Muehlenhoff has uploaded a new change for review.
https://gerrit.wikimedia.org/r/247995
Change subject: Restrict access to redis on abacist
......................................................................
Restrict access to redis on abacist
I've run tcpdump for the redis port on stat1001 and the only external access
originated from neon (covered by the /etc/ferm/conf.d/10_monitoring-all rule)
Change-Id: I54a8e2dcb08766d7450a8da75282231942442c08
---
M manifests/role/abacist.pp
1 file changed, 2 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/95/247995/1
diff --git a/manifests/role/abacist.pp b/manifests/role/abacist.pp
index e4cf3f1..30ace4b 100644
--- a/manifests/role/abacist.pp
+++ b/manifests/role/abacist.pp
@@ -12,10 +12,7 @@
eventlogging_publisher => 'tcp://eventlog1001.eqiad.wmnet:8600',
}
+ # The redis server is only accessed from localhost (and monitoring), so
+ # no further ferm rules are needed
Service['redis-server'] ~> Service['abacist']
-
- ferm::service {'redis_abacist':
- proto => 'tcp',
- port => '6379',
- }
}
--
To view, visit https://gerrit.wikimedia.org/r/247995
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I54a8e2dcb08766d7450a8da75282231942442c08
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
