Merge branch 'develop' of ssh://leap.se/leap_platform into develop

4 files changed, 83 insertions, 3 deletions

diff --git a/puppet/modules/site_shorewall/manifests/couchdb.pp b/puppet/modules/site_shorewall/manifests/couchdb.pp
index 9fa59569..1ef91bb0 100644
--- a/puppet/modules/site_shorewall/manifests/couchdb.pp
+++ b/puppet/modules/site_shorewall/manifests/couchdb.pp
@@ -2,16 +2,20 @@ class site_shorewall::couchdb {
 
   include site_shorewall::defaults
 
-  $couchdb_port = '6984'
+  $stunnel = hiera('stunnel')
+  $couch_server = $stunnel['couch_server']
+  $couch_stunnel_port = $couch_server['accept']
+
+  # see http://stackoverflow.com/questions/8459949/bigcouch-cluster-connection-issue#comment10467603_8463814
+  $erlang_vm_port = '9001'
 
   # define macro for incoming services
   file { '/etc/shorewall/macro.leap_couchdb':
-    content => "PARAM   -       -       tcp    $couchdb_port",
+    content => "PARAM   -       -       tcp    ${couch_stunnel_port},${erlang_vm_port}",
     notify  => Service['shorewall'],
     require => Package['shorewall']
   }
 
-
   shorewall::rule {
       'net2fw-couchdb':
         source      => 'net',
diff --git a/puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp b/puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp
new file mode 100644
index 00000000..85272657
--- /dev/null
+++ b/puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp
@@ -0,0 +1,36 @@
+class site_shorewall::couchdb::bigcouch {
+
+  include site_shorewall::defaults
+
+  $stunnel = hiera('stunnel')
+  $bigcouch_replication_clients         = $stunnel['bigcouch_replication_clients']
+
+  $bigcouch_replication_server          = $stunnel['bigcouch_replication_server']
+  $bigcouch_replication_server_port     = $bigcouch_replication_server['accept']
+  $bigcouch_replication_connect         = $bigcouch_replication_server['connect']
+
+  # define macro for incoming services
+  file { '/etc/shorewall/macro.leap_bigcouch':
+    content => "PARAM   -       -       tcp    ${bigcouch_replication_server_port}",
+    notify  => Service['shorewall'],
+    require => Package['shorewall']
+  }
+
+  shorewall::rule {
+      'net2fw-bigcouch':
+        source      => 'net',
+        destination => '$FW',
+        action      => 'leap_bigcouch(ACCEPT)',
+        order       => 300;
+  }
+
+  $bigcouch_shorewall_dnat_defaults = {
+    'source'          => '$FW',
+    'proto'           => 'tcp',
+    'destinationport' => regsubst($bigcouch_replication_connect, '^([0-9.]+:)([0-9]+)$', '\2')
+  }
+
+  create_resources(site_shorewall::couchdb::dnat, $bigcouch_replication_clients, $bigcouch_shorewall_dnat_defaults)
+
+}
+
diff --git a/puppet/modules/site_shorewall/manifests/couchdb/dnat.pp b/puppet/modules/site_shorewall/manifests/couchdb/dnat.pp
new file mode 100644
index 00000000..f1bc9acf
--- /dev/null
+++ b/puppet/modules/site_shorewall/manifests/couchdb/dnat.pp
@@ -0,0 +1,21 @@
+define site_shorewall::couchdb::dnat (
+  $source,
+  $connect,
+  $connect_port,
+  $accept_port,
+  $proto,
+  $destinationport )
+{
+
+
+  shorewall::rule {
+    "dnat_${name}_${destinationport}":
+      action          => 'DNAT',
+      source          => $source,
+      destination     => "\$FW:127.0.0.1:${accept_port}",
+      proto           => $proto,
+      destinationport => $destinationport,
+      originaldest    => $connect,
+      order           => 200
+  }
+}
diff --git a/puppet/modules/site_shorewall/manifests/dnat.pp b/puppet/modules/site_shorewall/manifests/dnat.pp
new file mode 100644
index 00000000..a73294cc
--- /dev/null
+++ b/puppet/modules/site_shorewall/manifests/dnat.pp
@@ -0,0 +1,19 @@
+define site_shorewall::dnat (
+  $source,
+  $destination,
+  $proto,
+  $destinationport,
+  $originaldest ) {
+
+
+  shorewall::rule {
+    "dnat_${name}_${destinationport}":
+      action          => 'DNAT',
+      source          => $source,
+      destination     => $destination,
+      proto           => $proto,
+      destinationport => $destinationport,
+      originaldest    => $originaldest,
+      order           => 200
+  }
+}