Convert dynamic lookups to use colon notation
With the upgrade to puppet 5, we can no longer use dots in the hieradata key lookups. This change updates the THT for firewall_rules, haproxy_endpoints and haproxy_userlists to use the colon notation. Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878 Related-Bug: #1803024
This commit is contained in:
Alex Schultz
parent
117d8e966f
commit
fb0e8f62fc
ci/environments
deployment/timesync
docker/services
extraconfig/services
puppet/services
aodh-api.yamlbarbican-api.yamlcinder-api.yamlcinder-volume.yamlcongress.yaml
database
designate-api.yamldesignate-mdns.yamldesignate-worker.yamldocker-registry.yamlec2-api.yamletcd.yamlglance-api.yamlgnocchi-api.yamlgnocchi-statsd.yamlhaproxy.yamlheat-api-cfn.yamlheat-api.yamlhorizon.yamlironic-api.yamlironic-conductor.yamlironic-inspector.yamlkeepalived.yamlkeystone.yamlmanila-api.yamlmemcached.yamlmessaging
mistral-api.yamlneutron-api.yamlneutron-compute-plugin-nuage.yamlneutron-dhcp.yamlneutron-l2gw-agent.yamlneutron-l3.yamlneutron-ovs-agent.yamlneutron-ovs-dpdk-agent.yamlnova-api.yamlnova-libvirt.yamlnova-metadata.yamlnova-migration-target.yamlnova-placement.yamlnova-vnc-proxy.yamloctavia-api.yamloctavia-health-manager.yamlopendaylight-api.yamlopendaylight-ovs.yamlovn-controller.yamlovn-dbs.yamlpacemaker.yamlpacemaker_remote.yamlpanko-api.yamlqdr.yamlrabbitmq.yamlsahara-api.yamlsnmp.yamlswift-proxy.yamlswift-storage.yamltacker.yamltime
zaqar-api.yamlreleasenotes/notes
@ -31,7 +31,7 @@ outputs:
|
||||
value:
|
||||
service_name: multinode_core
|
||||
config_settings:
|
||||
tripleo.core.firewall_rules:
|
||||
tripleo::core::firewall_rules:
|
||||
'999 core':
|
||||
proto: 'udp'
|
||||
dport:
|
||||
|
||||
@ -107,7 +107,7 @@ outputs:
|
||||
value:
|
||||
service_name: chrony
|
||||
config_settings:
|
||||
tripleo.ntp.firewall_rules:
|
||||
tripleo::ntp::firewall_rules:
|
||||
'105 ntp':
|
||||
dport: 123
|
||||
proto: udp
|
||||
|
||||
@ -104,7 +104,7 @@ outputs:
|
||||
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- tripleo.ceph_mds.firewall_rules:
|
||||
- tripleo::ceph_mds::firewall_rules:
|
||||
'112 ceph_mds':
|
||||
dport:
|
||||
- '6800-7300'
|
||||
|
||||
@ -79,7 +79,7 @@ outputs:
|
||||
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- tripleo.ceph_mgr.firewall_rules:
|
||||
- tripleo::ceph_mgr::firewall_rules:
|
||||
'113 ceph_mgr':
|
||||
dport:
|
||||
- '6800-7300'
|
||||
|
||||
@ -97,7 +97,7 @@ outputs:
|
||||
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- tripleo.ceph_mon.firewall_rules:
|
||||
- tripleo::ceph_mon::firewall_rules:
|
||||
'110 ceph_mon':
|
||||
dport:
|
||||
- 6789
|
||||
|
||||
@ -92,7 +92,7 @@ outputs:
|
||||
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- tripleo.ceph_nfs.firewall_rules:
|
||||
- tripleo::ceph_nfs::firewall_rules:
|
||||
'120 ceph_nfs':
|
||||
dport:
|
||||
# We support only NFS 4.1 to start
|
||||
|
||||
@ -93,7 +93,7 @@ outputs:
|
||||
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- tripleo.ceph_osd.firewall_rules:
|
||||
- tripleo::ceph_osd::firewall_rules:
|
||||
'111 ceph_osd':
|
||||
dport:
|
||||
- '6800-7300'
|
||||
|
||||
@ -106,7 +106,7 @@ outputs:
|
||||
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- tripleo.ceph_rbdmirror.firewall_rules:
|
||||
- tripleo::ceph_rbdmirror::firewall_rules:
|
||||
'114 ceph_rbdmirror':
|
||||
dport:
|
||||
- '6800-7300'
|
||||
|
||||
@ -90,7 +90,7 @@ outputs:
|
||||
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- tripleo.ceph_rgw.firewall_rules:
|
||||
- tripleo::ceph_rgw::firewall_rules:
|
||||
'122 ceph rgw':
|
||||
dport: {get_param: [EndpointMap, CephRgwInternal, port]}
|
||||
- {}
|
||||
|
||||
@ -92,7 +92,7 @@ outputs:
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
||||
tripleo::profile::base::designate::api::listen_port: 9001
|
||||
tripleo.designate_api.firewall_rules:
|
||||
tripleo::designate_api::firewall_rules:
|
||||
'139 designate api':
|
||||
dport:
|
||||
- 9001
|
||||
|
||||
@ -61,7 +61,7 @@ outputs:
|
||||
config_settings:
|
