diff options
| author | Leif Johansson <leifj@sunet.se> | 2015-04-14 14:49:40 +0200 |
|---|---|---|
| committer | Leif Johansson <leifj@sunet.se> | 2015-04-14 14:49:40 +0200 |
| commit | c772ff2d8ee44415f0e2d1da7bf09b7a73c1cdf0 (patch) | |
| tree | 7b25a1c3284cb17d5d5f324f502062a35211df25 /global/overlay/etc | |
| parent | 7a16a50de70650ee928741c4db31a5ef22244ee0 (diff) | |
ufw for etcd
Diffstat (limited to 'global/overlay/etc')
| -rw-r--r-- | global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index d69b1c3..e9ae803 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -11,4 +11,12 @@ define sunet::etcd_node( command => "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 --advertise-client-urls http://${::ipaddress_eth1}:2379 --listen-peer-urls http://0.0.0.0:2380 --listen-client-urls http://0.0.0.0:2379 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", ports => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"] } + ufw::allow { "allow-etcd-peer": + ip => "${::ipaddress_eth1}", + port => 2380 + } + ufw::allow { "allow-etcd-client": + ip => "${::ipaddress_eth1}", + port => 2379 + } } |