kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Fix implicit dependency on firewall cookbook in kosmos-base

Browse Source 
Also delete ufw cookbook, we're not using it
This commit is contained in:
Greg Karékinian
2017-05-02 11:46:56 +02:00
parent 11b812fbb8
commit 030b2501eb
33 changed files with 442 additions and 778 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cookbooks/firewall/README.md
View File

@@ -84,13 +84,18 @@ keys must be unique but we need multiple commit lines.
# Recipes
### default
The default recipe creates a firewall resource with action install, and if `node['firewall']['allow_ssh']`, opens port 22 from the world.
The default recipe creates a firewall resource with action install.
### disable_firewall
Used to disable platform specific firewall. Many clouds have their own firewall configured outside of the OS instance such as AWS Security Groups.
# Attributes
* `default['firewall']['allow_ssh'] = false`, set true to open port 22 for SSH when the default recipe runs
* `default['firewall']['allow_mosh'] = false`, set to true to open UDP ports 60000 - 61000 for [Mosh][0] when the default recipe runs
* `default['firewall']['allow_winrm'] = false`, set true to open port 5989 for WinRM when the default recipe runs
* `default['firewall']['allow_loopback'] = false`, set to true to allow all traffic on the loopback interface
* `default['firewall']['allow_icmp'] = false`, set true to allow icmp protocol on supported OSes (note: ufw and windows implementations don't support this)
* `default['firewall']['ubuntu_iptables'] = false`, set to true to use iptables on Ubuntu / Debian when using the default recipe
* `default['firewall']['redhat7_iptables'] = false`, set to true to use iptables on Red Hat / CentOS 7 when using the default recipe