46 lines
1.5 KiB
YAML
46 lines
1.5 KiB
YAML
heat_template_version: ocata
|
|
|
|
description: >
|
|
TripleO Firewall settings
|
|
|
|
parameters:
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ManageFirewall:
|
|
default: true
|
|
description: Whether to manage IPtables rules.
|
|
type: boolean
|
|
PurgeFirewallRules:
|
|
default: false
|
|
description: Whether IPtables rules should be purged before setting up the new ones.
|
|
type: boolean
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the TripleO firewall settings
|
|
value:
|
|
service_name: tripleo_firewall
|
|
config_settings:
|
|
tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
|
|
tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
|
|
step_config: |
|
|
include ::tripleo::firewall
|
|
upgrade_tasks:
|
|
- name: blank ipv6 rule before activating ipv6 firewall.
|
|
tags: step3
|
|
shell: cat /etc/sysconfig/ip6tables > /etc/sysconfig/ip6tables.n-o-upgrade; cat</dev/null>/etc/sysconfig/ip6tables
|
|
args:
|
|
creates: /etc/sysconfig/ip6tables.n-o-upgrade
|