ssl_key => '/etc/ssl/private/thishost-server.key',
ssl_port => 5671,
ssl_verify => 'verify_none',
- manage_repos => false,
+ repos_ensure => false,
}
user { 'rabbitmq':
groups => 'ssl-cert'
}
- @ferm::rule { 'rabbitmq':
+ ferm::rule { 'rabbitmq':
description => 'rabbitmq connections',
rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
}
- @ferm::rule { 'rabbitmq-v6':
+ ferm::rule { 'rabbitmq-v6':
domain => 'ip6',
description => 'rabbitmq connections',
rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
}
- @ferm::rule { 'rabbitmq-adm':
+ ferm::rule { 'rabbitmq-adm':
description => 'rabbitmq connections',
rule => '&SERVICE_RANGE(tcp, 5671, $DSA_IPS)'
}
- @ferm::rule { 'rabbitmq-v6-adm':
+ ferm::rule { 'rabbitmq-v6-adm':
domain => 'ip6',
description => 'rabbitmq connections',
rule => '&SERVICE_RANGE(tcp, 5671, $DSA_V6_IPS)'
$you6 = '2001:41c8:1000:21::21:16'
}
- @ferm::rule { 'rabbitmq_cluster':
+ ferm::rule { 'rabbitmq_cluster':
domain => 'ip',
description => 'rabbitmq cluster connections',
rule => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
}
- @ferm::rule { 'rabbitmq_cluster_v6':
+ ferm::rule { 'rabbitmq_cluster_v6':
domain => 'ip6',
description => 'rabbitmq cluster connections',
rule => "proto tcp mod state state (NEW) saddr (${you6}) ACCEPT"
}
- @ferm::rule { 'rabbitmq_mgmt':
+ ferm::rule { 'rabbitmq_mgmt':
description => 'rabbitmq cluster connections',
rule => '&SERVICE_RANGE(tcp, 15671, $DSA_IPS)'
}
- @ferm::rule { 'rabbitmq_mgmt_v6':
+ ferm::rule { 'rabbitmq_mgmt_v6':
domain => '(ip6)',
description => 'rabbitmq cluster connections',
rule => '&SERVICE_RANGE(tcp, 15671, $DSA_V6_IPS)'