]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/logstash/recipes/default.rb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Allow connections to logstash from network gateways
[chef.git] / cookbooks / logstash / recipes / default.rb
diff --git a/cookbooks/logstash/recipes/default.rb b/cookbooks/logstash/recipes/default.rb
index 0fb88c8ab38f5ef81b19f337b546fb5204080cf6..73198d5933daa41fff9c2b0f814b8c5982eb8087 100644 (file)
--- a/cookbooks/logstash/recipes/default.rb
+++ b/cookbooks/logstash/recipes/default.rb
@@ -21,7 +21,7 @@ include_recipe "networking"
 
 keys = data_bag_item("logstash", "keys")
 
-package "openjdk-7-jre-headless"
+package "default-jre-headless"
 package "logstash"
 
 cookbook_file "/var/lib/logstash/lumberjack.crt" do
@@ -79,3 +79,19 @@ forwarders.each do |forwarder|
     end
   end
 end
+
+gateways = search(:node, "roles:gateway") # ~FC010
+
+gateways.each do |gateway|
+  gateway.interfaces(:role => :external) do |interface|
+    firewall_rule "accept-lumberjack-#{gateway}" do
+      action :accept
+      family interface[:family]
+      source "#{interface[:zone]}:#{interface[:address]}"
+      dest "fw"
+      proto "tcp:syn"
+      dest_ports "5043"
+      source_ports "1024:"
+    end
+  end
+end
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.