Commit 2c17a18a authored by Goh Choon Ming's avatar Goh Choon Ming

fix puppet-lints

parent de9f3291
......@@ -18,19 +18,19 @@ class opstheater::profile::elasticsearch{
}
@firewall { '200 allow elasticsearch 9200 access':
chain => 'INPUT',
jump => 'OPSTHEATER',
proto => 'tcp',
dport => '9200',
tag => 'opstheater',
chain => 'INPUT',
jump => 'OPSTHEATER',
proto => 'tcp',
dport => '9200',
tag => 'opstheater',
}
@firewall { '200 allow elasticsearch 9300 access':
chain => 'INPUT',
jump => 'OPSTHEATER',
proto => 'tcp',
dport => '9300',
tag => 'opstheater',
chain => 'INPUT',
jump => 'OPSTHEATER',
proto => 'tcp',
dport => '9300',
tag => 'opstheater',
}
}
......@@ -17,16 +17,16 @@ class opstheater::profile::firewall {
}
firewallchain { 'OPSTHEATER:filter:IPv4':
ensure => present,
purge => true,
ensure => present,
purge => true,
}
$ip_whitelist.each | String $ip | {
firewall { "100 accept connections for ${ip}":
chain => 'OPSTHEATER',
action => 'accept'
proto => 'all',
source => $ip,
chain => 'OPSTHEATER',
action => 'accept'
proto => 'all',
source => $ip,
}
}
......
......@@ -83,21 +83,21 @@ class opstheater::profile::foremanproxy {
}
@firewall { '203 allow HTTP access to foreman':
chain => 'INPUT',
action => 'accept',
proto => 'tcp',
dport => '80',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
chain => 'INPUT',
action => 'accept',
proto => 'tcp',
dport => '80',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
}
@firewall { '204 allow HTTPS access to foreman':
chain => 'INPUT',
action => 'accept',
proto => 'tcp',
dport => '443',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
chain => 'INPUT',
action => 'accept',
proto => 'tcp',
dport => '443',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
}
}
......@@ -181,21 +181,21 @@ class opstheater::profile::gitlab {
include opstheater::profile::filebeat::mattermost
@firewall { '205 allow HTTP access to gitlab':
chain => 'INPUT',
action => 'accept',
proto => 'tcp',
dport => '80',
source => hiera('opstheater::vpn_ip', '0.0.0.0')
tag => 'opstheater',
chain => 'INPUT',
action => 'accept',
proto => 'tcp',
dport => '80',
source => hiera('opstheater::vpn_ip', '0.0.0.0')
tag => 'opstheater',
}
@firewall { '206 allow HTTPS access to gitlab':
chain => 'INPUT',
jump => 'OPSTHEATER',
proto => 'tcp',
dport => '443',
source => hiera('opstheater::vpn_ip', '0.0.0.0')
tag => 'opstheater',
}
chain => 'INPUT',
jump => 'OPSTHEATER',
proto => 'tcp',
dport => '443',
source => hiera('opstheater::vpn_ip', '0.0.0.0')
tag => 'opstheater',
}
}
......@@ -48,12 +48,12 @@ class opstheater::profile::grafana {
}
@firewall { '207 allow HTTP access to grafana':
chain => 'INPUT',
action => 'accept',
proto => 'tcp',
dport => '3000',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
chain => 'INPUT',
action => 'accept',
proto => 'tcp',
dport => '3000',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
}
}
......@@ -184,21 +184,21 @@ class opstheater::profile::icinga::web {
}
@firewall { '202 allow HTTP access to icinga web':
chain => 'INPUT',
action => 'accept',
proto => 'http',
dport => '80',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
chain => 'INPUT',
action => 'accept',
proto => 'http',
dport => '80',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
}
@firewall { '203 allow HTTPS access to icinga web':
chain => 'INPUT',
action => 'accept',
proto => 'http',
dport => '443',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
chain => 'INPUT',
action => 'accept',
proto => 'http',
dport => '443',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
}
}
......@@ -10,11 +10,11 @@ class opstheater::profile::kibana {
include opstheater::profile::filebeat::kibana
@firewall { '208 allow HTTP access to kibana':
chain => 'INPUT',
action => 'accept',
proto => 'tcp',
dport => '5601',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
chain => 'INPUT',
action => 'accept',
proto => 'tcp',
dport => '5601',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
}
}
......@@ -4,12 +4,12 @@ class opstheater::profile::ssh {
include ::ssh::client
@@firewall { '010 allow SSH access':
chain => 'INPUT',
action => 'allow',
proto => 'tcp',
dport => '22',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
chain => 'INPUT',
action => 'allow',
proto => 'tcp',
dport => '22',
source => hiera('opstheater::vpn_ip', '0.0.0.0'),
tag => 'opstheater',
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment