X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=45293401a0a5e414175e30d5bb873112b20e3338;hb=b3778507231415f03bf709d3337019a18e15f56a;hp=67d9cdd8ff25650487c2fee9411aae71e1828389;hpb=69b910a5f5aac95bb20441e0e80cc7ba47ed25ca;p=dsa-puppet.git

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 67d9cdd8..45293401 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -11,6 +11,30 @@ class ferm::per-host {
 		}
 	}
 
+	case $::hostname {
+		oyens: {
+			@ferm::rule { 'dsa-amqp':
+				description     => 'Allow rabbitmq access',
+				rule            => '&SERVICE_RANGE(tcp, 5672, ( 5.153.231.240/27 172.29.123.0/24 ))'
+			}
+			@ferm::rule { 'dsa-keystone':
+				description     => 'Allow keystone access',
+				rule            => '&SERVICE_RANGE(tcp, 5000, ( 5.153.231.240/27 172.29.123.0/24 ))'
+			}
+			@ferm::rule { 'dsa-keystone2':
+				description     => 'Allow keystone access',
+				rule            => '&SERVICE_RANGE(tcp, 35357, ( 5.153.231.240/27 172.29.123.0/24 ))'
+			}
+			@ferm::rule { 'dsa-glance':
+				description     => 'Allow glance access',
+				rule            => '&SERVICE_RANGE(tcp, 9292, ( 5.153.231.240/27 172.29.123.0/24 ))'
+			}
+			@ferm::rule { 'dsa-nova':
+				description     => 'Allow nova access',
+				rule            => '&SERVICE_RANGE(tcp, 8774, ( 5.153.231.240/27 172.29.123.0/24 ))'
+			}
+		}
+	}
 	case $::hostname {
 		czerny,clementi: {
 			@ferm::rule { 'dsa-upsmon':
@@ -38,16 +62,6 @@ class ferm::per-host {
 				rule            => '&SERVICE(udp, 69)'
 			}
 		}
-		#paganini: {
-		#	@ferm::rule { 'dsa-dhcp':
-		#		description     => 'Allow dhcp access',
-		#		rule            => '&SERVICE(udp, 67)'
-		#	}
-		#	@ferm::rule { 'dsa-tftp':
-		#		description     => 'Allow tftp access',
-		#		rule            => '&SERVICE(udp, 69)'
-		#	}
-		#}
 		lotti,lully: {
 			@ferm::rule { 'dsa-syslog':
 				description     => 'Allow syslog access',
@@ -233,16 +247,26 @@ class ferm::per-host {
 				description     => 'Allow postgress access',
 				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:10/128 ))'
 			}
+
+			@ferm::rule { 'dsa-postgres-backup':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
+			}
 		}
 		bmdb1: {
 			@ferm::rule { 'dsa-postgres-main':
 				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, 5435, ( 5.153.231.14/32 5.153.231.23/32 5.153.231.25/32 206.12.19.141/32 ))'
+				rule            => '&SERVICE_RANGE(tcp, 5435, ( 5.153.231.14/32 5.153.231.23/32 5.153.231.25/32 206.12.19.141/32 5.153.231.26/32 ))'
 			}
 			@ferm::rule { 'dsa-postgres-main6':
 				domain          => 'ip6',
 				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, 5435, ( 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:23/128 2001:41c8:1000:21::21:25/128 2607:f8f0:610:4000:6564:a62:ce0c:138d/128 ))'
+				rule            => '&SERVICE_RANGE(tcp, 5435, ( 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:23/128 2001:41c8:1000:21::21:25/128 2607:f8f0:610:4000:6564:a62:ce0c:138d/128 2001:41c8:1000:21::21:26/128 ))'
 			}
 			@ferm::rule { 'dsa-postgres-dak':
 				description     => 'Allow postgress access',
@@ -273,6 +297,28 @@ class ferm::per-host {
 				description     => 'Allow postgress access1',
 				rule            => '&SERVICE_RANGE(tcp, 5437, ( 2001:41c8:1000:21::21:19/128 ))'
 			}
+
+			@ferm::rule { 'dsa-postgres-backup':
+				# ubc, wuit
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, (5435 5436), ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, (5435 5436), ( 2001:41c8:1000:21::21:12/128 ))'
+			}
+
+			@ferm::rule { 'dsa-postgres-dedup':
+				# ubc, wuit
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, (5439), ( 5.153.231.17/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-dedup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, (5439), ( 2001:41c8:1000:21::21:17/128 ))'
+			}
 		}
 		danzi: {
 			@ferm::rule { 'dsa-postgres-danzi':
@@ -298,10 +344,19 @@ class ferm::per-host {
 				description     => 'Allow postgress access4',
 				rule            => '&SERVICE_RANGE(tcp, 5438, ( 206.12.19.0/24 ))'
 			}
+
+			@ferm::rule { 'dsa-postgres-backup':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
+			}
 		}
 		chopin: {
 			@ferm::rule { 'dsa-postgres-backup':
-				# ubc, wuit
 				description     => 'Allow postgress access',
 				rule            => '&SERVICE_RANGE(tcp, 5432, ( 5.153.231.12/32 ))'
 			}
@@ -311,6 +366,17 @@ class ferm::per-host {
 				rule            => '&SERVICE_RANGE(tcp, 5432, ( 2001:41c8:1000:21::21:12/128 ))'
 			}
 		}
+		sibelius: {
+			@ferm::rule { 'dsa-postgres-backup':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
+			}
+		}
 		default: {}
 	}
 	# vpn fu