]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/logstash/recipes/default.rb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Drop tcp vs tcp:syn distinction
[chef.git] / cookbooks / logstash / recipes / default.rb
diff --git a/cookbooks/logstash/recipes/default.rb b/cookbooks/logstash/recipes/default.rb
index e58df226bfe14e983f4bb13d896b756f0d9a848e..56caa73129ff7a123c441107deaed3da3d595a5b 100644 (file)
--- a/cookbooks/logstash/recipes/default.rb
+++ b/cookbooks/logstash/recipes/default.rb
@@ -31,7 +31,7 @@ cookbook_file "/var/lib/logstash/beats.crt" do
   source "beats.crt"
   user "root"
   group "logstash"
-  mode 0o644
+  mode "644"
   notifies :restart, "service[logstash]"
 end
 
@@ -39,7 +39,7 @@ file "/var/lib/logstash/beats.key" do
   content keys["beats"].join("\n")
   user "root"
   group "logstash"
-  mode 0o640
+  mode "640"
   notifies :restart, "service[logstash]"
 end
 
@@ -47,19 +47,19 @@ template "/etc/logstash/conf.d/chef.conf" do
   source "logstash.conf.erb"
   user "root"
   group "root"
-  mode 0o644
+  mode "644"
   notifies :start, "service[logstash]"
 end
 
 file "/etc/logrotate.d/logstash" do
-  mode 0o644
+  mode "644"
 end
 
 template "/etc/default/logstash" do
   source "logstash.default.erb"
   user "root"
   group "root"
-  mode 0o644
+  mode "644"
   notifies :restart, "service[logstash]"
 end
 
@@ -71,7 +71,7 @@ template "/etc/cron.daily/expire-logstash" do
   source "expire.erb"
   owner "root"
   group "root"
-  mode 0o755
+  mode "755"
 end
 
 forwarders = search(:node, "recipes:logstash\\:\\:forwarder")
@@ -81,21 +81,21 @@ forwarders.sort_by { |n| n[:fqdn] }.each do |forwarder|
     firewall_rule "accept-lumberjack-#{forwarder}" do
       action :accept
       family interface[:family]
-      source "#{interface[:zone]}:#{interface[:address]}"
+      source "net:#{interface[:address]}"
       dest "fw"
-      proto "tcp:syn"
+      proto "tcp"
       dest_ports "5043"
-      source_ports "1024:"
+      source_ports "1024-65535"
     end
 
     firewall_rule "accept-beats-#{forwarder}" do
       action :accept
       family interface[:family]
-      source "#{interface[:zone]}:#{interface[:address]}"
+      source "net:#{interface[:address]}"
       dest "fw"
-      proto "tcp:syn"
+      proto "tcp"
       dest_ports "5044"
-      source_ports "1024:"
+      source_ports "1024-65535"
     end
   end
 end
@@ -107,21 +107,21 @@ gateways.sort_by { |n| n[:fqdn] }.each do |gateway|
     firewall_rule "accept-lumberjack-#{gateway}" do
       action :accept
       family interface[:family]
-      source "#{interface[:zone]}:#{interface[:address]}"
+      source "net:#{interface[:address]}"
       dest "fw"
-      proto "tcp:syn"
+      proto "tcp"
       dest_ports "5043"
-      source_ports "1024:"
+      source_ports "1024-65535"
     end
 
     firewall_rule "accept-beats-#{gateway}" do
       action :accept
       family interface[:family]
-      source "#{interface[:zone]}:#{interface[:address]}"
+      source "net:#{interface[:address]}"
       dest "fw"
-      proto "tcp:syn"
+      proto "tcp"
       dest_ports "5044"
-      source_ports "1024:"
+      source_ports "1024-65535"
     end
   end
 end
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.