make that an array

[dsa-puppet.git] / modules / roles / manifests / pubsub.pp

diff --git a/modules/roles/manifests/pubsub.pp b/modules/roles/manifests/pubsub.pp
index 20a3bb5a26ebed192e69ad14e03a119cc5aaa88e..61a93bf3f831617318331d9b06ad8c1f9314310d 100644 (file)
--- a/modules/roles/manifests/pubsub.pp
+++ b/modules/roles/manifests/pubsub.pp
@@ -46,4 +46,27 @@ class roles::pubsub {
                provider             => 'rabbitmqctl',
                require              => Rabbitmq_user['admin']
        }
+
+       @ferm::rule { 'rabbitmq':
+               description => 'rabbitmq connections',
+               rule        => '&SERVICE_RANGE(tcp, 5672, $HOST_DEBIAN_V4)'
+       }
+
+       @ferm::rule { 'rabbitmq-v6':
+               domain      => 'ip6',
+               description => 'rabbitmq connections',
+               rule        => '&SERVICE_RANGE(tcp, 5672, $HOST_DEBIAN_V6)'
+       }
+
+       if $::hostname == $cc_master {
+               $you = $cc_secondary
+       } else {
+               $you = $cc_master
+       }
+
+       @ferm::rule { 'rabbitmq_cluster':
+               domain      => '(ip ip6)',
+               description => 'rabbitmq cluster connections',
+               rule        => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
+       }
 }