[MediaWiki-commits] [Gerrit] operations/puppet[production]: Move ferm service out of service::uwsgi

[Muehlenhoff (Code Review)]

Muehlenhoff has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/363595 )

Change subject: Move ferm service out of service::uwsgi
......................................................................


Move ferm service out of service::uwsgi

Move the ferm service out of service::uwsgi, they should be declared in
roles/profiles, not in the modules. The two using sites in current
puppet are ores/scb and striker, add it to their roles/profiles.

This is needed for a followup commit to further restrict access to the
striker port on californium.

Change-Id: I1f22ff637144898c3b84e4cd9c4e29fd9c287e5e
---
M modules/profile/manifests/ores/web.pp
M modules/role/manifests/striker/web.pp
M modules/service/manifests/uwsgi.pp
3 files changed, 10 insertions(+), 7 deletions(-)

Approvals:
  Muehlenhoff: Looks good to me, approved
  Alexandros Kosiaris: Looks good to me, but someone else must approve
  BryanDavis: Looks good to me, but someone else must approve
  jenkins-bot: Verified



diff --git a/modules/profile/manifests/ores/web.pp 
b/modules/profile/manifests/ores/web.pp
index 4eda67f..abc51a6 100644
--- a/modules/profile/manifests/ores/web.pp
+++ b/modules/profile/manifests/ores/web.pp
@@ -6,4 +6,9 @@
         redis_password => $redis_password,
         redis_host     => $redis_host,
     }
+
+    ferm::service { 'ores':
+        proto => 'tcp',
+        port  => '8081',
+    }
 }
diff --git a/modules/role/manifests/striker/web.pp 
b/modules/role/manifests/striker/web.pp
index 0457b8c..51c8ce7 100644
--- a/modules/role/manifests/striker/web.pp
+++ b/modules/role/manifests/striker/web.pp
@@ -9,5 +9,10 @@
     include ::striker::apache
     include ::striker::uwsgi
     require ::passwords::striker
+
+    ferm::service { 'striker':
+        proto => 'tcp',
+        port  => '8081',
+    }
 }
 # vim:sw=4:ts=4:sts=4:ft=puppet:
diff --git a/modules/service/manifests/uwsgi.pp 
b/modules/service/manifests/uwsgi.pp
index d4ded50..29b3e90 100644
--- a/modules/service/manifests/uwsgi.pp
+++ b/modules/service/manifests/uwsgi.pp
@@ -182,13 +182,6 @@
         }
     }
 
-
-    # Basic firewall
-    ferm::service { $title:
-        proto => 'tcp',
-        port  => $port,
-    }
-
     if $has_spec {
         # Advanced monitoring
         include service::monitoring

-- 
To view, visit https://gerrit.wikimedia.org/r/363595
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I1f22ff637144898c3b84e4cd9c4e29fd9c287e5e
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Ayounsi <ayou...@wikimedia.org>
Gerrit-Reviewer: BryanDavis <bda...@wikimedia.org>
Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits