From f637b06b86d3158d08102a000722ce2ddb54fd23 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 28 Sep 2019 09:41:15 +0200
Subject: [PATCH] Use export/collect to get the intra-cluster firewall opened
 for pubsub

---
 modules/roles/manifests/pubsub.pp | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/modules/roles/manifests/pubsub.pp b/modules/roles/manifests/pubsub.pp
index 460066517..1312a4baa 100644
--- a/modules/roles/manifests/pubsub.pp
+++ b/modules/roles/manifests/pubsub.pp
@@ -35,15 +35,9 @@ class roles::pubsub {
     rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN)'
   }
 
-  if $::hostname == $cc_master {
-    $other = join(getfromhash($deprecated::allnodeinfo, "${cc_secondary}.debian.org", 'ipHostNumber'), ' ')
-  } else {
-    $other = join(getfromhash($deprecated::allnodeinfo, "${cc_master}.debian.org", 'ipHostNumber'), ' ')
-  }
-
-  ferm::rule { 'rabbitmq_cluster':
-    domain      => '(ip ip6)',
-    description => 'rabbitmq cluster connections',
-    rule        => "proto tcp mod state state (NEW) saddr (${other}) ACCEPT"
+  @@ferm::rule::simple { "pubsub-cluster-from-${::fqdn}":
+    tag   => 'roles::pubsub::intra-cluster',
+    saddr => $base::public_addresses,
   }
+  Ferm::Rule::Simple <<| tag == 'roles::pubsub::intra-cluster' |>>
 }
-- 
2.20.1