Merge pull request #240 from rightscale/white_13_01_acu81359_app_serv…

…ers_use_public_lb_ip_in_iptables

White 13 01 acu81359 app servers use public lb ip in iptables

cookbooks/app/attributes/default.rb

@@ -13,6 +13,8 @@
 # By default listen on the first private IP
 default[:app][:ip] = node[:cloud][:private_ips][0]
 # IP addrs of loadbalancer requesting firewall ports to be opened to it
-default[:app][:lb_ip] = ""
+default[:app][:lb_private_ip] = ""
+default[:app][:lb_public_ip] = ""
+
 # The database schema name the app server uses
 default[:app][:database_name] = ""

cookbooks/app/recipes/handle_loadbalancers_allow.rb

@@ -5,16 +5,21 @@
 # RightScale Terms of Service available at http://www.rightscale.com/terms.php and,
 # if applicable, other agreements such as a RightScale Master Subscription Agreement.
 
-# This recipe will setup firewall rules on the app server to allow loadbalancers to connect to the
-# correct port.
+# This recipe will setup firewall rules on the app server to allow loadbalancers
+# to connect to the correct port.
 
 rightscale_marker :begin
 
 # Setup attributes
-rule_ip = node[:app][:lb_ip]
+# If we are using public IP/interface, use the corresponding IP on the LB
+if node[:app][:backend_ip_type] == "Public"
+  rule_ip = node[:app][:lb_public_ip]
+else
+  rule_ip = node[:app][:lb_private_ip]
+end
 port = node[:app][:port]
 
-log "  Adding firewall rules for loadbalancer to connect"
+log "  Adding firewall rules for loadbalancer to connect from #{rule_ip}"
 # See cookbooks/sys_firewall/providers/default.rb for the "update" action.
 sys_firewall port do
   ip_addr rule_ip

cookbooks/app/recipes/handle_loadbalancers_deny.rb

@@ -5,13 +5,18 @@
 # RightScale Terms of Service available at http://www.rightscale.com/terms.php and,
 # if applicable, other agreements such as a RightScale Master Subscription Agreement.
 
-# This recipe will disable firewall rules on the app server that allowed loadbalancers to connect to the
-# correct port.
+# This recipe will disable firewall rules on the app server that allowed
+# loadbalancers to connect to the correct port.
 
 rightscale_marker :begin
 
 # Setup attributes
-rule_ip = node[:app][:lb_ip]
+# If we are using public IP/interface, use the corresponding IP on the LB
+if node[:app][:backend_ip_type] == "Public"
+  rule_ip = node[:app][:lb_public_ip]
+else
+  rule_ip = node[:app][:lb_private_ip]
+end
 port = node[:app][:port]
 
 log "  Removing firewall rules used to allow loadbalancer to connect"

cookbooks/app/recipes/request_loadbalancer_allow.rb

@@ -11,10 +11,14 @@ class Chef::Recipe
   include RightScale::App::Helper
 end
 
-# Sending request to application servers, to add iptables rule, which will allow connection with loadbalancer
+# Sending request to application servers, to add iptables rule,
+# which will allow connection with loadbalancer
 
 attrs = {:app => Hash.new}
-attrs[:app][:lb_ip] = node[:cloud][:private_ips][0]
+# Grab the public and private IPs of the current instance to send
+# to the remote recipe.
+attrs[:app][:lb_private_ip] = node[:cloud][:private_ips][0]
+attrs[:app][:lb_public_ip] = node[:cloud][:public_ips][0]
 
 pool_names(node[:lb][:pools]).each do |pool_name|
   # See http://support.rightscale.com/12-Guides/Chef_Cookbooks_Developer_Guide/Chef_Resources#RemoteRecipe for the "remote_recipe" resource.

cookbooks/app/recipes/request_loadbalancer_deny.rb

@@ -11,8 +11,14 @@ class Chef::Recipe
   include RightScale::App::Helper
 end
 
+# Sending request to application servers, to remove iptables rule
+# that allowed connection from loadbalancer.
+
 attrs = {:app => Hash.new}
-attrs[:app][:lb_ip] = node[:cloud][:private_ips][0]
+# Grab the public and private IPs of the current instance to send
+# to the remote recipe.
+attrs[:app][:lb_private_ip] = node[:cloud][:private_ips][0]
+attrs[:app][:lb_public_ip] = node[:cloud][:public_ips][0]
 
 pool_names(node[:lb][:pools]).each do |pool_name|
   # See http://support.rightscale.com/12-Guides/Chef_Cookbooks_Developer_Guide/Chef_Resources#RemoteRecipe for the "remote_recipe" resource.