[MediaWiki-commits] [Gerrit] ferm: Populate INTERNAL from network::constants - change (operations/puppet)

Tue, 21 Jun 2016 04:10:50 -0700 

Alexandros Kosiaris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/295333

Change subject: ferm: Populate INTERNAL from network::constants
......................................................................

ferm: Populate INTERNAL from network::constants

INTERNAL was a default variable declared during the first days of ferm
being introduced and was meant as a way to ease the transition to it by
allowing ferm to be used, with quite lax established rules that people
could reuse without having to go through the undocumented/unmaintained pain
network.pp was back then. Now that networks::constants is a quite well
maintained and structured, move INTERNAL into using the
slice_network_constants function(). Furthermore, vary the slicing on the
$::realm in question in order to allow labs realm to use ferm should the
need arise

Change-Id: I7b243278e250c433b3ea3514537bb3abd1b47d44
---
M modules/base/templates/firewall/defs.erb
M modules/network/manifests/constants.pp
2 files changed, 3 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/33/295333/1

diff --git a/modules/base/templates/firewall/defs.erb 
b/modules/base/templates/firewall/defs.erb
index 6aa11d8..4b5f2e5 100644
--- a/modules/base/templates/firewall/defs.erb
+++ b/modules/base/templates/firewall/defs.erb
@@ -1,5 +1,6 @@
 <%-
 external_networks = scope.lookupvar('network::constants::external_networks')
+internal_networks = scope.lookupvar('network::constants::internal_networks')
 all_networks = scope.lookupvar('network::constants::all_networks')
 all_network_subnets = 
scope.lookupvar('network::constants::all_network_subnets')
 special_hosts = scope.lookupvar('network::constants::special_hosts')
@@ -10,7 +11,7 @@
 mw_appserver_networks = 
scope.lookupvar('network::constants::mw_appserver_networks')
 -%>
 
-@def $INTERNAL = (10.0.0.0/8 2620:0:860:100::/56 2620:0:861:100::/56 
2620:0:862:100::/56 2620:0:863:100::/56);
+@def $INTERNAL = (<%- internal_networks.each do |net| -%><%= net %> <% end 
-%>);
 @def $EXTERNAL_NETWORKS = (<%- external_networks.each do |external_net| -%><%= 
external_net %> <% end -%>);
 @def $ALL_NETWORKS = (<%- all_networks.each do |net| -%><%= net %> <% end -%>);
 
diff --git a/modules/network/manifests/constants.pp 
b/modules/network/manifests/constants.pp
index 1a77758..f8161b1 100644
--- a/modules/network/manifests/constants.pp
+++ b/modules/network/manifests/constants.pp
@@ -16,6 +16,7 @@
         '185.15.56.0/22',
         '2a02:ec80::/32',
     ]
+    $internal_networks = slice_network_constants($::realm, {'sphere' => 
'private'})
 
     # are you really sure you want to use this? maybe what you really
     # the trusted/production networks. See $production_networks for this.

-- 
To view, visit https://gerrit.wikimedia.org/r/295333
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7b243278e250c433b3ea3514537bb3abd1b47d44
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to