dcd135f99b
In change I89cff59947dda3f51482486c41a3d67c4aa36a3e
the default firewall rules where changed so that
only the %{hiera('ctlplane_subnet')} is allowed. In
DCN (spine-and-leaf) the result is that SSH to
nodes in remote subnets is not possible.
This change replaces the use of hiera, and instead
use the 'net_cidr_map' to create firewall rules for
each subnet on the ctlplane network. By creating a
rule for each subnet on the ctlplane SSH will be
allowed within the L3 ctlplane network.
Closes-Bug: #1834161
Change-Id: I43875eee401bb75e14874c776339a7c2a02d300f
(cherry picked from commit
|
||
---|---|---|
.. | ||
tripleo-firewall-baremetal-puppet.yaml |