Add migration ferm rules to the ganeti module

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 6e68c473a66cd5c3703ea982d7f8b42dfb91b110..27c5e3a7cb1145e4cb3f632c297aaae2abfbac40 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -228,14 +228,4 @@ REJECT reject-with icmp-admin-prohibited
                }
                default: {}
        }
-
-
-       # live ganeti migration
-       case $::hostname {
-               tristano: { @ferm::rule { 'dsa-ganeti-migrate': rule => 'interface br1 proto tcp dport 8102 saddr 192.168.2.217 ACCEPT'; } }
-               pasquini: { @ferm::rule { 'dsa-ganeti-migrate': rule => 'interface br1 proto tcp dport 8102 saddr 192.168.2.213 ACCEPT'; } }
-               bertali:  { @ferm::rule { 'dsa-ganeti-migrate': rule => 'interface br1 proto tcp dport 8102 saddr 192.168.2.216 ACCEPT'; } }
-               boito:    { @ferm::rule { 'dsa-ganeti-migrate': rule => 'interface br1 proto tcp dport 8102 saddr 192.168.2.212 ACCEPT'; } }
-               default: {}
-       }
 }

diff --git a/modules/ganeti2/manifests/init.pp b/modules/ganeti2/manifests/init.pp
index 79a2ba16a608b75334f94774a3255288d40d8bec..7308ca2e9e9f6d57c984934c95dff8a03dca37bf 100644 (file)
--- a/modules/ganeti2/manifests/init.pp
+++ b/modules/ganeti2/manifests/init.pp
@@ -39,4 +39,10 @@ class ganeti2 {
                rule        => 'proto tcp mod state state (NEW) dport (11000:11999) @subchain \'drbd\' { saddr ($HOST_GANETI_BACKEND_V4) daddr ($HOST_GANETI_BACKEND_V4) ACCEPT; }',
                notarule    => true,
        }
+
+       @ferm::rule { 'dsa-ganeti-migrate':
+               description => 'allow kvm to migrate instances',
+               rule        => 'proto tcp dport 8102 @subchain \'kvm-migrate\' { saddr ($HOST_GANETI_BACKEND_V4) daddr ($HOST_GANETI_BACKEND_V4) ACCEPT; }',
+               notarule    => true,
+       }
 }