[MediaWiki-commits] [Gerrit] Punch hole for icinga servers to monitor all - change (operations/puppet)

[Akosiaris (Code Review)]

Akosiaris has submitted this change and it was merged.

Change subject: Punch hole for icinga servers to monitor all
......................................................................


Punch hole for icinga servers to monitor all

Add icinga definition for our one at this point server and then punch a
hole in the ferm configuration next to the bastion SSH hole

Change-Id: I61c702d50cadb95c444130613512f1a850b41bb4
---
M modules/base/files/firewall/defs.production
M modules/base/manifests/init.pp
2 files changed, 7 insertions(+), 3 deletions(-)

Approvals:
  Akosiaris: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/base/files/firewall/defs.production 
b/modules/base/files/firewall/defs.production
index 1e2a8ca..fc33acd 100644
--- a/modules/base/files/firewall/defs.production
+++ b/modules/base/files/firewall/defs.production
@@ -4,4 +4,8 @@
 
 @def $INTERNAL_V4 = (10.0.0.0/8);
 @def $INTERNAL_V6 = (2620:0:100::/56);
-@def $INTERNAL = ($INTERNAL_V4 $INTERNAL_V6);
\ No newline at end of file
+@def $INTERNAL = ($INTERNAL_V4 $INTERNAL_V6);
+
+@def ICINGA_V4 = (208.80.154.14);
+@def ICINGA_V6 = (2620:0:861:1:7a2b:cbff:fe08:a42f);
+@def ICINGA = ($ICINGA_V4 $ICINGA_V6);
diff --git a/modules/base/manifests/init.pp b/modules/base/manifests/init.pp
index 18836df..2df2e31 100644
--- a/modules/base/manifests/init.pp
+++ b/modules/base/manifests/init.pp
@@ -366,9 +366,9 @@
         source  => "puppet:///modules/base/firewall/defs.${::realm}",
     }
 
-    ferm::rule { 'bastion-ssh':
+    ferm::rule { 'icinga-all':
         ensure => present,
-        rule   => 'proto tcp dport ssh saddr $BASTION ACCEPT;',
+        rule   => 'saddr $ICINGA ACCEPT;',
     }
 }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/96511
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I61c702d50cadb95c444130613512f1a850b41bb4
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Akosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Akosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits