Giuseppe Lavagetto has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/383519 )
Change subject: base::firewall: rename to profile::base::firewall
......................................................................
base::firewall: rename to profile::base::firewall
Change-Id: I4a30e491f5861aa00c959d04a4974abe053d55b6
---
M manifests/site.pp
M modules/contint/manifests/firewall.pp
M modules/dumps/manifests/nfs.pp
M modules/dumps/manifests/web/xmldumps.pp
R modules/profile/files/base/firewall/check_conntrack.py
R modules/profile/files/base/firewall/check_ferm
R modules/profile/files/base/firewall/main-input-default-drop.conf
R modules/profile/files/base/firewall/main-minimal.conf
R modules/profile/files/base/firewall/nf_conntrack.conf
M modules/profile/manifests/backup/director.pp
M modules/profile/manifests/backup/host.pp
M modules/profile/manifests/backup/storage.pp
R modules/profile/manifests/base/firewall.pp
M modules/profile/manifests/dnsrecursor.pp
M modules/profile/manifests/etherpad.pp
M modules/profile/manifests/gerrit/server.pp
M modules/profile/manifests/lists.pp
M modules/profile/manifests/microsites/annualreport.pp
M modules/profile/manifests/microsites/static_bugzilla.pp
M modules/profile/manifests/microsites/transparency.pp
M modules/profile/manifests/ores/redis.pp
M modules/profile/manifests/otrs.pp
M modules/profile/manifests/planet/venus.pp
M modules/profile/manifests/pmacct.pp
M modules/profile/manifests/requesttracker/server.pp
M modules/profile/manifests/statistics/cruncher.pp
M modules/profile/manifests/statistics/web.pp
M modules/profile/manifests/url_downloader.pp
M modules/profile/manifests/yubiauth/server.pp
R modules/profile/templates/base/firewall/defs.erb
R modules/profile/templates/base/firewall/defs.labs.erb
M modules/role/manifests/aqs.pp
M modules/role/manifests/archiva.pp
M modules/role/manifests/authdns/server.pp
M modules/role/manifests/bastionhost/general.pp
M modules/role/manifests/bastionhost/opsonly.pp
M modules/role/manifests/bastionhost/twofa.pp
M modules/role/manifests/beta/mediawiki.pp
M modules/role/manifests/builder.pp
M modules/role/manifests/cache/canary.pp
M modules/role/manifests/cluster/management.pp
M modules/role/manifests/configcluster.pp
M modules/role/manifests/debug_proxy.pp
M modules/role/manifests/deployment_server.pp
M modules/role/manifests/deployment_server/base.pp
M modules/role/manifests/discovery/dashboards.pp
M modules/role/manifests/docker/registry.pp
M modules/role/manifests/dumps/web/htmldumps.pp
M modules/role/manifests/elasticsearch/cirrus.pp
M modules/role/manifests/elasticsearch/relforge.pp
M modules/role/manifests/etcd/kubernetes.pp
M modules/role/manifests/etcd/networking.pp
M modules/role/manifests/eventbus/eventbus.pp
M modules/role/manifests/failoid.pp
M modules/role/manifests/ganeti.pp
M modules/role/manifests/ganglia/web.pp
M modules/role/manifests/grafana/base.pp
M modules/role/manifests/graphite/production.pp
M modules/role/manifests/icinga.pp
M modules/role/manifests/iegreview/app.pp
M modules/role/manifests/installserver/dhcp.pp
M modules/role/manifests/installserver/http.pp
M modules/role/manifests/installserver/proxy.pp
M modules/role/manifests/installserver/tftp.pp
M modules/role/manifests/jobqueue_redis/master.pp
M modules/role/manifests/jobqueue_redis/slave.pp
M modules/role/manifests/kafka/jumbo/broker.pp
M modules/role/manifests/kafka/simple/broker.pp
M modules/role/manifests/kubernetes/master.pp
M modules/role/manifests/kubernetes/staging/etcd.pp
M modules/role/manifests/kubernetes/staging/master.pp
M modules/role/manifests/kubernetes/staging/worker.pp
M modules/role/manifests/kubernetes/worker.pp
M modules/role/manifests/labs/db/proxy.pp
M modules/role/manifests/labs/db/replica.pp
M modules/role/manifests/labs/novaproxy.pp
M modules/role/manifests/labs/puppetmaster/backend.pp
M modules/role/manifests/labs/puppetmaster/frontend.pp
M modules/role/manifests/logging/mediawiki/udp2log.pp
M modules/role/manifests/logstash/collector.pp
M modules/role/manifests/logstash/elasticsearch.pp
M modules/role/manifests/mail/mx.pp
M modules/role/manifests/maps/master.pp
M modules/role/manifests/maps/slave.pp
M modules/role/manifests/maps/test/master.pp
M modules/role/manifests/maps/test/slave.pp
M modules/role/manifests/mariadb/core.pp
M modules/role/manifests/mariadb/dbstore.pp
M modules/role/manifests/mariadb/dbstore_multiinstance.pp
M modules/role/manifests/mariadb/labs_deprecated.pp
M modules/role/manifests/mariadb/misc.pp
M modules/role/manifests/mariadb/misc/eventlogging.pp
M modules/role/manifests/mariadb/misc/phabricator.pp
M modules/role/manifests/mariadb/parsercache.pp
M modules/role/manifests/mariadb/sanitarium_multiinstance.pp
M modules/role/manifests/mariadb/sanitarium_multisource.pp
M modules/role/manifests/mediawiki/imagescaler.pp
M modules/role/manifests/mediawiki/videoscaler.pp
M modules/role/manifests/mediawiki_maintenance.pp
M modules/role/manifests/memcached.pp
M modules/role/manifests/microsites/peopleweb.pp
M modules/role/manifests/mirrors.pp
M modules/role/manifests/mw_rc_irc.pp
M modules/role/manifests/network/monitor.pp
M modules/role/manifests/ocg.pp
M modules/role/manifests/openldap/corp.pp
M modules/role/manifests/openldap/labs.pp
M modules/role/manifests/openldap/labtest.pp
M modules/role/manifests/ores/stresstest.pp
M modules/role/manifests/osm/master.pp
M modules/role/manifests/osm/slave.pp
M modules/role/manifests/package/builder.pp
M modules/role/manifests/parsoid.pp
M modules/role/manifests/paws_internal/jupyterhub.pp
M modules/role/manifests/phabricator_server.pp
M modules/role/manifests/poolcounter/server.pp
M modules/role/manifests/postgres/master.pp
M modules/role/manifests/prometheus/global.pp
M modules/role/manifests/prometheus/ops.pp
M modules/role/manifests/prometheus/services.pp
M modules/role/manifests/puppet/self.pp
M modules/role/manifests/puppetmaster/backend.pp
M modules/role/manifests/puppetmaster/frontend.pp
M modules/role/manifests/puppetmaster/puppetdb.pp
M modules/role/manifests/pybaltest.pp
M modules/role/manifests/releases.pp
M modules/role/manifests/requesttracker/upgradetest.pp
M modules/role/manifests/restbase/base.pp
M modules/role/manifests/restbase/production_ng.pp
M modules/role/manifests/sca.pp
M modules/role/manifests/scb.pp
M modules/role/manifests/security/tools.pp
M modules/role/manifests/snapshot/common.pp
M modules/role/manifests/spare/system.pp
M modules/role/manifests/swift/proxy.pp
M modules/role/manifests/swift/storage.pp
M modules/role/manifests/syslog/centralserver.pp
M modules/role/manifests/tendril.pp
M modules/role/manifests/test.pp
M modules/role/manifests/thumbor/mediawiki.pp
M modules/role/manifests/toollabs/elasticsearch.pp
M modules/role/manifests/toollabs/etcd/flannel.pp
M modules/role/manifests/toollabs/etcd/k8s.pp
M modules/role/manifests/toollabs/k8s/master.pp
M modules/role/manifests/toollabs/logging/centralserver.pp
M modules/role/manifests/tor_relay.pp
M modules/role/manifests/wdqs.pp
M modules/role/manifests/wdqs/labs.pp
M modules/role/manifests/webperf.pp
M modules/role/manifests/wikimania_scholarships.pp
M modules/toollabs/manifests/proxy.pp
151 files changed, 220 insertions(+), 220 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/19/383519/1
diff --git a/manifests/site.pp b/manifests/site.pp
index b61ca36..0e6981d 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -44,7 +44,7 @@
analytics_cluster::users)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
@@ -63,14 +63,14 @@
analytics_cluster::database::meta::backup_dest)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
node 'analytics1003.eqiad.wmnet' {
role(analytics_cluster::coordinator)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
# analytics1028-analytics1068 are Hadoop worker nodes.
@@ -82,7 +82,7 @@
node /analytics10(2[89]|3[0-9]|4[0-9]|5[0-9]|6[0-9]).eqiad.wmnet/ {
role(analytics_cluster::hadoop::worker)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
}
@@ -160,7 +160,7 @@
striker::web,
labs::instance_info_dumper)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::openstack::horizon::puppetpanel
include ::ldap::role::client::labs
@@ -311,7 +311,7 @@
node /^(diadem|dysprosium)\.wikimedia\.org$/ {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
node 'dataset1001.wikimedia.org' {
@@ -659,7 +659,7 @@
# tendril db
node 'db1011.eqiad.wmnet' {
role(mariadb::tendril)
- include ::base::firewall
+ include ::profile::base::firewall
}
node 'dbstore1001.eqiad.wmnet' {
@@ -776,7 +776,7 @@
node /^druid100[123].eqiad.wmnet$/ {
role(druid::analytics::worker)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
}
@@ -787,7 +787,7 @@
node /^druid100[456].eqiad.wmnet$/ {
role(spare::system)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
}
@@ -884,14 +884,14 @@
node 'es2001.codfw.wmnet' {
role(mariadb::otrsbackups)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
# temporary measure until mysql is uninstalled
include ::mariadb::mysqld_safe
}
node /^es200[234]\.codfw\.wmnet/ {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
# temporary measure until mysql is uninstalled
include ::mariadb::mysqld_safe
}
@@ -953,14 +953,14 @@
logging::mediawiki::errors)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
interface::add_ip6_mapped { 'main': }
}
# EventLogging Analytics does not (yet?) run in codfw.
node 'eventlog2001.codfw.wmnet' {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
# virtual machine for mailman list server
@@ -1046,7 +1046,7 @@
labs::dnsrecursor,
labs::dns_floating_ip_updater)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::ldap::role::client::labs
}
@@ -1055,7 +1055,7 @@
labs::dns,
labs::dnsrecursor)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::ldap::role::client::labs
}
@@ -1072,19 +1072,19 @@
node 'labtestmetal2001.codfw.wmnet' {
# WIP
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
node 'labtestnet2002.codfw.wmnet' {
# WIP
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
node 'labtestneutron2002.codfw.wmnet' {
# WIP
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
node 'labtestnet2001.codfw.wmnet' {
@@ -1094,7 +1094,7 @@
node 'labtestcontrol2001.wikimedia.org' {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
role(wmcs::openstack::labtest::control)
# Labtest is weird; the mysql server is on labtestcontrol2001. So
@@ -1126,7 +1126,7 @@
node 'labtestcontrol2003.wikimedia.org' {
role(wmcs::openstack::labtestn::control)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
}
@@ -1143,13 +1143,13 @@
openldap::labtest,
labs::dns_floating_ip_updater)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
interface::add_ip6_mapped { 'main': }
}
node /labtestservices200[23]\.wikimedia\.org/ {
role(wmcs::openstack::labtestn::services)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
interface::add_ip6_mapped { 'main': }
}
@@ -1157,7 +1157,7 @@
node /labweb100[12]\.eqiad\.wmnet/ {
role(mediawiki::appserver)
