From: Stephen Gran <steve@lobefin.net>
Date: Thu, 3 May 2012 06:33:48 +0000 (+0100)
Subject: puppetmaster is more important than handel
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=7df8473f873e398279f1e46a3ea8aa5d7c3ffb22;p=dsa-puppet.git

puppetmaster is more important than handel

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 5f175260..82f9eb8e 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -40,17 +40,6 @@ class ferm::per-host {
 				rule            => '&SERVICE(udp, 69)'
 			}
 		}
-		handel: {
-			@ferm::rule { 'dsa-puppet':
-				description     => 'Allow puppet access',
-				rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
-			}
-			@ferm::rule { 'dsa-puppet-v6':
-				domain          => 'ip6',
-				description     => 'Allow puppet access',
-				rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
-			}
-		}
 		powell: {
 			@ferm::rule { 'dsa-powell-v6-tunnel':
 				description     => 'Allow powell to use V6 tunnel broker',
diff --git a/modules/puppetmaster/manifests/init.pp b/modules/puppetmaster/manifests/init.pp
index ca91a0bb..1aad49cb 100644
--- a/modules/puppetmaster/manifests/init.pp
+++ b/modules/puppetmaster/manifests/init.pp
@@ -1,5 +1,16 @@
 class puppetmaster {
+
 	file { '/etc/puppet/hiera.yaml':
 		source => 'puppet:///modules/puppetmaster/hiera.yaml'
 	}
+
+	@ferm::rule { 'dsa-puppet':
+		description     => 'Allow puppet access',
+		rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
+	}
+	@ferm::rule { 'dsa-puppet-v6':
+		domain          => 'ip6',
+		description     => 'Allow puppet access',
+		rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
+	}
 }