From: Luca Filipozzi <lfilipoz@emyr.net>
Date: Mon, 16 Apr 2012 08:34:57 +0000 (+0000)
Subject: added ferm rule for ganeti
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=ed48fdfd54cf6f6a2b2879209fd915b51c8c602e;hp=b6fe62a8e20b3663e9064c99f0bcaf5de50f58ae;p=dsa-puppet.git

added ferm rule for ganeti
---

diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb
index 3af87c48..127b30d2 100644
--- a/modules/ferm/templates/defs.conf.erb
+++ b/modules/ferm/templates/defs.conf.erb
@@ -165,6 +165,8 @@
   dbs.join(' ')
 %>);
 
+@def $HOST_GANETI_V4 = (206.12.19.213/32 206.12.19.217/32);
+
 @def $HOST_DEBIAN = ($HOST_DEBIAN_V4 $HOST_DEBIAN_V6);
 
 @def $sgran   = (91.103.132.24/29 85.158.45.51/32);
diff --git a/modules/ganeti2/manifests/init.pp b/modules/ganeti2/manifests/init.pp
index b7b1b59f..7a472e07 100644
--- a/modules/ganeti2/manifests/init.pp
+++ b/modules/ganeti2/manifests/init.pp
@@ -8,4 +8,9 @@ class ganeti2 {
 		ensure => installed
 	}
 
+	@ferm::rule { 'dsa-ganeti-v4':
+		description => 'Allow ganeti from ganeti master',
+		rule        => 'proto tcp mod state state (NEW) dport (1811) @subchain \'ganeti\' { saddr ($HOST_GANETI_V4) ACCEPT; }',
+		notarule    => true,
+	}
 }