[MediaWiki-commits] [Gerrit] add ferm rule to only allow nrpe/5666 from intern - change (operations/puppet)

Tue, 19 Nov 2013 07:19:20 -0800 

Akosiaris has submitted this change and it was merged.

Change subject: add ferm rule to only allow nrpe/5666 from intern
......................................................................


add ferm rule to only allow nrpe/5666 from intern

RT #6342

PS2: i had it in role/gitblit
PS3: decided it should be in nrpe itself,
     then you can include nrpe in the gitblit role

Change-Id: I84658abc260664df4be29a72749518d780329855
---
M manifests/role/gitblit.pp
M modules/nrpe/manifests/init.pp
2 files changed, 7 insertions(+), 0 deletions(-)

Approvals:
  Akosiaris: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/manifests/role/gitblit.pp b/manifests/role/gitblit.pp
index 4cb84f1..e7a098a 100644
--- a/manifests/role/gitblit.pp
+++ b/manifests/role/gitblit.pp
@@ -16,4 +16,6 @@
     ferm::rule { 'gitblit_8080':
         rule => 'proto tcp dport 8080 { saddr $INTERNAL ACCEPT; DROP; }'
     }
+    # NRPE for monitoring
+    include nrpe
 }
diff --git a/modules/nrpe/manifests/init.pp b/modules/nrpe/manifests/init.pp
index 8138bc3..5cedff3 100644
--- a/modules/nrpe/manifests/init.pp
+++ b/modules/nrpe/manifests/init.pp
@@ -71,6 +71,11 @@
         require => Package['nagios-nrpe-server'],
     }
 
+    # firewall nrpe-server, only accept nrpe/5666 from internal
+    ferm::rule { 'nrpe_5666':
+        rule => 'proto tcp dport 5666 { saddr $INTERNAL ACCEPT; DROP; }'
+    }
+
     #Collect virtual nrpe checks
     File <| tag == 'nrpe::check' |> {
         require => Package['nagios-nrpe-server'],

-- 
To view, visit https://gerrit.wikimedia.org/r/96177
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I84658abc260664df4be29a72749518d780329855
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Akosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Hashar <has...@free.fr>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to