projects
/
mirror
/
dsa-puppet.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
6605aa6
)
Move archvsync ferm sshs from the input chain to the new ssh chain
author
Peter Palfrader
<peter@palfrader.org>
Sun, 22 Sep 2019 16:48:40 +0000
(18:48 +0200)
committer
Peter Palfrader
<peter@palfrader.org>
Sun, 22 Sep 2019 16:48:40 +0000
(18:48 +0200)
modules/roles/manifests/ftp_master.pp
patch
|
blob
|
history
modules/roles/manifests/historical_master.pp
patch
|
blob
|
history
modules/roles/manifests/ports_master.pp
patch
|
blob
|
history
modules/roles/manifests/security_master.pp
patch
|
blob
|
history
modules/roles/manifests/syncproxy.pp
patch
|
blob
|
history
diff --git
a/modules/roles/manifests/ftp_master.pp
b/modules/roles/manifests/ftp_master.pp
index
1b68123
..
5bef587
100644
(file)
--- a/
modules/roles/manifests/ftp_master.pp
+++ b/
modules/roles/manifests/ftp_master.pp
@@
-19,7
+19,7
@@
class roles::ftp_master {
@@ferm::rule::simple { "dsa-ssh-from-ftp_master-${::fqdn}":
tag => 'ssh::server::from::ftp_master',
description => 'Allow ssh access from ftp_master',
@@ferm::rule::simple { "dsa-ssh-from-ftp_master-${::fqdn}":
tag => 'ssh::server::from::ftp_master',
description => 'Allow ssh access from ftp_master',
-
port => '22
',
+
chain => 'ssh
',
saddr => $base::public_addresses,
}
}
saddr => $base::public_addresses,
}
}
diff --git
a/modules/roles/manifests/historical_master.pp
b/modules/roles/manifests/historical_master.pp
index
248c832
..
535c0fb
100644
(file)
--- a/
modules/roles/manifests/historical_master.pp
+++ b/
modules/roles/manifests/historical_master.pp
@@
-3,7
+3,7
@@
class roles::historical_master {
@@ferm::rule::simple { "dsa-ssh-from-historical_master-${::fqdn}":
tag => 'ssh::server::from::historical_master',
description => 'Allow ssh access from historical-master',
@@ferm::rule::simple { "dsa-ssh-from-historical_master-${::fqdn}":
tag => 'ssh::server::from::historical_master',
description => 'Allow ssh access from historical-master',
-
port => '22
',
+
chain => 'ssh
',
saddr => $base::public_addresses,
}
}
saddr => $base::public_addresses,
}
}
diff --git
a/modules/roles/manifests/ports_master.pp
b/modules/roles/manifests/ports_master.pp
index
ffc24c3
..
2faf0e0
100644
(file)
--- a/
modules/roles/manifests/ports_master.pp
+++ b/
modules/roles/manifests/ports_master.pp
@@
-23,7
+23,7
@@
class roles::ports_master {
@@ferm::rule::simple { "dsa-ssh-from-ports_master-${::fqdn}":
tag => 'ssh::server::from::ports_master',
description => 'Allow ssh access from ports-master',
@@ferm::rule::simple { "dsa-ssh-from-ports_master-${::fqdn}":
tag => 'ssh::server::from::ports_master',
description => 'Allow ssh access from ports-master',
-
port => '22
',
+
chain => 'ssh
',
saddr => $base::public_addresses,
}
}
saddr => $base::public_addresses,
}
}
diff --git
a/modules/roles/manifests/security_master.pp
b/modules/roles/manifests/security_master.pp
index
c627ac0
..
143259f
100644
(file)
--- a/
modules/roles/manifests/security_master.pp
+++ b/
modules/roles/manifests/security_master.pp
@@
-18,7
+18,7
@@
class roles::security_master {
@@ferm::rule::simple { "dsa-ssh-from-security_master-${::fqdn}":
tag => 'ssh::server::from::security_master',
description => 'Allow ssh access from security_master',
@@ferm::rule::simple { "dsa-ssh-from-security_master-${::fqdn}":
tag => 'ssh::server::from::security_master',
description => 'Allow ssh access from security_master',
-
port => '22
',
+
chain => 'ssh
',
saddr => $base::public_addresses,
}
}
saddr => $base::public_addresses,
}
}
diff --git
a/modules/roles/manifests/syncproxy.pp
b/modules/roles/manifests/syncproxy.pp
index
cb017d5
..
aa452f0
100644
(file)
--- a/
modules/roles/manifests/syncproxy.pp
+++ b/
modules/roles/manifests/syncproxy.pp
@@
-63,7
+63,7
@@
class roles::syncproxy(
@@ferm::rule::simple { "dsa-ssh-from-syncproxy-${::fqdn}":
tag => 'ssh::server::from::syncproxy',
description => 'Allow ssh access from a syncproxy',
@@ferm::rule::simple { "dsa-ssh-from-syncproxy-${::fqdn}":
tag => 'ssh::server::from::syncproxy',
description => 'Allow ssh access from a syncproxy',
-
port => '22
',
+
chain => 'ssh
',
saddr => $ssh_source_addresses,
}
# syncproxies should be accessible from various role hosts
saddr => $ssh_source_addresses,
}
# syncproxies should be accessible from various role hosts