tripleo-heat-templates

History

Harald Jensås dcd135f99b Allow ssh from all ctlplane network subnets In change I89cff59947dda3f51482486c41a3d67c4aa36a3e the default firewall rules where changed so that only the %{hiera('ctlplane_subnet')} is allowed. In DCN (spine-and-leaf) the result is that SSH to nodes in remote subnets is not possible. This change replaces the use of hiera, and instead use the 'net_cidr_map' to create firewall rules for each subnet on the ctlplane network. By creating a rule for each subnet on the ctlplane SSH will be allowed within the L3 ctlplane network. Closes-Bug: #1834161 Change-Id: I43875eee401bb75e14874c776339a7c2a02d300f (cherry picked from commit `a89d46e038`)	2019-06-25 11:06:09 +02:00
..
tripleo-firewall-baremetal-puppet.yaml	Allow ssh from all ctlplane network subnets	2019-06-25 11:06:09 +02:00

Harald Jensås dcd135f99b Allow ssh from all ctlplane network subnets

In change I89cff59947dda3f51482486c41a3d67c4aa36a3e
the default firewall rules where changed so that
only the %{hiera('ctlplane_subnet')} is allowed. In
DCN (spine-and-leaf) the result is that SSH to
nodes in remote subnets is not possible.

This change replaces the use of hiera, and instead
use the 'net_cidr_map' to create firewall rules for
each subnet on the ctlplane network. By creating a
rule for each subnet on the ctlplane SSH will be
allowed within the L3 ctlplane network.

Closes-Bug: #1834161
Change-Id: I43875eee401bb75e14874c776339a7c2a02d300f
(cherry picked from commit a89d46e038)

2019-06-25 11:06:09 +02:00

tripleo-firewall-baremetal-puppet.yaml Allow ssh from all ctlplane network subnets 2019-06-25 11:06:09 +02:00