Alexandros Kosiaris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/191872
Change subject: Restrict url_downloader's proxy to WMF
......................................................................
Restrict url_downloader's proxy to WMF
url_downloader is not a service that should be accessible to the public
internet. Reflect that in the ferm rules
Change-Id: I2714325f14952d597b74d8a76368c0041c446b4e
---
M manifests/role/url_downloader.pp
1 file changed, 2 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/72/191872/1
diff --git a/manifests/role/url_downloader.pp b/manifests/role/url_downloader.pp
index 5d6b22d..79aa5fa 100644
--- a/manifests/role/url_downloader.pp
+++ b/manifests/role/url_downloader.pp
@@ -62,6 +62,7 @@
} else {
fail('Dont use this role outside of wikimedia')
}
+
$towikimedia = $wikimedia
if os_version('ubuntu >= trusty') {
@@ -78,6 +79,7 @@
ferm::service { 'url_downloader':
proto => 'tcp',
port => '8080',
+ srange => '$ALL_NETWORKS',
}
# Monitoring
--
To view, visit https://gerrit.wikimedia.org/r/191872
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2714325f14952d597b74d8a76368c0041c446b4e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