- include ::base::firewall
+ include ::profile::base::firewall
include ::ldap::role::client::labs
interface::add_ip6_mapped { 'main': }
@@ -1233,7 +1233,7 @@
ipsec)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
# Kafka Brokers - main-eqiad and main-codfw Kafka clusters.
@@ -1282,14 +1282,14 @@
}
node /labcontrol100[34]\.wikimedia\.org/ {
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
}
node 'labcontrol1001.wikimedia.org' {
role(wmcs::openstack::main::control)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
include ::ldap::role::client::labs
}
@@ -1302,7 +1302,7 @@
node 'labcontrol1002.wikimedia.org' {
role(wmcs::openstack::main::control)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
include ::ldap::role::client::labs
}
@@ -1315,7 +1315,7 @@
labs::openstack::nova::manager,
mariadb::wikitech,
horizon)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
include ::openstack::horizon::puppetpanel
include ::ldap::role::client::labs
@@ -1327,7 +1327,7 @@
node 'labmon1001.eqiad.wmnet' {
role(labs::graphite, labs::prometheus, grafana::labs)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
# role spare until pushed into service via T165784
@@ -1342,7 +1342,7 @@
node /labnet100[34]\.eqiad\.wmnet/ {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
@@ -1355,7 +1355,7 @@
$nagios_contact_group = 'admins,contint'
role(labs::openstack::nodepool)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
## labsdb dbs
@@ -1388,47 +1388,47 @@
# soon to be recommissioned in T158196
include ::standard
# Do not enable yet
- # include ::base::firewall
+ # include ::profile::base::firewall
}
node 'labstore1003.eqiad.wmnet' {
role(labs::nfs::misc)
include ::standard
# Do not enable yet
- # include ::base::firewall
+ # include ::profile::base::firewall
}
node /labstore100[45]\.eqiad\.wmnet/ {
role(labs::nfs::secondary)
include ::standard
# Do not enable yet
- # include ::base::firewall
+ # include ::profile::base::firewall
}
node /labstore100[67]\.wikimedia\.org/ {
role(dumps::public::server)
# Do not enable yet
- # include ::base::firewall
+ # include ::profile::base::firewall
}
node /labstore200[1-2]\.codfw\.wmnet/ {
include ::standard
# Do not enable yet
- # include ::base::firewall
+ # include ::profile::base::firewall
}
node 'labstore2003.codfw.wmnet' {
role(labs::nfs::secondary_backup::tools)
include ::standard
# Do not enable yet
- # include ::base::firewall
+ # include ::profile::base::firewall
}
node 'labstore2004.codfw.wmnet' {
role(labs::nfs::secondary_backup::misc)
include ::standard
# Do not enable yet
- # include ::base::firewall
+ # include ::profile::base::firewall
}
node 'lithium.eqiad.wmnet' {
@@ -1662,43 +1662,43 @@
# They replace mw1017 and mw1099
node /^mwdebug100[12]\.eqiad\.wmnet$/ {
role(mediawiki::canary_appserver)
- include ::base::firewall
+ include ::profile::base::firewall
}
# mw1161-1167 are job runners
node /^mw116[1-7]\.eqiad\.wmnet$/ {
role(mediawiki::jobrunner)
- include ::base::firewall
+ include ::profile::base::firewall
}
# mw1180-1188 are apaches
node /^mw118[0-8]\.eqiad\.wmnet$/ {
role(mediawiki::appserver)
- include ::base::firewall
+ include ::profile::base::firewall
}
# mw1189-1208 are api apaches
node /^mw1(189|19[0-9]|20[0-8])\.eqiad\.wmnet$/ {
role(mediawiki::appserver::api)
- include ::base::firewall
+ include ::profile::base::firewall
}
# mw1209-1216, 1218-1220 are apaches
node /^mw12(09|1[012345689]|20)\.eqiad\.wmnet$/ {
role(mediawiki::appserver)
- include ::base::firewall
+ include ::profile::base::firewall
}
#mw1221-mw1235 are api apaches
node /^mw12(2[1-9]|3[0-5])\.eqiad\.wmnet$/ {
role(mediawiki::appserver::api)
- include ::base::firewall
+ include ::profile::base::firewall
}
#mw1238-mw1258 are apaches
node /^mw12(3[8-9]|4[0-9]|5[0-8])\.eqiad\.wmnet$/ {
role(mediawiki::appserver)
- include ::base::firewall
+ include ::profile::base::firewall
}
#mw1259-60 are videoscalers
@@ -1712,24 +1712,24 @@
node /^mw126[1-5]\.eqiad\.wmnet$/ {
role(mediawiki::canary_appserver)
- include ::base::firewall
+ include ::profile::base::firewall
}
node /^mw12(6[6-9]|7[0-5])\.eqiad\.wmnet$/ {
role(mediawiki::appserver)
- include ::base::firewall
+ include ::profile::base::firewall
}
# ROW A eqiad api appserver
# mw1276 - mw1290
node /^mw127[6-9]\.eqiad\.wmnet$/ {
role(mediawiki::appserver::canary_api)
- include ::base::firewall
+ include ::profile::base::firewall
}
node /^mw12(8[0-9]|90)\.eqiad\.wmnet$/ {
role(mediawiki::appserver::api)
- include ::base::firewall
+ include ::profile::base::firewall
}
# ROW A eqiad imagescalers
@@ -1740,26 +1740,26 @@
# ROW A eqiad jobrunners
node /^mw1(299|30[0-6])\.eqiad\.wmnet$/ {
role(mediawiki::jobrunner)
- include ::base::firewall
+ include ::profile::base::firewall
}
# T165519
# ROW C eqiad appservers
node /^mw13(19|2[0-8])\.eqiad\.wmnet$/ {
role(mediawiki::appserver)
- include ::base::firewall
+ include ::profile::base::firewall
}
# ROW B eqiad api-appservers
node /^mw13(1[2-7])\.eqiad\.wmnet$/ {
role(mediawiki::appserver::api)
- include ::base::firewall
+ include ::profile::base::firewall
}
# ROW A eqiad jobrunners
node /^mw13(0[89]|1[01])\.eqiad\.wmnet$/ {
role(mediawiki::jobrunner)
- include ::base::firewall
+ include ::profile::base::firewall
}
# ROW A videoscaler
@@ -1778,19 +1778,19 @@
# mw2017/mw2099 are codfw test appservers
node /^mw20(17|99)\.codfw\.wmnet$/ {
role(mediawiki::canary_appserver)
- include ::base::firewall
+ include ::profile::base::firewall
}
#mw2097, mw2100-mw2117 are appservers
node /^mw2(097|10[0-9]|11[0-7])\.codfw\.wmnet$/ {
role(mediawiki::appserver)
- include ::base::firewall
+ include ::profile::base::firewall
}
#mw2120-2147 are api appservers
node /^mw21([2-3][0-9]|4[0-7])\.codfw\.wmnet$/ {
role(mediawiki::appserver::api)
- include ::base::firewall
+ include ::profile::base::firewall
}
# ROW B codfw appservers
@@ -1814,19 +1814,19 @@
#mw2153-62 are jobrunners
node /^mw21(5[3-9]|6[0-2])\.codfw\.wmnet$/ {
role(mediawiki::jobrunner)
- include ::base::firewall
+ include ::profile::base::firewall
}
#mw2163-mw2199 are appservers
node /^mw21(6[3-9]|[6-9][0-9])\.codfw\.wmnet$/ {
role(mediawiki::appserver)
- include ::base::firewall
+ include ::profile::base::firewall
}
#mw2200-2214 are api appservers
node /^mw22(0[0-9]|1[0-4])\.codfw\.wmnet$/ {
role(mediawiki::appserver::api)
- include ::base::firewall
+ include ::profile::base::firewall
}
# New Appservers, in row A3/A4
@@ -1834,13 +1834,13 @@
#mw2215-2223 are api appservers
node /^mw22(1[5-9]|2[0123])\.codfw\.wmnet$/ {
role(mediawiki::appserver::api)
- include ::base::firewall
+ include ::profile::base::firewall
}
# mw2224-42 are appservers
node /^mw22(2[4-9]|3[0-9]|4[0-2])\.codfw\.wmnet$/ {
role(mediawiki::appserver)
- include ::base::firewall
+ include ::profile::base::firewall
}
#mw2244-mw2245 are imagescalers
@@ -1856,26 +1856,26 @@
# mw2247-2250 are jobrunners
node /^mw22(4[3789]|50)\.codfw\.wmnet$/ {
role(mediawiki::jobrunner)
- include ::base::firewall
+ include ::profile::base::firewall
}
#mw2251-2253 are api-appservers
node /^mw225[1-3]\.codfw\.wmnet$/ {
role(mediawiki::appserver::api)
- include ::base::firewall
+ include ::profile::base::firewall
}
#mw2254-2258 are appservers
node /^mw225[4-8]\.codfw\.wmnet$/ {
role(mediawiki::appserver)
- include ::base::firewall
+ include ::profile::base::firewall
}
# mw logging host codfw
node 'mwlog2001.codfw.wmnet' {
role(xenon)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
class { 'role::logging::mediawiki::udp2log':
@@ -1887,7 +1887,7 @@
node 'mwlog1001.eqiad.wmnet' {
role(xenon)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
class { 'role::logging::mediawiki::udp2log':
@@ -1986,7 +1986,7 @@
{
role(logging::kafkatee::webrequest::ops)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
}
@@ -2043,7 +2043,7 @@
node /^prometheus200[34]\.codfw\.wmnet$/ {
role(prometheus::ops, prometheus::global, prometheus::services)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
include ::lvs::realserver
@@ -2199,7 +2199,7 @@
node /^(seaborgium|serpens)\.wikimedia\.org$/ {
role(openldap::labs)
