From c772ff2d8ee44415f0e2d1da7bf09b7a73c1cdf0 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 14:49:40 +0200
Subject: ufw for etcd

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'global/overlay/etc')

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index d69b1c3..e9ae803 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -11,4 +11,12 @@ define sunet::etcd_node(
       command          => "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 --advertise-client-urls http://${::ipaddress_eth1}:2379 --listen-peer-urls http://0.0.0.0:2380 --listen-client-urls http://0.0.0.0:2379 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
       ports            => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"]
    }
+   ufw::allow { "allow-etcd-peer":
+      ip   => "${::ipaddress_eth1}",
+      port => 2380
+   }
+   ufw::allow { "allow-etcd-client":
+      ip   => "${::ipaddress_eth1}",
+      port => 2379
+   }
 }
-- 
cgit v1.1