,7 +153,7 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - tripleo.neutron_ovs_agent.firewall_rules: + tripleo::neutron_ovs_agent::firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index b42c7f25eb..989b09ec22 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -115,7 +115,7 @@ outputs: - map_replace: - get_attr: [NeutronOvsAgent, role_data, config_settings] - keys: - tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules + tripleo::neutron_ovs_agent::firewall_rules: tripleo::neutron_ovs_dpdk_agent::firewall_rules - neutron::agents::ml2::ovs::enable_dpdk: true - get_attr: [Ovs, role_data, config_settings] - get_attr: [RoleParametersValue, value] diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index add5f032db..bf66dd6059 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -148,7 +148,7 @@ outputs: - get_attr: [ApacheServiceBase, role_data, config_settings] - nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' - tripleo.nova_api.firewall_rules: + tripleo::nova_api::firewall_rules: '113 nova_api': dport: - 8774 diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 924e8c3303..54d66f00d4 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -242,7 +242,7 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} rbd_persistent_storage: {get_param: CinderEnableRbdBackend} - tripleo.nova_libvirt.firewall_rules: + tripleo::nova_libvirt::firewall_rules: '200 nova_libvirt': dport: - 16514 diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index bbca5aa043..4349056680 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -93,7 +93,7 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - - tripleo.nova_placement.firewall_rules: + - tripleo::nova_placement::firewall_rules: '139 nova_metadata': dport: - 8775 diff --git a/puppet/services/nova-migration-target.yaml b/puppet/services/nova-migration-target.yaml index 8aa67bf1d6..a4a3581a97 100644 --- a/puppet/services/nova-migration-target.yaml +++ b/puppet/services/nova-migration-target.yaml @@ -76,7 +76,7 @@ outputs: tripleo::profile::base::sshd::port: - 22 - {get_param: MigrationSshPort} - tripleo.nova_migration_target.firewall_rules: + tripleo::nova_migration_target::firewall_rules: '113 nova_migration_target': dport: - {get_param: MigrationSshPort} diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 69f707c429..9148b87197 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -89,7 +89,7 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - - tripleo.nova_placement.firewall_rules: + - tripleo::nova_placement::firewall_rules: '138 nova_placement': dport: - 8778 diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index aaca43ea07..e30fc6a83a 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -126,7 +126,7 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} - tripleo.nova_vnc_proxy.firewall_rules: + tripleo::nova_vnc_proxy::firewall_rules: '137 nova_vnc_proxy': dport: - 6080 diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml index c9e7b6f368..1b654bf044 100644 --- a/puppet/services/octavia-api.yaml +++ b/puppet/services/octavia-api.yaml @@ -117,7 +117,7 @@ outputs: octavia::keystone::authtoken::project_name: {get_param: OctaviaProjectName} octavia::keystone::authtoken::password: {get_param: OctaviaPassword} octavia::api::sync_db: true - tripleo.octavia_api.firewall_rules: + tripleo::octavia_api::firewall_rules: '120 octavia api': dport: - 9876 diff --git a/puppet/services/octavia-health-manager.yaml b/puppet/services/octavia-health-manager.yaml index dd30d08337..360a99b446 100644 --- a/puppet/services/octavia-health-manager.yaml +++ b/puppet/services/octavia-health-manager.yaml @@ -79,7 +79,7 @@ outputs: - get_attr: [OctaviaBase, role_data, config_settings] - octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey} octavia::health_manager::event_streamer_driver: {get_param: OctaviaEventStreamerDriver} - tripleo.octavia_api.firewall_rules: + tripleo::octavia_api::firewall_rules: '200 octavia health manager interface': proto: udp dport: 5555 diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index 2b01e2c0fe..0075e5620d 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -119,7 +119,7 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories} - tripleo.opendaylight_api.firewall_rules: + tripleo::opendaylight_api::firewall_rules: '137 opendaylight api': dport: - {get_param: [EndpointMap, OpenDaylightInternal, port]} diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 379b78d13b..8af30ca179 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -192,7 +192,7 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - tripleo.opendaylight_ovs.firewall_rules: + tripleo::opendaylight_ovs::firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 diff --git a/puppet/services/ovn-controller.yaml b/puppet/services/ovn-controller.yaml index 3891ac92b6..9e956c13ef 100644 --- a/puppet/services/ovn-controller.yaml +++ b/puppet/services/ovn-controller.yaml @@ -114,7 +114,7 @@ outputs: $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge} nova::compute::force_config_drive: {if: [force_config_drive, true, false]} - tripleo.ovn_controller.firewall_rules: + tripleo::ovn_controller::firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index 51933f99be..e64485d4d7 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -54,7 +54,7 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]} tripleo::haproxy::ovn_dbs_manage_lb: true - tripleo.ovn_dbs.firewall_rules: + tripleo::ovn_dbs::firewall_rules: '121 OVN DB server ports': proto: 'tcp' dport: diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 7c5f179c7c..90ef22de52 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -118,7 +118,7 @@ outputs: pacemaker::resource::bundle::deep_compare: true pacemaker::resource::ip::deep_compare: true pacemaker::resource::ocf::deep_compare: true - tripleo.pacemaker.firewall_rules: + tripleo::pacemaker::firewall_rules: '130 pacemaker tcp': proto: 'tcp' dport: diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml index 6113b8f307..cf4a0951b2 100644 --- a/puppet/services/pacemaker_remote.yaml +++ b/puppet/services/pacemaker_remote.yaml @@ -95,7 +95,7 @@ outputs: service_name: pacemaker_remote monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote} config_settings: - tripleo.pacemaker_remote.firewall_rules: + tripleo::pacemaker_remote::firewall_rules: '130 pacemaker_remote tcp': proto: 'tcp' dport: diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index b19afd7671..63f7c3f497 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -92,7 +92,7 @@ outputs: panko::api::service_name: 'httpd' panko::api::enable_proxy_headers_parsing: true panko::api::event_time_to_live: {get_param: PankoEventTTL} - tripleo.panko_api.firewall_rules: + tripleo::panko_api::firewall_rules: '140 panko-api': dport: - 8977 diff --git a/puppet/services/qdr.yaml b/puppet/services/qdr.yaml index 80bb4526e5..1e188f3cb4 100644 --- a/puppet/services/qdr.yaml +++ b/puppet/services/qdr.yaml @@ -57,7 +57,7 @@ outputs: messaging_rpc_service_name: 'amqp' keystone::messaging::amqp::amqp_pre_settled: 'notify' config_settings: - tripleo.rabbitmq.firewall_rules: + tripleo::rabbitmq::firewall_rules: '109 qdr': dport: - {get_param: RabbitClientPort} diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 33bb9eb83f..8554e9bd1a 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -94,7 +94,7 @@ outputs: rabbitmq::default_user: {get_param: RabbitUserName} rabbitmq::default_pass: {get_param: RabbitPassword} rabbit_ipv6: {get_param: RabbitIPv6} - tripleo.rabbitmq.firewall_rules: + tripleo::rabbitmq::firewall_rules: '109 rabbitmq': dport: - 4369 diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 00fe422e75..dcc89eb1bb 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -91,7 +91,7 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, SaharaApiNetwork]} - tripleo.sahara_api.firewall_rules: + tripleo::sahara_api::firewall_rules: '132 sahara': dport: - 8386 diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml index f8a8b9829b..369ea5c362 100644 --- a/puppet/services/snmp.yaml +++ b/puppet/services/snmp.yaml @@ -71,7 +71,7 @@ outputs: template: "%{hiera('$NETWORK_subnet')}" params: $NETWORK: {get_param: [ServiceNetMap, SnmpdNetwork]} - tripleo.snmp.firewall_rules: + tripleo::snmp::firewall_rules: '124 snmp': dport: 161 proto: 'udp' diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 67f538e471..8f16c221a2 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -164,7 +164,7 @@ outputs: tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RpcPort} tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RpcUseSSL} tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} - tripleo.swift_proxy.firewall_rules: + tripleo::swift_proxy::firewall_rules: '122 swift proxy': dport: - 8080 diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 7b057a53d1..572f58f3e5 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -113,7 +113,7 @@ outputs: - swift::storage::all::mount_check: {if: [swift_mount_check, true, false]} tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage} tripleo::profile::base::swift::storage::use_local_dir: {get_param: SwiftUseLocalDir} - tripleo.swift_storage.firewall_rules: + tripleo::swift_storage::firewall_rules: '123 swift storage': dport: - 873 diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 36a34032a5..c89bcb70e4 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -132,7 +132,7 @@ outputs: - '%' - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} tacker::policy::policies: {get_param: TackerPolicies} - tripleo.tacker.firewall_rules: + tripleo::tacker::firewall_rules: '113 tacker': dport: - 9890 diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml index 6ad77466e0..bf3a06ad29 100644 --- a/puppet/services/time/ntp.yaml +++ b/puppet/services/time/ntp.yaml @@ -79,7 +79,7 @@ outputs: ntp::iburst_enable: {get_param: NtpIburstEnable} ntp::maxpoll:: {get_param: MaxPoll} ntp::minpoll:: {get_param: MinPoll} - tripleo.ntp.firewall_rules: + tripleo::ntp::firewall_rules: '105 ntp': dport: 123 proto: udp diff --git a/puppet/services/time/ptp.yaml b/puppet/services/time/ptp.yaml index a4362453ff..6a2c8c50a8 100644 --- a/puppet/services/time/ptp.yaml +++ b/puppet/services/time/ptp.yaml @@ -79,7 +79,7 @@ outputs: config_settings: map_merge: - get_attr: [RoleParametersValue, value] - - tripleo.ptp.firewall_rules: + - tripleo::ptp::firewall_rules: '151 ptp': proto: udp dport: diff --git a/puppet/services/zaqar-api.yaml b/puppet/services/zaqar-api.yaml index 6495c6b752..eeed1681a1 100644 --- a/puppet/services/zaqar-api.yaml +++ b/puppet/services/zaqar-api.yaml @@ -199,7 +199,7 @@ outputs: zaqar::keystone::auth_websocket::tenant: 'service' zaqar::keystone::trust::password: {get_param: ZaqarPassword} zaqar::keystone::trust::user_domain_name: 'Default' - tripleo.zaqar_api.firewall_rules: + tripleo::zaqar_api::firewall_rules: '113 zaqar_api': dport: - 9000 diff --git a/releasenotes/notes/dynamic-hieradata-with-dots-deprecated-52d4c77e09821e87.yaml b/releasenotes/notes/dynamic-hieradata-with-dots-deprecated-52d4c77e09821e87.yaml new file mode 100644 index 0000000000..bbdc3842c6 --- /dev/null +++ b/releasenotes/notes/dynamic-hieradata-with-dots-deprecated-52d4c77e09821e87.yaml @@ -0,0 +1,10 @@ +--- +deprecations: + - | + The dynamic tripleo firewall_rules, haproxy_endpoints, haproxy_userlists + that are configured with dots are deprecated with the update to puppet 5. + They will no longer work and must be switched to the colon notation to + continue to function. For example `tripleo.core.firewall_rules` must + be converted to `tripleo::core::firewall_rules`. Similarly the haproxy + endpoints and userlists that are dynamic using dots must also be converted + to use colons.