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
# Silver is the new home of the wikitech web server.
@@ -2207,7 +2207,7 @@
role(wmcs::openstack::main::wikitech,
labs::openstack::nova::manager,
mariadb::wikitech)
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
interface::add_ip6_mapped { 'main': }
@@ -2245,7 +2245,7 @@
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
# Failoid service (Ganeti VM)
diff --git a/modules/contint/manifests/firewall.pp
b/modules/contint/manifests/firewall.pp
index 2de84bf..5118b33 100644
--- a/modules/contint/manifests/firewall.pp
+++ b/modules/contint/manifests/firewall.pp
@@ -1,7 +1,7 @@
# vim: set ts=4 sw=4 et:
class contint::firewall {
- include ::base::firewall
+ include ::profile::base::firewall
include ::network::constants
# Restrict some services to be only reacheable from localhost over both
diff --git a/modules/dumps/manifests/nfs.pp b/modules/dumps/manifests/nfs.pp
index 21d6990..6f0fb73 100644
--- a/modules/dumps/manifests/nfs.pp
+++ b/modules/dumps/manifests/nfs.pp
@@ -47,7 +47,7 @@
options => "nlm_udpport=${lockd_udp} nlm_tcpport=${lockd_tcp}",
}
- include ::base::firewall
+ include ::profile::base::firewall
include ::network::constants
ferm::service { 'dumps_nfs':
diff --git a/modules/dumps/manifests/web/xmldumps.pp
b/modules/dumps/manifests/web/xmldumps.pp
index 1a445ed..0323f3f 100644
--- a/modules/dumps/manifests/web/xmldumps.pp
+++ b/modules/dumps/manifests/web/xmldumps.pp
@@ -39,7 +39,7 @@
mode => '0444',
}
- include ::base::firewall
+ include ::profile::base::firewall
ferm::service { 'xmldumps_http':
proto => 'tcp',
diff --git a/modules/base/files/firewall/check_conntrack.py
b/modules/profile/files/base/firewall/check_conntrack.py
similarity index 100%
rename from modules/base/files/firewall/check_conntrack.py
rename to modules/profile/files/base/firewall/check_conntrack.py
diff --git a/modules/base/files/firewall/check_ferm
b/modules/profile/files/base/firewall/check_ferm
similarity index 100%
rename from modules/base/files/firewall/check_ferm
rename to modules/profile/files/base/firewall/check_ferm
diff --git a/modules/base/files/firewall/main-input-default-drop.conf
b/modules/profile/files/base/firewall/main-input-default-drop.conf
similarity index 100%
rename from modules/base/files/firewall/main-input-default-drop.conf
rename to modules/profile/files/base/firewall/main-input-default-drop.conf
diff --git a/modules/base/files/firewall/main-minimal.conf
b/modules/profile/files/base/firewall/main-minimal.conf
similarity index 100%
rename from modules/base/files/firewall/main-minimal.conf
rename to modules/profile/files/base/firewall/main-minimal.conf
diff --git a/modules/base/files/firewall/nf_conntrack.conf
b/modules/profile/files/base/firewall/nf_conntrack.conf
similarity index 100%
rename from modules/base/files/firewall/nf_conntrack.conf
rename to modules/profile/files/base/firewall/nf_conntrack.conf
diff --git a/modules/profile/manifests/backup/director.pp
b/modules/profile/manifests/backup/director.pp
index 9f8c5cd..a199cf3 100644
--- a/modules/profile/manifests/backup/director.pp
+++ b/modules/profile/manifests/backup/director.pp
@@ -12,7 +12,7 @@
$dbhost = hiera('profile::backup::director::database'),
$dbpass = hiera('profile::backup::director::dbpass'),
){
- include ::base::firewall
+ include ::profile::base::firewall
class { 'bacula::director':
sqlvariant => 'mysql',
diff --git a/modules/profile/manifests/backup/host.pp
b/modules/profile/manifests/backup/host.pp
index f28c048..c58660d 100644
--- a/modules/profile/manifests/backup/host.pp
+++ b/modules/profile/manifests/backup/host.pp
@@ -36,7 +36,7 @@
}
File <| tag == 'backup-motd' |>
- # If the machine includes ::base::firewall then let director connect
to us
+ # If the machine includes ::profile::base::firewall then let director
connect to us
# TODO The IPv6 IP should be converted into a DNS AAAA resolve once we
# enabled the DNS record on the director
ferm::service { 'bacula-file-demon':
diff --git a/modules/profile/manifests/backup/storage.pp
b/modules/profile/manifests/backup/storage.pp
index 925169b..9139228 100644
--- a/modules/profile/manifests/backup/storage.pp
+++ b/modules/profile/manifests/backup/storage.pp
@@ -6,7 +6,7 @@
class profile::backup::storage(
$director = hiera('profile::backup::director'),
) {
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
mount { '/srv/baculasd1' :
diff --git a/modules/base/manifests/firewall.pp
b/modules/profile/manifests/base/firewall.pp
similarity index 87%
rename from modules/base/manifests/firewall.pp
rename to modules/profile/manifests/base/firewall.pp
index 2a8af86d..8b316f6 100644
--- a/modules/base/manifests/firewall.pp
+++ b/modules/profile/manifests/base/firewall.pp
@@ -1,12 +1,12 @@
# Don't include this sub class on all hosts yet
# NOTE: Policy is DROP by default
-class base::firewall {
+class profile::base::firewall {
include ::network::constants
include ::ferm
$defscontent = $::realm ? {
- 'labs' => template('base/firewall/defs.erb',
'base/firewall/defs.labs.erb'),
- default => template('base/firewall/defs.erb'),
+ 'labs' => template('profile/base/firewall/defs.erb',
'profile/base/firewall/defs.labs.erb'),
+ default => template('profile/base/firewall/defs.erb'),
}
ferm::conf { 'defs':
prio => '00',
@@ -30,7 +30,7 @@
ferm::conf { 'main':
prio => '00',
- source =>
'puppet:///modules/base/firewall/main-input-default-drop.conf',
+ source =>
'puppet:///modules/profile/base/firewall/main-input-default-drop.conf',
}
ferm::rule { 'bastion-ssh':
@@ -66,7 +66,7 @@
}
file { '/usr/lib/nagios/plugins/check_ferm':
- source => 'puppet:///modules/base/firewall/check_ferm',
+ source => 'puppet:///modules/profile/base/firewall/check_ferm',
owner => 'root',
group => 'root',
mode => '0555',
diff --git a/modules/profile/manifests/dnsrecursor.pp
b/modules/profile/manifests/dnsrecursor.pp
index 18ff727..fca0f26 100644
--- a/modules/profile/manifests/dnsrecursor.pp
+++ b/modules/profile/manifests/dnsrecursor.pp
@@ -2,7 +2,7 @@
class profile::dnsrecursor {
include ::network::constants
- include ::base::firewall
+ include ::profile::base::firewall
include ::lvs::configuration
class { '::dnsrecursor':
diff --git a/modules/profile/manifests/etherpad.pp
b/modules/profile/manifests/etherpad.pp
index 313b814..32a78a0 100644
--- a/modules/profile/manifests/etherpad.pp
+++ b/modules/profile/manifests/etherpad.pp
@@ -1,7 +1,7 @@
# sets up an Etherpad lite server
class profile::etherpad {
- include ::base::firewall
+ include ::profile::base::firewall
include ::passwords::etherpad_lite
class { '::etherpad':
diff --git a/modules/profile/manifests/gerrit/server.pp
b/modules/profile/manifests/gerrit/server.pp
index d3a8736..2699e12 100644
--- a/modules/profile/manifests/gerrit/server.pp
+++ b/modules/profile/manifests/gerrit/server.pp
@@ -33,7 +33,7 @@
contact_group => 'admins,gerrit',
}
- include ::base::firewall
+ include ::profile::base::firewall
# ssh from users to gerrit
ferm::service { 'gerrit_ssh_users':
diff --git a/modules/profile/manifests/lists.pp
b/modules/profile/manifests/lists.pp
index 1675939..de4ca37 100644
--- a/modules/profile/manifests/lists.pp
+++ b/modules/profile/manifests/lists.pp
@@ -1,5 +1,5 @@
class profile::lists {
- include ::base::firewall
+ include ::profile::base::firewall
include ::network::constants
include ::mailman
include ::privateexim::listserve
diff --git a/modules/profile/manifests/microsites/annualreport.pp
b/modules/profile/manifests/microsites/annualreport.pp
index 07019d6..4ccef7d 100644
--- a/modules/profile/manifests/microsites/annualreport.pp
+++ b/modules/profile/manifests/microsites/annualreport.pp
@@ -4,7 +4,7 @@
# T599 - https://15.wikipedia.org (aka. annual report 2015)
class profile::microsites::annualreport {
- include ::base::firewall
+ include ::profile::base::firewall
include ::apache
include ::apache::mod::headers
diff --git a/modules/profile/manifests/microsites/static_bugzilla.pp
b/modules/profile/manifests/microsites/static_bugzilla.pp
index 0fc55a3..a07e193 100644
--- a/modules/profile/manifests/microsites/static_bugzilla.pp
+++ b/modules/profile/manifests/microsites/static_bugzilla.pp
@@ -1,7 +1,7 @@
# static HTML archive of old Bugzilla tickets
class profile::microsites::static_bugzilla {
include ::bugzilla_static
- include ::base::firewall
+ include ::profile::base::firewall
ferm::service { 'bugzilla_static_http':
proto => 'tcp',
diff --git a/modules/profile/manifests/microsites/transparency.pp
b/modules/profile/manifests/microsites/transparency.pp
index abbda07..0dc3f7e 100644
--- a/modules/profile/manifests/microsites/transparency.pp
+++ b/modules/profile/manifests/microsites/transparency.pp
@@ -43,7 +43,7 @@
content =>
template('role/apache/sites/transparency.wikimedia.org.erb'),
}
- include ::base::firewall
+ include ::profile::base::firewall
ferm::service { 'transparency_http':
proto => 'tcp',
diff --git a/modules/profile/manifests/ores/redis.pp
b/modules/profile/manifests/ores/redis.pp
index 8da21a2..0814198 100644
--- a/modules/profile/manifests/ores/redis.pp
+++ b/modules/profile/manifests/ores/redis.pp
@@ -6,7 +6,7 @@
$slaveof = hiera('profile::ores::redis::slaveof', undef),
){
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
class { '::ores::redis':
password => $password,
diff --git a/modules/profile/manifests/otrs.pp
b/modules/profile/manifests/otrs.pp
index 2cb00ca..9e0b0b5 100644
--- a/modules/profile/manifests/otrs.pp
+++ b/modules/profile/manifests/otrs.pp
@@ -11,7 +11,7 @@
$exim_database_pass = hiera('profile::otrs::exim_database_pass'),
$prometheus_nodes = hiera('prometheus_nodes'),
){
- include ::base::firewall
+ include ::profile::base::firewall
include network::constants
include ::profile::prometheus::apache_exporter
diff --git a/modules/profile/manifests/planet/venus.pp
b/modules/profile/manifests/planet/venus.pp
index 7777117..1a88e94 100644
--- a/modules/profile/manifests/planet/venus.pp
+++ b/modules/profile/manifests/planet/venus.pp
@@ -191,7 +191,7 @@
}
# firewalling
- include ::base::firewall
+ include ::profile::base::firewall
ferm::service { 'planet-http':
proto => 'tcp',
port => '80',
diff --git a/modules/profile/manifests/pmacct.pp
b/modules/profile/manifests/pmacct.pp
index 974638a..dab00a8 100644
--- a/modules/profile/manifests/pmacct.pp
+++ b/modules/profile/manifests/pmacct.pp
@@ -29,7 +29,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
$loopbacks = [
# eqiad
diff --git a/modules/profile/manifests/requesttracker/server.pp
b/modules/profile/manifests/requesttracker/server.pp
index 25f0548..2055fed 100644
--- a/modules/profile/manifests/requesttracker/server.pp
+++ b/modules/profile/manifests/requesttracker/server.pp
@@ -12,7 +12,7 @@
dbpass => $passwords::misc::rt::rt_mysql_pass,
}
- include ::base::firewall
+ include ::profile::base::firewall
ferm::service { 'rt-http':
proto => 'tcp',
diff --git a/modules/profile/manifests/statistics/cruncher.pp
b/modules/profile/manifests/statistics/cruncher.pp
index 2ad01aa..c4f96c0 100644
--- a/modules/profile/manifests/statistics/cruncher.pp
+++ b/modules/profile/manifests/statistics/cruncher.pp
@@ -4,7 +4,7 @@
$statistics_servers = hiera('statistics_servers'),
) {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::deployment::umask_wikidev
diff --git a/modules/profile/manifests/statistics/web.pp
b/modules/profile/manifests/statistics/web.pp
index 888ad08..feea21b 100644
--- a/modules/profile/manifests/statistics/web.pp
+++ b/modules/profile/manifests/statistics/web.pp
@@ -5,7 +5,7 @@
$geowiki_host = hiera('profile::statistics::web::geowiki_host'),
) {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::deployment::umask_wikidev
diff --git a/modules/profile/manifests/url_downloader.pp
b/modules/profile/manifests/url_downloader.pp
index 4b846c7..4659e1a 100644
--- a/modules/profile/manifests/url_downloader.pp
+++ b/modules/profile/manifests/url_downloader.pp
@@ -23,7 +23,7 @@
) {
include network::constants
- include ::base::firewall
+ include ::profile::base::firewall
if $::realm == 'production' {
$wikimedia = [
diff --git a/modules/profile/manifests/yubiauth/server.pp
b/modules/profile/manifests/yubiauth/server.pp
index 53ac8ab..1314af1 100644
--- a/modules/profile/manifests/yubiauth/server.pp
+++ b/modules/profile/manifests/yubiauth/server.pp
@@ -9,7 +9,7 @@
$auth_servers_ferm = join($auth_servers, ' ')
