From ed48fdfd54cf6f6a2b2879209fd915b51c8c602e Mon Sep 17 00:00:00 2001
From: Luca Filipozzi <lfilipoz@emyr.net>
Date: Mon, 16 Apr 2012 08:34:57 +0000
Subject: [PATCH] added ferm rule for ganeti

---
 modules/ferm/templates/defs.conf.erb | 2 ++
 modules/ganeti2/manifests/init.pp    | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb
index 3af87c48..127b30d2 100644
--- a/modules/ferm/templates/defs.conf.erb
+++ b/modules/ferm/templates/defs.conf.erb
@@ -165,6 +165,8 @@
   dbs.join(' ')
 %>);
 
+@def $HOST_GANETI_V4 = (206.12.19.213/32 206.12.19.217/32);
+
 @def $HOST_DEBIAN = ($HOST_DEBIAN_V4 $HOST_DEBIAN_V6);
 
 @def $sgran   = (91.103.132.24/29 85.158.45.51/32);
diff --git a/modules/ganeti2/manifests/init.pp b/modules/ganeti2/manifests/init.pp
index b7b1b59f..7a472e07 100644
--- a/modules/ganeti2/manifests/init.pp
+++ b/modules/ganeti2/manifests/init.pp
@@ -8,4 +8,9 @@ class ganeti2 {
 		ensure => installed
 	}
 
+	@ferm::rule { 'dsa-ganeti-v4':
+		description => 'Allow ganeti from ganeti master',
+		rule        => 'proto tcp mod state state (NEW) dport (1811) @subchain \'ganeti\' { saddr ($HOST_GANETI_V4) ACCEPT; }',
+		notarule    => true,
+	}
 }
-- 
2.39.2