Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / manifests / rules / nomad.pp @ 5dedf86c

Historique | Voir | Annoter | Télécharger (1,69 ko)

1 
# @summary manage port openings for a nomad cluster
2 
#
3 
# @param cluster_elements IP addreses of nomad cluster nodes
4 
# @param http Specify http api port to open to the world.
5 
# @param rpc Specify rpc port to open within the nomad cluster
6 
# @param serf Specify serf port to open within the nomad cluster
7 
#
8 
# @example Simple two node nomad cluster
9 
#  class{ 'nftables::rules::nomad':
10 
#    cluster_elements = [
11 
#      '10.0.0.1','10.0.0.2',
12 
#      '::1', '::2'',
13 
#    ],
14 
#  }
15 
#
16 
class nftables::rules::nomad (
17 
  Stdlib::Port $http = 4646,
18 
  Stdlib::Port $rpc  = 4647,
19 
  Stdlib::Port $serf = 4648,
20 
  Array[Stdlib::IP::Address,1] $cluster_elements = ['127.0.0.1','::1'],
21 
) {
22 
  # Open http api port to everything.
23 
  #
24 
  nftables::rule { 'default_in-nomad_http':
25 
    content => "tcp dport ${http}",
26 
  }
27 

    		
  

  

    
      28
    
    
      
  ['ip','ip6'].each | $_family | {


    		
  

  

    
      29
    
    
      
    $_ip_type = $_family ? {


    		
  

  

    
      30
    
    
      
      'ip'    => Stdlib::IP::Address::V4,


    		
  

  

    
      31
    
    
      
      default => Stdlib::IP::Address::V6,


    		
  

  

    
      32
    
    
      
    }


    		
  

  

    
      33
    
    
      
    $_set_type = $_family ? {


    		
  

  

    
      34
    
    
      
      'ip'    => 'ipv4_addr',


    		
  

  

    
      35
    
    
      
      default => 'ipv6_addr',


    		
  

  

    
      36
    
    
      
    }


    		
  

  

    
      37
    
    
      

    		
  

  

    
      38
    
    
      
    $_elements = $cluster_elements.filter | $_ip | { $_ip =~ $_ip_type }


    		
  

  

    
      39
    
    
      

    		
  

  

    
      40
    
    
      
    if $_elements.length > 0 {


    		
  

  

    
      41
    
    
      
      nftables::set { "nomad_${_family}":


    		
  

  

    
      42
    
    
      
        elements => $_elements,


    		
  

  

    
      43
    
    
      
        type     => $_set_type,


    		
  

  

    
      44
    
    
      
      }


    		
  

  

    
      45
    
    
      

    		
  

  

    
      46
    
    
      
      nftables::rule { "default_in-nomad_rpc_${_family}":


    		
  

  

    
      47
    
    
      
        content => "tcp dport ${rpc} ${_family} saddr @nomad_${_family} accept",


    		
  

  

    
      48
    
    
      
      }


    		
  

  

    
      49
    
    
      

    		
  

  

    
      50
    
    
      
      nftables::rule { "default_in-nomad_serf_udp_${_family}":


    		
  

  

    
      51
    
    
      
        content => "udp dport ${serf} ${_family} saddr @nomad_${_family} accept",


    		
  

  

    
      52
    
    
      
      }


    		
  

  

    
      53
    
    
      

    		
  

  

    
      54
    
    
      
      nftables::rule { "default_in-nomad_serf_tcp_${_family}":


    		
  

  

    
      55
    
    
      
        content => "tcp dport ${serf} ${_family} saddr @nomad_${_family} accept",


    		
  

  

    
      56
    
    
      
      }


    		
  

  

    
      57
    
    
      
    }


    		
  

  

    
      58
    
    
      
  }


    		
  

  

    
      59
    
    
      
}