- include ::base::firewall
+ include ::profile::base::firewall
class {'::yubiauth::yhsm_daemon': }
diff --git a/modules/base/templates/firewall/defs.erb
b/modules/profile/templates/base/firewall/defs.erb
similarity index 100%
rename from modules/base/templates/firewall/defs.erb
rename to modules/profile/templates/base/firewall/defs.erb
diff --git a/modules/base/templates/firewall/defs.labs.erb
b/modules/profile/templates/base/firewall/defs.labs.erb
similarity index 100%
rename from modules/base/templates/firewall/defs.labs.erb
rename to modules/profile/templates/base/firewall/defs.labs.erb
diff --git a/modules/role/manifests/aqs.pp b/modules/role/manifests/aqs.pp
index e62d2d3..c2b824d 100644
--- a/modules/role/manifests/aqs.pp
+++ b/modules/role/manifests/aqs.pp
@@ -13,7 +13,7 @@
include ::passwords::aqs
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
#
# Set up Cassandra for AQS.
diff --git a/modules/role/manifests/archiva.pp
b/modules/role/manifests/archiva.pp
index 8ec1c4a..f77ffcb 100644
--- a/modules/role/manifests/archiva.pp
+++ b/modules/role/manifests/archiva.pp
@@ -7,7 +7,7 @@
class role::archiva {
system::role { 'archiva': description => 'Apache Archiva Host' }
- include ::base::firewall
+ include ::profile::base::firewall
require_package('openjdk-7-jdk')
diff --git a/modules/role/manifests/authdns/server.pp
b/modules/role/manifests/authdns/server.pp
index aecfe94..62cb47d 100644
--- a/modules/role/manifests/authdns/server.pp
+++ b/modules/role/manifests/authdns/server.pp
@@ -3,7 +3,7 @@
system::role { 'authdns': description => 'Authoritative DNS server' }
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include authdns::ganglia
include prometheus::node_gdnsd
include role::authdns::data
diff --git a/modules/role/manifests/bastionhost/general.pp
b/modules/role/manifests/bastionhost/general.pp
index 542e04d..fc098a2 100644
--- a/modules/role/manifests/bastionhost/general.pp
+++ b/modules/role/manifests/bastionhost/general.pp
@@ -6,7 +6,7 @@
include ::bastionhost
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::backup::host
# Used by parsoid deployers
diff --git a/modules/role/manifests/bastionhost/opsonly.pp
b/modules/role/manifests/bastionhost/opsonly.pp
index 1fafcf1..73519d8 100644
--- a/modules/role/manifests/bastionhost/opsonly.pp
+++ b/modules/role/manifests/bastionhost/opsonly.pp
@@ -6,7 +6,7 @@
include ::bastionhost
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::backup::host
backup::set {'home': }
diff --git a/modules/role/manifests/bastionhost/twofa.pp
b/modules/role/manifests/bastionhost/twofa.pp
index 498ddbb..2d679cc 100644
--- a/modules/role/manifests/bastionhost/twofa.pp
+++ b/modules/role/manifests/bastionhost/twofa.pp
@@ -5,7 +5,7 @@
include ::bastionhost
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::backup::host
include ::passwords::yubiauth
diff --git a/modules/role/manifests/beta/mediawiki.pp
b/modules/role/manifests/beta/mediawiki.pp
index f3ebc88..b060dc5 100644
--- a/modules/role/manifests/beta/mediawiki.pp
+++ b/modules/role/manifests/beta/mediawiki.pp
@@ -5,7 +5,7 @@
#
# filtertags: labs-project-deployment-prep
class role::beta::mediawiki {
- include ::base::firewall
+ include ::profile::base::firewall
$ips =
join($network::constants::special_hosts[$::realm]['deployment_hosts'], ' ')
security::access::config { 'scap-allow-mwdeploy':
diff --git a/modules/role/manifests/builder.pp
b/modules/role/manifests/builder.pp
index 8d015c5..8f89bca 100644
--- a/modules/role/manifests/builder.pp
+++ b/modules/role/manifests/builder.pp
@@ -1,7 +1,7 @@
# filtertags: labs-project-packaging
class role::builder {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include role::package::builder
include ::profile::docker::storage::loopback
include ::profile::docker::engine
diff --git a/modules/role/manifests/cache/canary.pp
b/modules/role/manifests/cache/canary.pp
index 966b149..6a633b8 100644
--- a/modules/role/manifests/cache/canary.pp
+++ b/modules/role/manifests/cache/canary.pp
@@ -1,5 +1,5 @@
class role::cache::canary {
- include ::base::firewall
+ include ::profile::base::firewall
include role::cache::text
ferm::service { 'nginx-https':
diff --git a/modules/role/manifests/cluster/management.pp
b/modules/role/manifests/cluster/management.pp
index acebb75..7846252 100644
--- a/modules/role/manifests/cluster/management.pp
+++ b/modules/role/manifests/cluster/management.pp
@@ -17,5 +17,5 @@
include ::profile::switchdc
include ::profile::debdeploy
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
diff --git a/modules/role/manifests/configcluster.pp
b/modules/role/manifests/configcluster.pp
index 865ebf3..00a40b8 100644
--- a/modules/role/manifests/configcluster.pp
+++ b/modules/role/manifests/configcluster.pp
@@ -1,6 +1,6 @@
class role::configcluster {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::zookeeper::server
include ::profile::zookeeper::firewall
include ::profile::etcd
diff --git a/modules/role/manifests/debug_proxy.pp
b/modules/role/manifests/debug_proxy.pp
index 55875ee..0b9d55b 100644
--- a/modules/role/manifests/debug_proxy.pp
+++ b/modules/role/manifests/debug_proxy.pp
@@ -10,7 +10,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
# Backward compatibility
$aliases = {
diff --git a/modules/role/manifests/deployment_server.pp
b/modules/role/manifests/deployment_server.pp
index 4f9a6a8..5101409 100644
--- a/modules/role/manifests/deployment_server.pp
+++ b/modules/role/manifests/deployment_server.pp
@@ -1,7 +1,7 @@
# Mediawiki Deployment Server (prod)
class role::deployment_server {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::mediawiki::deployment::server
include ::profile::backup::host
include ::role::deployment::mediawiki
diff --git a/modules/role/manifests/deployment_server/base.pp
b/modules/role/manifests/deployment_server/base.pp
index 918fc08..f585a32 100644
--- a/modules/role/manifests/deployment_server/base.pp
+++ b/modules/role/manifests/deployment_server/base.pp
@@ -1,7 +1,7 @@
# Mediawiki Deployment Server (labs)
class role::deployment_server::base {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::mediawiki::deployment::server
include ::role::deployment::mediawiki
}
diff --git a/modules/role/manifests/discovery/dashboards.pp
b/modules/role/manifests/discovery/dashboards.pp
index f8d219c..5345fcb 100644
--- a/modules/role/manifests/discovery/dashboards.pp
+++ b/modules/role/manifests/discovery/dashboards.pp
@@ -7,7 +7,7 @@
# filtertags: labs-project-search labs-project-shiny-r
class role::discovery::dashboards {
# include ::standard
- # include ::base::firewall
+ # include ::profile::base::firewall
include ::profile::discovery_dashboards::production
system::role { 'role::discovery::dashboards':
diff --git a/modules/role/manifests/docker/registry.pp
b/modules/role/manifests/docker/registry.pp
index b8a9b6f..aa1d011 100644
--- a/modules/role/manifests/docker/registry.pp
+++ b/modules/role/manifests/docker/registry.pp
@@ -1,5 +1,5 @@
class role::docker::registry {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::docker::registry
}
diff --git a/modules/role/manifests/dumps/web/htmldumps.pp
b/modules/role/manifests/dumps/web/htmldumps.pp
index a3aa78e..5a44ec7 100644
--- a/modules/role/manifests/dumps/web/htmldumps.pp
+++ b/modules/role/manifests/dumps/web/htmldumps.pp
@@ -5,7 +5,7 @@
include ::standard
include ::profile::dumps::web::htmldumps
- include ::base::firewall
+ include ::profile::base::firewall
ferm::service { 'html_dumps_http':
proto => 'tcp',
diff --git a/modules/role/manifests/elasticsearch/cirrus.pp
b/modules/role/manifests/elasticsearch/cirrus.pp
index 699e854..6f35b83 100644
--- a/modules/role/manifests/elasticsearch/cirrus.pp
+++ b/modules/role/manifests/elasticsearch/cirrus.pp
@@ -4,7 +4,7 @@
#
class role::elasticsearch::cirrus {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::role::lvs::realserver
include ::profile::elasticsearch
diff --git a/modules/role/manifests/elasticsearch/relforge.pp
b/modules/role/manifests/elasticsearch/relforge.pp
index d88e058..1e4484c 100644
--- a/modules/role/manifests/elasticsearch/relforge.pp
+++ b/modules/role/manifests/elasticsearch/relforge.pp
@@ -4,7 +4,7 @@
#
class role::elasticsearch::relforge {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::elasticsearch
include ::elasticsearch::nagios::check
include ::profile::mjolnir::kafka_daemon
diff --git a/modules/role/manifests/etcd/kubernetes.pp
b/modules/role/manifests/etcd/kubernetes.pp
index a59e9ad..a23e970 100644
--- a/modules/role/manifests/etcd/kubernetes.pp
+++ b/modules/role/manifests/etcd/kubernetes.pp
@@ -2,7 +2,7 @@
class role::etcd::kubernetes {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::etcd
