e0fb84e56c
Also adds a new garage gateway role, which only allows RPC (inter-node) traffic to Garage.
35 lines
760 B
Ruby
35 lines
760 B
Ruby
include_recipe 'firewall'
|
|
|
|
firewall_rule 'garage_s3_api' do
|
|
command :allow
|
|
protocol :tcp
|
|
source "10.1.1.0/24"
|
|
port node['garage']['s3_api_port']
|
|
end
|
|
|
|
firewall_rule 'garage_s3_web' do
|
|
command :allow
|
|
protocol :tcp
|
|
source "10.1.1.0/24"
|
|
port node['garage']['s3_web_port']
|
|
end
|
|
|
|
firewall_rule 'garage_admin' do
|
|
command :allow
|
|
protocol :tcp
|
|
source "10.1.1.0/24"
|
|
port node['garage']['admin_port']
|
|
end
|
|
|
|
# K2V is currently disabled by default in release
|
|
# builds, but may be interesting for RS usage:
|
|
#
|
|
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/k2v/
|
|
#
|
|
# firewall_rule 'garage_k2v_api' do
|
|
# command :allow
|
|
# protocol :tcp
|
|
# source "10.1.1.0/24"
|
|
# port node['garage']['k2v_api_port']
|
|
# end
|