[MediaWiki-commits] [Gerrit] operations/puppet[production]: swift: don't track connections to swift backend services on ...

Thu, 24 Aug 2017 07:51:19 -0700 

Filippo Giunchedi has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/373039 )

Change subject: swift: don't track connections to swift backend services on 
frontend machines
......................................................................


swift: don't track connections to swift backend services on frontend machines

Permit swift-proxy traffic to backend swift servers (currently a noop
because OUTPUT's policy is ACCEPT) and more importantly don't track the
respective connections.

The existing ferm::service definition wasn't needed anyway since
swift::proxy machines don't have services listening on 600[012] like
swift::storage do.

Bug: T173731
Change-Id: I31632ca30867d532d2466b990440f900ecc110cb
---
M modules/role/manifests/swift/proxy.pp
1 file changed, 3 insertions(+), 3 deletions(-)

Approvals:
  Alexandros Kosiaris: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Filippo Giunchedi: Looks good to me, approved



diff --git a/modules/role/manifests/swift/proxy.pp 
b/modules/role/manifests/swift/proxy.pp
index 66f57e9..946ee53 100644
--- a/modules/role/manifests/swift/proxy.pp
+++ b/modules/role/manifests/swift/proxy.pp
@@ -52,19 +52,19 @@
         port    => '80',
     }
 
-    ferm::service { 'swift-object-server':
+    ferm::client { 'swift-object-server':
         proto   => 'tcp',
         notrack => true,
         port    => '6000',
     }
 
-    ferm::service { 'swift-container-server':
+    ferm::client { 'swift-container-server':
         proto   => 'tcp',
         notrack => true,
         port    => '6001',
     }
 
-    ferm::service { 'swift-account-server':
+    ferm::client { 'swift-account-server':
         proto   => 'tcp',
         notrack => true,
         port    => '6002',

-- 
To view, visit https://gerrit.wikimedia.org/r/373039
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I31632ca30867d532d2466b990440f900ecc110cb
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Filippo Giunchedi <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Filippo Giunchedi <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Herron <[email protected]>
Gerrit-Reviewer: Muehlenhoff <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to