Added baremetal-firewall task
Change-Id: I779ee600b86c76cf7608e3e75d3d85619777464d
This commit is contained in:
parent
52332c62fa
commit
0f67fad0ed
|
@ -0,0 +1,25 @@
|
||||||
|
notice('MODULAR: ironic/baremetal-firewall.pp')
|
||||||
|
|
||||||
|
$network_scheme = hiera('network_scheme', {})
|
||||||
|
prepare_network_config($network_scheme)
|
||||||
|
$baremetal_int = get_network_role_property('ironic/baremetal', 'interface')
|
||||||
|
$nodes_hash = hiera('nodes', {})
|
||||||
|
$roles = node_roles($nodes_hash, hiera('uid'))
|
||||||
|
|
||||||
|
if ! member($roles, 'controller') or ! member($roles, 'primary-controller') or ! member($roles, 'ironic') {
|
||||||
|
firewallchain { 'baremetal:filter:IPv4':
|
||||||
|
ensure => present,
|
||||||
|
} ->
|
||||||
|
firewall { '999 drop all':
|
||||||
|
chain => 'baremetal',
|
||||||
|
action => 'drop',
|
||||||
|
proto => 'all',
|
||||||
|
} ->
|
||||||
|
firewall {'00 baremetal-filter ':
|
||||||
|
proto => 'all',
|
||||||
|
iniface => $baremetal_int,
|
||||||
|
jump => 'baremetal',
|
||||||
|
require => Class['openstack::firewall'],
|
||||||
|
}
|
||||||
|
class { 'openstack::firewall':}
|
||||||
|
}
|
|
@ -85,7 +85,7 @@
|
||||||
- id: ironic-network-conductor
|
- id: ironic-network-conductor
|
||||||
groups: ['ironic']
|
groups: ['ironic']
|
||||||
type: puppet
|
type: puppet
|
||||||
required_for: [deploy_end, ironic-conductor]
|
required_for: [ironic-conductor]
|
||||||
requires: [hosts, firewall]
|
requires: [hosts, firewall]
|
||||||
parameters:
|
parameters:
|
||||||
puppet_manifest: puppet/manifests/network-conductor.pp
|
puppet_manifest: puppet/manifests/network-conductor.pp
|
||||||
|
@ -112,6 +112,16 @@
|
||||||
puppet_modules: puppet/modules:/etc/puppet/modules
|
puppet_modules: puppet/modules:/etc/puppet/modules
|
||||||
timeout: 3600
|
timeout: 3600
|
||||||
|
|
||||||
|
- id: baremetal-firewall
|
||||||
|
role: '*'
|
||||||
|
type: puppet
|
||||||
|
required_for: [post_deployment_end]
|
||||||
|
requires: [post_deployment_start]
|
||||||
|
parameters:
|
||||||
|
puppet_manifest: puppet/manifests/baremetal-firewall.pp
|
||||||
|
puppet_modules: puppet/modules:/etc/puppet/modules
|
||||||
|
timeout: 3600
|
||||||
|
|
||||||
- id: ironic
|
- id: ironic
|
||||||
type: group
|
type: group
|
||||||
role: [ironic]
|
role: [ironic]
|
||||||
|
|
Loading…
Reference in New Issue