From: Stephen Gran <steve@lobefin.net>
Date: Wed, 8 Jan 2014 20:00:43 +0000 (+0000)
Subject: change to rules by ip
X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=821b298ba9b07aeac308e1279e798a9fe8e9aa26

change to rules by ip

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/roles/manifests/pubsub.pp b/modules/roles/manifests/pubsub.pp
index 2f02be0d..100850fa 100644
--- a/modules/roles/manifests/pubsub.pp
+++ b/modules/roles/manifests/pubsub.pp
@@ -57,16 +57,23 @@ class roles::pubsub {
 	}
 
 	if $::hostname == $cc_master {
-		$you = $cc_secondary
+		$you  = '5.153.231.15'
+		$you6 = '2001:41c8:1000:21::21:15'
 	} else {
-		$you = $cc_master
+		$you  = '5.153.231.16'
+		$you6 = '2001:41c8:1000:21::21:16'
 	}
 
 	@ferm::rule { 'rabbitmq_cluster':
-		domain      => '(ip ip6)',
+		domain      => 'ip',
 		description => 'rabbitmq cluster connections',
 		rule        => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
 	}
+	@ferm::rule { 'rabbitmq_cluster':
+		domain      => 'ip6',
+		description => 'rabbitmq cluster connections',
+		rule        => "proto tcp mod state state (NEW) saddr (${you6}) ACCEPT"
+	}
 	@ferm::rule { 'rabbitmq_mgmt':
 		description => 'rabbitmq cluster connections',
 		rule        => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'