added ferm rule for ganeti

author Luca Filipozzi <lfilipoz@emyr.net>

Mon, 16 Apr 2012 08:34:57 +0000 (08:34 +0000)

committer Luca Filipozzi <lfilipoz@emyr.net>

Mon, 16 Apr 2012 08:34:57 +0000 (08:34 +0000)
author Luca Filipozzi <lfilipoz@emyr.net>
Mon, 16 Apr 2012 08:34:57 +0000 (08:34 +0000)
committer Luca Filipozzi <lfilipoz@emyr.net>
Mon, 16 Apr 2012 08:34:57 +0000 (08:34 +0000)
diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb

index 3af87c483f254d3ecde6db462eba8bcf5735dd4e..127b30d2d0b026fbe8d41220125bdc082a652afa 100644 (file)
--- a/modules/ferm/templates/defs.conf.erb
+++ b/modules/ferm/templates/defs.conf.erb
@@ -165,6 +165,8 @@
    dbs.join(' ')
  %>);
  
+@def $HOST_GANETI_V4 = (206.12.19.213/32 206.12.19.217/32);
+
  @def $HOST_DEBIAN = ($HOST_DEBIAN_V4 $HOST_DEBIAN_V6);
  
  @def $sgran   = (91.103.132.24/29 85.158.45.51/32);
diff --git a/modules/ganeti2/manifests/init.pp b/modules/ganeti2/manifests/init.pp

index b7b1b59f59f0ffdf2a67f532447462c0edc1ec7e..7a472e07329278dcdb87a8e2e40c7b0c86b73e83 100644 (file)
--- a/modules/ganeti2/manifests/init.pp
+++ b/modules/ganeti2/manifests/init.pp
@@ -8,4 +8,9 @@ class ganeti2 {
                 ensure => installed
         }
  
+       @ferm::rule { 'dsa-ganeti-v4':
+               description => 'Allow ganeti from ganeti master',
+               rule        => 'proto tcp mod state state (NEW) dport (1811) @subchain \'ganeti\' { saddr ($HOST_GANETI_V4) ACCEPT; }',
+               notarule    => true,
+       }
  }
author	Luca Filipozzi <lfilipoz@emyr.net>
	Mon, 16 Apr 2012 08:34:57 +0000 (08:34 +0000)
committer	Luca Filipozzi <lfilipoz@emyr.net>
	Mon, 16 Apr 2012 08:34:57 +0000 (08:34 +0000)
modules/ferm/templates/defs.conf.erb		patch \| blob \| history
modules/ganeti2/manifests/init.pp		patch \| blob \| history