implement default ssh-from-ctlplane rule via hiera
With the accompanying change in puppet-tripleo, this removes the
hardcoded firewall rule allowing ssh traffic in tripleo::firewall::pre
and replaces it with a configuration in tripleo-firewall.yaml that
allows only ssh access from the undercloud's controlplane network
address. This allows operators to define more granular ssh
firewall rules via tripleo::firewall::firewall_rules.
Change-Id: I89cff59947dda3f51482486c41a3d67c4aa36a3e
Related-Bug: #1826829
(cherry picked from commit a433e05e669a3c77445ccf7574c9ffe9d09cf5ef)
Reviewed: https:/ /review. opendev. org/656242 /git.openstack. org/cgit/ openstack/ tripleo- heat-templates/ commit/ ?id=123535d8c92 caa8be4c19aaf64 eff55f8be0c50d
Committed: https:/
Submitter: Zuul
Branch: stable/rocky
commit 123535d8c92caa8 be4c19aaf64eff5 5f8be0c50d
Author: Lars Kellogg-Stedman <email address hidden>
Date: Thu Jul 12 15:36:48 2018 -0400
implement default ssh-from-ctlplane rule via hiera
With the accompanying change in puppet-tripleo, this removes the :firewall: :pre firewall. yaml that :firewall: :firewall_ rules.
hardcoded firewall rule allowing ssh traffic in tripleo:
and replaces it with a configuration in tripleo-
allows only ssh access from the undercloud's controlplane network
address. This allows operators to define more granular ssh
firewall rules via tripleo:
Change-Id: I89cff59947dda3 f51482486c41a3d 67c4aa36a3e 7445ccf7574c9ff e9d09cf5ef)
Related-Bug: #1826829
(cherry picked from commit a433e05e669a3c7