include ::profile::etcd::auth
}
diff --git a/modules/role/manifests/etcd/networking.pp
b/modules/role/manifests/etcd/networking.pp
index 3dcee9a..452f77f 100644
--- a/modules/role/manifests/etcd/networking.pp
+++ b/modules/role/manifests/etcd/networking.pp
@@ -2,6 +2,6 @@
# stacks as flannel and calico.
class role::etcd::networking {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::etcd
}
diff --git a/modules/role/manifests/eventbus/eventbus.pp
b/modules/role/manifests/eventbus/eventbus.pp
index 83ef472..677aa66 100644
--- a/modules/role/manifests/eventbus/eventbus.pp
+++ b/modules/role/manifests/eventbus/eventbus.pp
@@ -10,7 +10,7 @@
#
# filtertags: labs-project-deployment-prep
class role::eventbus::eventbus {
- include ::base::firewall
+ include ::profile::base::firewall
require ::eventschemas
# for /srv/log dir creation
diff --git a/modules/role/manifests/failoid.pp
b/modules/role/manifests/failoid.pp
index db24b04..e636aac 100644
--- a/modules/role/manifests/failoid.pp
+++ b/modules/role/manifests/failoid.pp
@@ -5,6 +5,6 @@
system::role { 'failoid': description => 'Failoid service' }
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::failoid
}
diff --git a/modules/role/manifests/ganeti.pp b/modules/role/manifests/ganeti.pp
index 0d4075f..ff8773f 100644
--- a/modules/role/manifests/ganeti.pp
+++ b/modules/role/manifests/ganeti.pp
@@ -38,7 +38,7 @@
# If ganeti_cluster fact is not defined, the node has not been added to a
# cluster yet, so don't monitor and don't setup a firewall
if $::ganeti_cluster {
- include ::base::firewall
+ include ::profile::base::firewall
# Interpolate the ganeti_cluster fact to get the list of nodes in a
# cluster
$ganeti_nodes = hiera("ganeti::${::ganeti_cluster}::nodes")
diff --git a/modules/role/manifests/ganglia/web.pp
b/modules/role/manifests/ganglia/web.pp
index 86440db..f262e89 100644
--- a/modules/role/manifests/ganglia/web.pp
+++ b/modules/role/manifests/ganglia/web.pp
@@ -1,6 +1,6 @@
# A role that includes all the needed stuff to run a ganglia web frontend
class role::ganglia::web {
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
include role::ganglia::config
include role::ganglia::views
diff --git a/modules/role/manifests/grafana/base.pp
b/modules/role/manifests/grafana/base.pp
index ba5c255..8b8657c 100644
--- a/modules/role/manifests/grafana/base.pp
+++ b/modules/role/manifests/grafana/base.pp
@@ -21,7 +21,7 @@
include ::passwords::ldap::production
- include ::base::firewall
+ include ::profile::base::firewall
class { '::grafana':
config => {
diff --git a/modules/role/manifests/graphite/production.pp
b/modules/role/manifests/graphite/production.pp
index 4b97ee7..3b4aa4b 100644
--- a/modules/role/manifests/graphite/production.pp
+++ b/modules/role/manifests/graphite/production.pp
@@ -8,7 +8,7 @@
$storage_dir = '/var/lib/carbon'
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
class { 'role::graphite::base':
storage_dir => $storage_dir,
diff --git a/modules/role/manifests/icinga.pp b/modules/role/manifests/icinga.pp
index 347fba3..f9587d1 100644
--- a/modules/role/manifests/icinga.pp
+++ b/modules/role/manifests/icinga.pp
@@ -30,7 +30,7 @@
include ::profile::scap::dsh
include mysql
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
$monitoring_groups = hiera('monitoring::groups')
create_resources(monitoring::group, $monitoring_groups)
diff --git a/modules/role/manifests/iegreview/app.pp
b/modules/role/manifests/iegreview/app.pp
index 1b0eb4d..cff8a7c 100644
--- a/modules/role/manifests/iegreview/app.pp
+++ b/modules/role/manifests/iegreview/app.pp
@@ -4,7 +4,7 @@
#
class role::iegreview::app {
- include ::base::firewall
+ include ::profile::base::firewall
class { '::iegreview':
hostname => 'iegreview.wikimedia.org',
diff --git a/modules/role/manifests/installserver/dhcp.pp
b/modules/role/manifests/installserver/dhcp.pp
index 97cfa84..f1536d8 100644
--- a/modules/role/manifests/installserver/dhcp.pp
+++ b/modules/role/manifests/installserver/dhcp.pp
@@ -8,7 +8,7 @@
include install_server::dhcp_server
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
ferm::rule { 'dhcp':
rule => 'proto udp dport bootps { saddr $PRODUCTION_NETWORKS ACCEPT; }'
diff --git a/modules/role/manifests/installserver/http.pp
b/modules/role/manifests/installserver/http.pp
index 1f1738a..13fa7c0 100644
--- a/modules/role/manifests/installserver/http.pp
+++ b/modules/role/manifests/installserver/http.pp
@@ -8,7 +8,7 @@
include install_server::web_server
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
ferm::service { 'install_http':
proto => 'tcp',
diff --git a/modules/role/manifests/installserver/proxy.pp
b/modules/role/manifests/installserver/proxy.pp
index 8cc5448..c7049fe 100644
--- a/modules/role/manifests/installserver/proxy.pp
+++ b/modules/role/manifests/installserver/proxy.pp
@@ -13,7 +13,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
ferm::service { 'proxy':
proto => 'tcp',
diff --git a/modules/role/manifests/installserver/tftp.pp
b/modules/role/manifests/installserver/tftp.pp
index e76fb49..7c39383 100644
--- a/modules/role/manifests/installserver/tftp.pp
+++ b/modules/role/manifests/installserver/tftp.pp
@@ -23,7 +23,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::backup::host
include install_server::tftp_server
diff --git a/modules/role/manifests/jobqueue_redis/master.pp
b/modules/role/manifests/jobqueue_redis/master.pp
index c03e526..620f069 100644
--- a/modules/role/manifests/jobqueue_redis/master.pp
+++ b/modules/role/manifests/jobqueue_redis/master.pp
@@ -1,6 +1,6 @@
class role::jobqueue_redis::master {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::redis::multidc
include ::profile::redis::jobqueue
diff --git a/modules/role/manifests/jobqueue_redis/slave.pp
b/modules/role/manifests/jobqueue_redis/slave.pp
index 1067811..1669557 100644
--- a/modules/role/manifests/jobqueue_redis/slave.pp
+++ b/modules/role/manifests/jobqueue_redis/slave.pp
@@ -1,6 +1,6 @@
class role::jobqueue_redis::slave {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::redis::jobqueue_slave
diff --git a/modules/role/manifests/kafka/jumbo/broker.pp
b/modules/role/manifests/kafka/jumbo/broker.pp
index c9875be..1c2b081 100644
--- a/modules/role/manifests/kafka/jumbo/broker.pp
+++ b/modules/role/manifests/kafka/jumbo/broker.pp
@@ -10,6 +10,6 @@
if !defined(Class['::standard']) {
include ::standard
}
- include base::firewall
- include profile::kafka::broker
+ include ::profile::base::firewall
+ include ::profile::kafka::broker
}
diff --git a/modules/role/manifests/kafka/simple/broker.pp
b/modules/role/manifests/kafka/simple/broker.pp
index 8f48915..79676f7 100644
--- a/modules/role/manifests/kafka/simple/broker.pp
+++ b/modules/role/manifests/kafka/simple/broker.pp
@@ -8,6 +8,6 @@
}
include standard
- include base::firewall
- include profile::kafka::broker
+ include ::profile::base::firewall
+ include ::profile::kafka::broker
}
diff --git a/modules/role/manifests/kubernetes/master.pp
b/modules/role/manifests/kubernetes/master.pp
index d34e274..3c4d9a9 100644
--- a/modules/role/manifests/kubernetes/master.pp
+++ b/modules/role/manifests/kubernetes/master.pp
@@ -1,6 +1,6 @@
class role::kubernetes::master {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
# Sets up docker on the machine
include ::profile::kubernetes::master
diff --git a/modules/role/manifests/kubernetes/staging/etcd.pp
b/modules/role/manifests/kubernetes/staging/etcd.pp
index 906d4f4..8c94259 100644
--- a/modules/role/manifests/kubernetes/staging/etcd.pp
+++ b/modules/role/manifests/kubernetes/staging/etcd.pp
@@ -2,7 +2,7 @@
class role::kubernetes::staging::etcd {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::etcd
include ::profile::etcd::auth
}
diff --git a/modules/role/manifests/kubernetes/staging/master.pp
b/modules/role/manifests/kubernetes/staging/master.pp
index bb1934f..027e1c0 100644
--- a/modules/role/manifests/kubernetes/staging/master.pp
+++ b/modules/role/manifests/kubernetes/staging/master.pp
@@ -1,6 +1,6 @@
class role::kubernetes::staging::master {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
# Sets up docker on the machine
include ::profile::kubernetes::master
diff --git a/modules/role/manifests/kubernetes/staging/worker.pp
b/modules/role/manifests/kubernetes/staging/worker.pp
index 510a61c..e142cf4 100644
--- a/modules/role/manifests/kubernetes/staging/worker.pp
+++ b/modules/role/manifests/kubernetes/staging/worker.pp
@@ -1,6 +1,6 @@
class role::kubernetes::staging::worker {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
# Sets up docker on the machine
include ::profile::docker::storage
diff --git a/modules/role/manifests/kubernetes/worker.pp
b/modules/role/manifests/kubernetes/worker.pp
index bdd1e4e..7d155d2 100644
--- a/modules/role/manifests/kubernetes/worker.pp
+++ b/modules/role/manifests/kubernetes/worker.pp
@@ -1,6 +1,6 @@
class role::kubernetes::worker {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
# Sets up docker on the machine
include ::profile::docker::storage
diff --git a/modules/role/manifests/labs/db/proxy.pp
b/modules/role/manifests/labs/db/proxy.pp
index c47aaab..84eeff3 100644
--- a/modules/role/manifests/labs/db/proxy.pp
+++ b/modules/role/manifests/labs/db/proxy.pp
@@ -9,7 +9,7 @@
include ::standard
include passwords::labs::db::proxy
- include ::base::firewall
+ include ::profile::base::firewall
$admin_user = $passwords::labs::db::proxy::admin_user
$admin_password = $passwords::labs::db::proxy::admin_password
diff --git a/modules/role/manifests/labs/db/replica.pp
b/modules/role/manifests/labs/db/replica.pp
index 943d6cf..8befc00 100644
--- a/modules/role/manifests/labs/db/replica.pp
+++ b/modules/role/manifests/labs/db/replica.pp
@@ -8,7 +8,7 @@
class { 'mariadb::packages_wmf': }
class { 'mariadb::service': }
include role::mariadb::monitor
- include ::base::firewall
+ include ::profile::base::firewall
ferm::service{ 'mariadb_labs_db_replica':
proto => 'tcp',
diff --git a/modules/role/manifests/labs/novaproxy.pp
b/modules/role/manifests/labs/novaproxy.pp
index 34ebe6d..135532c 100644
--- a/modules/role/manifests/labs/novaproxy.pp
+++ b/modules/role/manifests/labs/novaproxy.pp
@@ -7,7 +7,7 @@
$active_proxy,
$use_ssl = true,
) {
- include ::base::firewall
+ include ::profile::base::firewall
$proxy_nodes = join($all_proxies, ' ')
# Open up redis to all proxies!
diff --git a/modules/role/manifests/labs/puppetmaster/backend.pp
b/modules/role/manifests/labs/puppetmaster/backend.pp
index 91ad863..9b357e5 100644
--- a/modules/role/manifests/labs/puppetmaster/backend.pp
+++ b/modules/role/manifests/labs/puppetmaster/backend.pp
@@ -18,7 +18,7 @@
$allow_from = flatten([$labs_instance_range, $labs_metal,
'.wikimedia.org'])
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::puppetmaster::labsenc
include ::profile::puppetmaster::labsencapi
diff --git a/modules/role/manifests/labs/puppetmaster/frontend.pp
b/modules/role/manifests/labs/puppetmaster/frontend.pp
index c14319d..e884a6f 100644
--- a/modules/role/manifests/labs/puppetmaster/frontend.pp
+++ b/modules/role/manifests/labs/puppetmaster/frontend.pp
@@ -30,7 +30,7 @@
# Only allow puppet access from the instances
$allow_from = flatten([$labs_instance_range, $labs_metal,
'.wikimedia.org'])
