Andrew Bogott has submitted this change and it was merged.
Change subject: openstack firewall: avoid hardcoding tendril IP
......................................................................
openstack firewall: avoid hardcoding tendril IP
Instead of hardcoding tendril's IP use @resolve (because now
we can since we have libnet-dns-perl everywhere) to let
ferm resolve the IP from hostname.
Change-Id: I56879378a07a2696fb5573b15043d16788454ad3
---
M modules/openstack/manifests/firewall.pp
1 file changed, 4 insertions(+), 3 deletions(-)
Approvals:
Andrew Bogott: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/openstack/manifests/firewall.pp
b/modules/openstack/manifests/firewall.pp
index 69f9f2a..83224af 100644
--- a/modules/openstack/manifests/firewall.pp
+++ b/modules/openstack/manifests/firewall.pp
@@ -18,7 +18,6 @@
}
$iron = '208.80.154.151'
- $tendril = '10.64.0.15'
# Wikitech ssh
ferm::rule { 'ssh_public':
@@ -81,7 +80,9 @@
}
# mysql monitoring access from tendril (db1011)
- ferm::rule { 'mysql_tendril':
- rule => "saddr ${tendril} proto tcp dport (3306) ACCEPT;",
+ ferm::service { 'mysql_tendril':
+ proto => 'tcp',
+ port => '3306',
+ srange => "@resolve(tendril.wikimedia.org)",
}
}
--
To view, visit https://gerrit.wikimedia.org/r/201875
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I56879378a07a2696fb5573b15043d16788454ad3
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Filippo Giunchedi <fgiunch...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
