summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-07-25Merge "Explicitly set selinux seltype for rules link"HEADmasterZuul
2018-07-25Merge "Ensure iptables service is running"Zuul
2018-07-25Merge "Ensure firewalld package is absent, not purged"Zuul
2018-07-12Update Gemfile for Zuulv3Colleen Murphy
The logic in the Gemfile was relying on Zuulv2 variables to find out whether the spec helper gem was already available on disk, and since Zuulv3 has changed things it was failing to find it and downloading the master version instead. This patch ensures the Gemfile looks for the gem in the right place when running in CI. Change-Id: Ib463032f91ecaa759f504fbf399ccfbdd94536b9 Notes (review): Code-Review+2: Clark Boylan <cboylan@sapwetik.org> Workflow+1: Clark Boylan <cboylan@sapwetik.org> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Mon, 16 Jul 2018 22:32:24 +0000 Reviewed-on: https://review.openstack.org/582028 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2018-07-10Explicitly set selinux seltype for rules linkColleen Murphy
Puppet seems to have some issue with creating a symlink in /etc/sysconfig on CentOS, where it creates the link on the first run and then corrects the seltype on the second run, breaking idempotency tests. If we make sure to explicitly set it up front, puppet doesn't get confused. This patch also removes the mode setting since setting the permissions mode on a symlink doesn't make sense. Change-Id: I7019c48220425fc583b9b431eff08a6261ee2ebc Notes (review): Code-Review+2: Monty Taylor <mordred@inaugust.com> Code-Review+2: Ian Wienand <iwienand@redhat.com> Workflow+1: Ian Wienand <iwienand@redhat.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Wed, 25 Jul 2018 02:41:31 +0000 Reviewed-on: https://review.openstack.org/581448 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2018-07-10Ensure iptables service is runningColleen Murphy
On Ubuntu, the iptables service starts running when it is installed. On CentOS, that's not the case, and signaling a restart in puppet does not actually start the service. The result is that while the iptables service is stopped, `iptables -S` is empty. This patch adds ensure => running to the service resources so that iptables behaves the same on CentOS and Ubuntu. Change-Id: I0584c988bcebeee5133f85d55f8d389d78ebac70 Notes (review): Code-Review+2: Monty Taylor <mordred@inaugust.com> Code-Review+2: Ian Wienand <iwienand@redhat.com> Workflow+1: Ian Wienand <iwienand@redhat.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Wed, 25 Jul 2018 02:41:00 +0000 Reviewed-on: https://review.openstack.org/581447 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2018-07-10Ensure firewalld package is absent, not purgedColleen Murphy
There seems to be a longstanding, inexplicably unresolved bug[1][2] in the puppet package resource on CentOS where an uninstalled package will repeatedly be reported as being "created" when it is not installed and when the resource has ensure => purged. This breaks idempotency tests and is just confusing. Setting the resource to absent instead of purge works correctly and should be sufficient for ensuring firewalld isn't interfering.. [1] https://projects.puppetlabs.com/issues/2833 [2] https://projects.puppetlabs.com/issues/3707 Change-Id: I702cf0130b311a5cd6786b4c4dd76fa03adbd2f7 Notes (review): Code-Review+2: Monty Taylor <mordred@inaugust.com> Code-Review+2: Ian Wienand <iwienand@redhat.com> Workflow+1: Ian Wienand <iwienand@redhat.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Wed, 25 Jul 2018 02:40:59 +0000 Reviewed-on: https://review.openstack.org/581446 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2018-02-21Allow allowed_hosts to not have ipv6 interfacesIan Wienand
This puts a conditional around the AAAA lookup so we can add hosts in clouds that don't provide an IPv6 address. Change-Id: I97e82a41fdbe31e7bce6f05b8e6aa39834c42548 Notes (review): Code-Review+2: Paul Belanger <pabelanger@redhat.com> Code-Review+2: Jeremy Stanley <fungi@yuggoth.org> Workflow+1: Jeremy Stanley <fungi@yuggoth.org> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Wed, 21 Feb 2018 21:18:37 +0000 Reviewed-on: https://review.openstack.org/546465 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2017-12-14Add support for resolving hostnames in rulesJames E. Blair
