Added baremetal-firewall task
Change-Id: I779ee600b86c76cf7608e3e75d3d85619777464d
This commit is contained in:
parent
52332c62fa
commit
0f67fad0ed
|
@ -0,0 +1,25 @@
|
|||
notice('MODULAR: ironic/baremetal-firewall.pp')
|
||||
|
||||
$network_scheme = hiera('network_scheme', {})
|
||||
prepare_network_config($network_scheme)
|
||||
$baremetal_int = get_network_role_property('ironic/baremetal', 'interface')
|
||||
$nodes_hash = hiera('nodes', {})
|
||||
$roles = node_roles($nodes_hash, hiera('uid'))
|
||||
|
||||
if ! member($roles, 'controller') or ! member($roles, 'primary-controller') or ! member($roles, 'ironic') {
|
||||
firewallchain { 'baremetal:filter:IPv4':
|
||||
ensure => present,
|
||||
} ->
|
||||
firewall { '999 drop all':
|
||||
chain => 'baremetal',
|
||||
action => 'drop',
|
||||
proto => 'all',
|
||||
} ->
|
||||
firewall {'00 baremetal-filter ':
|
||||
proto => 'all',
|
||||
iniface => $baremetal_int,
|
||||
jump => 'baremetal',
|
||||
require => Class['openstack::firewall'],
|
||||
}
|
||||
class { 'openstack::firewall':}
|
||||
}
|
|
@ -85,7 +85,7 @@
|
|||
- id: ironic-network-conductor
|
||||
groups: ['ironic']
|
||||
type: puppet
|
||||
required_for: [deploy_end, ironic-conductor]
|
||||
required_for: [ironic-conductor]
|
||||
requires: [hosts, firewall]
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/network-conductor.pp
|
||||
|
@ -112,6 +112,16 @@
|
|||
puppet_modules: puppet/modules:/etc/puppet/modules
|
||||
timeout: 3600
|
||||
|
||||
- id: baremetal-firewall
|
||||
role: '*'
|
||||
type: puppet
|
||||
required_for: [post_deployment_end]
|
||||
requires: [post_deployment_start]
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/baremetal-firewall.pp
|
||||
puppet_modules: puppet/modules:/etc/puppet/modules
|
||||
timeout: 3600
|
||||
|
||||
- id: ironic
|
||||
type: group
|
||||
role: [ironic]
|
||||
|
|
Loading…
Reference in New Issue