openstack/tripleo-heat-templates
Code Issues Proposed changes

Add tripleo-firewall composable service

Browse Source 
This creates a new service to help manage the puppet-tripleo
class that enables firewall features. Currently has no settings
but this will keep our interfaces consistent.

Change-Id: I5ac85fa1e460b19ee2b1a9280413aebefe300845
This commit is contained in:
Dan Prince 2016-08-15 15:24:06 -04:00
parent 0df577c6f0
commit 9b18594c79
9 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
overcloud-resource-registry-puppet.yaml
View File

@ -212,6 +212,7 @@ resource_registry:
OS::TripleO::Services::IronicConductor: OS::Heat::None OS::TripleO::Services::IronicConductor: OS::Heat::None
OS::TripleO::Services::NovaIronic: OS::Heat::None OS::TripleO::Services::NovaIronic: OS::Heat::None
OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml
OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml
parameter_defaults: parameter_defaults:
EnablePackageInstall: false EnablePackageInstall: false

5
overcloud.yaml
View File

@ -171,6 +171,7 @@ parameters:
- OS::TripleO::Services::IronicConductor - OS::TripleO::Services::IronicConductor
- OS::TripleO::Services::NovaIronic - OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks resource_registry) which represent nested stacks
for each service that should get installed on the Controllers. for each service that should get installed on the Controllers.
@ -192,6 +193,7 @@ parameters:
- OS::TripleO::Services::ComputeNeutronL3Agent - OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent - OS::TripleO::Services::ComputeNeutronMetadataAgent
- OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks resource_registry) which represent nested stacks
for each service that should get installed on the Compute Nodes. for each service that should get installed on the Compute Nodes.
@ -215,6 +217,7 @@ parameters:
- OS::TripleO::Services::Timezone - OS::TripleO::Services::Timezone
- OS::TripleO::Services::Snmp - OS::TripleO::Services::Snmp
- OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks resource_registry) which represent nested stacks
for each service that should get installed on the BlockStorage nodes. for each service that should get installed on the BlockStorage nodes.
@ -239,6 +242,7 @@ parameters:
- OS::TripleO::Services::Snmp - OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone - OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks resource_registry) which represent nested stacks
for each service that should get installed on the ObjectStorage nodes. for each service that should get installed on the ObjectStorage nodes.
@ -263,6 +267,7 @@ parameters:
- OS::TripleO::Services::Ntp - OS::TripleO::Services::Ntp
- OS::TripleO::Services::Timezone - OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
description: A list of service resources (configured in the Heat description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks resource_registry) which represent nested stacks
for each service that should get installed on the CephStorage nodes. for each service that should get installed on the CephStorage nodes.

2
puppet/manifests/overcloud_cephstorage.pp
View File

@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
include ::tripleo::firewall
if hiera('step') >= 4 { if hiera('step') >= 4 {
hiera_include('ceph_classes', []) hiera_include('ceph_classes', [])
} }

2
puppet/manifests/overcloud_compute.pp
View File

@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
include ::tripleo::firewall
if hiera('step') >= 4 { if hiera('step') >= 4 {
hiera_include('compute_classes', []) hiera_include('compute_classes', [])
} }

2
puppet/manifests/overcloud_controller.pp
View File

@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
include ::tripleo::firewall
if hiera('step') >= 4 { if hiera('step') >= 4 {
hiera_include('controller_classes', []) hiera_include('controller_classes', [])
} }

2
puppet/manifests/overcloud_controller_pacemaker.pp
View File

@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
include ::tripleo::firewall
if hiera('step') >= 4 { if hiera('step') >= 4 {
hiera_include('controller_classes', []) hiera_include('controller_classes', [])
} }

2
puppet/manifests/overcloud_object.pp
View File

@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
include ::tripleo::firewall
if hiera('step') >= 4 { if hiera('step') >= 4 {
hiera_include('object_classes', []) hiera_include('object_classes', [])
} }

2
puppet/manifests/overcloud_volume.pp
View File

@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
include ::tripleo::firewall
if hiera('step') >= 4 { if hiera('step') >= 4 {
hiera_include('volume_classes', []) hiera_include('volume_classes', [])
} }

19
puppet/services/tripleo-firewall.yaml Normal file
View File

@ -0,0 +1,19 @@
heat_template_version: 2016-04-08
description: >
TripleO Firewall settings
parameters:
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
outputs:
role_data:
description: Role data for the TripleO firewall settings
value:
service_name: tripleo_firewall
step_config: |
include ::tripleo::firewall