From e7c7f79f91c030ee90d081322be77e0c55f82a19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Harald=20Jens=C3=A5s?= Date: Tue, 20 Nov 2018 00:19:20 +0100 Subject: [PATCH] Snmp - Use net_cidr_map for firewall rules Change I68e064d23ec5d43f59146d974cae604d2c5fdb52 makes NetCidrMapValue a list of ip networks. Iterate over the list of cidr' from the SnmpdNetwork entry in the cidr map and create firewall rules for each ip network. Partial: blueprint tripleo-routed-networks-templates Change-Id: I52080771f5ed0763f0d6a799c0c98a6dae94eafe --- deployment/snmp/snmp-baremetal-puppet.yaml | 33 +++++++++++++--------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/deployment/snmp/snmp-baremetal-puppet.yaml b/deployment/snmp/snmp-baremetal-puppet.yaml index 2869f07feb..e3802eaaba 100644 --- a/deployment/snmp/snmp-baremetal-puppet.yaml +++ b/deployment/snmp/snmp-baremetal-puppet.yaml @@ -66,21 +66,26 @@ outputs: tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword} snmp::agentaddress: {get_param: SnmpdBindHost} snmp::snmpd_options: {get_param: SnmpdOptions} - snmpd_network: - # TODO(hjensas): Replace with get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, SnmpdNetwork]} - str_replace: - template: "%{hiera('$NETWORK_subnet')}" - params: - $NETWORK: {get_param: [ServiceNetMap, SnmpdNetwork]} tripleo::snmp::firewall_rules: - '124 snmp': - dport: 161 - proto: 'udp' - source: - if: - - snmpd_network_unset - - "%{hiera('snmpd_network')}" - - {get_param: SnmpdIpSubnet} + if: + - snmpd_network_unset + - map_merge: + repeat: + for_each: + <%net_cidr%>: + get_param: + - ServiceData + - net_cidr_map + - {get_param: [ServiceNetMap, SnmpdNetwork]} + template: + '124 snmp <%net_cidr%>': + dport: 161 + proto: 'udp' + source: <%net_cidr%> + - '124 snmp': + dport: 161 + proto: 'udp' + source: {get_param: SnmpdIpSubnet} step_config: | include ::tripleo::profile::base::snmp upgrade_tasks: