50367fbe35
This change converts our filewall deployment practice to use the tripleo-ansible firewall role. This change creates a new "firewall_rules" object which is queried using YAQL from the "FirewallRules" resource. A new parameter has been added allowing users to input additional firewall rules as needed. The new parameter is `ExtraFirewallRules` and will be merged on top of the YAQL interface. Depends-On: Ie5d0f51d7efccd112847d3f1edf5fd9cdb1edeed Change-Id: I1be209a04f599d1d018e730c92f1fc8dd9bf884b Signed-off-by: Kevin Carter <kecarter@redhat.com>
16 lines
810 B
YAML
16 lines
810 B
YAML
---
|
|
features:
|
|
- TripleO will now configure `iptables` using the TripleO-Ansible role,
|
|
**tripleo-firewall**. This role implements all of the same interfaces
|
|
and behaviors as the puppet manifest.
|
|
- A new parameter has been added, `ExtraFirewallRules`. This parameter
|
|
provides a user interface to configure additional `iptables` rules.
|
|
deprecations:
|
|
- The heat template `tripleo-firewall-baremetal-puppet.yaml` has been
|
|
deprecated. While this template can still be used to configure the
|
|
TripleO-Firewall service, it is no longer preferred and will be removed
|
|
in a future release.
|
|
- Configuring firewall rules with extraconfig is no longer being supported.
|
|
All firewall rules should be converted such that they're set within the
|
|
user defined parameter `ExtraFirewallRules`.
|