John F. Lewis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/189196
Change subject: add network variables for dumps rsync clients
......................................................................
add network variables for dumps rsync clients
Quoted from I1588b85193558e102def1b8127f954f2f07fa389
These are used in the rsynd setup on dataset1001/dumps hosts,
in the conf files generated from puppet, in the "hosts allow" section.
dataset1001:/etc/rsyncd.d# grep "hosts allow" *
Add them to network.pp so that we can use them as srange in ferm rules.
you can compare to: ./modules/dataset/files/rsync$ grep "hosts allow" *
Change-Id: I8f4d653857e8414df4ef4fa5a2b7be5684963b78
---
M manifests/network.pp
M modules/base/templates/firewall/defs.erb
2 files changed, 30 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/96/189196/1
diff --git a/manifests/network.pp b/manifests/network.pp
index 9d49f4d..831455c 100644
--- a/manifests/network.pp
+++ b/manifests/network.pp
@@ -265,6 +265,34 @@
],
}
+ # clients connecting to rsynd on dumps hosts
+ $dumps_rsync_clients = {
+ 'peers' => [ # datasets to peers
+ '208.80.154.11', # dataset1001.wikimedia.org
+ '208.80.154.16', # ms1001.wikimedia.org
+ ],
+ 'public' => [ # dumps to public
+ '200.236.31.1', # sagres.c3sl.ufpr.br
+ '147.251.48.205', # odysseus.fi.muni.cz, odysseus.linux.cz
+ '2001:718:801:230::cd', # odysseus.ip6.fi.muni.cz
+ '176.31.96.178', # mirror.fr.wickedway.nl
+ '199.47.196.26', # wikimedia.wansec.com
+ '204.9.55.82', # ftpmirror.your.org
+ '174.129.186.231', #
ec2-174-129-186-231.compute-1.amazonaws.com
+ '69.31.98.2', # ftpmirror-ae0-4.us.your.org
+ ],
+ 'analytics' => [ # page counts to analytics
+ '10.64.5.102', # stat1002.eqiad.wmnet
+ '10.64.36.103', # stat1003.eqiad.wmnet
+ ],
+ }
+
+ $dumps_rsync_clients_all = [
+ $dumps_rsync_clients['peers'],
+ $dumps_rsync_clients['public'],
+ $dumps_rsync_clients['analytics'],
+ ]
+
}
class network::checks {
diff --git a/modules/base/templates/firewall/defs.erb
b/modules/base/templates/firewall/defs.erb
index fc8256b..9ffa677 100644
--- a/modules/base/templates/firewall/defs.erb
+++ b/modules/base/templates/firewall/defs.erb
@@ -4,11 +4,13 @@
all_network_subnets =
scope.lookupvar('network::constants::all_network_subnets')
special_hosts = scope.lookupvar('network::constants::special_hosts')
analytics_networks = scope.lookupvar('network::constants::analytics_networks')
+rsnc_dump_clients_all =
scope.lookup('network::constants::dumps_rsync_clients_all')
-%>
@def $EXTERNAL_NETWORKS = (<%- external_networks.each do |external_net| -%><%=
external_net %> <% end -%>);
@def $ALL_NETWORKS = (<%- all_networks.each do |net| -%><%= net %> <% end -%>);
@def $ANALYTICS_NETWORKS = (<%- analytics_networks.each do |net| -%><%= net %>
<% end -%>);
+@def $RSYNC_DUMP_CLIENTS_ALL = (<%- rsnc_dump_clients_all.each do |net| -%><%=
net %> <% end -%>);
<%- special_hosts.sort.map do |realm, services | -%>
<%- if @realm != realm then next end -%>
--
To view, visit https://gerrit.wikimedia.org/r/189196
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8f4d653857e8414df4ef4fa5a2b7be5684963b78
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: John F. Lewis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