||||
map_merge:
|
||||
- {get_attr: [QdrouterdBase, role_data, config_settings]}
|
||||
- tripleo.oslo_messaging_rpc.firewall_rules:
|
||||
- tripleo::oslo_messaging_rpc::firewall_rules:
|
||||
'109 qdrouterd':
|
||||
dport:
|
||||
- 5672
|
||||
|
||||
@ -132,7 +132,7 @@ outputs:
|
||||
tripleo_fluentd_sources_metrics_qdr:
|
||||
- {get_param: MetricsQdrLoggingSource}
|
||||
config_settings:
|
||||
tripleo.metrics_qdr.firewall_rules:
|
||||
tripleo::metrics_qdr::firewall_rules:
|
||||
'109 metrics qdr':
|
||||
dport:
|
||||
- {get_param: MetricsQdrPort}
|
||||
|
||||
@ -84,7 +84,7 @@ outputs:
|
||||
- get_attr: [NovaMetadataBase, role_data, config_settings]
|
||||
- get_attr: [NovaMetadataLogging, config_settings]
|
||||
- apache::default_vhost: false
|
||||
- tripleo.nova_metadata.firewall_rules:
|
||||
- tripleo::nova_metadata::firewall_rules:
|
||||
if:
|
||||
- need_metadata_nat_rule
|
||||
- '144 undercloud metadata nat':
|
||||
|
||||
@ -112,7 +112,7 @@ outputs:
|
||||
nova::metadata::novajoin::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::metadata::novajoin::authtoken::password: {get_param: NovajoinPassword}
|
||||
nova::metadata::novajoin::authtoken::project_name: 'service'
|
||||
tripleo.novajoin.firewall_rules:
|
||||
tripleo::novajoin::firewall_rules:
|
||||
'119 novajoin':
|
||||
dport:
|
||||
- 9090
|
||||
|
||||
@ -45,7 +45,7 @@ resources:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
# We import from the corresponding docker service because otherwise we risk
|
||||
# rewriting the tripleo.mysql.firewall_rules key with the baremetal firewall
|
||||
# rewriting the tripleo::mysql::firewall_rules key with the baremetal firewall
|
||||
# rules (see LP#1728918)
|
||||
MysqlPuppetBase:
|
||||
type: ../../../docker/services/pacemaker/database/mysql.yaml
|
||||
|
||||
@ -102,7 +102,7 @@ outputs:
|
||||
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
|
||||
- 'pcmklatest'
|
||||
tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
|
||||
tripleo.mysql.firewall_rules:
|
||||
tripleo::mysql::firewall_rules:
|
||||
'104 mysql galera-bundle':
|
||||
dport:
|
||||
- 873
|
||||
|
||||
@ -98,7 +98,7 @@ outputs:
|
||||
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
|
||||
- 'pcmklatest'
|
||||
tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124
|
||||
tripleo.redis.firewall_rules:
|
||||
tripleo::redis::firewall_rules:
|
||||
'108 redis-bundle':
|
||||
dport:
|
||||
- 3124
|
||||
|
||||
@ -92,7 +92,7 @@ outputs:
|
||||
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
|
||||
- 'pcmklatest'
|
||||
tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
|
||||
tripleo.oslo_messaging_notify.firewall_rules:
|
||||
tripleo::oslo_messaging_notify::firewall_rules:
|
||||
'109 rabbitmq-bundle':
|
||||
dport:
|
||||
- 3122
|
||||
|
||||
@ -91,7 +91,7 @@ outputs:
|
||||
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
|
||||
- 'pcmklatest'
|
||||
tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
|
||||
tripleo.rabbitmq.firewall_rules:
|
||||
tripleo::rabbitmq::firewall_rules:
|
||||
'109 rabbitmq-bundle':
|
||||
dport:
|
||||
- 3122
|
||||
|
||||
@ -92,7 +92,7 @@ outputs:
|
||||
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
|
||||
- 'pcmklatest'
|
||||
tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
|
||||
tripleo.oslo_messaging_rpc.firewall_rules:
|
||||
tripleo::oslo_messaging_rpc::firewall_rules:
|
||||
'109 rabbitmq-bundle':
|
||||
dport:
|
||||
- 3122
|
||||
|
||||
@ -45,7 +45,7 @@ outputs:
|
||||
value:
|
||||
service_name: ipsec
|
||||
config_settings:
|
||||
tripleo.ipsec.firewall_rules:
|
||||
tripleo::ipsec::firewall_rules:
|
||||
'100 IPSEC IKE INPUT':
|
||||
dport: 500
|
||||
sport: 500
|
||||
|
||||
@ -44,7 +44,7 @@ outputs:
|
||||
value:
|
||||
service_name: kubernetes_master
|
||||
config_settings:
|
||||
tripleo.kubernetes_master.firewall_rules:
|
||||
tripleo::kubernetes_master::firewall_rules:
|
||||
'200 kubernetes-master api':
|
||||
dport: 6443
|
||||
proto: tcp
|
||||
|
||||
@ -42,7 +42,7 @@ outputs:
|
||||
# kubernetes-master service template.
|
||||
service_name: kubernetes_worker
|
||||
config_settings:
|
||||
tripleo.kubernetes_worker.firewall_rules:
|
||||
tripleo::kubernetes_worker::firewall_rules:
|
||||
'200 kubernetes-worker kubelet':
|
||||
dport:
|
||||
- 10250
|
||||
|
||||
@ -63,7 +63,7 @@ outputs:
|
||||
step_config: ''
|
||||
docker_config: {}
|
||||
config_settings:
|
||||
tripleo.skydive_analyzer.firewall_rules:
|
||||
tripleo::skydive_analyzer::firewall_rules:
|
||||
'150 skydive_analyzer':
|
||||
dport: 8082
|
||||
proto: tcp
|
||||
|
||||
@ -91,7 +91,7 @@ outputs:
|
||||
aodh::api::enable_proxy_headers_parsing: true
|
||||
aodh::api::gnocchi_external_project_owner: {get_param: GnocchiExternalProject}
|
||||
aodh::policy::policies: {get_param: AodhApiPolicies}
|
||||
tripleo.aodh_api.firewall_rules:
|
||||
tripleo::aodh_api::firewall_rules:
|
||||
'128 aodh-api':
|
||||
dport:
|
||||
- 8042
|
||||
|
||||
@ -156,7 +156,7 @@ outputs:
|
||||
query:
|
||||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
tripleo.barbican_api.firewall_rules:
|
||||
tripleo::barbican_api::firewall_rules:
|
||||
'117 barbican':
|
||||
dport:
|
||||
- 9311
|
||||
|
||||
@ -127,7 +127,7 @@ outputs:
|
||||
DEFAULT/swift_catalog_info:
|
||||
value: 'object-store:swift:internalURL'
|
||||
tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
|
||||
tripleo.cinder_api.firewall_rules:
|
||||
tripleo::cinder_api::firewall_rules:
|
||||
'119 cinder':
|
||||
dport:
|
||||
- 8776
|
||||
|
||||
@ -174,7 +174,7 @@ outputs:
|
||||
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools: {get_param: CinderRbdExtraPools}
|
||||
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_secret_uuid: {get_param: CephClusterFSID}
|
||||
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName}
|
||||
tripleo.cinder_volume.firewall_rules:
|
||||
tripleo::cinder_volume::firewall_rules:
|
||||
'120 iscsi initiator':
|
||||
dport: 3260
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
|
||||
@ -132,7 +132,7 @@ outputs:
|
||||
- '%'
|
||||
- {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||
congress::policy::policies: {get_param: CongressPolicies}
|
||||
tripleo.congress.firewall_rules:
|
||||
tripleo::congress::firewall_rules:
|
||||
'113 congress':
|
||||
dport:
|
||||
- 1789
|
||||
|
||||
@ -79,7 +79,7 @@ outputs:
|
||||
- tripleo::profile::base::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]}
|
||||
tripleo::profile::base::database::mongodb::memory_limit: {get_param: MongodbMemoryLimit}
|
||||
mongodb::server::service_manage: True
|
||||
tripleo.mongodb.firewall_rules:
|
||||
tripleo::mongodb::firewall_rules:
|
||||
'101 mongodb_config':
|
||||
dport: 27019
|
||||
'102 mongodb_sharding':
|
||||
|
||||
@ -83,7 +83,7 @@ outputs:
|
||||
mysql::server::package_name: 'mariadb-galera-server'
|
||||
mysql::server::manage_config_file: true
|
||||
mysql_ipv6: {get_param: MysqlIPv6}
|
||||
tripleo.mysql.firewall_rules:
|
||||
tripleo::mysql::firewall_rules:
|
||||
'104 mysql galera':
|
||||
dport:
|
||||
- 873
|
||||
|
||||
@ -58,7 +58,7 @@ outputs:
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RedisBase, role_data, config_settings]
|
||||
- tripleo.redis.firewall_rules:
|
||||
- tripleo::redis::firewall_rules:
|
||||
'108 redis':
|
||||
dport:
|
||||
- 6379
|
||||
|
||||
@ -90,7 +90,7 @@ outputs:
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
||||
tripleo::profile::base::designate::api::listen_port: 9001
|
||||
tripleo.designate_api.firewall_rules:
|
||||
tripleo::designate_api::firewall_rules:
|
||||
'139 designate api':
|
||||
dport:
|
||||
- 9001
|
||||
|
||||
@ -79,7 +79,7 @@ outputs:
|
||||
query:
|
