Browse Source

Re-enable ManageFirewall by default.

This default setting got lots in the composable roles/services patches.

Re-enable the ManageFirewall setting by default per what we did in
git commit 73c76b867d.

We also fix a typo in neutron-api.yaml so that the firewall rules
matches to service_name. (otherwise it won't get loaded).

Also, drops the environments/manage-firewall.yaml which is
no longer needed if we enable firewall management by default.

Change-Id: Ie198e4efd190131d0722085b10ef77da9005bc1b
Closes-bug: 1629934
changes/64/381864/6
Dan Prince 5 years ago
committed by Emilien Macchi
parent
commit
ddd4d3cd9f
  1. 2
      environments/manage-firewall.yaml
  2. 4
      puppet/services/neutron-api.yaml
  3. 2
      puppet/services/tripleo-firewall.yaml
  4. 4
      roles_data.yaml

2
environments/manage-firewall.yaml

@ -1,2 +0,0 @@
parameter_defaults:
ManageFirewall: true

4
puppet/services/neutron-api.yaml

@ -145,8 +145,8 @@ outputs:
neutron::server::notifications::password: {get_param: NovaPassword}
neutron::keystone::authtoken::project_name: 'service'
neutron::server::sync_db: true
tripleo.neutron_server.firewall_rules:
'114 neutron server':
tripleo.neutron_api.firewall_rules:
'114 neutron api':
dport:
- 9696
- 13696

2
puppet/services/tripleo-firewall.yaml

@ -19,7 +19,7 @@ parameters:
via parameter_defaults in the resource registry.
type: json
ManageFirewall:
default: false
default: true
description: Whether to manage IPtables rules.
type: boolean
PurgeFirewallRules:

4
roles_data.yaml

@ -114,7 +114,9 @@
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
# FIXME: This doesn't appear to have been enabled before
# so disabling it here until we can support it
#- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::NeutronSriovAgent
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::SensuClient

Loading…
Cancel
Save