Hello Ema, Alexandros Kosiaris, jenkins-bot,
I'd like you to do a code review. Please visit
https://gerrit.wikimedia.org/r/393628
to review the following change.
Change subject: Revert "cp/lvs: prevent accidental iptables kmods"
......................................................................
Revert "cp/lvs: prevent accidental iptables kmods"
This reverts commit 573604d8faa6c0187872ea48358834434702383c.
Change-Id: Ief1c7df0cc3ad187c351df9572b1f90588f31bf1
---
M hieradata/role/common/cache/canary.yaml
M modules/lvs/manifests/kernel_config.pp
M modules/profile/manifests/cache/base.pp
3 files changed, 0 insertions(+), 14 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/28/393628/1
diff --git a/hieradata/role/common/cache/canary.yaml
b/hieradata/role/common/cache/canary.yaml
index 7481201..ca89252 100644
--- a/hieradata/role/common/cache/canary.yaml
+++ b/hieradata/role/common/cache/canary.yaml
@@ -88,7 +88,6 @@
- lru_interval=31
profile::cache::base::admission_policy: 'exp'
profile::cache::base::varnish_version: 5
-profile::cache::base::allow_iptables: true
# Profile::cache::ssl::unified
profile::cache::ssl::unified::monitoring: true
profile::cache::ssl::unified::letsencrypt: false
diff --git a/modules/lvs/manifests/kernel_config.pp
b/modules/lvs/manifests/kernel_config.pp
index c0394ff..22b177a 100644
--- a/modules/lvs/manifests/kernel_config.pp
+++ b/modules/lvs/manifests/kernel_config.pp
@@ -13,11 +13,6 @@
notify => Exec['update-initramfs'],
}
- # Prevent accidental iptables module loads
- kmod::blacklist { 'lvs-bl':
- modules => ['x_tables'],
- }
-
sysctl::parameters { 'lvs':
values => {
# Turn OFF RP filter
diff --git a/modules/profile/manifests/cache/base.pp
b/modules/profile/manifests/cache/base.pp
index 6fc84a6..373cf29 100644
--- a/modules/profile/manifests/cache/base.pp
+++ b/modules/profile/manifests/cache/base.pp
@@ -23,7 +23,6 @@
$logstash_host = hiera('logstash_host', undef),
$logstash_syslog_port = hiera('logstash_syslog_port', undef),
$log_slow_request_threshold =
hiera('profile::cache::base::log_slow_request_threshold', '60.0'),
- $allow_iptables = hiera('profile::cache::base::allow_iptables', false),
) {
# There is no better way to do this, so it can't be a class parameter. In
fact,
# I consider our requirement to make hiera calls parameters
@@ -46,13 +45,6 @@
# Globals we need to include
include ::lvs::configuration
include ::network::constants
-
- if ! $allow_iptables {
- # Prevent accidental iptables module loads
- kmod::blacklist { 'cp-bl':
- modules => ['x_tables'],
- }
- }
class { 'conftool::scripts': }
--
To view, visit https://gerrit.wikimedia.org/r/393628
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ief1c7df0cc3ad187c351df9572b1f90588f31bf1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Ema <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
