diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2010-02-19 17:26:40 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2010-02-19 17:26:40 -0200 |
commit | ff228c21fade94398ecdb089ca8acbc49f3563bc (patch) | |
tree | 5448d33ad8521262fe3044d200c98f36ff0bb288 | |
parent | 80b3f076f347aa7440e53b84cbc09999e7c48af7 (diff) | |
download | puppet-nodo-ff228c21fade94398ecdb089ca8acbc49f3563bc.tar.gz puppet-nodo-ff228c21fade94398ecdb089ca8acbc49f3563bc.tar.bz2 |
Internal http requests redirected to proxy
-rw-r--r-- | manifests/init.pp | 48 |
1 files changed, 35 insertions, 13 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 42c2292..19a26cf 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -184,8 +184,8 @@ class nodo::vserver inherits nodo { # Apply munin configuration for this node Munin_node <<| title == $hostname |>> - # We include munin configuration if it's not defined by - # and exported resource. + # We include munin configuration in case the node wasn't defined + # by nodo::vserver::instance. if !defined(munin::client) { munin_node { "$hostname": } } @@ -281,7 +281,7 @@ class nodo::vserver inherits nodo { } if $proxy { - shorewall::rule { 'http-route': + shorewall::rule { 'http-route-1': action => 'DNAT', source => 'net', destination => "vm:192.168.0.$context:80", @@ -291,14 +291,36 @@ class nodo::vserver inherits nodo { order => '500', } - shorewall::rule { 'https-route': + shorewall::rule { 'http-route-2': + action => 'DNAT', + source => '$FW', + destination => "fw:192.168.0.$context:80", + proto => 'tcp', + destinationport => '80', + originaldest => "$ipaddress", + ratelimit => '-', + order => '501', + } + + shorewall::rule { 'https-route-1': action => 'DNAT', source => 'net', destination => "vm:192.168.0.$context:443", proto => 'tcp', destinationport => '443', ratelimit => '-', - order => '501', + order => '502', + } + + shorewall::rule { 'https-route-2': + action => 'DNAT', + source => '$FW', + destination => "fw:192.168.0.$context:443", + proto => 'tcp', + destinationport => '443', + originaldest => "$ipaddress", + ratelimit => '-', + order => '502', } } @@ -310,7 +332,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '8140', ratelimit => '-', - order => '502', + order => '600', } shorewall::rule { 'puppetmaster-2': @@ -320,7 +342,7 @@ class nodo::vserver inherits nodo { proto => 'udp', destinationport => '8140', ratelimit => '-', - order => '503', + order => '601', } shorewall::rule { 'puppetmaster-3': @@ -331,7 +353,7 @@ class nodo::vserver inherits nodo { destinationport => '8140', originaldest => "$ipaddress", ratelimit => '-', - order => '504', + order => '602', } shorewall::rule { 'puppetmaster-4': @@ -342,7 +364,7 @@ class nodo::vserver inherits nodo { destinationport => '8140', originaldest => "$ipaddress", ratelimit => '-', - order => '505', + order => '603', } } @@ -354,7 +376,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '9418', ratelimit => '-', - order => '506', + order => '700', } shorewall::rule { 'git-daemon-2': @@ -364,7 +386,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '9418', ratelimit => '-', - order => '507', + order => '701', } } @@ -376,7 +398,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '8000', ratelimit => '-', - order => '508', + order => '800', } shorewall::rule { 'icecast-2': @@ -386,7 +408,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '8000', ratelimit => '-', - order => '509', + order => '801', } } } |