sunet-cdn/cdn-ops
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

mqtt: open local firewall for any clients

Browse source
This commit is contained in:
Patrik Lundin 2024-11-04 11:52:31 +01:00
parent 9cee243af6
commit a71a8f5639
Signed by: patlu
GPG key ID: A0A812BA2249F294
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
global/overlay/etc/puppet/modules/cdn/manifests/mqtt.pp
View file

@ -1,7 +1,7 @@
# Configure a SUNET CDN mqtt server # Configure a SUNET CDN mqtt server
class cdn::mqtt( class cdn::mqtt(
String $dc = '', String $dc = '',
Array[String] $clients = [], Array[String] $mqtt_client_ips = [],
Hash[String, Hash] $bridges = {}, Hash[String, Hash] $bridges = {},
Hash[String, String] $acme_url = { Hash[String, String] $acme_url = {
test => 'https://internal-sto3-test-ca-1.cdn.sunet.se:9000/acme/acme/directory' test => 'https://internal-sto3-test-ca-1.cdn.sunet.se:9000/acme/acme/directory'
@ -35,6 +35,14 @@ class cdn::mqtt(
proto => 'tcp', proto => 'tcp',
} }
$mqtt_client_ips.each | String $mqtt_client_ip | {
sunet::nftables::allow { "allow-acme-client-${mqtt_client_ip}":
from => $mqtt_client_ip,
port => 8883,
proto => 'tcp',
}
}
# From https://wiki.sunet.se/display/sunetops/Platform+naming+standards # From https://wiki.sunet.se/display/sunetops/Platform+naming+standards
$my_fqdn = $facts['networking']['fqdn'] $my_fqdn = $facts['networking']['fqdn']
$dot_split = split($my_fqdn, '[.]') $dot_split = split($my_fqdn, '[.]')