tripleo

Bug #1826829
Comment #4

Comment 4 for bug 1826829

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-29: Related fix merged to tripleo-heat-templates (stable/rocky)

Reviewed: https://review.opendev.org/656242
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=123535d8c92caa8be4c19aaf64eff55f8be0c50d
Submitter: Zuul
Branch: stable/rocky

commit 123535d8c92caa8be4c19aaf64eff55f8be0c50d
Author: Lars Kellogg-Stedman <email address hidden>
Date: Thu Jul 12 15:36:48 2018 -0400

implement default ssh-from-ctlplane rule via hiera

    With the accompanying change in puppet-tripleo, this removes the
    hardcoded firewall rule allowing ssh traffic in tripleo::firewall::pre
    and replaces it with a configuration in tripleo-firewall.yaml that
    allows only ssh access from the undercloud's controlplane network
    address. This allows operators to define more granular ssh
    firewall rules via tripleo::firewall::firewall_rules.

    Change-Id: I89cff59947dda3f51482486c41a3d67c4aa36a3e
    Related-Bug: #1826829
    (cherry picked from commit a433e05e669a3c77445ccf7574c9ffe9d09cf5ef)