7 package { 'ganeti-instance-debootstrap':
11 package { 'ganeti-htools':
16 'ganeti2.debian.org': {
17 package { 'drbd8-utils':
21 @ferm::rule { 'dsa-ganeti-noded-v4':
22 description => 'allow ganeti-noded communication',
23 rule => 'proto tcp mod state state (NEW) dport (1811) @subchain \'ganeti-noded\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }',
27 @ferm::rule { 'dsa-ganeti-confd-v4':
28 description => 'allow ganeti-confd communication',
29 rule => 'proto udp mod state state (NEW) dport (1814) @subchain \'ganeti-confd\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }',
33 @ferm::rule { 'dsa-ganeti-rapi-v4':
34 description => 'allow ganeti-rapi communication',
35 rule => 'proto tcp mod state state (NEW) dport (5080) @subchain \'ganeti-rapi\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }',
39 @ferm::rule { 'dsa-ganeti-drbd-v4':
40 description => 'allow ganeti drbd communication',
41 rule => 'proto tcp mod state state (NEW) dport (11000:11999) @subchain \'ganeti-drbd\' { saddr ($HOST_GANETI_BACKEND_V4) daddr ($HOST_GANETI_BACKEND_V4) ACCEPT; }',
45 @ferm::rule { 'dsa-ganeti-kvm-migration-v4':
46 description => 'allow ganeti kvm migration ',
47 rule => 'proto tcp dport 8102 @subchain \'ganeti-kvm-migration\' { saddr ($HOST_GANETI_BACKEND_V4) daddr ($HOST_GANETI_BACKEND_V4) ACCEPT; }',
51 @ferm::rule { 'dsa-ganeti-ssh-v4':
52 description => 'allow ganeti to ssh around',
53 rule => 'proto tcp dport ssh @subchain \'ganeti-ssh\' { saddr ( $HOST_GANETI_V4 $HOST_GANETI_BACKEND_V4) ACCEPT; }',
57 'ganeti3.debian.org': {
58 package { 'drbd8-utils':
62 @ferm::rule { 'dsa-ganeti-noded-v4':
63 description => 'allow ganeti-noded communication',
64 rule => 'proto tcp mod state state (NEW) dport (1811) @subchain \'ganeti-noded\' { saddr ($HOST_GANETI_MANDA_V4) daddr ($HOST_GANETI_MANDA_V4) ACCEPT; }',
68 @ferm::rule { 'dsa-ganeti-confd-v4':
69 description => 'allow ganeti-confd communication',
70 rule => 'proto udp mod state state (NEW) dport (1814) @subchain \'ganeti-confd\' { saddr ($HOST_GANETI_MANDA_V4) daddr ($HOST_GANETI_MANDA_V4) ACCEPT; }',
74 @ferm::rule { 'dsa-ganeti-rapi-v4':
75 description => 'allow ganeti-rapi communication',
76 rule => 'proto tcp mod state state (NEW) dport (5080) @subchain \'ganeti-rapi\' { saddr ($HOST_GANETI_MANDA_V4) daddr ($HOST_GANETI_MANDA_V4) ACCEPT; }',
80 @ferm::rule { 'dsa-ganeti-drbd-v4':
81 description => 'allow ganeti drbd communication',
82 rule => 'proto tcp mod state state (NEW) dport (11000:11999) @subchain \'ganeti-drbd\' { saddr ($HOST_GANETI_MANDA_BACKEND_V4) daddr ($HOST_GANETI_MANDA_BACKEND_V4) ACCEPT; }',
86 @ferm::rule { 'dsa-ganeti-kvm-migration-v4':
87 description => 'allow ganeti kvm migration ',
88 rule => 'proto tcp dport 8102 @subchain \'ganeti-kvm-migration\' { saddr ($HOST_GANETI_MANDA_BACKEND_V4) daddr ($HOST_GANETI_MANDA_BACKEND_V4) ACCEPT; }',
92 @ferm::rule { 'dsa-ganeti-ssh-v4':
93 description => 'allow ganeti to ssh around',
94 rule => 'proto tcp dport ssh @subchain \'ganeti-ssh\' { saddr ( $HOST_GANETI_MANDA_V4 $HOST_GANETI_MANDA_BACKEND_V4) ACCEPT; }',
101 '/etc/ganeti/instance-debootstrap/variants.list':
102 content => template('ganeti2/instance-debootstrap/variants.list.erb'),
104 '/etc/ganeti/instance-debootstrap/variants/dsa.conf':
105 content => template('ganeti2/instance-debootstrap/variants/dsa.conf.erb'),
107 '/etc/ganeti/instance-debootstrap/hooks/00-dsa-configure-networking':
108 content => template('ganeti2/instance-debootstrap/hooks/00-dsa-configure-networking.erb'),
111 '/etc/ganeti/instance-debootstrap/hooks/10-dsa-install-extra-packages':
112 content => template('ganeti2/instance-debootstrap/hooks/10-dsa-install-extra-packages.erb'),
115 '/etc/ganeti/instance-debootstrap/hooks/20-dsa-install-bootloader':
116 content => template('ganeti2/instance-debootstrap/hooks/20-dsa-install-bootloader.erb'),
119 '/etc/ganeti/instance-debootstrap/hooks/30-dsa-install-ssh-keys':
120 content => template('ganeti2/instance-debootstrap/hooks/30-dsa-install-ssh-keys.erb'),
123 '/etc/ganeti/instance-debootstrap/hooks/40-dsa-setup-swapfile':
124 content => template('ganeti2/instance-debootstrap/hooks/40-dsa-setup-swapfile.erb'),
127 '/etc/ganeti/instance-debootstrap/hooks/clear-root-password':
130 '/etc/ganeti/instance-debootstrap/hooks/xen-hvc0':