This allows us to specify rules with hostnames, but have puppet resolve those to IP addresses before writing out the iptables config. This ensures that iptables will always be able to start, as well as keeping firewalls up to date as hosts change. Change-Id: I7a0dfbab67bdba72c0a56acc611503795d2bc350 Depends-On: I29d36cc527351e3e6d2ee2dc1919988379b8db3a Notes (review): Code-Review+2: Jeremy Stanley <fungi@yuggoth.org> Code-Review+2: Clark Boylan <cboylan@sapwetik.org> Code-Review+2: Paul Belanger <pabelanger@redhat.com> Code-Review+2: James E. Blair <corvus@inaugust.com> Workflow+1: James E. Blair <corvus@inaugust.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 14 Dec 2017 22:36:46 +0000 Reviewed-on: https://review.openstack.org/528043 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2017-08-18Depend on helper gem for spec_helper_acceptanceColleen Murphy
Instead of keeping a local copy of spec_helper_acceptance.rb and requiring updates to all modules for any change, we can move it into the common helper gem and require it from there. This will make it easier to create and review changes that affect all puppet modules. Also change the Gemfile to look for the gem in the local workspace if running in a zuul environment. Change-Id: I10a82afb33c487b3914f1f6449e76d7b9e91cf48 Notes (review): Code-Review+2: Clark Boylan <cboylan@sapwetik.org> Workflow+1: Clark Boylan <cboylan@sapwetik.org> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Wed, 23 Aug 2017 07:53:01 +0000 Reviewed-on: https://review.openstack.org/495604 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2017-06-11Update beaker setup for xenialColleen Murphy
Add a xenial nodeset and update the spec helper to install puppet 3 from the Ubuntu repos instead of from puppetlabs. Change-Id: I875a48bea886036bbb1cb00500252b46efb928f7 Notes (review): Code-Review+2: Ian Wienand <iwienand@redhat.com> Workflow+1: Ian Wienand <iwienand@redhat.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Tue, 13 Jun 2017 19:58:42 +0000 Reviewed-on: https://review.openstack.org/473143 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2017-05-01Add bindep.txt filePaul Belanger
Bindep is a tool for checking the presence of binary packages needed to use an application / library. It started life as a way to make it easier to set up a development environment for OpenStack projects. Change-Id: I72e610badbf7a6cfe840e31e9b3a0c93cdda6da8 Signed-off-by: Paul Belanger <pabelanger@redhat.com> Notes (review): Code-Review+2: Colleen Murphy <colleen@gazlene.net> Code-Review+2: yolanda.robla <yroblamo@redhat.com> Workflow+1: yolanda.robla <yroblamo@redhat.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Tue, 02 May 2017 14:28:32 +0000 Reviewed-on: https://review.openstack.org/461573 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2016-12-21Merge "Use site-agnostic default parameter values"Jenkins
2016-12-20Fedora: pre-install iptables to work-around dependency issueIan Wienand
As described in the comment, we need to pre-install the iptables package before the iptables-service package to avoid dependency issues. This was causing F25 build failures. Change-Id: I9541a1c8f11566198b6fa622e36c4be59d6670d2 Notes (review): Code-Review+2: Clark Boylan <cboylan@sapwetik.org> Code-Review+2: Paul Belanger <pabelanger@redhat.com> Workflow+1: Paul Belanger <pabelanger@redhat.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Mon, 19 Dec 2016 23:35:11 +0000 Reviewed-on: https://review.openstack.org/412240 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2016-08-29Use site-agnostic default parameter valuesK Jonathan Harker
