Revert "Create usefull security groups by default"
This reverts commit 57fdc97653
.
Closes-Bug: #1570862
Change-Id: I7c734f2797a0614c1e10b792a681c99e18408515
This commit is contained in:
parent
ccc1919c42
commit
5ff7b13dff
|
@ -1 +0,0 @@
|
|||
include ::openstack_tasks::openstack_controller::security_group
|
|
@ -54,14 +54,3 @@
|
|||
puppet_manifest: /etc/puppet/modules/openstack_tasks/examples/openstack-controller/keystone.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 1800
|
||||
|
||||
- id: nova-security-group
|
||||
type: puppet
|
||||
version: 2.0.0
|
||||
groups: [primary-controller]
|
||||
required_for: [deploy_end]
|
||||
requires: [primary-openstack-controller]
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/openstack_tasks/examples/openstack-controller/security-group.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 1800
|
||||
|
|
|
@ -1,72 +0,0 @@
|
|||
# Copyright (C) 2015-2016 Mirantis
|
||||
|
||||
class openstack_tasks::openstack_controller::security_group {
|
||||
notice('MODULAR: openstack_controller/security_group.pp')
|
||||
|
||||
$nova_hash = hiera_hash('nova', {})
|
||||
|
||||
if pick($nova_hash['create_default_security_groups'], true) {
|
||||
Nova_security_rule {
|
||||
ensure => present,
|
||||
ip_protocol => 'tcp',
|
||||
ip_range => '0.0.0.0/0',
|
||||
}
|
||||
|
||||
nova_security_group { 'global_http':
|
||||
ensure => present,
|
||||
description => 'Allow HTTP traffic'
|
||||
}
|
||||
|
||||
nova_security_rule { 'http_01':
|
||||
from_port => '80',
|
||||
to_port => '80',
|
||||
security_group => 'global_http'
|
||||
}
|
||||
|
||||
nova_security_rule { 'http_02':
|
||||
from_port => '443',
|
||||
to_port => '443',
|
||||
security_group => 'global_http'
|
||||
}
|
||||
|
||||
nova_security_group { 'global_ssh':
|
||||
ensure => present,
|
||||
description => 'Allow SSH traffic'
|
||||
}
|
||||
|
||||
nova_security_rule { 'ssh_01':
|
||||
from_port => '22',
|
||||
to_port => '22',
|
||||
security_group => 'global_ssh'
|
||||
}
|
||||
|
||||
nova_security_group { 'allow_all':
|
||||
ensure => present,
|
||||
description => 'Allow all traffic'
|
||||
}
|
||||
|
||||
nova_security_rule { 'all_01':
|
||||
from_port => '1',
|
||||
to_port => '65535',
|
||||
security_group => 'allow_all'
|
||||
}
|
||||
|
||||
nova_security_rule { 'all_02':
|
||||
ip_protocol => 'udp',
|
||||
from_port => '1',
|
||||
to_port => '65535',
|
||||
security_group => 'allow_all'
|
||||
}
|
||||
|
||||
nova_security_rule { 'all_03':
|
||||
ip_protocol => 'icmp',
|
||||
from_port => '1',
|
||||
to_port => '255',
|
||||
security_group => 'allow_all'
|
||||
}
|
||||
} else {
|
||||
nova_security_group { ['global_http', 'global_ssh', 'allow_all']:
|
||||
ensure => absent
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,69 +0,0 @@
|
|||
require 'spec_helper'
|
||||
require 'shared-examples'
|
||||
manifest = 'openstack-controller/security-group.pp'
|
||||
|
||||
describe manifest do
|
||||
|
||||
shared_examples 'catalog' do
|
||||
it 'should create default security groups' do
|
||||
if Noop.puppet_function('pick', nova_hash['create_default_security_groups'], true)
|
||||
should contain_nova_security_group('global_http')
|
||||
|
||||
should contain_nova_security_rule('http_01').with(
|
||||
'ip_protocol' => 'tcp',
|
||||
'from_port' => '80',
|
||||
'to_port' => '80',
|
||||
'ip_range' => '0.0.0.0/0',
|
||||
'security_group' => 'global_http'
|
||||
)
|
||||
should contain_nova_security_rule('http_02').with(
|
||||
'ip_protocol' => 'tcp',
|
||||
'from_port' => '443',
|
||||
'to_port' => '443',
|
||||
'ip_range' => '0.0.0.0/0',
|
||||
'security_group' => 'global_http'
|
||||
)
|
||||
|
||||
should contain_nova_security_group('global_ssh')
|
||||
|
||||
should contain_nova_security_rule('ssh_01').with(
|
||||
'ip_protocol' => 'tcp',
|
||||
'from_port' => '22',
|
||||
'to_port' => '22',
|
||||
'ip_range' => '0.0.0.0/0',
|
||||
'security_group' => 'global_ssh'
|
||||
)
|
||||
|
||||
should contain_nova_security_group('allow_all')
|
||||
|
||||
should contain_nova_security_rule('all_01').with(
|
||||
'ip_protocol' => 'tcp',
|
||||
'from_port' => '1',
|
||||
'to_port' => '65535',
|
||||
'ip_range' => '0.0.0.0/0',
|
||||
'security_group' => 'allow_all'
|
||||
)
|
||||
should contain_nova_security_rule('all_02').with(
|
||||
'ip_protocol' => 'udp',
|
||||
'from_port' => '1',
|
||||
'to_port' => '65535',
|
||||
'ip_range' => '0.0.0.0/0',
|
||||
'security_group' => 'allow_all'
|
||||
)
|
||||
should contain_nova_security_rule('all_03').with(
|
||||
'ip_protocol' => 'icmp',
|
||||
'from_port' => '1',
|
||||
'to_port' => '255',
|
||||
'ip_range' => '0.0.0.0/0',
|
||||
'security_group' => 'allow_all'
|
||||
)
|
||||
else
|
||||
should contain_nova_security_group('global_http').with('ensure' => 'absent')
|
||||
should contain_nova_security_group('global_ssh').with('ensure' => 'absent')
|
||||
should contain_nova_security_group('allow_all').with('ensure' => 'absent')
|
||||
end
|
||||
end
|
||||
end # end of shared_examples
|
||||
|
||||
test_ubuntu_and_centos manifest
|
||||
end
|
Loading…
Reference in New Issue