Dzahn has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/365433 )
Change subject: servermon: restrict http access to prod networks
......................................................................
servermon: restrict http access to prod networks
servermon nowadays is behind cache::misc so it only
needs to talk http to prod networks, not the world.
netmon1003 was still created in .wikimedia.org to be
equivalent to other netmon*. but we can close it this way.
(this is like same change for RT Iebc3228fc69f1)
Bug: T170653
Change-Id: Ia08157bc853f4d2be441d6512b29f97eac16181d
---
M modules/role/manifests/servermon/wmf.pp
1 file changed, 3 insertions(+), 2 deletions(-)
Approvals:
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/modules/role/manifests/servermon/wmf.pp
b/modules/role/manifests/servermon/wmf.pp
index 6fc65ba..08cba49 100644
--- a/modules/role/manifests/servermon/wmf.pp
+++ b/modules/role/manifests/servermon/wmf.pp
@@ -51,8 +51,9 @@
}
ferm::service { 'servermon-http':
- proto => 'tcp',
- port => '80',
+ proto => 'tcp',
+ port => '80',
+ srange => '$PRODUCTION_NETWORKS',
}
}
--
To view, visit https://gerrit.wikimedia.org/r/365433
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ia08157bc853f4d2be441d6512b29f97eac16181d
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