Set the default snmp hosts to the empty set rather than cacti.openstack.org. Change-Id: Ibae45af594fc2b18024fcc2d6ef040afd4ddd926 Depends-On: I173ca1efae4644c89cfab68d6beeba0a1dae9ce2 Notes (review): Code-Review+2: Spencer Krum <nibz@spencerkrum.com> Code-Review+1: Ramy Asselin <ramy.asselin@hpe.com> Code-Review+2: yolanda.robla <yroblamo@redhat.com> Code-Review+1: Mikhail S Medvedev <mihailmed@gmail.com> Workflow+1: yolanda.robla <yroblamo@redhat.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Wed, 21 Dec 2016 07:41:52 +0000 Reviewed-on: https://review.openstack.org/362492 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2016-08-29Parameterize SNMP source hostsK Jonathan Harker
Downstream consumers of this module likely don't need or want to open snmp access from cacti.openstack.org. Parameterize the hosts to allow snmp from so that downstreams don't have to fork the module in order to remove the access. Change-Id: I9394982811f8dcf0d63eccb782de04bf4a047ec7 Notes (review): Code-Review+1: Ramy Asselin <ramy.asselin@hpe.com> Code-Review+2: Ricardo Carrillo Cruz <ricardo.carrillo.cruz@gmail.com> Code-Review+2: yolanda.robla <yroblamo@redhat.com> Code-Review+2: Elizabeth K. Joseph <lyz@princessleia.com> Workflow+1: Ricardo Carrillo Cruz <ricardo.carrillo.cruz@gmail.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Tue, 04 Oct 2016 20:21:13 +0000 Reviewed-on: https://review.openstack.org/362490 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2016-08-29Add ip6tables service support for Red HatPaul Belanger
Currently we don't start ip6tables service on centos-7. This fixes that. Change-Id: I64e62074b41e49cc2dc9b6bafcfbeeded2029487 Signed-off-by: Paul Belanger <pabelanger@redhat.com> Notes (review): Code-Review+2: Clark Boylan <cboylan@sapwetik.org> Code-Review+2: Jeremy Stanley <fungi@yuggoth.org> Workflow+1: Jeremy Stanley <fungi@yuggoth.org> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Mon, 29 Aug 2016 18:06:59 +0000 Reviewed-on: https://review.openstack.org/361449 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2016-07-05Ensure service logic run regardless of using chrootPaul Belanger
We want to stop notify from working in a chroot, however we need to make sure we properly setup our Service correctly. As a result, move the logic outside of our chroot checks. Change-Id: I4c9284ed8ed23944aa3649338b1a09abdc8b80df Signed-off-by: Paul Belanger <pabelanger@redhat.com> Notes (review): Code-Review+2: Joshua Hesketh <joshua.hesketh@rackspace.com> Code-Review+1: James Slagle <jslagle@redhat.com> Code-Review+2: Paul Belanger <pabelanger@redhat.com> Workflow+1: Paul Belanger <pabelanger@redhat.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Wed, 06 Jul 2016 15:38:53 +0000 Reviewed-on: https://review.openstack.org/337889 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2016-06-21Use new infra_spec_helper for gem dependenciesSpencer Krum
Change-Id: Ia509d1855e80a3fa3ae6a51841b432422eb683c3 Notes (review): Code-Review+2: Jeremy Stanley <fungi@yuggoth.org> Workflow+1: Jeremy Stanley <fungi@yuggoth.org> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Wed, 22 Jun 2016 02:42:24 +0000 Reviewed-on: https://review.openstack.org/332535 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2016-05-23Change cacti IPv6 addressJames E. Blair
Change-Id: Iec462c12648a60ff2c275826f654408dbc22c033 Notes (review): Code-Review+2: Jeremy Stanley <fungi@yuggoth.org> Workflow+1: Jeremy Stanley <fungi@yuggoth.org> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Mon, 23 May 2016 18:38:42 +0000 Reviewed-on: https://review.openstack.org/320089 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2016-05-23Change cacti IP addressJames E. Blair
Change-Id: Ifdd3edabb442eea5bb67898e8a08bc323d6165a0 Notes (review): Code-Review+2: Jeremy Stanley <fungi@yuggoth.org> Workflow+1: Jeremy Stanley <fungi@yuggoth.org> Code-Review+2: Spencer Krum <nibz@spencerkrum.com> Workflow+1: Spencer Krum <nibz@spencerkrum.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Mon, 23 May 2016 18:30:09 +0000 Reviewed-on: https://review.openstack.org/320085 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2016-04-14Pin google-api-client; sanitize GemfileSpencer Krum
Change-Id: Ie0f080efe4df357325be1c753ed0f745e99cfd08 Notes (review): Code-Review+2: Monty Taylor <mordred@inaugust.com> Code-Review+2: James E. Blair <corvus@inaugust.com> Workflow+1: James E. Blair <corvus@inaugust.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Thu, 14 Apr 2016 23:56:33 +0000 Reviewed-on: https://review.openstack.org/306124 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2016-03-22Indentation of the class parameters is refactoredAndrey Nikitin
Indentation of those parameters are changed to follow Puppet Style Guide recommendation [0]. [0]. https://docs.puppetlabs.com/guides/style_guide.html Change-Id: I336a845d5b2256c90987e1295545dbf26fd2076b Notes (review): Code-Review+2: yolanda.robla <yolanda.robla-mota@hpe.com> Code-Review+2: Paul Belanger <pabelanger@redhat.com> Workflow+1: Paul Belanger <pabelanger@redhat.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Tue, 22 Mar 2016 15:49:12 +0000 Reviewed-on: https://review.openstack.org/295164 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2015-09-14Really stop using firewalldClark Boylan
On some centos7 builds there is no firewalld so we have to be a bit more smarter about how we disable it. New method is to run an exec that stops the service if it is running then use a package resource to uninstall it completely. All of this happens before we install the iptables service so they should not confict with each other. One trick is we have to "purge" the package, because it may well have dependencies (on RAX images, firewalld-fail2ban is installed along with a bunch of other monitoring-type things by the "helpful" tool-installation script that runs automatically). The "yum" provider in puppet actually says to do this in it's documentation: Using this provider's `uninstallable` feature will not remove dependent packages. To remove dependent packages with this provider use the `purgeable` feature, but note this feature is destructive and should be used with the utmost care." Change-Id: I0750de9e75b63190531a3d39a5fcbb19f8e8c49e Notes (review): Code-Review+2: Monty Taylor <mordred@inaugust.com> Workflow+1: Monty Taylor <mordred@inaugust.com> Verified+2: Jenkins Code-Review+1: Paul Belanger <pabelanger@redhat.com> Code-Review+2: yolanda.robla <info@ysoft.biz> Code-Review+1: Ian Wienand <iwienand@redhat.com> Code-Review+1: Colleen Murphy <colleen@gazlene.net> Code-Review+1: Danilo Ramalho <dramalho@thoughtworks.com> Code-Review+1: Bruno Tavares <btavare@thoughtworks.com> Submitted-by: Jenkins Submitted-at: Sun, 15 Nov 2015 14:42:11 +0000 Reviewed-on: https://review.openstack.org/219031 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2015-08-27Disable firewalld on centos7 and greaterClark Boylan
Firewalld is enabled by default on centos7. Unfortunately iptables-service and firewalld appear to confuse each other resulting in no firewall rules at all. Fix this by disabling firewalld allowing iptables-service to be in charge and apply the rules it has configured. Change-Id: I0089502b134c91ef2e8d11cef1e016ce314ecf96 Notes (review): Verified+2: Jenkins Code-Review+2: Jeremy Stanley <fungi@yuggoth.org> Workflow+1: Jeremy Stanley <fungi@yuggoth.org> Code-Review+2: Spencer Krum <nibz@spencerkrum.com> Code-Review+1: Ian Wienand <iwienand@redhat.com> Submitted-by: Jenkins Submitted-at: Fri, 28 Aug 2015 00:10:41 +0000 Reviewed-on: https://review.openstack.org/217928 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2015-08-19Fix target path for regular git clone during testsSpencer Krum
Use same target directory for zuul-cloner and the regular git command. Change-Id: I3f22133f8b61f3ec383c84bc54887cfa67260a1b Co-Authored-By: Fabien Boucher <fabien.boucher@enovance.com> Notes (review): Verified+2: Jenkins Code-Review+2: yolanda.robla <info@ysoft.biz> Workflow+1: yolanda.robla <info@ysoft.biz> Code-Review+1: Fabien Boucher <fabien.boucher@enovance.com> Submitted-by: Jenkins Submitted-at: Fri, 21 Aug 2015 07:45:24 +0000 Reviewed-on: https://review.openstack.org/214849 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2015-08-03Add Gemfile and puppet 4 checksColleen Murphy
In anticipation of puppet 4, start trying to deal with puppet 4 things that can be helpfully predicted by puppet lint plugins. Also fix lint errors caught by the puppet-lint-absolute_classname-check gem as well as arrow alignment errors not caught before. Change-Id: I56bce05c9c8d1b7924b78c78b74e4755d9a02936 Notes (review): Verified+2: Jenkins Code-Review+2: yolanda.robla <info@ysoft.biz> Workflow+1: yolanda.robla <info@ysoft.biz> Code-Review+2: Spencer Krum <nibz@spencerkrum.com> Submitted-by: Jenkins Submitted-at: Wed, 05 Aug 2015 09:40:37 +0000 Reviewed-on: https://review.openstack.org/208755 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2015-07-28Boilerplate beaker-rspec filesSpencer Krum
Change-Id: I2e7cadd0586081b000ae0063bcb7a013306fc15b Notes (review): Code-Review+2: James E. Blair <corvus@inaugust.com> Workflow+1: James E. Blair <corvus@inaugust.com> Verified+2: Jenkins Code-Review+1: Clint Adams <clint@gcfm.net> Submitted-by: Jenkins Submitted-at: Thu, 30 Jul 2015 00:25:47 +0000 Reviewed-on: https://review.openstack.org/206385 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2015-07-15Use service-name netfilter-persistent for VividJens Rosenboom
Starting from Ubuntu Vivid, there is no service called iptables-persistent anymore, the service netfilter-persistent now includes calling the tasks from iptables-persistent. Change-Id: Ie8bf4eafb9d9d2e02e2ed21fb4e4e899399450de Notes (review): Code-Review+2: James E. Blair <corvus@inaugust.com> Workflow+1: James E. Blair <corvus@inaugust.com> Verified+2: Jenkins Code-Review+1: Paul Belanger <pabelanger@redhat.com> Code-Review+2: yolanda.robla <info@ysoft.biz> Submitted-by: Jenkins Submitted-at: Wed, 15 Jul 2015 21:49:52 +0000 Reviewed-on: https://review.openstack.org/189141 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2015-05-14Replace ci.o.o links with docs.o.o/infraJeremy Stanley
The http://ci.openstack.org/ documentation site has been deprecated, replaced by redirects to corresponding paths within http://docs.openstack.org/infra/ where other Project Infrastructure documentation already resides. Change-Id: Ib5eb11101dec53b9da30460543239613ecc1f6e8 Notes (review): Code-Review+2: James E. Blair <corvus@inaugust.com> Workflow+1: James E. Blair <corvus@inaugust.com> Code-Review+2: Monty Taylor <mordred@inaugust.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Thu, 14 May 2015 23:22:08 +0000 Reviewed-on: https://review.openstack.org/183263 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2015-04-20Rename openstackci to openstackinfraRamy Asselin
Change-Id: I0003cda967df9dc7e10e26144ba23459467386a9 Notes (review): Verified+2: Jenkins Code-Review+2: Clark Boylan <cboylan@sapwetik.org> Code-Review+2: Jeremy Stanley <fungi@yuggoth.org> Workflow+1: Jeremy Stanley <fungi@yuggoth.org> Submitted-by: Jenkins Submitted-at: Tue, 21 Apr 2015 18:00:35 +0000 Reviewed-on: https://review.openstack.org/175648 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2015-01-29Add missing LICENSE fileJeremy Stanley
The content of this project is Apache 2 licensed, but we should include a standard LICENSE file just to be clear about that. Change-Id: Iee6320b9d7e35fbe8d3b0a9794f3e485c18ef2c8 Notes (review): Code-Review+2: James E. Blair <corvus@inaugust.com> Verified+2: Jenkins Code-Review+2: Clark Boylan <cboylan@sapwetik.org> Workflow+1: Clark Boylan <cboylan@sapwetik.org> Submitted-by: Jenkins Submitted-at: Thu, 29 Jan 2015 23:34:20 +0000 Reviewed-on: https://review.openstack.org/151433 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2015-01-28Add module boilerplate files for puppet-iptablesRamy Asselin
Change-Id: I1b99b39b16f682e940778ab1dda7759c3fd784de Notes (review): Verified+2: Jenkins Code-Review+2: Clark Boylan <cboylan@sapwetik.org> Code-Review+2: Joshua Hesketh <joshua.hesketh@rackspace.com> Workflow+1: Joshua Hesketh <joshua.hesketh@rackspace.com> Submitted-by: Jenkins Submitted-at: Thu, 29 Jan 2015 01:02:47 +0000 Reviewed-on: https://review.openstack.org/151039 Project: openstack-infra/puppet-iptables Branch: refs/heads/master
2014-08-14iptables on fedoraAttila Fazekas
The systemd version of iptables requires the 'iptables-services' package for having the `regular` iptables rule restore on service startup. The service also needs to be enabled explicitly. Another iptables related issue with multinode_setup.sh, tries to executes the iptables command without login shell. The non-login shell does not contains /usr/sbin in PATH, so multinode_setup.sh changed to use login shell defaults. Warning: This change enables the iptables service on all distribution. Change-Id: I3174e43b3b19e28073a4364dd0f66fc39b0fa815
2014-07-05Don't manage iptables if we're in a chootMonty Taylor
In chroots, as with diskimage-builder, managing service starts is tricky. Also, we don't need to restart the service then, because the service will get started on boot of the image. Change-Id: Iaf90005039b8196ba3a0ac05c96d71e034f0b0b1
2014-01-29Update some deprecated Puppet variable referencesElizabeth Krumbach Joseph
While getting these scripts to run on Puppet 3 with Fedora 20, I got a series of warnings about the deprecation of variable names. These changes should also continue to work fine on Puppet 2.7. Change-Id: I232f5f5a9abbe94be9fe2d3b8c82f009c03a11f3
2013-04-25The facter osfamily of Ubuntu is Debian.Jeremy Stanley
Clean up facter osfamily matches to just use Debian, not Ubuntu. This is manually tested and confirmed to at least be the case on Oneiric, Precise and Quantal. Change-Id: I27b184ac419910f9c3271c3b4e57886333282a5f Reviewed-on: https://review.openstack.org/27399 Reviewed-by: Spencer Krum <krum.spencer@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-04-25Jenkins slave puppetry for CentOS.Jeremy Stanley
The install scripts now look for CentOS in release files. Also some instances of facter's operatingsystem are switched to osfamily and capitalization of RedHat is normalized to match what facter uses. Change-Id: I3bbca5481d0d5e6de9e62bfd6e2b0a85264ed6ed Reviewed-on: https://review.openstack.org/27398 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-03-04Add RHEL support to iptables module.Dan Prince
Updates the iptables module so that it uses parameters to define the package, service, and files used to setup and configure persistent iptables rules. With these updates the module should now support both RHEL and Ubuntu. Change-Id: I45af4e72065c9baaf1d9a03f18b47f6effdce322 Reviewed-on: https://review.openstack.org/23278 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-12-19Remove iptables forwarding rule for quantum-gateNachi Ueno
Original default fowarding rule drops all packet including the packets from quantum-dhcp. In this patch, we remove forwarding rule Change-Id: I68ec7440595a158e0a5f572868f37f54f5ffa1ba Reviewed-on: https://review.openstack.org/18353 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2012-11-30Make iptables additional rules a list.James E. Blair
A list of iptables commands that come after the "-A OPENSTACK-INPUT" bit. Change-Id: Iee595d9267738365c208f8ecb6f0fd4941b357e3 Reviewed-on: https://review.openstack.org/17172 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-13Puppet lint fixesPaul Belanger
Change-Id: I00cfd6765bf3f7acd44263347655228d5a839852 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/15844 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-23Add cacti host.James E. Blair
Change-Id: I67cc116ad8a2b2586856965ae1e341d735d69fd3 Reviewed-on: https://review.openstack.org/14582 Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-11Add ipv6 functionality to iptables module.Clark Boylan
Rackspace nova cloud supports ipv6. Add ip6tables support to the iptables module so that we can take advantage of ipv6 on this cloud platform. Change-Id: I628b7c71ff486a925cdb3d44277cca0d6ae7c985 Reviewed-on: https://review.openstack.org/14315 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-10style edits to puppet config filesMatthew Wagoner
Change-Id: I4f7314bcb1cb58f94ff7a78aebe27ec4591fc11c Reviewed-on: https://review.openstack.org/14187 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-03-09Remove trailing whitespaces in regular fileHengqing Hu
Change-Id: I06d4ed2a8153820f7253c6602bfa8c05af59e06f
2012-02-15Add bzr to iptablesAndrew Hutchings
Adds bzr to jenkins iptables Adds symlink for rules.v4 to rules Change-Id: I058cccde7e39860655c3762ca06e2bd5d93f3a1c
2011-08-08Add iptables module and rules to puppet.James E. Blair
Change-Id: I3ed4896dd13f0de26c287a34f8a8e858d21a4634