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::backup::host
include ::profile::puppetmaster::labsenc
diff --git a/modules/role/manifests/logging/mediawiki/udp2log.pp
b/modules/role/manifests/logging/mediawiki/udp2log.pp
index 8268270..a0b9318 100644
--- a/modules/role/manifests/logging/mediawiki/udp2log.pp
+++ b/modules/role/manifests/logging/mediawiki/udp2log.pp
@@ -13,7 +13,7 @@
description => 'MediaWiki log collector',
}
- include ::base::firewall
+ include ::profile::base::firewall
# Rsync archived slow-parse logs to dumps.wikimedia.org.
# These are available for download at
http://dumps.wikimedia.org/other/slow-parse/
diff --git a/modules/role/manifests/logstash/collector.pp
b/modules/role/manifests/logstash/collector.pp
index 7113d5a..c521093 100644
--- a/modules/role/manifests/logstash/collector.pp
+++ b/modules/role/manifests/logstash/collector.pp
@@ -13,7 +13,7 @@
) {
include ::role::logstash::elasticsearch
include ::logstash
- include ::base::firewall
+ include ::profile::base::firewall
nrpe::monitor_service { 'logstash':
description => 'logstash process',
diff --git a/modules/role/manifests/logstash/elasticsearch.pp
b/modules/role/manifests/logstash/elasticsearch.pp
index c81695c..d8fe82e 100644
--- a/modules/role/manifests/logstash/elasticsearch.pp
+++ b/modules/role/manifests/logstash/elasticsearch.pp
@@ -6,7 +6,7 @@
class role::logstash::elasticsearch {
include ::standard
include ::elasticsearch::monitor::diamond
- include ::base::firewall
+ include ::profile::base::firewall
# the logstash cluster has 3 data nodes, and each shard has 3 replica (each
#shard is present on each node). If one node is lost, 1/3 of the shards
diff --git a/modules/role/manifests/mail/mx.pp
b/modules/role/manifests/mail/mx.pp
index b8fdce9..295b41f 100644
--- a/modules/role/manifests/mail/mx.pp
+++ b/modules/role/manifests/mail/mx.pp
@@ -8,7 +8,7 @@
) {
include network::constants
include privateexim::aliases::private
- include ::base::firewall
+ include ::profile::base::firewall
system::role { 'mail::mx':
description => 'Mail router',
diff --git a/modules/role/manifests/maps/master.pp
b/modules/role/manifests/maps/master.pp
index 35fcd58..16f1bb4 100644
--- a/modules/role/manifests/maps/master.pp
+++ b/modules/role/manifests/maps/master.pp
@@ -1,7 +1,7 @@
# Sets up a maps server master
class role::maps::master {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::role::lvs::realserver
include ::profile::maps::apps
diff --git a/modules/role/manifests/maps/slave.pp
b/modules/role/manifests/maps/slave.pp
index 664ed3e..9dc3116 100644
--- a/modules/role/manifests/maps/slave.pp
+++ b/modules/role/manifests/maps/slave.pp
@@ -1,7 +1,7 @@
# Sets up a maps server slave
class role::maps::slave {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::role::lvs::realserver
include ::profile::maps::apps
diff --git a/modules/role/manifests/maps/test/master.pp
b/modules/role/manifests/maps/test/master.pp
index 6bbce94..1c5984f 100644
--- a/modules/role/manifests/maps/test/master.pp
+++ b/modules/role/manifests/maps/test/master.pp
@@ -1,7 +1,7 @@
# Sets up a maps server master
class role::maps::test::master {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::maps::apps
include ::profile::maps::cassandra
diff --git a/modules/role/manifests/maps/test/slave.pp
b/modules/role/manifests/maps/test/slave.pp
index c8e31f1..d76eb51 100644
--- a/modules/role/manifests/maps/test/slave.pp
+++ b/modules/role/manifests/maps/test/slave.pp
@@ -1,7 +1,7 @@
# Sets up a maps server slave
class role::maps::test::slave {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::maps::apps
include ::profile::maps::cassandra
diff --git a/modules/role/manifests/mariadb/core.pp
b/modules/role/manifests/mariadb/core.pp
index ccdb2a0..8e99e22 100644
--- a/modules/role/manifests/mariadb/core.pp
+++ b/modules/role/manifests/mariadb/core.pp
@@ -19,7 +19,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include role::mariadb::monitor
include passwords::misc::scripts
include role::mariadb::ferm
diff --git a/modules/role/manifests/mariadb/dbstore.pp
b/modules/role/manifests/mariadb/dbstore.pp
index 15746bc..72d9feb 100644
--- a/modules/role/manifests/mariadb/dbstore.pp
+++ b/modules/role/manifests/mariadb/dbstore.pp
@@ -14,7 +14,7 @@
include mariadb::service
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include passwords::misc::scripts
class { 'role::mariadb::grants::production':
diff --git a/modules/role/manifests/mariadb/dbstore_multiinstance.pp
b/modules/role/manifests/mariadb/dbstore_multiinstance.pp
index 6efd1b0..e54374d 100644
--- a/modules/role/manifests/mariadb/dbstore_multiinstance.pp
+++ b/modules/role/manifests/mariadb/dbstore_multiinstance.pp
@@ -4,7 +4,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
#FIXME:
ferm::service { 'dbstore_multiinstance':
proto => 'tcp',
diff --git a/modules/role/manifests/mariadb/labs_deprecated.pp
b/modules/role/manifests/mariadb/labs_deprecated.pp
index f2c2e2a..b409a4c 100644
--- a/modules/role/manifests/mariadb/labs_deprecated.pp
+++ b/modules/role/manifests/mariadb/labs_deprecated.pp
@@ -11,7 +11,7 @@
include role::mariadb::monitor
include passwords::misc::scripts
include role::mariadb::ferm
- include ::base::firewall
+ include ::profile::base::firewall
include role::labs::db::common
include role::labs::db::views
include role::labs::db::check_private_data
diff --git a/modules/role/manifests/mariadb/misc.pp
b/modules/role/manifests/mariadb/misc.pp
index 8de997c..412c2f8 100644
--- a/modules/role/manifests/mariadb/misc.pp
+++ b/modules/role/manifests/mariadb/misc.pp
@@ -21,7 +21,7 @@
include ::standard
include role::mariadb::monitor
include passwords::misc::scripts
- include ::base::firewall
+ include ::profile::base::firewall
include role::mariadb::ferm
class { 'role::mariadb::groups':
mysql_group => 'misc',
diff --git a/modules/role/manifests/mariadb/misc/eventlogging.pp
b/modules/role/manifests/mariadb/misc/eventlogging.pp
index 1bf80c6..58d7b41 100644
--- a/modules/role/manifests/mariadb/misc/eventlogging.pp
+++ b/modules/role/manifests/mariadb/misc/eventlogging.pp
@@ -18,7 +18,7 @@
include ::standard
include role::mariadb::monitor::dba
include passwords::misc::scripts
- include ::base::firewall
+ include ::profile::base::firewall
include role::mariadb::ferm
class {'role::mariadb::groups':
diff --git a/modules/role/manifests/mariadb/misc/phabricator.pp
b/modules/role/manifests/mariadb/misc/phabricator.pp
index 1ed4192..9e528a8 100644
--- a/modules/role/manifests/mariadb/misc/phabricator.pp
+++ b/modules/role/manifests/mariadb/misc/phabricator.pp
@@ -25,7 +25,7 @@
include role::mariadb::monitor
include passwords::misc::scripts
- include ::base::firewall
+ include ::profile::base::firewall
include role::mariadb::ferm
class { 'role::mariadb::groups':
diff --git a/modules/role/manifests/mariadb/parsercache.pp
b/modules/role/manifests/mariadb/parsercache.pp
index 0fd04c1..34f1095 100644
--- a/modules/role/manifests/mariadb/parsercache.pp
+++ b/modules/role/manifests/mariadb/parsercache.pp
@@ -6,7 +6,7 @@
) {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include role::mariadb::monitor
include role::mariadb::ferm
include passwords::misc::scripts
diff --git a/modules/role/manifests/mariadb/sanitarium_multiinstance.pp
b/modules/role/manifests/mariadb/sanitarium_multiinstance.pp
index 15507a9..7e133ff 100644
--- a/modules/role/manifests/mariadb/sanitarium_multiinstance.pp
+++ b/modules/role/manifests/mariadb/sanitarium_multiinstance.pp
@@ -13,7 +13,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
#FIXME:
ferm::service { 'sanitarium_multiinstance':
proto => 'tcp',
diff --git a/modules/role/manifests/mariadb/sanitarium_multisource.pp
b/modules/role/manifests/mariadb/sanitarium_multisource.pp
index 497f4db..9a65f82 100644
--- a/modules/role/manifests/mariadb/sanitarium_multisource.pp
+++ b/modules/role/manifests/mariadb/sanitarium_multisource.pp
@@ -15,7 +15,7 @@
include ::standard
include passwords::misc::scripts
- include ::base::firewall
+ include ::profile::base::firewall
include role::mariadb::ferm
include role::labs::db::common
include role::labs::db::check_private_data
diff --git a/modules/role/manifests/mediawiki/imagescaler.pp
b/modules/role/manifests/mediawiki/imagescaler.pp
index 61dde79..89cfe19 100644
--- a/modules/role/manifests/mediawiki/imagescaler.pp
+++ b/modules/role/manifests/mediawiki/imagescaler.pp
@@ -5,6 +5,6 @@
include ::role::mediawiki::webserver
include ::profile::prometheus::apache_exporter
include ::profile::prometheus::hhvm_exporter
- include ::base::firewall
+ include ::profile::base::firewall
include ::threedtopng::deploy
}
diff --git a/modules/role/manifests/mediawiki/videoscaler.pp
b/modules/role/manifests/mediawiki/videoscaler.pp
index 62544c5..8c9580c 100644
--- a/modules/role/manifests/mediawiki/videoscaler.pp
+++ b/modules/role/manifests/mediawiki/videoscaler.pp
@@ -9,7 +9,7 @@
include ::profile::prometheus::apache_exporter
include ::profile::prometheus::hhvm_exporter
include ::profile::mediawiki::jobrunner
- include ::base::firewall
+ include ::profile::base::firewall
# Change the apache2.conf Timeout setting
augeas { 'apache timeout':
diff --git a/modules/role/manifests/mediawiki_maintenance.pp
b/modules/role/manifests/mediawiki_maintenance.pp
index aba34f8..c98cfb5 100644
--- a/modules/role/manifests/mediawiki_maintenance.pp
+++ b/modules/role/manifests/mediawiki_maintenance.pp
@@ -1,6 +1,6 @@
class role::mediawiki_maintenance {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
# Mediawiki
include ::role::mediawiki::common
diff --git a/modules/role/manifests/memcached.pp
b/modules/role/manifests/memcached.pp
index 07c19eb..dd214c0 100644
--- a/modules/role/manifests/memcached.pp
+++ b/modules/role/manifests/memcached.pp
@@ -6,7 +6,7 @@
include ::standard
include ::base::mysterious_sysctl
- include ::base::firewall
+ include ::profile::base::firewall
include profile::memcached::instance
include profile::memcached::memkeys
}
diff --git a/modules/role/manifests/microsites/peopleweb.pp
b/modules/role/manifests/microsites/peopleweb.pp
index 30e0ec1..6d45e26 100644
--- a/modules/role/manifests/microsites/peopleweb.pp
+++ b/modules/role/manifests/microsites/peopleweb.pp
@@ -2,7 +2,7 @@
class role::microsites::peopleweb {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::backup::host
class { '::publichtml':
diff --git a/modules/role/manifests/mirrors.pp
b/modules/role/manifests/mirrors.pp
index 5b3e3e6..5af8128 100644
