Fix sandboxing of smokeping exporter

[chef.git] / roles / nepomuk.rb

diff --git a/roles/nepomuk.rb b/roles/nepomuk.rb
index 4035409b2bd1b11cc4c2e05e926c6c32a49e1503..f57f73921ab17a97a47184afca84e779abaf9f45 100644 (file)
--- a/roles/nepomuk.rb
+++ b/roles/nepomuk.rb
@@ -4,17 +4,8 @@ description "Master role applied to nepomuk"
 default_attributes(
   :networking => {
     :firewall => {
-      :inet => [
-        {
-          :action => "ACCEPT",
-          :source => "net:77.95.64.120,77.95.64.131,77.95.64.139",
-          :dest => "fw",
-          :proto => "tcp",
-          :dest_ports => "5666",
-          :source_ports => "1024:",
-          :rate_limit => "-",
-          :connection_limit => "-"
-        }
+      :incoming => [
+        "tcp sport { 1024-65535 } tcp dport { 5666 } ip saddr { 77.95.64.120, 77.95.64.131, 77.95.64.139 } ct state new accept"
       ]
     },
     :interfaces => {
@@ -36,15 +27,6 @@ default_attributes(
       }
     }
   },
-  :sysctl => {
-    :kvm => {
-      :comment => "Tuning for KVM guest",
-      :parameters => {
-        "kernel.sched_min_granularity_ns" => 10000000,
-        "kernel.sched_wakeup_granularity_ns" => 15000000
-      }
-    }
-  },
   :sysfs => {
     :hdd_tune => {
       :comment => "Tune the queue for improved performance",