[MediaWiki-commits] [Gerrit] Amend "Punch hole for icinga servers to monitor all" - change (operations/puppet)

Wed, 20 Nov 2013 08:49:05 -0800 

Akosiaris has submitted this change and it was merged.

Change subject: Amend "Punch hole for icinga servers to monitor all"
......................................................................


Amend "Punch hole for icinga servers to monitor all"

A huge oversight on my part, fixing it

Change-Id: I05a5f1471c2c9f8f14051d9bc6af792a25b585f9
---
M modules/base/files/firewall/defs.production
M modules/base/manifests/init.pp
2 files changed, 8 insertions(+), 3 deletions(-)

Approvals:
  Akosiaris: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/base/files/firewall/defs.production 
b/modules/base/files/firewall/defs.production
index fc33acd..33226bf 100644
--- a/modules/base/files/firewall/defs.production
+++ b/modules/base/files/firewall/defs.production
@@ -6,6 +6,6 @@
 @def $INTERNAL_V6 = (2620:0:100::/56);
 @def $INTERNAL = ($INTERNAL_V4 $INTERNAL_V6);
 
-@def ICINGA_V4 = (208.80.154.14);
-@def ICINGA_V6 = (2620:0:861:1:7a2b:cbff:fe08:a42f);
-@def ICINGA = ($ICINGA_V4 $ICINGA_V6);
+@def $ICINGA_V4 = (208.80.154.14);
+@def $ICINGA_V6 = (2620:0:861:1:7a2b:cbff:fe08:a42f);
+@def $ICINGA = ($ICINGA_V4 $ICINGA_V6);
diff --git a/modules/base/manifests/init.pp b/modules/base/manifests/init.pp
index 2df2e31..45e60f0 100644
--- a/modules/base/manifests/init.pp
+++ b/modules/base/manifests/init.pp
@@ -366,6 +366,11 @@
         source  => "puppet:///modules/base/firewall/defs.${::realm}",
     }
 
+    ferm::rule { 'bastion-ssh':
+        ensure => present,
+        rule   => 'proto tcp dport ssh saddr $BASTION ACCEPT;',
+    }
+
     ferm::rule { 'icinga-all':
         ensure => present,
         rule   => 'saddr $ICINGA ACCEPT;',

-- 
To view, visit https://gerrit.wikimedia.org/r/96515
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I05a5f1471c2c9f8f14051d9bc6af792a25b585f9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Akosiaris <[email protected]>
Gerrit-Reviewer: Akosiaris <[email protected]>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to