[MediaWiki-commits] [Gerrit] operations/puppet[production]: phabricator: allow ssh between instances for cluster support

Wed, 17 Aug 2016 10:40:31 -0700 

Dzahn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/305277

Change subject: phabricator: allow ssh between instances for cluster support
......................................................................

phabricator: allow ssh between instances for cluster support

Allow ssh from one phabricator instance to the other one in the
other DC for cluster support. As mentioned by 20after4 on T137928#2559879.

Bug:T137928
Change-Id: I65fa4f67e2ef39f7c1fb12d1497e5c74d1798dcc
---
M modules/role/manifests/phabricator/main.pp
1 file changed, 16 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/77/305277/1

diff --git a/modules/role/manifests/phabricator/main.pp 
b/modules/role/manifests/phabricator/main.pp
index a699511..5530f67 100644
--- a/modules/role/manifests/phabricator/main.pp
+++ b/modules/role/manifests/phabricator/main.pp
@@ -163,6 +163,22 @@
         rule => 'saddr (0.0.0.0/0 ::/0) daddr (10.64.32.186/32 
208.80.154.250/32 2620:0:861:103:10:64:32:186/128 2620:0:861:ed1a::3:16/128) 
proto tcp dport (22) ACCEPT;',
     }
 
+    # ssh between phab instances for clustering support
+    if $::site == 'eqiad' {
+        ferm::service { 'ssh_eqiad_codfw':
+            port  => '22',
+            proto => 'tcp',
+            srange => '@resolve(phab2001.codfw.wmnet)',
+        }
+    }
+    if $::site == 'codfw' {
+        ferm::service { 'ssh_codfw_eqiad':
+            port  => '22',
+            proto => 'tcp',
+            srange => '@resolve(iridium.codfw.wmnet)',
+        }
+    }
+
     # redirect bugzilla URL patterns to phabricator
     # handles translation of bug numbers to maniphest task ids
     phabricator::redirector { "redirector.${domain}":

-- 
To view, visit https://gerrit.wikimedia.org/r/305277
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I65fa4f67e2ef39f7c1fb12d1497e5c74d1798dcc
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to