Browse Source

Added baremetal-firewall task

Change-Id: I779ee600b86c76cf7608e3e75d3d85619777464d
Andrey Shestakov 3 years ago
parent
commit
0f67fad0ed
2 changed files with 36 additions and 1 deletions
  1. 25
    0
      deployment_scripts/puppet/manifests/baremetal-firewall.pp
  2. 11
    1
      deployment_tasks.yaml

+ 25
- 0
deployment_scripts/puppet/manifests/baremetal-firewall.pp View File

@@ -0,0 +1,25 @@
1
+notice('MODULAR: ironic/baremetal-firewall.pp')
2
+
3
+$network_scheme    = hiera('network_scheme', {})
4
+prepare_network_config($network_scheme)
5
+$baremetal_int     = get_network_role_property('ironic/baremetal', 'interface')
6
+$nodes_hash        = hiera('nodes', {})
7
+$roles             = node_roles($nodes_hash, hiera('uid'))
8
+
9
+if ! member($roles, 'controller') or ! member($roles, 'primary-controller') or ! member($roles, 'ironic') {
10
+  firewallchain { 'baremetal:filter:IPv4':
11
+    ensure => present,
12
+  } ->
13
+  firewall { '999 drop all':
14
+    chain  => 'baremetal',
15
+    action => 'drop',
16
+    proto  => 'all',
17
+  } ->
18
+  firewall {'00 baremetal-filter ':
19
+    proto   => 'all',
20
+    iniface => $baremetal_int,
21
+    jump => 'baremetal',
22
+    require => Class['openstack::firewall'],
23
+  }
24
+  class { 'openstack::firewall':}
25
+}

+ 11
- 1
deployment_tasks.yaml View File

@@ -85,7 +85,7 @@
85 85
 - id: ironic-network-conductor
86 86
   groups: ['ironic']
87 87
   type: puppet
88
-  required_for: [deploy_end, ironic-conductor]
88
+  required_for: [ironic-conductor]
89 89
   requires: [hosts, firewall]
90 90
   parameters:
91 91
     puppet_manifest: puppet/manifests/network-conductor.pp
@@ -112,6 +112,16 @@
112 112
     puppet_modules: puppet/modules:/etc/puppet/modules
113 113
     timeout: 3600
114 114
 
115
+- id: baremetal-firewall
116
+  role: '*'
117
+  type: puppet
118
+  required_for: [post_deployment_end]
119
+  requires: [post_deployment_start]
120
+  parameters:
121
+    puppet_manifest: puppet/manifests/baremetal-firewall.pp
122
+    puppet_modules: puppet/modules:/etc/puppet/modules
123
+    timeout: 3600
124
+
115 125
 - id: ironic
116 126
   type: group
117 127
   role: [ironic]

Loading…
Cancel
Save