||||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
tripleo.designate_mdns.firewall_rules:
|
||||
tripleo::designate_mdns::firewall_rules:
|
||||
'142 designate_mdns udp':
|
||||
proto: 'udp'
|
||||
dport:
|
||||
|
||||
@ -105,7 +105,7 @@ outputs:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
||||
tripleo.designate_worker.firewall_rules:
|
||||
tripleo::designate_worker::firewall_rules:
|
||||
'140 designate_worker udp':
|
||||
proto: 'udp'
|
||||
dport:
|
||||
|
||||
@ -44,7 +44,7 @@ outputs:
|
||||
value:
|
||||
service_name: docker_registry
|
||||
config_settings:
|
||||
tripleo.docker_registry.firewall_rules:
|
||||
tripleo::docker_registry::firewall_rules:
|
||||
'155 docker-registry':
|
||||
dport:
|
||||
- 8787
|
||||
|
||||
@ -99,7 +99,7 @@ outputs:
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [TLSProxyBase, role_data, config_settings]
|
||||
- tripleo.ec2_api.firewall_rules:
|
||||
- tripleo::ec2_api::firewall_rules:
|
||||
'113 ec2_api':
|
||||
dport:
|
||||
- 8788
|
||||
|
||||
@ -75,7 +75,7 @@ outputs:
|
||||
tripleo::profile::base::etcd::peer_port: '2380'
|
||||
etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken}
|
||||
etcd::manage_package: false
|
||||
tripleo.etcd.firewall_rules:
|
||||
tripleo::etcd::firewall_rules:
|
||||
'141 etcd':
|
||||
dport:
|
||||
- 2379
|
||||
|
||||
@ -246,7 +246,7 @@ outputs:
|
||||
- {get_param: Debug }
|
||||
- {get_param: GlanceDebug }
|
||||
glance::policy::policies: {get_param: GlanceApiPolicies}
|
||||
tripleo.glance_api.firewall_rules:
|
||||
tripleo::glance_api::firewall_rules:
|
||||
'112 glance_api':
|
||||
dport:
|
||||
- 9292
|
||||
|
||||
@ -114,7 +114,7 @@ outputs:
|
||||
- {}
|
||||
- gnocchi::cors::allowed_origin: {get_param: GnocchiCorsAllowedOrigin}
|
||||
gnocchi::api::middlewares: 'oslo_middleware.cors.CORS'
|
||||
- tripleo.gnocchi_api.firewall_rules:
|
||||
- tripleo::gnocchi_api::firewall_rules:
|
||||
'129 gnocchi-api':
|
||||
dport:
|
||||
- 8041
|
||||
|
||||
@ -54,7 +54,7 @@ outputs:
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [GnocchiServiceBase, role_data, config_settings]
|
||||
- tripleo.gnocchi_statsd.firewall_rules:
|
||||
- tripleo::gnocchi_statsd::firewall_rules:
|
||||
'140 gnocchi-statsd':
|
||||
dport: 8125
|
||||
proto: 'udp'
|
||||
|
||||
@ -136,7 +136,7 @@ outputs:
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- tripleo.haproxy.firewall_rules:
|
||||
- tripleo::haproxy::firewall_rules:
|
||||
'107 haproxy stats':
|
||||
dport: 1993
|
||||
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
|
||||
|
||||
@ -90,7 +90,7 @@ outputs:
|
||||
map_merge:
|
||||
- get_attr: [HeatBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- tripleo.heat_api_cfn.firewall_rules:
|
||||
- tripleo::heat_api_cfn::firewall_rules:
|
||||
'125 heat_cfn':
|
||||
dport:
|
||||
- 8000
|
||||
|
||||
@ -96,7 +96,7 @@ outputs:
|
||||
map_merge:
|
||||
- get_attr: [HeatBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- tripleo.heat_api.firewall_rules:
|
||||
- tripleo::heat_api::firewall_rules:
|
||||
'125 heat_api':
|
||||
dport:
|
||||
- 8004
|
||||
|
||||
@ -103,7 +103,7 @@ outputs:
|
||||
config_settings:
|
||||
map_merge:
|
||||
- horizon::allowed_hosts: {get_param: HorizonAllowedHosts}
|
||||
tripleo.horizon.firewall_rules:
|
||||
tripleo::horizon::firewall_rules:
|
||||
'126 horizon':
|
||||
dport:
|
||||
- 80
|
||||
@ -171,7 +171,7 @@ outputs:
|
||||
service: name=httpd state=stopped
|
||||
service_config_settings:
|
||||
haproxy:
|
||||
tripleo.horizon.firewall_rules:
|
||||
tripleo::horizon::firewall_rules:
|
||||
'127 horizon':
|
||||
dport:
|
||||
- 80
|
||||
|
||||
@ -139,7 +139,7 @@ outputs:
|
||||
ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
