Dzahn has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/365433 )
Change subject: servermon: restrict http access to prod networks
......................................................................
servermon: restrict http access to prod networks
servermon nowadays is behind cache::misc so it only
needs to talk http to prod networks, not the world.
netmon1003 was still created in .wikimedia.org to be
equivalent to other netmon*. but we can close it this way.
(this is like same change for RT Iebc3228fc69f1)
Bug: T170653
Change-Id: Ia08157bc853f4d2be441d6512b29f97eac16181d
---
M modules/role/manifests/servermon/wmf.pp
1 file changed, 1 insertion(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/33/365433/1
diff --git a/modules/role/manifests/servermon/wmf.pp
b/modules/role/manifests/servermon/wmf.pp
index 6fc65ba..295f374 100644
--- a/modules/role/manifests/servermon/wmf.pp
+++ b/modules/role/manifests/servermon/wmf.pp
@@ -53,6 +53,7 @@
ferm::service { 'servermon-http':
proto => 'tcp',
port => '80',
+ srange => '$PRODUCTION_NETWORKS',
}
}
--
To view, visit https://gerrit.wikimedia.org/r/365433
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia08157bc853f4d2be441d6512b29f97eac16181d
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
