Add iptables support
diff --git a/glusterfs/meta/iptables.yml b/glusterfs/meta/iptables.yml
new file mode 100644
index 0000000..ee33550
--- /dev/null
+++ b/glusterfs/meta/iptables.yml
@@ -0,0 +1,35 @@
+{%- if pillar.glusterfs.server is defined -%}
+{%- from "glusterfs/map.jinja" import server with context -%}
+
+iptables:
+ rules:
+ {%- for peer in server.peers %}
+ - destination_port: 11211
+ protocol: tcp
+ source_network: {{ peer }}/32
+ jump: ACCEPT
+ - destination_port: 111
+ protocol: tcp
+ source_network: {{ peer }}/32
+ jump: ACCEPT
+ - protocol: udp
+ destination_port: 111
+ source_network: {{ peer }}/32
+ jump: ACCEPT
+ - destination_port: '49152:49192'
+ protocol: tcp
+ source_network: {{ peer }}/32
+ jump: ACCEPT
+ - destination_port: '24007:24047'
+ protocol: tcp
+ source_network: {{ peer }}/32
+ jump: ACCEPT
+ - destination_port: '38465:38467'
+ protocol: tcp
+ source_network: {{ peer }}/32
+ jump: ACCEPT
+ {%- endfor %}
+
+{%- endif -%}
+
+{#- vim: syntax=jinja -#}
diff --git a/glusterfs/meta/sensu.yml b/glusterfs/meta/sensu.yml
index 888273c..15a67b7 100644
--- a/glusterfs/meta/sensu.yml
+++ b/glusterfs/meta/sensu.yml
@@ -1,5 +1,5 @@
-{%- from "glusterfs/map.jinja" import server with context -%}
{%- if pillar.glusterfs.server is defined %}
+{%- from "glusterfs/map.jinja" import server with context -%}
check:
local_glusterd_proc:
command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_procs -C glusterd -u root -c 1:1"
@@ -30,3 +30,5 @@
subscribers:
- {{ grains['fqdn']|replace('.', '-') }}
{%- endif %}
+
+{#- vim: syntax=jinja -#}
diff --git a/metadata/service/support.yml b/metadata/service/support.yml
index 4004925..484f1a8 100644
--- a/metadata/service/support.yml
+++ b/metadata/service/support.yml
@@ -9,3 +9,5 @@
enabled: true
sphinx:
enabled: true
+ iptables:
+ enabled: true