pubsub: do not hardcode IPs

[mirror/dsa-puppet.git] / modules / roles / manifests / pubsub.pp

diff --git a/modules/roles/manifests/pubsub.pp b/modules/roles/manifests/pubsub.pp
index d165fcc..324bac6 100644 (file)
--- a/modules/roles/manifests/pubsub.pp
+++ b/modules/roles/manifests/pubsub.pp
@@ -36,21 +36,14 @@ class roles::pubsub {
        }
 
        if $::hostname == $cc_master {
-               $you  = '82.195.75.95'
-               $you6 = '2001:41b8:202:deb::311:95'
+               $other = join(getfromhash($deprecated::allnodeinfo, "${cc_secondary}.debian.org", 'ipHostNumber'), " ")
        } else {
-               $you  = '82.195.75.94'
-               $you6 = '2001:41b8:202:deb::311:94'
+               $other = join(getfromhash($deprecated::allnodeinfo, "${cc_master}.debian.org", 'ipHostNumber'), " ")
        }
 
        ferm::rule { 'rabbitmq_cluster':
-               domain      => 'ip',
-               description => 'rabbitmq cluster connections',
-               rule        => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
-       }
-       ferm::rule { 'rabbitmq_cluster_v6':
-               domain      => 'ip6',
+               domain      => '(ip ip6)',
                description => 'rabbitmq cluster connections',
-               rule        => "proto tcp mod state state (NEW) saddr (${you6}) ACCEPT"
+               rule        => "proto tcp mod state state (NEW) saddr (${other}) ACCEPT"
        }
 }