Merge branch 'master' of ssh://handel.debian.org/~/dsa-puppet

author Luca Filipozzi <lfilipoz@emyr.net>

Sat, 31 May 2014 15:31:35 +0000 (15:31 +0000)

committer Luca Filipozzi <lfilipoz@emyr.net>

Sat, 31 May 2014 15:31:35 +0000 (15:31 +0000)
author Luca Filipozzi <lfilipoz@emyr.net>
Sat, 31 May 2014 15:31:35 +0000 (15:31 +0000)
committer Luca Filipozzi <lfilipoz@emyr.net>
Sat, 31 May 2014 15:31:35 +0000 (15:31 +0000)
diff --git a/manifests/site.pp b/manifests/site.pp

index 8690e553a427362cc39a898866855be7b3c4355a..a3c219cc06f0bf5b8b0fbd64f68f381562409eea 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -101,7 +101,7 @@ node default {
         #       include dacs
         #}
  
-       if $::hostname in [stabile,beach,glinka,milanollo,rautavaara] {
+       if $::hostname in [stabile,beach,glinka,milanollo,rautavaara,lw01,lw02,lw03,lw04] {
                 include nfs-server
         }
  
diff --git a/modules/nfs-server/manifests/init.pp b/modules/nfs-server/manifests/init.pp

index a9e4758d7157afe8fa81e3521067e7c42af55482..e1f077d3cfe2d4d907162c604dadf9fe7c975a92 100644 (file)
--- a/modules/nfs-server/manifests/init.pp
+++ b/modules/nfs-server/manifests/init.pp
@@ -16,30 +16,37 @@ class nfs-server {
                 status      => '/bin/true',
         }
  
+       case $::hostname {
+               lw01,lw02,lw03,lw04: {
+                       $client_range    = '10.0.0.0/8'
+               }
+               milanollo: {
+                       $client_range    = '172.29.122.0/24'
+               }
+               default: {
+                       $client_range    = '0.0.0.0/0'
+               }
+       }
+
         @ferm::rule { 'dsa-portmap':
-               domain      => '(ip ip6)',
                 description => 'Allow portmap access',
-               rule        => '&TCP_UDP_SERVICE(111)'
+               rule        => "&TCP_UDP_SERVICE_RANGE(111, $client_range)"
         }
         @ferm::rule { 'dsa-nfs':
-               domain      => '(ip ip6)',
                 description => 'Allow nfsd access',
-               rule        => '&TCP_UDP_SERVICE(2049)'
+               rule        => "&TCP_UDP_SERVICE_RANGE(2049, $client_range)"
         }
         @ferm::rule { 'dsa-status':
-               domain      => '(ip ip6)',
                 description => 'Allow statd access',
-               rule        => '&TCP_UDP_SERVICE(10000)'
+               rule        => "&TCP_UDP_SERVICE_RANGE(10000, $client_range)"
         }
         @ferm::rule { 'dsa-mountd':
-               domain      => '(ip ip6)',
                 description => 'Allow mountd access',
-               rule        => '&TCP_UDP_SERVICE(10002)'
+               rule        => "&TCP_UDP_SERVICE_RANGE(10002, $client_range)"
         }
         @ferm::rule { 'dsa-lockd':
-               domain      => '(ip ip6)',
                 description => 'Allow lockd access',
-               rule        => '&TCP_UDP_SERVICE(10003)'
+               rule        => "&TCP_UDP_SERVICE_RANGE(10003, $client_range)"
         }
  
         file { '/etc/default/nfs-common':
author	Luca Filipozzi <lfilipoz@emyr.net>
	Sat, 31 May 2014 15:31:35 +0000 (15:31 +0000)
committer	Luca Filipozzi <lfilipoz@emyr.net>
	Sat, 31 May 2014 15:31:35 +0000 (15:31 +0000)
manifests/site.pp		patch \| blob \| history
modules/nfs-server/manifests/init.pp		patch \| blob \| history