Add extra node template that disables port security on all ports

This allows for use of arbitrary services on the extra node, but does require the instance to be responsible for its own firewalling.
2018-09-13 18:06:53 -05:00 · 2018-09-13 18:06:53 -05:00 · e8d820ae81
parent f0e22b7292
commit e8d820ae81
1 changed files with 64 additions and 0 deletions
--- a/templates/baremetal-ports-extra-node-port-security-all.yaml
+++ b/templates/baremetal-ports-extra-node-port-security-all.yaml
@ -0,0 +1,64 @@
+heat_template_version: 2015-10-15
+
+parameters:
+
+  baremetal_prefix:
+    type: string
+
+  provision_net:
+    type: string
+
+  public_net:
+    type: string
+    description: Name of external network
+    default: public
+
+  private_net:
+    type: string
+
+  suffix:
+    type: string
+
+resources:
+
+  private_port:
+    type: OS::Neutron::Port
+    properties:
+      name:
+        list_join:
+        - ''
+        - - private_
+          - {get_param: baremetal_prefix}
+          - {get_param: suffix}
+      network: {get_param: private_net}
+      port_security_enabled: False
+
+  provision_port:
+    type: OS::Neutron::Port
+    properties:
+      name:
+        list_join:
+        - ''
+        - - {get_param: baremetal_prefix}
+          - {get_param: suffix}
+      network: {get_param: provision_net}
+      port_security_enabled: False
+
+  public_port:
+    type: OS::Neutron::Port
+    properties:
+      name:
+        list_join:
+        - ''
+        - - public_
+          - {get_param: baremetal_prefix}
+          - {get_param: suffix}
+      network: {get_param: public_net}
+      port_security_enabled: False
+
+outputs:
+  ports:
+    value:
+    - {port: {get_resource: private_port}}
+    - {port: {get_resource: provision_port}}
+    - {port: {get_resource: public_port}}