From ddd4d3cd9f5012b505c1ed2c4ee6a62dde37dbaf Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Tue, 4 Oct 2016 09:59:56 -0400 Subject: [PATCH] Re-enable ManageFirewall by default. This default setting got lots in the composable roles/services patches. Re-enable the ManageFirewall setting by default per what we did in git commit 73c76b867ddc8a23a30b9a3cac4031189d4178c6. We also fix a typo in neutron-api.yaml so that the firewall rules matches to service_name. (otherwise it won't get loaded). Also, drops the environments/manage-firewall.yaml which is no longer needed if we enable firewall management by default. Change-Id: Ie198e4efd190131d0722085b10ef77da9005bc1b Closes-bug: 1629934 --- environments/manage-firewall.yaml | 2 -- puppet/services/neutron-api.yaml | 4 ++-- puppet/services/tripleo-firewall.yaml | 2 +- roles_data.yaml | 4 +++- 4 files changed, 6 insertions(+), 6 deletions(-) delete mode 100644 environments/manage-firewall.yaml diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml deleted file mode 100644 index 5d48698e16..0000000000 --- a/environments/manage-firewall.yaml +++ /dev/null @@ -1,2 +0,0 @@ -parameter_defaults: - ManageFirewall: true diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 3b531ab352..af77dc05fd 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -145,8 +145,8 @@ outputs: neutron::server::notifications::password: {get_param: NovaPassword} neutron::keystone::authtoken::project_name: 'service' neutron::server::sync_db: true - tripleo.neutron_server.firewall_rules: - '114 neutron server': + tripleo.neutron_api.firewall_rules: + '114 neutron api': dport: - 9696 - 13696 diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index f6ec458f43..7eb3990586 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -19,7 +19,7 @@ parameters: via parameter_defaults in the resource registry. type: json ManageFirewall: - default: false + default: true description: Whether to manage IPtables rules. type: boolean PurgeFirewallRules: diff --git a/roles_data.yaml b/roles_data.yaml index f3b64475ae..23f8af4567 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -114,7 +114,9 @@ - OS::TripleO::Services::ComputeNeutronL3Agent - OS::TripleO::Services::ComputeNeutronMetadataAgent - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall + # FIXME: This doesn't appear to have been enabled before + # so disabling it here until we can support it + #- OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::NeutronSriovAgent - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient