From b00b07af7e7fd507498190674501ce072f71b16e Mon Sep 17 00:00:00 2001 From: karolinku Date: Tue, 5 Sep 2023 09:50:13 +0200 Subject: [PATCH] The `action` attribute within the `firewall` type has been removed. v7.0.0 of firwall module is introducing several changes, as described in [1]. This commit is adjusting manifests to this change. [1] https://github.com/puppetlabs/puppetlabs-firewall/commit/8ea5f45d0040675815f4c0d51fd6716ab5cbe896 Change-Id: I31a04a83e2844fa1ec53a27fccd15fb64cafacb0 --- .../puppet/modules/packstack/manifests/firewall.pp | 10 +++++----- .../puppet/modules/packstack/manifests/horizon.pp | 2 +- .../modules/packstack/manifests/nova/vncproxy.pp | 2 +- .../modules/packstack/manifests/provision/bridge.pp | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/packstack/puppet/modules/packstack/manifests/firewall.pp b/packstack/puppet/modules/packstack/manifests/firewall.pp index 6ec9a215a..b8e2847cc 100644 --- a/packstack/puppet/modules/packstack/manifests/firewall.pp +++ b/packstack/puppet/modules/packstack/manifests/firewall.pp @@ -11,7 +11,7 @@ define packstack::firewall ( ) { $ip_version = lookup('CONFIG_IP_VERSION') - $provider = $ip_version ? { + $protocol = $ip_version ? { 'ipv6' => 'ip6tables', default => 'iptables', # TO-DO(mmagr): Add IPv6 support when hostnames are used @@ -34,9 +34,9 @@ define packstack::firewall ( firewall { "001 ${service_name} ${heading} ${title}": chain => $chain, proto => $proto, - action => 'accept', + jump => 'accept', source => $source, - provider => $provider, + protocol => $protocol, } } else { @@ -44,9 +44,9 @@ define packstack::firewall ( chain => $chain, proto => $proto, dport => $ports, - action => 'accept', + jump => 'accept', source => $source, - provider => $provider, + protocol => $protocol, } } } diff --git a/packstack/puppet/modules/packstack/manifests/horizon.pp b/packstack/puppet/modules/packstack/manifests/horizon.pp index b2193b8ff..5cbb70b5c 100644 --- a/packstack/puppet/modules/packstack/manifests/horizon.pp +++ b/packstack/puppet/modules/packstack/manifests/horizon.pp @@ -67,7 +67,7 @@ class packstack::horizon () firewall { "001 horizon ${firewall_port} incoming": proto => 'tcp', dport => [$firewall_port], - action => 'accept', + jump => 'accept', } if str2bool($::selinux) { diff --git a/packstack/puppet/modules/packstack/manifests/nova/vncproxy.pp b/packstack/puppet/modules/packstack/manifests/nova/vncproxy.pp index 7e418b0ab..83bf2afbf 100644 --- a/packstack/puppet/modules/packstack/manifests/nova/vncproxy.pp +++ b/packstack/puppet/modules/packstack/manifests/nova/vncproxy.pp @@ -14,6 +14,6 @@ class packstack::nova::vncproxy () firewall { '001 novncproxy incoming': proto => 'tcp', dport => ['6080'], - action => 'accept', + jump => 'accept', } } diff --git a/packstack/puppet/modules/packstack/manifests/provision/bridge.pp b/packstack/puppet/modules/packstack/manifests/provision/bridge.pp index b47aa9d0c..6fdd0c3e9 100644 --- a/packstack/puppet/modules/packstack/manifests/provision/bridge.pp +++ b/packstack/puppet/modules/packstack/manifests/provision/bridge.pp @@ -43,14 +43,14 @@ class packstack::provision::bridge () if $public_bridge_name != '' { firewall { '000 forward out': chain => 'FORWARD', - action => 'accept', + jump => 'accept', outiface => $public_bridge_name, proto => 'all', } firewall { '000 forward in': chain => 'FORWARD', - action => 'accept', + jump => 'accept', iniface => $public_bridge_name, proto => 'all', }