Added baremetal-firewall task

Change-Id: I779ee600b86c76cf7608e3e75d3d85619777464d
This commit is contained in:
Andrey Shestakov 2015-08-18 12:41:53 +03:00
parent 52332c62fa
commit 0f67fad0ed
2 changed files with 36 additions and 1 deletions

View File

@ -0,0 +1,25 @@
notice('MODULAR: ironic/baremetal-firewall.pp')
$network_scheme = hiera('network_scheme', {})
prepare_network_config($network_scheme)
$baremetal_int = get_network_role_property('ironic/baremetal', 'interface')
$nodes_hash = hiera('nodes', {})
$roles = node_roles($nodes_hash, hiera('uid'))
if ! member($roles, 'controller') or ! member($roles, 'primary-controller') or ! member($roles, 'ironic') {
firewallchain { 'baremetal:filter:IPv4':
ensure => present,
} ->
firewall { '999 drop all':
chain => 'baremetal',
action => 'drop',
proto => 'all',
} ->
firewall {'00 baremetal-filter ':
proto => 'all',
iniface => $baremetal_int,
jump => 'baremetal',
require => Class['openstack::firewall'],
}
class { 'openstack::firewall':}
}

View File

@ -85,7 +85,7 @@
- id: ironic-network-conductor - id: ironic-network-conductor
groups: ['ironic'] groups: ['ironic']
type: puppet type: puppet
required_for: [deploy_end, ironic-conductor] required_for: [ironic-conductor]
requires: [hosts, firewall] requires: [hosts, firewall]
parameters: parameters:
puppet_manifest: puppet/manifests/network-conductor.pp puppet_manifest: puppet/manifests/network-conductor.pp
@ -112,6 +112,16 @@
puppet_modules: puppet/modules:/etc/puppet/modules puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 3600 timeout: 3600
- id: baremetal-firewall
role: '*'
type: puppet
required_for: [post_deployment_end]
requires: [post_deployment_start]
parameters:
puppet_manifest: puppet/manifests/baremetal-firewall.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 3600
- id: ironic - id: ironic
type: group type: group
role: [ironic] role: [ironic]