[MediaWiki-commits] [Gerrit] operations/puppet[production]: elasticsearch: Use domain networks

Wed, 19 Oct 2016 07:17:26 -0700 

Muehlenhoff has submitted this change and it was merged.

Change subject: elasticsearch: Use domain networks
......................................................................


elasticsearch: Use domain networks

Access to the elasticsearch cluster in production is limited to production
hosts, use DOMAIN_NETWORKS so that it the role can also be used in a
base::firewall-enabled labs instance.

PRODUCTION_NETWORKS also allows us to special case wikitech/labtestwikitech
(since INTERNAL is restricted to 10.0.0.0/8)

Change-Id: I640e866937fb175b8a9d2b57839bca8ca75cb96e
---
M modules/role/manifests/elasticsearch/common.pp
1 file changed, 2 insertions(+), 2 deletions(-)

Approvals:
  Muehlenhoff: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/role/manifests/elasticsearch/common.pp 
b/modules/role/manifests/elasticsearch/common.pp
index d97480a..bb675e3 100644
--- a/modules/role/manifests/elasticsearch/common.pp
+++ b/modules/role/manifests/elasticsearch/common.pp
@@ -18,7 +18,7 @@
         proto   => 'tcp',
         port    => '9200',
         notrack => true,
-        srange  => '(($INTERNAL @resolve(wikitech.wikimedia.org) 
@resolve(labtestwikitech.wikimedia.org)))',
+        srange  => '$DOMAIN_NETWORKS',
     }
 
     $elastic_nodes = hiera('elasticsearch::cluster_hosts')
@@ -35,7 +35,7 @@
     ferm::service { 'elastic-zen-discovery':
         proto  => 'udp',
         port   => '54328',
-        srange => '$INTERNAL',
+        srange => '$DOMAIN_NETWORKS',
     }
 
     system::role { 'role::elasticsearch::server':

-- 
To view, visit https://gerrit.wikimedia.org/r/304483
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I640e866937fb175b8a9d2b57839bca8ca75cb96e
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <[email protected]>
Gerrit-Reviewer: DCausse <[email protected]>
Gerrit-Reviewer: Gehel <[email protected]>
Gerrit-Reviewer: Muehlenhoff <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to