|
||||
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
||||
|
||||
tripleo.ironic_api.firewall_rules:
|
||||
tripleo::ironic_api::firewall_rules:
|
||||
'133 ironic api':
|
||||
dport:
|
||||
- 6385
|
||||
|
||||
@ -335,7 +335,7 @@ outputs:
|
||||
ironic::drivers::interfaces::enabled_vendor_interfaces: {get_param: IronicEnabledVendorInterfaces}
|
||||
ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface}
|
||||
ironic::drivers::interfaces::default_rescue_interface: {get_param: IronicDefaultRescueInterface}
|
||||
tripleo.ironic_conductor.firewall_rules:
|
||||
tripleo::ironic_conductor::firewall_rules:
|
||||
'134 ironic conductor TFTP':
|
||||
dport: 69
|
||||
proto: udp
|
||||
|
||||
@ -175,7 +175,7 @@ outputs:
|
||||
ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
|
||||
ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
|
||||
ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
||||
tripleo.ironic_inspector.firewall_rules:
|
||||
tripleo::ironic_inspector::firewall_rules:
|
||||
'137 ironic-inspector':
|
||||
dport:
|
||||
- 5050
|
||||
|
||||
@ -61,7 +61,7 @@ outputs:
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- tripleo.keepalived.firewall_rules:
|
||||
- tripleo::keepalived::firewall_rules:
|
||||
'106 keepalived vrrp':
|
||||
proto: vrrp
|
||||
-
|
||||
|
||||
@ -451,7 +451,7 @@ outputs:
|
||||
keystone::wsgi::apache::threads: 1
|
||||
keystone::db::database_db_max_retries: -1
|
||||
keystone::db::database_max_retries: -1
|
||||
tripleo.keystone.firewall_rules:
|
||||
tripleo::keystone::firewall_rules:
|
||||
'111 keystone':
|
||||
dport:
|
||||
- 5000
|
||||
|
||||
@ -68,7 +68,7 @@ outputs:
|
||||
manila::keystone::authtoken::project_name: 'service'
|
||||
manila::keystone::authtoken::user_domain_name: 'Default'
|
||||
manila::keystone::authtoken::project_domain_name: 'Default'
|
||||
tripleo.manila_api.firewall_rules:
|
||||
tripleo::manila_api::firewall_rules:
|
||||
'150 manila':
|
||||
dport:
|
||||
- 8786
|
||||
|
||||
@ -101,7 +101,7 @@ outputs:
|
||||
- 'v'
|
||||
- ''
|
||||
memcached::disable_cachedump: true
|
||||
tripleo.memcached.firewall_rules:
|
||||
tripleo::memcached::firewall_rules:
|
||||
'121 memcached':
|
||||
dport: 11211
|
||||
# https://access.redhat.com/security/cve/cve-2018-1000115
|
||||
|
||||
@ -84,7 +84,7 @@ outputs:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::default_user: {get_param: NotifyUserName}
|
||||
rabbitmq::default_pass: {get_param: NotifyPassword}
|
||||
tripleo.oslo_messaging_notify.firewall_rules:
|
||||
tripleo::oslo_messaging_notify::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
|
||||
@ -82,7 +82,7 @@ outputs:
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [QdrouterdServiceBase, role_data, config_settings]
|
||||
- tripleo.oslo_messaging_rpc.firewall_rules:
|
||||
- tripleo::oslo_messaging_rpc::firewall_rules:
|
||||
'109 qdrouterd':
|
||||
dport:
|
||||
- {get_param: RpcPort}
|
||||
|
||||
@ -85,7 +85,7 @@ outputs:
|
||||
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
|
||||
- rabbitmq::default_user: {get_param: RpcUserName}
|
||||
rabbitmq::default_pass: {get_param: RpcPassword}
|
||||
tripleo.oslo_messaging_rpc.firewall_rules:
|
||||
tripleo::oslo_messaging_rpc::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
|
||||
@ -106,7 +106,7 @@ outputs:
|
||||
mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
|
||||
mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
||||
mistral::api::allow_action_execution_deletion: true
|
||||
tripleo.mistral_api.firewall_rules:
|
||||
tripleo::mistral_api::firewall_rules:
|
||||
'133 mistral':
|
||||
dport:
|
||||
- 8989
|
||||
|
||||