--- a/modules/role/manifests/mirrors.pp
+++ b/modules/role/manifests/mirrors.pp
@@ -9,7 +9,7 @@
include mirrors::serve
include mirrors::tails
- include ::base::firewall
+ include ::profile::base::firewall
include mirrors::ubuntu
nrpe::monitor_service {'check_ubuntu_mirror':
diff --git a/modules/role/manifests/mw_rc_irc.pp
b/modules/role/manifests/mw_rc_irc.pp
index d8b28d0..8480360 100644
--- a/modules/role/manifests/mw_rc_irc.pp
+++ b/modules/role/manifests/mw_rc_irc.pp
@@ -4,7 +4,7 @@
system::role { 'mw_rc_irc': description => 'MW Changes IRC Broadcast
Server' }
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::passwords::udpmxircecho
include ::profile::mw_rc_irc
diff --git a/modules/role/manifests/network/monitor.pp
b/modules/role/manifests/network/monitor.pp
index 9a02d6c..176ce8a 100644
--- a/modules/role/manifests/network/monitor.pp
+++ b/modules/role/manifests/network/monitor.pp
@@ -1,7 +1,7 @@
class role::network::monitor {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::passwords::network
include ::profile::prometheus::snmp_exporter
}
diff --git a/modules/role/manifests/ocg.pp b/modules/role/manifests/ocg.pp
index d58d9fc..c4679b3 100644
--- a/modules/role/manifests/ocg.pp
+++ b/modules/role/manifests/ocg.pp
@@ -4,7 +4,7 @@
#
# filtertags: labs-project-deployment-prep labs-project-ocg
class role::ocg {
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
# size of tmpfs filesystem
diff --git a/modules/role/manifests/openldap/corp.pp
b/modules/role/manifests/openldap/corp.pp
index 389ce4f..39c0de0 100644
--- a/modules/role/manifests/openldap/corp.pp
+++ b/modules/role/manifests/openldap/corp.pp
@@ -4,7 +4,7 @@
class role::openldap::corp {
include passwords::openldap::corp
include ::profile::backup::host
- include ::base::firewall
+ include ::profile::base::firewall
system::role { 'openldap::corp':
description => 'Corp OIT openldap Mirror server'
diff --git a/modules/role/manifests/openldap/labs.pp
b/modules/role/manifests/openldap/labs.pp
index 4617665..5fd79f8 100644
--- a/modules/role/manifests/openldap/labs.pp
+++ b/modules/role/manifests/openldap/labs.pp
@@ -2,7 +2,7 @@
class role::openldap::labs {
include passwords::openldap::labs
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::backup::host
$ldapconfig = hiera_hash('labsldapconfig', {})
diff --git a/modules/role/manifests/openldap/labtest.pp
b/modules/role/manifests/openldap/labtest.pp
index 172f44e..acd7b0d 100644
--- a/modules/role/manifests/openldap/labtest.pp
+++ b/modules/role/manifests/openldap/labtest.pp
@@ -3,7 +3,7 @@
class role::openldap::labtest {
include passwords::openldap::labtest
- include ::base::firewall
+ include ::profile::base::firewall
$ldapconfig = hiera_hash('labsldapconfig', {})
$ldap_labs_hostname = $ldapconfig['hostname']
diff --git a/modules/role/manifests/ores/stresstest.pp
b/modules/role/manifests/ores/stresstest.pp
index 600ec09..596dc1c 100644
--- a/modules/role/manifests/ores/stresstest.pp
+++ b/modules/role/manifests/ores/stresstest.pp
@@ -1,7 +1,7 @@
# Temporary role class for T169246
class role::ores::stresstest {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::ores::worker
include ::profile::ores::web
diff --git a/modules/role/manifests/osm/master.pp
b/modules/role/manifests/osm/master.pp
index 58fa6dd..09ebb80 100644
--- a/modules/role/manifests/osm/master.pp
+++ b/modules/role/manifests/osm/master.pp
@@ -21,7 +21,7 @@
include postgresql::postgis
include osm
include passwords::osm
- include ::base::firewall
+ include ::profile::base::firewall
class { 'postgresql::master':
diff --git a/modules/role/manifests/osm/slave.pp
b/modules/role/manifests/osm/slave.pp
index b1f9d17..f59883b 100644
--- a/modules/role/manifests/osm/slave.pp
+++ b/modules/role/manifests/osm/slave.pp
@@ -4,7 +4,7 @@
include role::osm::common
include postgresql::postgis
include passwords::osm
- include ::base::firewall
+ include ::profile::base::firewall
# Note: This is here to illustrate the fact that the slave is expected to
# have the same dbs as the master.
#postgresql::spatialdb { 'gis': }
diff --git a/modules/role/manifests/package/builder.pp
b/modules/role/manifests/package/builder.pp
index b528d0b..1e9105b 100644
--- a/modules/role/manifests/package/builder.pp
+++ b/modules/role/manifests/package/builder.pp
@@ -5,7 +5,7 @@
# filtertags: labs-project-deployment-prep labs-project-packaging
labs-project-tools
class role::package::builder {
include ::package_builder
- include ::base::firewall
+ include ::profile::base::firewall
system::role { 'package::builder':
description => 'Debian package builder'
diff --git a/modules/role/manifests/parsoid.pp
b/modules/role/manifests/parsoid.pp
index db58d4a..5e71c11 100644
--- a/modules/role/manifests/parsoid.pp
+++ b/modules/role/manifests/parsoid.pp
@@ -8,7 +8,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
if hiera('has_lvs', true) {
include role::lvs::realserver
diff --git a/modules/role/manifests/paws_internal/jupyterhub.pp
b/modules/role/manifests/paws_internal/jupyterhub.pp
index 2ec44a1..d04a612 100644
--- a/modules/role/manifests/paws_internal/jupyterhub.pp
+++ b/modules/role/manifests/paws_internal/jupyterhub.pp
@@ -4,7 +4,7 @@
# See https://wikitech.wikimedia.org/wiki/PAWS/Internal for more info
class role::paws_internal::jupyterhub {
- include ::base::firewall
+ include ::profile::base::firewall
include ::statistics::packages
class { '::jupyterhub':
diff --git a/modules/role/manifests/phabricator_server.pp
b/modules/role/manifests/phabricator_server.pp
index a0ce220..cbb85df 100644
--- a/modules/role/manifests/phabricator_server.pp
+++ b/modules/role/manifests/phabricator_server.pp
@@ -9,7 +9,7 @@
include ::standard
include ::lvs::realserver
- include ::base::firewall
+ include ::profile::base::firewall
include ::apache::mod::remoteip
include ::profile::backup::host
include ::profile::phabricator::main
diff --git a/modules/role/manifests/poolcounter/server.pp
b/modules/role/manifests/poolcounter/server.pp
index dcea95f..03726f9 100644
--- a/modules/role/manifests/poolcounter/server.pp
+++ b/modules/role/manifests/poolcounter/server.pp
@@ -2,7 +2,7 @@
class role::poolcounter::server {
include ::standard
include ::poolcounter
- include ::base::firewall
+ include ::profile::base::firewall
system::role { 'poolcounter':
description => 'PoolCounter server',
diff --git a/modules/role/manifests/postgres/master.pp
b/modules/role/manifests/postgres/master.pp
index fe06b89..9b57e7a 100644
--- a/modules/role/manifests/postgres/master.pp
+++ b/modules/role/manifests/postgres/master.pp
@@ -2,7 +2,7 @@
include role::postgres::common
include ::postgresql::postgis
include ::passwords::postgres
- include ::base::firewall
+ include ::profile::base::firewall
class { 'postgresql::master':
includes => 'tuning.conf',
diff --git a/modules/role/manifests/prometheus/global.pp
b/modules/role/manifests/prometheus/global.pp
index e2d9fcd..3d7231b 100644
--- a/modules/role/manifests/prometheus/global.pp
+++ b/modules/role/manifests/prometheus/global.pp
@@ -1,5 +1,5 @@
class role::prometheus::global {
- include ::base::firewall
+ include ::profile::base::firewall
# Pull selected metrics from all DC-local Prometheus servers.
$federation_jobs = [
diff --git a/modules/role/manifests/prometheus/ops.pp
b/modules/role/manifests/prometheus/ops.pp
index 1610242..eb7017e 100644
--- a/modules/role/manifests/prometheus/ops.pp
+++ b/modules/role/manifests/prometheus/ops.pp
@@ -4,7 +4,7 @@
# filtertags: labs-project-monitoring
class role::prometheus::ops {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
$targets_path = '/srv/prometheus/ops/targets'
$storage_retention = hiera('prometheus::server::storage_retention',
'2190h0m0s')
diff --git a/modules/role/manifests/prometheus/services.pp
b/modules/role/manifests/prometheus/services.pp
index 80b7480..3731409 100644
--- a/modules/role/manifests/prometheus/services.pp
+++ b/modules/role/manifests/prometheus/services.pp
@@ -4,7 +4,7 @@
# filtertags: labs-project-monitoring
class role::prometheus::services {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
$targets_path = '/srv/prometheus/services/targets'
$storage_retention = hiera('prometheus::server::storage_retention',
'2190h0m0s')
diff --git a/modules/role/manifests/puppet/self.pp
b/modules/role/manifests/puppet/self.pp
index 4c32133..431ef1f 100644
--- a/modules/role/manifests/puppet/self.pp
+++ b/modules/role/manifests/puppet/self.pp
@@ -46,7 +46,7 @@
include puppetmaster::gitsync
}
- # Allow access to the Puppetmaster when ::base::firewall is applied
+ # Allow access to the Puppetmaster when ::profile::base::firewall is
applied
ferm::service { 'puppetmaster-self':
proto => 'tcp',
port => 8140,
diff --git a/modules/role/manifests/puppetmaster/backend.pp
b/modules/role/manifests/puppetmaster/backend.pp
index eac3ed1..2cebfe9 100644
--- a/modules/role/manifests/puppetmaster/backend.pp
+++ b/modules/role/manifests/puppetmaster/backend.pp
@@ -6,7 +6,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::puppetmaster::backend
diff --git a/modules/role/manifests/puppetmaster/frontend.pp
b/modules/role/manifests/puppetmaster/frontend.pp
index f6ee73d..b46390d 100644
--- a/modules/role/manifests/puppetmaster/frontend.pp
+++ b/modules/role/manifests/puppetmaster/frontend.pp
@@ -5,7 +5,7 @@
description => 'Puppetmaster frontend'
}
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::backup::host
diff --git a/modules/role/manifests/puppetmaster/puppetdb.pp
b/modules/role/manifests/puppetmaster/puppetdb.pp
index 0d5f803..a44eca4 100644
--- a/modules/role/manifests/puppetmaster/puppetdb.pp
+++ b/modules/role/manifests/puppetmaster/puppetdb.pp
@@ -3,7 +3,7 @@
$shared_buffers = '7680MB'
) {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::passwords::postgres
$master = hiera('puppetmaster::puppetdb::master')
diff --git a/modules/role/manifests/pybaltest.pp
b/modules/role/manifests/pybaltest.pp
index ea0ae26..a8bceef 100644
--- a/modules/role/manifests/pybaltest.pp
+++ b/modules/role/manifests/pybaltest.pp
@@ -3,7 +3,7 @@
description => 'pybal testing/development'
}
- include ::base::firewall
+ include ::profile::base::firewall
$pybaltest_hosts_ferm = join(hiera('pybaltest::hosts'), ' ')
ferm::service { 'pybaltest-http':
diff --git a/modules/role/manifests/releases.pp
b/modules/role/manifests/releases.pp
index 426ddec..826f26f 100644
--- a/modules/role/manifests/releases.pp
+++ b/modules/role/manifests/releases.pp
@@ -9,7 +9,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::backup::host
