[MediaWiki-commits] [Gerrit] icinga: fix ferm rules on neon - change (operations/puppet)

Tue, 07 Jul 2015 18:02:10 -0700 

Dzahn has submitted this change and it was merged.

Change subject: icinga: fix ferm rules on neon
......................................................................


icinga: fix ferm rules on neon

In I667a95ec7e5d79ebd2 the ESAMS public network was renamed, leading
to this when trying to apply an unrelated change:

 * Stopping Firewall ferm       
 Error in /etc/ferm/conf.d/10_ncsa_allowed line 8:                              
                                                                        
no such variable: $ESAMS_PUBLIC_PUBLIC_SERVICES

Change-Id: I6670906c18ac56d939f94681e84e48649efd163f
---
M modules/icinga/manifests/nsca/firewall.pp
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  BBlack: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/icinga/manifests/nsca/firewall.pp 
b/modules/icinga/manifests/nsca/firewall.pp
index bf56762..cd792f2 100644
--- a/modules/icinga/manifests/nsca/firewall.pp
+++ b/modules/icinga/manifests/nsca/firewall.pp
@@ -4,6 +4,6 @@
 class icinga::nsca::firewall {
     # NSCA on port 5667
     ferm::rule { 'ncsa_allowed':
-        rule => 'saddr (127.0.0.1 $EQIAD_PRIVATE_ANALYTICS1_A_EQIAD 
$EQIAD_PRIVATE_ANALYTICS1_B_EQIAD $EQIAD_PRIVATE_ANALYTICS1_C_EQIAD 
$EQIAD_PRIVATE_ANALYTICS1_D_EQIAD $EQIAD_PRIVATE_LABS_HOSTS1_A_EQIAD 
$EQIAD_PRIVATE_LABS_HOSTS1_B_EQIAD $EQIAD_PRIVATE_LABS_HOSTS1_D_EQIAD 
$EQIAD_PRIVATE_LABS_SUPPORT1_C_EQIAD $EQIAD_PRIVATE_PRIVATE1_A_EQIAD 
$EQIAD_PRIVATE_PRIVATE1_B_EQIAD $EQIAD_PRIVATE_PRIVATE1_C_EQIAD 
$EQIAD_PRIVATE_PRIVATE1_D_EQIAD $EQIAD_PUBLIC_PUBLIC1_A_EQIAD 
$EQIAD_PUBLIC_PUBLIC1_B_EQIAD $EQIAD_PUBLIC_PUBLIC1_C_EQIAD 
$EQIAD_PUBLIC_PUBLIC1_D_EQIAD $ESAMS_PRIVATE_PRIVATE1_ESAMS 
$ESAMS_PUBLIC_PUBLIC_SERVICES $ULSFO_PRIVATE_PRIVATE1_ULSFO 
$ULSFO_PUBLIC_PUBLIC1_ULSFO 208.80.155.0/27 10.64.40.0/24) proto tcp dport 5667 
ACCEPT;'
+        rule => 'saddr (127.0.0.1 $EQIAD_PRIVATE_ANALYTICS1_A_EQIAD 
$EQIAD_PRIVATE_ANALYTICS1_B_EQIAD $EQIAD_PRIVATE_ANALYTICS1_C_EQIAD 
$EQIAD_PRIVATE_ANALYTICS1_D_EQIAD $EQIAD_PRIVATE_LABS_HOSTS1_A_EQIAD 
$EQIAD_PRIVATE_LABS_HOSTS1_B_EQIAD $EQIAD_PRIVATE_LABS_HOSTS1_D_EQIAD 
$EQIAD_PRIVATE_LABS_SUPPORT1_C_EQIAD $EQIAD_PRIVATE_PRIVATE1_A_EQIAD 
$EQIAD_PRIVATE_PRIVATE1_B_EQIAD $EQIAD_PRIVATE_PRIVATE1_C_EQIAD 
$EQIAD_PRIVATE_PRIVATE1_D_EQIAD $EQIAD_PUBLIC_PUBLIC1_A_EQIAD 
$EQIAD_PUBLIC_PUBLIC1_B_EQIAD $EQIAD_PUBLIC_PUBLIC1_C_EQIAD 
$EQIAD_PUBLIC_PUBLIC1_D_EQIAD $ESAMS_PRIVATE_PRIVATE1_ESAMS 
$ESAMS_PUBLIC_PUBLIC1_ESAMS $ULSFO_PRIVATE_PRIVATE1_ULSFO 
$ULSFO_PUBLIC_PUBLIC1_ULSFO 208.80.155.0/27 10.64.40.0/24) proto tcp dport 5667 
ACCEPT;'
     }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/223476
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I6670906c18ac56d939f94681e84e48649efd163f
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: BBlack <bbl...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to