Muehlenhoff has uploaded a new change for review.
https://gerrit.wikimedia.org/r/295919
Change subject: Move graphite ferm rules out of role:graphite::base
......................................................................
Move graphite ferm rules out of role:graphite::base
Move graphite ferm rules from role:graphite::base to role::labs::graphite
and role::graphite::production. They are currently in role:graphite::base,
which is shared among the two, but they will need to customised in their
access in a followup patch, so that role::graphite::production is restricted
to $PRODUCTION_NETWORKS and role:graphite::base to a (not yet existing)
$LABS_NETWORKS.
Change-Id: I0dac796422c0a05e3cbe55a779a7693424aae9ff
---
M modules/role/manifests/graphite/base.pp
M modules/role/manifests/graphite/production.pp
M modules/role/manifests/labs/graphite.pp
3 files changed, 48 insertions(+), 23 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/19/295919/1
diff --git a/modules/role/manifests/graphite/base.pp
b/modules/role/manifests/graphite/base.pp
index 559b8a6..c43c86d 100644
--- a/modules/role/manifests/graphite/base.pp
+++ b/modules/role/manifests/graphite/base.pp
@@ -244,27 +244,6 @@
description => $hostname,
check_command => "check_http_url!${hostname}!/render",
}
-
- ferm::service { 'carbon_c_relay-frontend_relay_udp':
- proto => 'udp',
- port => '2003',
- srange => '$ALL_NETWORKS',
- }
-
- ferm::service { 'carbon_c_relay-frontend_relay_tcp':
- proto => 'tcp',
- port => '2003',
- srange => '$ALL_NETWORKS',
- }
-
- ferm::service { 'graphite-http':
- proto => 'tcp',
- port => 'http',
- }
-
- ferm::service { 'carbon_pickled':
- proto => 'tcp',
- port => '2004',
- srange => '$INTERNAL',
- }
}
+
+
diff --git a/modules/role/manifests/graphite/production.pp
b/modules/role/manifests/graphite/production.pp
index 9da9bc3..35932af 100644
--- a/modules/role/manifests/graphite/production.pp
+++ b/modules/role/manifests/graphite/production.pp
@@ -59,5 +59,28 @@
port => '1903',
srange => "@resolve((${graphite_hosts_ferm}))",
}
+
+ ferm::service { 'carbon_c_relay-frontend_relay_udp':
+ proto => 'udp',
+ port => '2003',
+ srange => '$ALL_NETWORKS',
+ }
+
+ ferm::service { 'carbon_c_relay-frontend_relay_tcp':
+ proto => 'tcp',
+ port => '2003',
+ srange => '$ALL_NETWORKS',
+ }
+
+ ferm::service { 'graphite-http':
+ proto => 'tcp',
+ port => 'http',
+ }
+
+ ferm::service { 'carbon_pickled':
+ proto => 'tcp',
+ port => '2004',
+ srange => '$INTERNAL',
+ }
}
diff --git a/modules/role/manifests/labs/graphite.pp
b/modules/role/manifests/labs/graphite.pp
index 9cf438b..9984da3 100644
--- a/modules/role/manifests/labs/graphite.pp
+++ b/modules/role/manifests/labs/graphite.pp
@@ -44,4 +44,27 @@
port => '8125',
srange => '$INTERNAL',
}
+
+ ferm::service { 'carbon_c_relay-frontend_relay_udp':
+ proto => 'udp',
+ port => '2003',
+ srange => '$ALL_NETWORKS',
+ }
+
+ ferm::service { 'carbon_c_relay-frontend_relay_tcp':
+ proto => 'tcp',
+ port => '2003',
+ srange => '$ALL_NETWORKS',
+ }
+
+ ferm::service { 'graphite-http':
+ proto => 'tcp',
+ port => 'http',
+ }
+
+ ferm::service { 'carbon_pickled':
+ proto => 'tcp',
+ port => '2004',
+ srange => '$INTERNAL',
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/295919
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0dac796422c0a05e3cbe55a779a7693424aae9ff
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