@ -184,7 +184,7 @@ outputs:
|
||||
neutron::keystone::authtoken::project_domain_name: 'Default'
|
||||
neutron::quota::quota_port: {get_param: NeutronPortQuota}
|
||||
neutron::server::sync_db: true
|
||||
tripleo.neutron_api.firewall_rules:
|
||||
tripleo::neutron_api::firewall_rules:
|
||||
'114 neutron api':
|
||||
dport:
|
||||
- 9696
|
||||
|
||||
@ -96,7 +96,7 @@ outputs:
|
||||
tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service'
|
||||
tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword}
|
||||
tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]}
|
||||
tripleo.neutron_compute_plugin_nuage.firewall_rules:
|
||||
tripleo::neutron_compute_plugin_nuage::firewall_rules:
|
||||
'118 neutron vxlan networks':
|
||||
proto: 'udp'
|
||||
dport: 4789
|
||||
|
||||
@ -126,7 +126,7 @@ outputs:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug}
|
||||
- {get_param: NeutronDhcpAgentDebug}
|
||||
tripleo.neutron_dhcp.firewall_rules:
|
||||
tripleo::neutron_dhcp::firewall_rules:
|
||||
'115 neutron dhcp input':
|
||||
proto: 'udp'
|
||||
dport: 67
|
||||
|
||||
@ -99,7 +99,7 @@ outputs:
|
||||
-
|
||||
if:
|
||||
- internal_manager_enabled
|
||||
- tripleo.neutron_l2gw_agent.firewall_rules:
|
||||
- tripleo::neutron_l2gw_agent::firewall_rules:
|
||||
'142 neutron l2gw agent input':
|
||||
proto: 'tcp'
|
||||
dport: {get_param: L2gwAgentManagerTableListeningPort}
|
||||
|
||||
@ -116,7 +116,7 @@ outputs:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug}
|
||||
- {get_param: NeutronL3AgentDebug}
|
||||
tripleo.neutron_l3.firewall_rules:
|
||||
tripleo::neutron_l3::firewall_rules:
|
||||
'106 neutron_l3 vrrp':
|
||||
proto: vrrp
|
||||
-
|
||||
|
||||
@ -153,7 +153,7 @@ outputs:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
tripleo.neutron_ovs_agent.firewall_rules:
|
||||
tripleo::neutron_ovs_agent::firewall_rules:
|
||||
'118 neutron vxlan networks':
|
||||
proto: 'udp'
|
||||
dport: 4789
|
||||
|
||||
@ -115,7 +115,7 @@ outputs:
|
||||
- map_replace:
|
||||
- get_attr: [NeutronOvsAgent, role_data, config_settings]
|
||||
- keys:
|
||||
tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules
|
||||
tripleo::neutron_ovs_agent::firewall_rules: tripleo::neutron_ovs_dpdk_agent::firewall_rules
|
||||
- neutron::agents::ml2::ovs::enable_dpdk: true
|
||||
- get_attr: [Ovs, role_data, config_settings]
|
||||
- get_attr: [RoleParametersValue, value]
|
||||
|
||||
@ -148,7 +148,7 @@ outputs:
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- nova::cron::archive_deleted_rows::hour: '*/12'
|
||||
nova::cron::archive_deleted_rows::destination: '/dev/null'
|
||||
tripleo.nova_api.firewall_rules:
|
||||
tripleo::nova_api::firewall_rules:
|
||||
'113 nova_api':
|
||||
dport:
|
||||
- 8774
|
||||
|
||||
@ -242,7 +242,7 @@ outputs:
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
|
||||
rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
|
||||
tripleo.nova_libvirt.firewall_rules:
|
||||
tripleo::nova_libvirt::firewall_rules:
|
||||
'200 nova_libvirt':
|
||||
dport:
|
||||
- 16514
|
||||
|
||||
@ -93,7 +93,7 @@ outputs:
|
||||
map_merge:
|
||||
- get_attr: [NovaBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- tripleo.nova_placement.firewall_rules:
|
||||
- tripleo::nova_placement::firewall_rules:
|
||||
'139 nova_metadata':
|
||||
dport:
|
||||
- 8775
|
||||
|
||||
@ -76,7 +76,7 @@ outputs:
|
||||
tripleo::profile::base::sshd::port:
|
||||
- 22
|
||||
- {get_param: MigrationSshPort}
|
||||
tripleo.nova_migration_target.firewall_rules:
|
||||
tripleo::nova_migration_target::firewall_rules:
|
||||
'113 nova_migration_target':
|
||||
dport:
|
||||
- {get_param: MigrationSshPort}
|
||||
|
||||
@ -89,7 +89,7 @@ outputs:
|
||||
map_merge:
|
||||
- get_attr: [NovaBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- tripleo.nova_placement.firewall_rules:
|
||||
- tripleo::nova_placement::firewall_rules:
|
||||
'138 nova_placement':
|
||||
dport:
|
||||
- 8778
|
||||
|
||||
@ -126,7 +126,7 @@ outputs:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
|
||||
tripleo.nova_vnc_proxy.firewall_rules:
|
||||
tripleo::nova_vnc_proxy::firewall_rules:
|
||||
'137 nova_vnc_proxy':
|
||||
dport:
|
||||
- 6080
|
||||
|
||||
@ -117,7 +117,7 @@ outputs:
|
||||
octavia::keystone::authtoken::project_name: {get_param: OctaviaProjectName}
|
||||
octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
|
||||
octavia::api::sync_db: true
|
||||
tripleo.octavia_api.firewall_rules:
|
||||
tripleo::octavia_api::firewall_rules:
|
||||
'120 octavia api':
|
||||
dport:
|
||||
- 9876
|
||||
|
||||
@ -79,7 +79,7 @@ outputs:
|
||||
- get_attr: [OctaviaBase, role_data, config_settings]
|
||||
- octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey}
|
||||
octavia::health_manager::event_streamer_driver: {get_param: OctaviaEventStreamerDriver}
|
||||
tripleo.octavia_api.firewall_rules:
|
||||
tripleo::octavia_api::firewall_rules:
|
||||
'200 octavia health manager interface':
|
||||
proto: udp
|
||||
dport: 5555
|
||||
|
||||
@ -119,7 +119,7 @@ outputs:
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
||||
opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
|
||||
tripleo.opendaylight_api.firewall_rules:
|
||||
tripleo::opendaylight_api::firewall_rules:
|
||||
'137 opendaylight api':
|
||||
dport:
|
||||
- {get_param: [EndpointMap, OpenDaylightInternal, port]}
|
||||
|
||||
@ -192,7 +192,7 @@ outputs:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
tripleo.opendaylight_ovs.firewall_rules:
|
||||
tripleo::opendaylight_ovs::firewall_rules:
|
||||
'118 neutron vxlan networks':
|
||||
proto: 'udp'
|
||||
dport: 4789
|
||||
|
||||
@ -114,7 +114,7 @@ outputs:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
|
||||
nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
|
||||
tripleo.ovn_controller.firewall_rules:
|
||||
tripleo::ovn_controller::firewall_rules:
|
||||
'118 neutron vxlan networks':
|
||||
proto: 'udp'
|
||||
dport: 4789
|
||||
|
||||
@ -54,7 +54,7 @@ outputs:
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
tripleo::haproxy::ovn_dbs_manage_lb: true
|
||||
tripleo.ovn_dbs.firewall_rules:
|
||||
tripleo::ovn_dbs::firewall_rules:
|
||||
'121 OVN DB server ports':
|
||||
proto: 'tcp'
|
||||
dport:
|
||||
|
||||
@ -118,7 +118,7 @@ outputs:
|
||||
pacemaker::resource::bundle::deep_compare: true
|
||||
pacemaker::resource::ip::deep_compare: true
|
||||
pacemaker::resource::ocf::deep_compare: true
|
||||
tripleo.pacemaker.firewall_rules:
|
||||
tripleo::pacemaker::firewall_rules:
|
||||
'130 pacemaker tcp':
|
||||
proto: 'tcp'
|
||||
dport:
|
||||
|
||||
@ -95,7 +95,7 @@ outputs:
|
||||
service_name: pacemaker_remote
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote}
|
||||
config_settings:
|
||||
tripleo.pacemaker_remote.firewall_rules:
|
||||
tripleo::pacemaker_remote::firewall_rules:
|
||||
'130 pacemaker_remote tcp':
|
||||
proto: 'tcp'
|
||||
dport:
|
||||
|
||||
@ -92,7 +92,7 @@ outputs:
|
||||
panko::api::service_name: 'httpd'
|
||||
panko::api::enable_proxy_headers_parsing: true
|
||||
panko::api::event_time_to_live: {get_param: PankoEventTTL}
|
||||
tripleo.panko_api.firewall_rules:
|
||||
tripleo::panko_api::firewall_rules:
|
||||
'140 panko-api':
|
||||
dport:
|
||||
- 8977
|
||||
|
||||
@ -57,7 +57,7 @@ outputs:
|
||||
messaging_rpc_service_name: 'amqp'
|
||||
keystone::messaging::amqp::amqp_pre_settled: 'notify'
|
||||
