Puppet Class: role::bastionhost::opsonly

Defined in:
modules/role/manifests/bastionhost/opsonly.pp

Overview

bastion host just for ops members



2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# File 'modules/role/manifests/bastionhost/opsonly.pp', line 2

class role::bastionhost::opsonly {
    system::role { 'bastionhost::opsonly':
        description => 'Bastion host restricted to the ops team',
    }

    include ::bastionhost
    include ::standard
    include ::profile::base::firewall
    include ::profile::backup::host

    backup::set {'home': }

    ferm::service { 'ssh':
        desc  => 'SSH open from everywhere, this is a bastion host',
        prio  => '01',
        proto => 'tcp',
        port  => 'ssh',
    }

}