Muehlenhoff has submitted this change and it was merged.
Change subject: Add base::firewall to jobrunners mw1161-mw1169 (reprovisioned
app servers)
......................................................................
Add base::firewall to jobrunners mw1161-mw1169 (reprovisioned app servers)
These systems were previously standard app servers and as such had
base::firewall
applied. They got reprovisioned to job runners via T121549, so they still have
ferm/iptables configured and running from their former app server identity.
The ferm rules for app servers and job runners are identical, but we need to
explicitly re-enable base::firewall in puppet for these systems. Right now they
don't received puppetised firewall changes and as a consequence
/etc/ferm/conf.d/00_defs is outdated.
Change-Id: I485d2fe061ad2cc5ab4ee5bf8325cc07d1399077
---
M manifests/site.pp
1 file changed, 1 insertion(+), 0 deletions(-)
Approvals:
Muehlenhoff: Verified; Looks good to me, approved
diff --git a/manifests/site.pp b/manifests/site.pp
index 3eeeb32..966117d 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1969,6 +1969,7 @@
# mw1161-1169 are job runners
node /^mw116[1-9]\.eqiad\.wmnet$/ {
role mediawiki::jobrunner
+ include base::firewall
}
# mw1170-1188 are apaches
--
To view, visit https://gerrit.wikimedia.org/r/267238
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I485d2fe061ad2cc5ab4ee5bf8325cc07d1399077
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Muehlenhoff <[email protected]>
Gerrit-Reviewer: Ori.livneh <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
