Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #240 from rightscale/white_13_01_acu81359_app_serv…

…ers_use_public_lb_ip_in_iptables

White 13 01 acu81359 app servers use public lb ip in iptables
  • Loading branch information...
commit 90f6db611b23b443f64b47904ac43107fb980fe9 2 parents dd0dcd1 + ce11d16
@douglaswth douglaswth authored
View
4 cookbooks/app/attributes/default.rb
@@ -13,6 +13,8 @@
# By default listen on the first private IP
default[:app][:ip] = node[:cloud][:private_ips][0]
# IP addrs of loadbalancer requesting firewall ports to be opened to it
-default[:app][:lb_ip] = ""
+default[:app][:lb_private_ip] = ""
+default[:app][:lb_public_ip] = ""
+
# The database schema name the app server uses
default[:app][:database_name] = ""
View
13 cookbooks/app/recipes/handle_loadbalancers_allow.rb
@@ -5,16 +5,21 @@
# RightScale Terms of Service available at http://www.rightscale.com/terms.php and,
# if applicable, other agreements such as a RightScale Master Subscription Agreement.
-# This recipe will setup firewall rules on the app server to allow loadbalancers to connect to the
-# correct port.
+# This recipe will setup firewall rules on the app server to allow loadbalancers
+# to connect to the correct port.
rightscale_marker :begin
# Setup attributes
-rule_ip = node[:app][:lb_ip]
+# If we are using public IP/interface, use the corresponding IP on the LB
+if node[:app][:backend_ip_type] == "Public"
+ rule_ip = node[:app][:lb_public_ip]
+else
+ rule_ip = node[:app][:lb_private_ip]
+end
port = node[:app][:port]
-log " Adding firewall rules for loadbalancer to connect"
+log " Adding firewall rules for loadbalancer to connect from #{rule_ip}"
# See cookbooks/sys_firewall/providers/default.rb for the "update" action.
sys_firewall port do
ip_addr rule_ip
View
11 cookbooks/app/recipes/handle_loadbalancers_deny.rb
@@ -5,13 +5,18 @@
# RightScale Terms of Service available at http://www.rightscale.com/terms.php and,
# if applicable, other agreements such as a RightScale Master Subscription Agreement.
-# This recipe will disable firewall rules on the app server that allowed loadbalancers to connect to the
-# correct port.
+# This recipe will disable firewall rules on the app server that allowed
+# loadbalancers to connect to the correct port.
rightscale_marker :begin
# Setup attributes
-rule_ip = node[:app][:lb_ip]
+# If we are using public IP/interface, use the corresponding IP on the LB
+if node[:app][:backend_ip_type] == "Public"
+ rule_ip = node[:app][:lb_public_ip]
+else
+ rule_ip = node[:app][:lb_private_ip]
+end
port = node[:app][:port]
log " Removing firewall rules used to allow loadbalancer to connect"
View
8 cookbooks/app/recipes/request_loadbalancer_allow.rb
@@ -11,10 +11,14 @@ class Chef::Recipe
include RightScale::App::Helper
end
-# Sending request to application servers, to add iptables rule, which will allow connection with loadbalancer
+# Sending request to application servers, to add iptables rule,
+# which will allow connection with loadbalancer
attrs = {:app => Hash.new}
-attrs[:app][:lb_ip] = node[:cloud][:private_ips][0]
+# Grab the public and private IPs of the current instance to send
+# to the remote recipe.
+attrs[:app][:lb_private_ip] = node[:cloud][:private_ips][0]
+attrs[:app][:lb_public_ip] = node[:cloud][:public_ips][0]
pool_names(node[:lb][:pools]).each do |pool_name|
# See http://support.rightscale.com/12-Guides/Chef_Cookbooks_Developer_Guide/Chef_Resources#RemoteRecipe for the "remote_recipe" resource.
View
8 cookbooks/app/recipes/request_loadbalancer_deny.rb
@@ -11,8 +11,14 @@ class Chef::Recipe
include RightScale::App::Helper
end
+# Sending request to application servers, to remove iptables rule
+# that allowed connection from loadbalancer.
+
attrs = {:app => Hash.new}
-attrs[:app][:lb_ip] = node[:cloud][:private_ips][0]
+# Grab the public and private IPs of the current instance to send
+# to the remote recipe.
+attrs[:app][:lb_private_ip] = node[:cloud][:private_ips][0]
+attrs[:app][:lb_public_ip] = node[:cloud][:public_ips][0]
pool_names(node[:lb][:pools]).each do |pool_name|
# See http://support.rightscale.com/12-Guides/Chef_Cookbooks_Developer_Guide/Chef_Resources#RemoteRecipe for the "remote_recipe" resource.
Please sign in to comment.
Something went wrong with that request. Please try again.