]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/networking/recipes/default.rb
Make dev sites serve crossdomain.xml with correct MIME type
[chef.git] / cookbooks / networking / recipes / default.rb
index de493ecffb4251acee5f7879d242e2f48b333124..09b431fd371254c75edacd7685b443a8e65c3c4f 100644 (file)
@@ -30,18 +30,18 @@ node[:networking][:interfaces].each do |name, interface|
 
   if interface[:role] && (role = node[:networking][:roles][interface[:role]])
     if role[interface[:family]]
-      node.set[:networking][:interfaces][name][:prefix] = role[interface[:family]][:prefix]
-      node.set[:networking][:interfaces][name][:gateway] = role[interface[:family]][:gateway]
+      node.normal[:networking][:interfaces][name][:prefix] = role[interface[:family]][:prefix]
+      node.normal[:networking][:interfaces][name][:gateway] = role[interface[:family]][:gateway]
     end
 
-    node.set[:networking][:interfaces][name][:metric] = role[:metric]
-    node.set[:networking][:interfaces][name][:zone] = role[:zone]
+    node.normal[:networking][:interfaces][name][:metric] = role[:metric]
+    node.normal[:networking][:interfaces][name][:zone] = role[:zone]
   end
 
   prefix = node[:networking][:interfaces][name][:prefix]
 
-  node.set[:networking][:interfaces][name][:netmask] = (~IPAddr.new(interface[:address]).mask(0)).mask(prefix)
-  node.set[:networking][:interfaces][name][:network] = IPAddr.new(interface[:address]).mask(prefix)
+  node.normal[:networking][:interfaces][name][:netmask] = (~IPAddr.new(interface[:address]).mask(0)).mask(prefix)
+  node.normal[:networking][:interfaces][name][:network] = IPAddr.new(interface[:address]).mask(prefix)
 end
 
 package network_packages
@@ -216,7 +216,7 @@ firewall_rule "limit-icmp-echo" do
   rate_limit "s:1/sec:5"
 end
 
-%w(ucl ic bm aws).each do |zone|
+%w[ucl ic bm aws].each do |zone|
   firewall_rule "accept-openvpn-#{zone}" do
     action :accept
     family :inet
@@ -336,6 +336,8 @@ firewall_rule "accept-http" do
   dest "fw"
   proto "tcp:syn"
   dest_ports "http"
+  rate_limit node[:networking][:firewall][:http_rate_limit]
+  connection_limit node[:networking][:firewall][:http_connection_limit]
 end
 
 firewall_rule "accept-https" do
@@ -344,4 +346,6 @@ firewall_rule "accept-https" do
   dest "fw"
   proto "tcp:syn"
   dest_ports "https"
+  rate_limit node[:networking][:firewall][:http_rate_limit]
+  connection_limit node[:networking][:firewall][:http_connection_limit]
 end