[MediaWiki-commits] [Gerrit] beta: deployment-bastion, add ferm rule for rsyncd - change (operations/puppet)

Wed, 14 Jan 2015 15:40:03 -0800 

Dzahn has submitted this change and it was merged.

Change subject: beta: deployment-bastion, add ferm rule for rsyncd
......................................................................


beta: deployment-bastion, add ferm rule for rsyncd

Since Ia91a6816b6d40e96 was merged we added a default drop policy
to the firewall rules on hosts using the udp2log role.

This was fine in production apparently, but caused an issue for beta labs,
where the instance deployment-bastion (the equivalent of tin in prod)
needs to allow connections to rsyncd.

Beta module did not have the needed firewall rules yet.

Change-Id: I1e5f9f7bcbbe6c4501393c46e55112db0f4575ba
---
M modules/beta/manifests/scap/master.pp
1 file changed, 7 insertions(+), 0 deletions(-)

Approvals:
  BryanDavis: Looks good to me, but someone else must approve
  20after4: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/beta/manifests/scap/master.pp 
b/modules/beta/manifests/scap/master.pp
index 32d003d..8ea9f65 100644
--- a/modules/beta/manifests/scap/master.pp
+++ b/modules/beta/manifests/scap/master.pp
@@ -30,6 +30,13 @@
         hosts_allow => $::beta::config::rsync_networks,
     }
 
+    ferm::service {'rsync_deployment_bastion':
+        desc   => 'rsyncd on deployment-bastion, the equivalent to tin in 
prod',
+        proto  => 'tcp',
+        port   => '873',
+        srange => $::beta::config::rsync_networks,
+    }
+
     package { 'dsh':
         ensure => present
     }

-- 
To view, visit https://gerrit.wikimedia.org/r/185085
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I1e5f9f7bcbbe6c4501393c46e55112db0f4575ba
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: 20after4 <[email protected]>
Gerrit-Reviewer: BryanDavis <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Hashar <[email protected]>
Gerrit-Reviewer: Ottomata <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to