Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/319376
Change subject: mirrors: workaround a ferm @resolve bug with v4/v6
......................................................................
mirrors: workaround a ferm @resolve bug with v4/v6
@resolve doesn't do per-domain resolving of A/AAAA (I actually had code
somewhere to fix that…). syncproxy.cna.debian.org is dual-stacked, so
a firewall rule that @resolves that is actually v4-only.
Hardcode IP addresses for now, unfortunately, but leave a comment to
explain why.
Change-Id: I3db4b607d761487e4e4ec239c9cfe6eee67e3b1d
---
M modules/role/manifests/mirrors.pp
1 file changed, 2 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/76/319376/1
diff --git a/modules/role/manifests/mirrors.pp
b/modules/role/manifests/mirrors.pp
index 9b48fc6..d8eea34 100644
--- a/modules/role/manifests/mirrors.pp
+++ b/modules/role/manifests/mirrors.pp
@@ -34,6 +34,7 @@
ferm::service { 'mirrors_ssh':
proto => 'tcp',
port => 'ssh',
- srange => '@resolve(syncproxy.cna.debian.org)',
+ # syncproxy.cna.debian.org; ferm can't do both IPv4/IPv6 with @resolve
+ srange => '(128.101.240.216 2607:ea00:101:3c0b::1deb:216)',
}
}
--
To view, visit https://gerrit.wikimedia.org/r/319376
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3db4b607d761487e4e4ec239c9cfe6eee67e3b1d
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
