Skip to content

Commit

Permalink
use firewall v8 semantics for exported resources
Browse files Browse the repository at this point in the history
`s/action/state/`, but only for exported resources, and only for the
non-prefixed-tag version.

Not yet actually collecting the firewall v8 resources, just adding them
so they are present when we upgrade the firewall module.
  • Loading branch information
rrotter committed Nov 5, 2024
1 parent 8a56da5 commit 9f233e6
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 7 deletions.
2 changes: 1 addition & 1 deletion manifests/profile/haproxy.pp
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@
dport => [80, 443],
source => $::ipaddress,
state => 'NEW',
action => 'accept',
jump => 'accept',
tag => 'haproxy'
}

Expand Down
10 changes: 6 additions & 4 deletions manifests/profile/prometheus.pp
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@
proto => 'tcp',
source => $address,
state => 'NEW',
action => 'accept',
jump => 'accept',
;

"010 prometheus public node exporter ${::hostname} ${address}":
Expand All @@ -247,11 +247,13 @@
"010 prometheus public node exporter firewall6 ${::hostname} ${address}":
tag => "firewall6-${::datacenter}_prometheus_public_node_exporter",
dport => 9100,
action => 'accept',
;

"010 prometheus public ipmi exporter firewall6 ${::hostname} ${address}":
tag => "firewall6-${::datacenter}_prometheus_public_ipmi_exporter",
dport => 9290,
action => 'accept',
;
}
}
Expand All @@ -262,7 +264,7 @@
proto => 'tcp',
source => $address,
state => 'NEW',
action => 'accept',
jump => 'accept',
;

"010 prometheus private node exporter ${::hostname} ${address}":
Expand Down Expand Up @@ -302,7 +304,7 @@
dport => 9101,
source => $::ipaddress,
state => 'NEW',
action => 'accept',
jump => 'accept',
}

@@firewall { "010 prometheus firewall6 haproxy exporter ${::hostname}":
Expand All @@ -320,7 +322,7 @@
dport => 9104,
source => $::ipaddress,
state => 'NEW',
action => 'accept',
jump => 'accept',
}

@@firewall { "010 prometheus firewall6 mysql exporter ${::hostname}":
Expand Down
2 changes: 1 addition & 1 deletion manifests/profile/prometheus/exporter/node.pp
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@
dport => 9091,
source => $address,
state => 'NEW',
action => 'accept',
jump => 'accept',
}

@@firewall { "300 pushgateway firewall6 ${::hostname} ${address}":
Expand Down
2 changes: 1 addition & 1 deletion manifests/unison/client.pp
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
dport => [$port],
source => $::ipaddress,
state => 'NEW',
action => 'accept',
jump => 'accept',
tag => "unison-client-${title}"
}

Expand Down

0 comments on commit 9f233e6

Please sign in to comment.