Révision bbc93ede
Add ceph related rules
Signed-off-by: Dan van der Ster <daniel.vanderster@cern.ch>
| manifests/rules/ceph.pp | ||
|---|---|---|
| 1 |
# Ceph is a distributed object store and file system. |
|
| 2 |
# Enable this to support Ceph's Object Storage Daemons (OSD), |
|
| 3 |
# Metadata Server Daemons (MDS), or Manager Daemons (MGR). |
|
| 4 |
class nftables::rules::ceph {
|
|
| 5 |
nftables::rule{
|
|
| 6 |
'default_in-ceph': |
|
| 7 |
content => 'tcp dport 6800-7300 accept comment "Accept Ceph OSD, MDS, MGR"', |
|
| 8 |
} |
|
| 9 |
} |
|
| manifests/rules/ceph_mon.pp | ||
|---|---|---|
| 1 |
# Ceph is a distributed object store and file system. |
|
| 2 |
# Enable this option to support Ceph's Monitor Daemon. |
|
| 3 |
class nftables::rules::ceph_mon( |
|
| 4 |
Array[Integer,1] $ports = [3300, 6789], |
|
| 5 |
){
|
|
| 6 |
nftables::rule{
|
|
| 7 |
'default_in-ceph_mon': |
|
| 8 |
content => "tcp dport {${$ports.join(', ')}} accept comment \"Accept Ceph MON\"",
|
|
| 9 |
} |
|
| 10 |
} |
|
| manifests/rules/out/ceph_client.pp | ||
|---|---|---|
| 1 |
# Ceph is a distributed object store and file system. |
|
| 2 |
# Enable this to be a client of Ceph's Monitor (MON), |
|
| 3 |
# Object Storage Daemons (OSD), Metadata Server Daemons (MDS), |
|
| 4 |
# and Manager Daemons (MGR). |
|
| 5 |
class nftables::rules::out::ceph_client( |
|
| 6 |
Array[Integer,1] $ports = [3300, 6789], |
|
| 7 |
){
|
|
| 8 |
nftables::rule{
|
|
| 9 |
'default_out-ceph_client': |
|
| 10 |
content => "tcp dport { ${$ports.join(', ')}, 6800-7300 } accept comment \"Accept Ceph MON, OSD, MDS, MGR\"",
|
|
| 11 |
} |
|
| 12 |
} |
|
Formats disponibles : Unified diff