Muehlenhoff has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/393240 )
Change subject: Restrict access to ferm service on mwlog* hosts
......................................................................
Restrict access to ferm service on mwlog* hosts
The rsyncd service is restricted to a set of hosts, so do the same for the
Ferm service.
Change-Id: I5df5cc6aa64cebfb2b47961a693a5707771ba42d
---
M modules/udp2log/manifests/rsyncd.pp
1 file changed, 4 insertions(+), 2 deletions(-)
Approvals:
Muehlenhoff: Verified; Looks good to me, approved
Filippo Giunchedi: Looks good to me, but someone else must approve
diff --git a/modules/udp2log/manifests/rsyncd.pp
b/modules/udp2log/manifests/rsyncd.pp
index 95dd456..7c3d316 100644
--- a/modules/udp2log/manifests/rsyncd.pp
+++ b/modules/udp2log/manifests/rsyncd.pp
@@ -26,8 +26,10 @@
hosts_allow => $hosts_allow;
}
+ $hosts_allowed_ferm = join($hosts_allow, ' ')
ferm::service { 'rsyncd':
- proto => 'tcp',
- port => '873',
+ proto => 'tcp',
+ port => '873',
+ srange => "@resolve((${hosts_allowed_ferm}))",
}
}
--
To view, visit https://gerrit.wikimedia.org/r/393240
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I5df5cc6aa64cebfb2b47961a693a5707771ba42d
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <[email protected]>
Gerrit-Reviewer: Filippo Giunchedi <[email protected]>
Gerrit-Reviewer: Muehlenhoff <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