config_settings:
|
||||
tripleo.rabbitmq.firewall_rules:
|
||||
tripleo::rabbitmq::firewall_rules:
|
||||
'109 qdr':
|
||||
dport:
|
||||
- {get_param: RabbitClientPort}
|
||||
|
||||
@ -94,7 +94,7 @@ outputs:
|
||||
rabbitmq::default_user: {get_param: RabbitUserName}
|
||||
rabbitmq::default_pass: {get_param: RabbitPassword}
|
||||
rabbit_ipv6: {get_param: RabbitIPv6}
|
||||
tripleo.rabbitmq.firewall_rules:
|
||||
tripleo::rabbitmq::firewall_rules:
|
||||
'109 rabbitmq':
|
||||
dport:
|
||||
- 4369
|
||||
|
||||
@ -91,7 +91,7 @@ outputs:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SaharaApiNetwork]}
|
||||
tripleo.sahara_api.firewall_rules:
|
||||
tripleo::sahara_api::firewall_rules:
|
||||
'132 sahara':
|
||||
dport:
|
||||
- 8386
|
||||
|
||||
@ -71,7 +71,7 @@ outputs:
|
||||
template: "%{hiera('$NETWORK_subnet')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, SnmpdNetwork]}
|
||||
tripleo.snmp.firewall_rules:
|
||||
tripleo::snmp::firewall_rules:
|
||||
'124 snmp':
|
||||
dport: 161
|
||||
proto: 'udp'
|
||||
|
||||
@ -164,7 +164,7 @@ outputs:
|
||||
tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RpcPort}
|
||||
tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RpcUseSSL}
|
||||
tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
|
||||
tripleo.swift_proxy.firewall_rules:
|
||||
tripleo::swift_proxy::firewall_rules:
|
||||
'122 swift proxy':
|
||||
dport:
|
||||
- 8080
|
||||
|
||||
@ -113,7 +113,7 @@ outputs:
|
||||
- swift::storage::all::mount_check: {if: [swift_mount_check, true, false]}
|
||||
tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage}
|
||||
tripleo::profile::base::swift::storage::use_local_dir: {get_param: SwiftUseLocalDir}
|
||||
tripleo.swift_storage.firewall_rules:
|
||||
tripleo::swift_storage::firewall_rules:
|
||||
'123 swift storage':
|
||||
dport:
|
||||
- 873
|
||||
|
||||
@ -132,7 +132,7 @@ outputs:
|
||||
- '%'
|
||||
- {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
||||
tacker::policy::policies: {get_param: TackerPolicies}
|
||||
tripleo.tacker.firewall_rules:
|
||||
tripleo::tacker::firewall_rules:
|
||||
'113 tacker':
|
||||
dport:
|
||||
- 9890
|
||||
|
||||
@ -79,7 +79,7 @@ outputs:
|
||||
ntp::iburst_enable: {get_param: NtpIburstEnable}
|
||||
ntp::maxpoll:: {get_param: MaxPoll}
|
||||
ntp::minpoll:: {get_param: MinPoll}
|
||||
tripleo.ntp.firewall_rules:
|
||||
tripleo::ntp::firewall_rules:
|
||||
'105 ntp':
|
||||
dport: 123
|
||||
proto: udp
|
||||
|
||||
@ -79,7 +79,7 @@ outputs:
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [RoleParametersValue, value]
|
||||
- tripleo.ptp.firewall_rules:
|
||||
- tripleo::ptp::firewall_rules:
|
||||
'151 ptp':
|
||||
proto: udp
|
||||
dport:
|
||||
|
||||
@ -199,7 +199,7 @@ outputs:
|
||||
zaqar::keystone::auth_websocket::tenant: 'service'
|
||||
zaqar::keystone::trust::password: {get_param: ZaqarPassword}
|
||||
zaqar::keystone::trust::user_domain_name: 'Default'
|
||||
tripleo.zaqar_api.firewall_rules:
|
||||
tripleo::zaqar_api::firewall_rules:
|
||||
'113 zaqar_api':
|
||||
dport:
|
||||
- 9000
|
||||
|
||||
@ -0,0 +1,10 @@
|
||||
---
|
||||
deprecations:
|
||||
- |
|
||||
The dynamic tripleo firewall_rules, haproxy_endpoints, haproxy_userlists
|
||||
that are configured with dots are deprecated with the update to puppet 5.
|
||||
They will no longer work and must be switched to the colon notation to
|
||||
continue to function. For example `tripleo.core.firewall_rules` must
|
||||
be converted to `tripleo::core::firewall_rules`. Similarly the haproxy
|
||||
endpoints and userlists that are dynamic using dots must also be converted
|
||||
to use colons.
|
||||
Loading…
x
Reference in New Issue
Block a user