Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/260924
Change subject: network: split frack into its proper subnets
......................................................................
network: split frack into its proper subnets
Change-Id: I352e6bf8c89a5400dc52066ff51bd83011fb94b0
---
M manifests/network.pp
M modules/icinga/manifests/nsca/firewall.pp
2 files changed, 52 insertions(+), 12 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/24/260924/1
diff --git a/manifests/network.pp b/manifests/network.pp
index ed4f96e..fe12b77 100644
--- a/manifests/network.pp
+++ b/manifests/network.pp
@@ -238,25 +238,55 @@
'frack' => {
'eqiad' => {
'public' => {
- 'public-frack-eqiad' => {
+ 'frack-external1-c-eqiad' => {
'ipv4' => '208.80.155.0/27',
},
},
'private' => {
- 'private-frack-eqiad' => {
- 'ipv4' => '10.64.40.0/24',
+ 'frack-payments1-c-eqiad' => {
+ 'ipv4' => '10.64.40.0/27',
+ },
+ 'frack-bastion1-c-eqiad' => {
+ 'ipv4' => '10.64.40.32/27',
+ },
+ 'frack-administration1-c-eqiad' => {
+ 'ipv4' => '10.64.40.64/27',
+ },
+ 'frack-fundraising1-c-eqiad' => {
+ 'ipv4' => '10.64.40.96/27',
+ },
+ 'frack-DMZ1-c-eqiad' => {
+ 'ipv4' => '10.64.40.128/27',
+ },
+ 'frack-listenerdmz1-c-eqiad' => {
+ 'ipv4' => '10.64.40.160/27',
},
},
},
'codfw' => {
'public' => {
- 'public-frack-codfw' => {
+ 'frack-external-codfw' => {
'ipv4' => '208.80.152.224/28',
},
},
'private' => {
- 'private-frack-codfw' => {
- 'ipv4' => '10.195.0.0/25',
+ 'frack-payments-codfw' => {
+ 'ipv4' => '10.195.0.0/27',
+ },
+ 'frack-bastion-codfw' => {
+ 'ipv4' => '10.195.0.64/29',
+ },
+ 'frack-administration-codfw' => {
+ 'ipv4' => '10.195.0.72/29',
+ },
+ 'frack-fundraising-codfw' => {
+ 'ipv4' => '10.195.0.32/27',
+ },
+ 'frack-listenerdmz-codfw' => {
+ 'ipv4' => '10.195.0.80/29',
+ },
+ 'frack-management-codfw' => {
+ 'ipv4' => '10.195.0.96/27',
},
},
},
diff --git a/modules/icinga/manifests/nsca/firewall.pp
b/modules/icinga/manifests/nsca/firewall.pp
index 1ef6621..875f839 100644
--- a/modules/icinga/manifests/nsca/firewall.pp
+++ b/modules/icinga/manifests/nsca/firewall.pp
@@ -6,8 +6,6 @@
# NSCA on port 5667
ferm::rule { 'ncsa_allowed':
rule => 'saddr (127.0.0.1 \
- $CODFW_PRIVATE_PRIVATE_FRACK_CODFW \
- $CODFW_PUBLIC_PUBLIC_FRACK_CODFW \
$EQIAD_PRIVATE_ANALYTICS1_A_EQIAD \
$EQIAD_PRIVATE_ANALYTICS1_B_EQIAD \
$EQIAD_PRIVATE_ANALYTICS1_C_EQIAD \
@@ -20,16 +18,28 @@
$EQIAD_PRIVATE_PRIVATE1_B_EQIAD \
$EQIAD_PRIVATE_PRIVATE1_C_EQIAD \
$EQIAD_PRIVATE_PRIVATE1_D_EQIAD \
- $EQIAD_PRIVATE_PRIVATE_FRACK_EQIAD \
$EQIAD_PUBLIC_PUBLIC1_A_EQIAD \
$EQIAD_PUBLIC_PUBLIC1_B_EQIAD \
$EQIAD_PUBLIC_PUBLIC1_C_EQIAD \
$EQIAD_PUBLIC_PUBLIC1_D_EQIAD \
- $EQIAD_PUBLIC_PUBLIC_FRACK_EQIAD \
$ESAMS_PRIVATE_PRIVATE1_ESAMS \
$ESAMS_PUBLIC_PUBLIC1_ESAMS \
$ULSFO_PRIVATE_PRIVATE1_ULSFO \
- $ULSFO_PUBLIC_PUBLIC1_ULSFO) \
- proto tcp dport 5667 ACCEPT;'
+ $ULSFO_PUBLIC_PUBLIC1_ULSFO \
+ $EQIAD_PUBLIC_FRACK_EXTERNAL1_C_EQIAD \
+ $EQIAD_PRIVATE_FRACK_PAYMENTS1_C_EQIAD \
+ $EQIAD_PRIVATE_FRACK_BASTION1_C_EQIAD \
+ $EQIAD_PRIVATE_FRACK_ADMINISTRATION1_C_EQIAD \
+ $EQIAD_PRIVATE_FRACK_FUNDRAISING1_C_EQIAD \
+ $EQIAD_PRIVATE_FRACK_DMZ1_C_EQIAD \
+ $EQIAD_PRIVATE_FRACK_LISTENERDMZ1_C_EQIAD \
+ $CODFW_PUBLIC_FRACK_PAYMENTS_CODFW \
+ $CODFW_PRIVATE_FRACK_PAYMENTS_CODFW \
+ $CODFW_PRIVATE_FRACK_BASTION_CODFW \
+ $CODFW_PRIVATE_FRACK_ADMINISTRATION_CODFW \
+ $CODFW_PRIVATE_FRACK_FUNDRAISING_CODFW \
+ $CODFW_PRIVATE_FRACK_LISTENERDMZ_CODFW \
+ $CODFW_PRIVATE_FRACK_MANAGEMENT_CODFW \
+ ) proto tcp dport 5667 ACCEPT;'
}
}
--
To view, visit https://gerrit.wikimedia.org/r/260924
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I352e6bf8c89a5400dc52066ff51bd83011fb94b0
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
