Revert "Create usefull security groups by default"

This reverts commit 57fdc97653. Closes-Bug: #1570862 Change-Id: I7c734f2797a0614c1e10b792a681c99e18408515
2016-04-18 12:21:51 +00:00 · 2016-04-18 12:21:51 +00:00 · 5ff7b13dff
parent ccc1919c42
commit 5ff7b13dff
4 changed files with 0 additions and 153 deletions
--- a/deployment/puppet/openstack_tasks/examples/openstack-controller/security-group.pp
+++ b/deployment/puppet/openstack_tasks/examples/openstack-controller/security-group.pp
@ -1 +0,0 @@
-include ::openstack_tasks::openstack_controller::security_group
--- a/deployment/puppet/openstack_tasks/examples/openstack-controller/tasks.yaml
+++ b/deployment/puppet/openstack_tasks/examples/openstack-controller/tasks.yaml
@ -54,14 +54,3 @@
    puppet_manifest: /etc/puppet/modules/openstack_tasks/examples/openstack-controller/keystone.pp
    puppet_modules: /etc/puppet/modules
    timeout: 1800
-
- id: nova-security-group
-  type: puppet
-  version: 2.0.0
-  groups: [primary-controller]
-  required_for: [deploy_end]
-  requires: [primary-openstack-controller]
-  parameters:
-    puppet_manifest: /etc/puppet/modules/openstack_tasks/examples/openstack-controller/security-group.pp
-    puppet_modules: /etc/puppet/modules
-    timeout: 1800
--- a/deployment/puppet/openstack_tasks/manifests/openstack_controller/security_group.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_controller/security_group.pp
@ -1,72 +0,0 @@
-# Copyright (C) 2015-2016 Mirantis
-
-class openstack_tasks::openstack_controller::security_group {
-  notice('MODULAR: openstack_controller/security_group.pp')
-
-  $nova_hash = hiera_hash('nova', {})
-
-  if pick($nova_hash['create_default_security_groups'], true) {
-    Nova_security_rule {
-      ensure      => present,
-      ip_protocol => 'tcp',
-      ip_range    => '0.0.0.0/0',
-    }
-
-    nova_security_group { 'global_http':
-      ensure      => present,
-      description => 'Allow HTTP traffic'
-    }
-
-    nova_security_rule { 'http_01':
-      from_port => '80',
-      to_port => '80',
-      security_group => 'global_http'
-    }
-
-    nova_security_rule { 'http_02':
-      from_port => '443',
-      to_port => '443',
-      security_group => 'global_http'
-    }
-
-    nova_security_group { 'global_ssh':
-      ensure      => present,
-      description => 'Allow SSH traffic'
-    }
-
-    nova_security_rule { 'ssh_01':
-      from_port => '22',
-      to_port => '22',
-      security_group => 'global_ssh'
-    }
-
-    nova_security_group { 'allow_all':
-      ensure      => present,
-      description => 'Allow all traffic'
-    }
-
-    nova_security_rule { 'all_01':
-      from_port => '1',
-      to_port => '65535',
-      security_group => 'allow_all'
-    }
-
-    nova_security_rule { 'all_02':
-      ip_protocol => 'udp',
-      from_port => '1',
-      to_port => '65535',
-      security_group => 'allow_all'
-    }
-
-    nova_security_rule { 'all_03':
-      ip_protocol => 'icmp',
-      from_port => '1',
-      to_port => '255',
-      security_group => 'allow_all'
-    }
-  } else {
-    nova_security_group { ['global_http', 'global_ssh', 'allow_all']:
-      ensure => absent
-    }
-  }
-}
--- a/tests/noop/spec/hosts/openstack-controller/security-group_spec.rb
+++ b/tests/noop/spec/hosts/openstack-controller/security-group_spec.rb
@ -1,69 +0,0 @@
-require 'spec_helper'
-require 'shared-examples'
-manifest = 'openstack-controller/security-group.pp'
-
-describe manifest do
-
-  shared_examples 'catalog' do
-    it 'should create default security groups' do
-      if Noop.puppet_function('pick', nova_hash['create_default_security_groups'], true)
-        should contain_nova_security_group('global_http')
-
-        should contain_nova_security_rule('http_01').with(
-          'ip_protocol' => 'tcp',
-          'from_port' => '80',
-          'to_port' => '80',
-          'ip_range' => '0.0.0.0/0',
-          'security_group' => 'global_http'
-        )
-        should contain_nova_security_rule('http_02').with(
-          'ip_protocol' => 'tcp',
-          'from_port' => '443',
-          'to_port' => '443',
-          'ip_range' => '0.0.0.0/0',
-          'security_group' => 'global_http'
-        )
-
-        should contain_nova_security_group('global_ssh')
-
-        should contain_nova_security_rule('ssh_01').with(
-          'ip_protocol' => 'tcp',
-          'from_port' => '22',
-          'to_port' => '22',
-          'ip_range' => '0.0.0.0/0',
-          'security_group' => 'global_ssh'
-        )
-
-        should contain_nova_security_group('allow_all')
-
-        should contain_nova_security_rule('all_01').with(
-          'ip_protocol' => 'tcp',
-          'from_port' => '1',
-          'to_port' => '65535',
-          'ip_range' => '0.0.0.0/0',
-          'security_group' => 'allow_all'
-        )
-        should contain_nova_security_rule('all_02').with(
-          'ip_protocol' => 'udp',
-          'from_port' => '1',
-          'to_port' => '65535',
-          'ip_range' => '0.0.0.0/0',
-          'security_group' => 'allow_all'
-        )
-        should contain_nova_security_rule('all_03').with(
-          'ip_protocol' => 'icmp',
-          'from_port' => '1',
-          'to_port' => '255',
-          'ip_range' => '0.0.0.0/0',
-          'security_group' => 'allow_all'
-        )
-      else
-        should contain_nova_security_group('global_http').with('ensure' => 'absent')
-        should contain_nova_security_group('global_ssh').with('ensure' => 'absent')
-        should contain_nova_security_group('allow_all').with('ensure' => 'absent')
-      end
-    end
-  end # end of shared_examples
-
-  test_ubuntu_and_centos manifest
-end
				`@ -1 +0,0 @@`
				`include ::openstack_tasks::openstack_controller::security_group`