4445e0b337
* Remove those firewalls rules managed by puppet for exposing platform services, because we have used Calico to create some rules to do the same thing. * Remove system firewall-rule-related commands and controllers. Passed tests: * Fresh build * Deployment(simplex, duplex, multi-node) * System-level tests * firewall-rule-xxx commands was removed as expected. * puppet firewall rules have been removed as expected. * manually check iptable rules. * use the utility of uc to test exposed tcp ports and a few non-exposed tcp ports again. * create vms Story: 2005066 Task: 29864 Depends-On: https://review.openstack.org/#/c/649217 Change-Id: Ie5df744598c75d45d21ce6585f31f6d8f1809f04 Signed-off-by: Yi Wang <yi.c.wang@intel.com>
52 lines
1.3 KiB
Puppet
52 lines
1.3 KiB
Puppet
class platform::smapi::params (
|
|
$auth_username = undef,
|
|
$keystone_auth_url = undef,
|
|
$keystone_username = undef,
|
|
$keystone_password = undef,
|
|
$public_url = undef,
|
|
$admin_url = undef,
|
|
$bind_ip = undef,
|
|
$port = undef,
|
|
$region = undef,
|
|
) {}
|
|
|
|
class platform::smapi::haproxy
|
|
inherits ::platform::smapi::params {
|
|
|
|
include ::platform::params
|
|
include ::platform::haproxy::params
|
|
|
|
platform::haproxy::proxy { 'sm-api-internal':
|
|
server_name => 's-smapi-internal',
|
|
public_ip_address => $::platform::haproxy::params::private_ip_address,
|
|
public_port => $port,
|
|
public_api => false,
|
|
private_ip_address => $bind_ip,
|
|
private_port => $port,
|
|
}
|
|
platform::haproxy::proxy { 'sm-api-public':
|
|
server_name => 's-smapi-public',
|
|
public_port => $port,
|
|
private_port => $port,
|
|
}
|
|
}
|
|
|
|
class platform::smapi
|
|
inherits ::platform::smapi::params {
|
|
if ($::platform::params::init_keystone) {
|
|
include ::smapi::keystone::auth
|
|
}
|
|
|
|
include ::platform::params
|
|
include ::platform::smapi::haproxy
|
|
$bind_host_name = $::platform::params::hostname
|
|
file { '/etc/sm-api/sm-api.conf':
|
|
ensure => 'present',
|
|
content => template('platform/sm-api.conf.erb'),
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0400',
|
|
}
|
|
}
|
|
|