include ::profile::releases::mediawiki
include ::profile::releases::reprepro
diff --git a/modules/role/manifests/requesttracker/upgradetest.pp
b/modules/role/manifests/requesttracker/upgradetest.pp
index e5d453e..b1fda3b 100644
--- a/modules/role/manifests/requesttracker/upgradetest.pp
+++ b/modules/role/manifests/requesttracker/upgradetest.pp
@@ -3,7 +3,7 @@
system::role { 'requesttracker::upgradetest': description => 'temp test
setup for RT migration to jessie' }
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include rsync::server
# copy db dump from slave via rsync
diff --git a/modules/role/manifests/restbase/base.pp
b/modules/role/manifests/restbase/base.pp
index e96d2d6..a9f131c 100644
--- a/modules/role/manifests/restbase/base.pp
+++ b/modules/role/manifests/restbase/base.pp
@@ -2,7 +2,7 @@
#
class role::restbase::base{
include ::passwords::cassandra
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
include ::profile::cassandra
diff --git a/modules/role/manifests/restbase/production_ng.pp
b/modules/role/manifests/restbase/production_ng.pp
index 7e6a20c..468cb39 100644
--- a/modules/role/manifests/restbase/production_ng.pp
+++ b/modules/role/manifests/restbase/production_ng.pp
@@ -3,7 +3,7 @@
# Configures the production cluster (next-gen)
class role::restbase::production_ng {
include ::passwords::cassandra
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
include ::profile::cassandra
system::role { 'restbase': description => 'Restbase (Cassandra 3.x-only)' }
diff --git a/modules/role/manifests/sca.pp b/modules/role/manifests/sca.pp
index dd0a104..325edd3 100644
--- a/modules/role/manifests/sca.pp
+++ b/modules/role/manifests/sca.pp
@@ -4,7 +4,7 @@
include role::zotero
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
if $::realm == 'production' {
include ::lvs::realserver
}
diff --git a/modules/role/manifests/scb.pp b/modules/role/manifests/scb.pp
index 8309a1c..6e75f09 100644
--- a/modules/role/manifests/scb.pp
+++ b/modules/role/manifests/scb.pp
@@ -14,7 +14,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include role::lvs::realserver
# Ores
diff --git a/modules/role/manifests/security/tools.pp
b/modules/role/manifests/security/tools.pp
index 2559f8d..3a176ae 100644
--- a/modules/role/manifests/security/tools.pp
+++ b/modules/role/manifests/security/tools.pp
@@ -1,5 +1,5 @@
class role::security::tools {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
}
diff --git a/modules/role/manifests/snapshot/common.pp
b/modules/role/manifests/snapshot/common.pp
index e0c929c..bef004b 100644
--- a/modules/role/manifests/snapshot/common.pp
+++ b/modules/role/manifests/snapshot/common.pp
@@ -1,7 +1,7 @@
class role::snapshot::common {
include ::dumps::deprecated::user
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
# mw packages and dependencies, dataset server nfs mount,
# config files, stages files, dblists, html templates
diff --git a/modules/role/manifests/spare/system.pp
b/modules/role/manifests/spare/system.pp
index 6d69e47..1dbe4d3 100644
--- a/modules/role/manifests/spare/system.pp
+++ b/modules/role/manifests/spare/system.pp
@@ -10,7 +10,7 @@
# filtertags: labs-project-puppet
class role::spare::system {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
system::role { 'spare::system': description => 'Unused spare system' }
}
diff --git a/modules/role/manifests/swift/proxy.pp
b/modules/role/manifests/swift/proxy.pp
index b5ef131..5e20e8f 100644
--- a/modules/role/manifests/swift/proxy.pp
+++ b/modules/role/manifests/swift/proxy.pp
@@ -7,7 +7,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::swift::params
include ::swift
include ::swift::ring
diff --git a/modules/role/manifests/swift/storage.pp
b/modules/role/manifests/swift/storage.pp
index b385bc5..3aacd49 100644
--- a/modules/role/manifests/swift/storage.pp
+++ b/modules/role/manifests/swift/storage.pp
@@ -5,7 +5,7 @@
}
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::swift::params
include ::swift
include ::swift::ring
diff --git a/modules/role/manifests/syslog/centralserver.pp
b/modules/role/manifests/syslog/centralserver.pp
index b821e73..ac7b4c1 100644
--- a/modules/role/manifests/syslog/centralserver.pp
+++ b/modules/role/manifests/syslog/centralserver.pp
@@ -5,7 +5,7 @@
class role::syslog::centralserver {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::backup::host
system::role { 'syslog::centralserver':
diff --git a/modules/role/manifests/tendril.pp
b/modules/role/manifests/tendril.pp
index 8a63e00..82c4af9 100644
--- a/modules/role/manifests/tendril.pp
+++ b/modules/role/manifests/tendril.pp
@@ -2,7 +2,7 @@
# tendril: MariaDB Analytics
class role::tendril {
- include ::base::firewall
+ include ::profile::base::firewall
include ::standard
system::role { 'tendril': description => 'tendril server' }
diff --git a/modules/role/manifests/test.pp b/modules/role/manifests/test.pp
index 85c9c6c..e6f584e 100644
--- a/modules/role/manifests/test.pp
+++ b/modules/role/manifests/test.pp
@@ -3,7 +3,7 @@
# filtertags: labs-project-puppet
class role::test {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
system::role { 'test': description => 'Unpuppetised system for testing' }
}
diff --git a/modules/role/manifests/thumbor/mediawiki.pp
b/modules/role/manifests/thumbor/mediawiki.pp
index 2cfb847..c4ad1d4 100644
--- a/modules/role/manifests/thumbor/mediawiki.pp
+++ b/modules/role/manifests/thumbor/mediawiki.pp
@@ -6,7 +6,7 @@
class role::thumbor::mediawiki {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::mediawiki::packages::fonts
include role::statsite
diff --git a/modules/role/manifests/toollabs/elasticsearch.pp
b/modules/role/manifests/toollabs/elasticsearch.pp
index a1455d5..355e5e3 100644
--- a/modules/role/manifests/toollabs/elasticsearch.pp
+++ b/modules/role/manifests/toollabs/elasticsearch.pp
@@ -4,7 +4,7 @@
#
# filtertags: labs-project-tools
class role::toollabs::elasticsearch {
- include ::base::firewall
+ include ::profile::base::firewall
include ::elasticsearch
class { '::nginx':
diff --git a/modules/role/manifests/toollabs/etcd/flannel.pp
b/modules/role/manifests/toollabs/etcd/flannel.pp
index 5a5a66f..98d8e94 100644
--- a/modules/role/manifests/toollabs/etcd/flannel.pp
+++ b/modules/role/manifests/toollabs/etcd/flannel.pp
@@ -2,7 +2,7 @@
class role::toollabs::etcd::flannel {
include ::etcd
- include ::base::firewall
+ include ::profile::base::firewall
include ::role::toollabs::etcd::expose_metrics
$worker_hosts = join(hiera('k8s::worker_hosts'), ' ')
diff --git a/modules/role/manifests/toollabs/etcd/k8s.pp
b/modules/role/manifests/toollabs/etcd/k8s.pp
index 0ea5875..31ba71e 100644
--- a/modules/role/manifests/toollabs/etcd/k8s.pp
+++ b/modules/role/manifests/toollabs/etcd/k8s.pp
@@ -1,7 +1,7 @@
# filtertags: labs-project-tools
class role::toollabs::etcd::k8s {
include ::etcd
- include ::base::firewall
+ include ::profile::base::firewall
include ::role::toollabs::etcd::expose_metrics
diff --git a/modules/role/manifests/toollabs/k8s/master.pp
b/modules/role/manifests/toollabs/k8s/master.pp
index 81647b4..7d2bab8 100644
--- a/modules/role/manifests/toollabs/k8s/master.pp
+++ b/modules/role/manifests/toollabs/k8s/master.pp
@@ -2,7 +2,7 @@
class role::toollabs::k8s::master(
$use_puppet_certs = false,
) {
- include ::base::firewall
+ include ::profile::base::firewall
include ::toollabs::infrastructure
$master_host = hiera('k8s::master_host', $::fqdn)
diff --git a/modules/role/manifests/toollabs/logging/centralserver.pp
b/modules/role/manifests/toollabs/logging/centralserver.pp
index a0a2e92..b7a345a 100644
--- a/modules/role/manifests/toollabs/logging/centralserver.pp
+++ b/modules/role/manifests/toollabs/logging/centralserver.pp
@@ -2,7 +2,7 @@
#
# filtertags: labs-project-tools
class role::toollabs::logging::centralserver {
- include ::base::firewall
+ include ::profile::base::firewall
system::role { 'tools::logreceiver':
description => 'Central syslog server',
diff --git a/modules/role/manifests/tor_relay.pp
b/modules/role/manifests/tor_relay.pp
index 651b115..387c1c5 100644
--- a/modules/role/manifests/tor_relay.pp
+++ b/modules/role/manifests/tor_relay.pp
@@ -1,7 +1,7 @@
# set up a Tor relay (https://www.torproject.org/)
class role::tor_relay {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::tor::relay
system::role { 'tor_relay':
diff --git a/modules/role/manifests/wdqs.pp b/modules/role/manifests/wdqs.pp
index 1821689..54a98fb 100644
--- a/modules/role/manifests/wdqs.pp
+++ b/modules/role/manifests/wdqs.pp
@@ -3,7 +3,7 @@
# This class sets up Wikidata Query Service
class role::wdqs {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::role::lvs::realserver
include ::profile::wdqs
diff --git a/modules/role/manifests/wdqs/labs.pp
b/modules/role/manifests/wdqs/labs.pp
index 3bd48ec..fed5226 100644
--- a/modules/role/manifests/wdqs/labs.pp
+++ b/modules/role/manifests/wdqs/labs.pp
@@ -7,7 +7,7 @@
require role::labs::lvm::srv
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
include ::profile::wdqs
system::role { 'wdqs':
diff --git a/modules/role/manifests/webperf.pp
b/modules/role/manifests/webperf.pp
index 80b8388..d26ed59 100644
--- a/modules/role/manifests/webperf.pp
+++ b/modules/role/manifests/webperf.pp
@@ -6,7 +6,7 @@
class role::webperf {
include ::standard
- include ::base::firewall
+ include ::profile::base::firewall
$statsd = hiera('statsd')
$statsd_parts = split($statsd, ':')
diff --git a/modules/role/manifests/wikimania_scholarships.pp
b/modules/role/manifests/wikimania_scholarships.pp
index 1912b23..eb6954c 100644
--- a/modules/role/manifests/wikimania_scholarships.pp
+++ b/modules/role/manifests/wikimania_scholarships.pp
@@ -4,7 +4,7 @@
#
class role::wikimania_scholarships {
- include ::base::firewall
+ include ::profile::base::firewall
class { '::wikimania_scholarships':
hostname => 'scholarships.wikimedia.org',
diff --git a/modules/toollabs/manifests/proxy.pp
b/modules/toollabs/manifests/proxy.pp
index 63953dd..a5d2d14 100644
--- a/modules/toollabs/manifests/proxy.pp
+++ b/modules/toollabs/manifests/proxy.pp
@@ -9,7 +9,7 @@
include ::toollabs::infrastructure
include ::redis::client::python
- include ::base::firewall
+ include ::profile::base::firewall
if $ssl_install_certificate {
sslcert::certificate { $ssl_certificate_name:
--
To view, visit https://gerrit.wikimedia.org/r/383519
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I4a30e491f5861aa00c959d04a4974abe053d55b6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
