[MediaWiki-commits] [Gerrit] Amend "Punch hole for icinga servers to monitor all" - change (operations/puppet)

Akosiaris (Code Review) Wed, 20 Nov 2013 08:47:49 -0800

Akosiaris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/96515



Change subject: Amend "Punch hole for icinga servers to monitor all"
......................................................................

Amend "Punch hole for icinga servers to monitor all"

A huge oversight on my part, fixing it

Change-Id: I05a5f1471c2c9f8f14051d9bc6af792a25b585f9
---
M modules/base/files/firewall/defs.production
M modules/base/manifests/init.pp
2 files changed, 8 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/15/96515/1

diff --git a/modules/base/files/firewall/defs.production 
b/modules/base/files/firewall/defs.production
index fc33acd..33226bf 100644
--- a/modules/base/files/firewall/defs.production
+++ b/modules/base/files/firewall/defs.production
@@ -6,6 +6,6 @@
 @def $INTERNAL_V6 = (2620:0:100::/56);
 @def $INTERNAL = ($INTERNAL_V4 $INTERNAL_V6);
 
-@def ICINGA_V4 = (208.80.154.14);
-@def ICINGA_V6 = (2620:0:861:1:7a2b:cbff:fe08:a42f);
-@def ICINGA = ($ICINGA_V4 $ICINGA_V6);
+@def $ICINGA_V4 = (208.80.154.14);
+@def $ICINGA_V6 = (2620:0:861:1:7a2b:cbff:fe08:a42f);
+@def $ICINGA = ($ICINGA_V4 $ICINGA_V6);
diff --git a/modules/base/manifests/init.pp b/modules/base/manifests/init.pp
index 2df2e31..45e60f0 100644
--- a/modules/base/manifests/init.pp
+++ b/modules/base/manifests/init.pp
@@ -366,6 +366,11 @@
         source  => "puppet:///modules/base/firewall/defs.${::realm}",
     }
 
+    ferm::rule { 'bastion-ssh':
+        ensure => present,
+        rule   => 'proto tcp dport ssh saddr $BASTION ACCEPT;',
+    }
+
     ferm::rule { 'icinga-all':
         ensure => present,
         rule   => 'saddr $ICINGA ACCEPT;',

-- 
To view, visit https://gerrit.wikimedia.org/r/96515
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I05a5f1471c2c9f8f14051d9bc6af792a25b585f9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Akosiaris <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Amend "Punch hole for icinga servers to monitor all" - change (operations/puppet)

Reply via email to