projects / chef.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9932bb5)
Allow connections to logstash from network gateways
authorTom Hughes <tom@compton.nu>
Tue, 31 May 2016 23:08:04 +0000 (00:08 +0100)
committerTom Hughes <tom@compton.nu>
Tue, 31 May 2016 23:08:04 +0000 (00:08 +0100)
cookbooks/logstash/recipes/default.rb patch | blob | history

diff --git a/cookbooks/logstash/recipes/default.rb b/cookbooks/logstash/recipes/default.rb
index ed9ffb7..73198d5 100644 (file)
--- a/cookbooks/logstash/recipes/default.rb
+++ b/cookbooks/logstash/recipes/default.rb
@@ -79,3 +79,19 @@ forwarders.each do |forwarder|
     end
   end
 end
+
+gateways = search(:node, "roles:gateway") # ~FC010
+
+gateways.each do |gateway|
+  gateway.interfaces(:role => :external) do |interface|
+    firewall_rule "accept-lumberjack-#{gateway}" do
+      action :accept
+      family interface[:family]
+      source "#{interface[:zone]}:#{interface[:address]}"
+      dest "fw"
+      proto "tcp:syn"
+      dest_ports "5043"
+      source_ports "1024:"
+    end
+  end
+end
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.