Muehlenhoff has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/356548 )
Change subject: Tighten access to zookeeper
......................................................................
Tighten access to zookeeper
Restrict access to those hosts which actually write to it.
Bug: T114815
Change-Id: I6e553dee0d7374f207c82fa159a9734e4bc4e078
---
M modules/profile/manifests/zookeeper/server.pp
1 file changed, 3 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/48/356548/1
diff --git a/modules/profile/manifests/zookeeper/server.pp
b/modules/profile/manifests/zookeeper/server.pp
index f2f3e28..ba142ba 100644
--- a/modules/profile/manifests/zookeeper/server.pp
+++ b/modules/profile/manifests/zookeeper/server.pp
@@ -23,11 +23,12 @@
java_opts => '-Xms1g -Xmx1g',
}
+ # Zookeeper needs to be accessed by Hadoop masters, the main Kafka brokers
(eventbus),
+ # the Analytics Kafka brokers, Druid and Burrow (running on krypton)
ferm::service { 'zookeeper':
proto => 'tcp',
- # Zookeeper client, protocol ports
port => '(2181 2182 2183)',
- srange => '$DOMAIN_NETWORKS',
+ srange => '(($HADOOP_MASTERS $KAFKA_BROKERS_ANALYTICS
$KAFKA_BROKERS_MAIN $DRUID_HOSTS @resolve(krypton.eqiad.wmnet)))',
}
$group_prefix = "zookeeper.cluster.${cluster_name}."
--
To view, visit https://gerrit.wikimedia.org/r/356548
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I6e553dee0d7374f207c82fa159a9734e4bc4e078
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
