projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
uninstall static service certs and keys from hosts that do not serve this service
[mirror/dsa-puppet.git]
/
modules
/
roles
/
manifests
/
static_base.pp
diff --git
a/modules/roles/manifests/static_base.pp
b/modules/roles/manifests/static_base.pp
index
ed1f55f
..
8a92526
100644
(file)
--- a/
modules/roles/manifests/static_base.pp
+++ b/
modules/roles/manifests/static_base.pp
@@
-7,7
+7,7
@@
class roles::static_base {
}
file { '/etc/static-components.conf':
}
file { '/etc/static-components.conf':
-
source => 'puppet:///modules/roles/static-mirroring/static-components.conf'
,
+
content => template('roles/static-mirroring/static-components.conf.erb')
,
}
file { '/etc/ssh/userkeys/staticsync':
}
file { '/etc/ssh/userkeys/staticsync':
@@
-23,13
+23,13
@@
class roles::static_base {
@ferm::rule { 'dsa-static-bt-v4':
description => 'Allow bt between static hosts',
@ferm::rule { 'dsa-static-bt-v4':
description => 'Allow bt between static hosts',
- rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881
-
6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
+ rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881
:
6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
notarule => true,
}
@ferm::rule { 'dsa-static-bt-v6':
description => 'Allow bt between static hosts',
domain => 'ip6',
notarule => true,
}
@ferm::rule { 'dsa-static-bt-v6':
description => 'Allow bt between static hosts',
domain => 'ip6',
- rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881
-
6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
+ rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881
:
6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
notarule => true,
}
}
notarule => true,
}
}