[MediaWiki-commits] [Gerrit] operations/puppet[production]: ntp: Update neon specific ACLs to be more generic

Tue, 11 Oct 2016 06:17:53 -0700 

Alexandros Kosiaris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/315255

Change subject: ntp: Update neon specific ACLs to be more generic
......................................................................

ntp: Update neon specific ACLs to be more generic

Use network::constants monitoring_hosts instead if the specific neon ACL

Change-Id: I07565ad25cf58f462baa74225cdb28a334c78e7e
---
M manifests/role/ntp.pp
M modules/standard/manifests/ntp.pp
M modules/standard/manifests/ntp/client.pp
3 files changed, 7 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/55/315255/1

diff --git a/manifests/role/ntp.pp b/manifests/role/ntp.pp
index 74dd8dd..ffd9a5e 100644
--- a/manifests/role/ntp.pp
+++ b/manifests/role/ntp.pp
@@ -78,7 +78,7 @@
         servers   => $peer_upstreams[$::fqdn],
         peers     => delete($wmf_all_peers, $::fqdn),
         time_acl  => $our_networks_acl,
-        query_acl => $::standard::ntp::neon_acl,
+        query_acl => $::standard::ntp::monitoring_acl,
     }
 
     ferm::service { 'ntp':
diff --git a/modules/standard/manifests/ntp.pp 
b/modules/standard/manifests/ntp.pp
index 0ed1c96..29ddcdd 100644
--- a/modules/standard/manifests/ntp.pp
+++ b/modules/standard/manifests/ntp.pp
@@ -2,6 +2,8 @@
 #
 # Basic common definitons used for NTP service configuration.
 class standard::ntp {
+    include network::constants
+
     # These are our servers - they all peer to each other
     #   and sync to upstream NTP pool servers.
     $wmf_peers = {
@@ -20,11 +22,9 @@
         ulsfo => [],
     }
 
-    # neon for ntp monitoring queries
-    $neon_acl = [
-        '208.80.154.14 mask 255.255.255.255',
-    ]
-
+    # ntp monitoring queries
+    # TODO: Make this realm independent
+    $monitoring_acl = 
$network::constants::special_hosts['production']['monitoring_hosts']
     # Required for race-free ntpd startup, see 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436029 :
     require_package('lockfile-progs')
 }
diff --git a/modules/standard/manifests/ntp/client.pp 
b/modules/standard/manifests/ntp/client.pp
index 6c29ee6..8691708 100644
--- a/modules/standard/manifests/ntp/client.pp
+++ b/modules/standard/manifests/ntp/client.pp
@@ -16,7 +16,7 @@
 
     ntp::daemon { 'client':
         servers   => $client_upstreams[$::site],
-        query_acl => $::standard::ntp::neon_acl,
+        query_acl => $::standard::ntp::monitoring_acl,
     }
 
     monitoring::service { 'ntp':

-- 
To view, visit https://gerrit.wikimedia.org/r/315255
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I07565ad25cf58f462baa74225cdb28a334c78e7e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to