[MediaWiki-commits] [Gerrit] Allow ytterbium access to CI and gitblit - change (operations/puppet)

Wed, 20 Nov 2013 09:40:53 -0800 

Akosiaris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/96527


Change subject: Allow ytterbium access to CI and gitblit
......................................................................

Allow ytterbium access to CI and gitblit

For git replications purposes

Change-Id: I864c9010d10c0cf057dbcbe372c0520495cd009e
---
M manifests/role/gitblit.pp
M modules/contint/manifests/firewall.pp
2 files changed, 11 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/27/96527/1

diff --git a/manifests/role/gitblit.pp b/manifests/role/gitblit.pp
index e7a098a..567424c 100644
--- a/manifests/role/gitblit.pp
+++ b/manifests/role/gitblit.pp
@@ -14,7 +14,12 @@
     # Firewall GitBlit, it should be accessed from localhost or Varnish
     include base::firewall
     ferm::rule { 'gitblit_8080':
-        rule => 'proto tcp dport 8080 { saddr $INTERNAL ACCEPT; DROP; }'
+        rule => 'proto tcp dport 8080 { saddr $INTERNAL ACCEPT; }'
+    }
+
+    # Add ytterbium to ssh exceptions for git replication
+    ferm::rule { 'ytterbium_ssh_git':
+        rule => 'proto tcp dport ssh { saddr (208.80.154.80 
2620:0:861:3:92b1:1cff:fe2a:e60 2620:0:861:3:208:80:154:81) ACCEPT; }'
     }
     # NRPE for monitoring
     include nrpe
diff --git a/modules/contint/manifests/firewall.pp 
b/modules/contint/manifests/firewall.pp
index d03d6a2..be66c42 100644
--- a/modules/contint/manifests/firewall.pp
+++ b/modules/contint/manifests/firewall.pp
@@ -27,6 +27,11 @@
         rule => 'proto tcp dport 9418 { saddr $INTERNAL ACCEPT; }'
     }
 
+    # Need to grant ytterbium ssh access for git
+    ferm::rule { 'ytterbium_ssh':
+        rule => 'proto tcp dport ssh { saddr (208.80.154.80 
2620:0:861:3:92b1:1cff:fe2a:e60 2620:0:861:3:208:80:154:81) ACCEPT; }'
+    }
+
     # ALLOWS:
 
     # web access

-- 
To view, visit https://gerrit.wikimedia.org/r/96527
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I864c9010d10c0cf057dbcbe372c0520495cd009e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Akosiaris <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to