[MediaWiki-commits] [Gerrit] dynamicproxy: Open firewall for proxymanager - change (operations/puppet)

Tim Landscheidt (Code Review) Fri, 17 Apr 2015 07:31:12 -0700

Tim Landscheidt has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/204770


Change subject: dynamicproxy: Open firewall for proxymanager
......................................................................

dynamicproxy: Open firewall for proxymanager

Bug: T88216
Change-Id: Ic7bbf3bbd029a9e4fb32718622d12adcef20c1e8
---
M modules/dynamicproxy/manifests/init.pp
M modules/dynamicproxy/templates/proxymanager.conf.erb
2 files changed, 9 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/70/204770/1

diff --git a/modules/dynamicproxy/manifests/init.pp 
b/modules/dynamicproxy/manifests/init.pp
index f9e108c..ef527cf 100644
--- a/modules/dynamicproxy/manifests/init.pp
+++ b/modules/dynamicproxy/manifests/init.pp
@@ -91,7 +91,15 @@
 
         nginx::site { 'proxymanager':
             content => template("dynamicproxy/proxymanager.conf.erb"),
-            require => File['/etc/nginx/lua/list-proxy-entries.lua'],
+            require => [Ferm::Service['proxymanager'],
+                        File['/etc/nginx/lua/list-proxy-entries.lua']],
+        }
+
+        ferm::service { 'proxymanager':
+            proto  => 'tcp',
+            port   => '8081',
+            desc   => 'Proxymanager service for Labs instances',
+            srange => '$INTERNAL',
         }
     }
 
diff --git a/modules/dynamicproxy/templates/proxymanager.conf.erb 
b/modules/dynamicproxy/templates/proxymanager.conf.erb
index 5723295..f79856a 100644
--- a/modules/dynamicproxy/templates/proxymanager.conf.erb
+++ b/modules/dynamicproxy/templates/proxymanager.conf.erb
@@ -3,11 +3,6 @@
 
     listen 8081;
 
-    # The proxy services should only be available to Labs clients.
-    allow 10.0.0.0/8;
-    allow 127.0.0.0/0;
-    deny all;
-
     # Provide a list of active proxy entries.
     location = /list {
         content_by_lua_file /etc/nginx/lua/list-proxy-entries.lua;

-- 
To view, visit https://gerrit.wikimedia.org/r/204770
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic7bbf3bbd029a9e4fb32718622d12adcef20c1e8
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] dynamicproxy: Open firewall for proxymanager - change (operations/puppet)

Reply via email to