Muehlenhoff has submitted this change and it was merged.
Change subject: Add ferm rules for role::snapshot::dumper
......................................................................
Add ferm rules for role::snapshot::dumper
This needs access for deployment, but the rest should be covered by the
base rules provided by base::firewall (e.g. NRPE, sshd etc).
Change-Id: I2153ee4bf40f782a75a901e1f0cd3a2d915879e2
---
M modules/role/manifests/snapshot/dumper.pp
1 file changed, 5 insertions(+), 0 deletions(-)
Approvals:
Muehlenhoff: Verified; Looks good to me, approved
diff --git a/modules/role/manifests/snapshot/dumper.pp
b/modules/role/manifests/snapshot/dumper.pp
index 87af64f..2381fcb 100644
--- a/modules/role/manifests/snapshot/dumper.pp
+++ b/modules/role/manifests/snapshot/dumper.pp
@@ -2,6 +2,11 @@
# meaning sql/xml dumps every couple of weeks or so
class role::snapshot::dumper {
+ # Allow SSH from deployment hosts
+ ferm::rule { 'deployment-ssh':
+ rule => 'proto tcp dport ssh saddr $DEPLOYMENT_HOSTS ACCEPT;',
+ }
+
# mw packages and dependencies, dataset server nfs mount
include snapshot::dumps::packages
--
To view, visit https://gerrit.wikimedia.org/r/290421
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2153ee4bf40f782a75a901e1f0cd3a2d915879e2
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <[email protected]>
Gerrit-Reviewer: ArielGlenn <[email protected]>
Gerrit-Reviewer: Muehlenhoff <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
