[MediaWiki-commits] [Gerrit] operations/puppet[production]: ntp: Update neon specific ACLs to be more generic

2016-10-19 Thread Alexandros Kosiaris (Code Review) 
Alexandros Kosiaris has submitted this change and it was merged.

Change subject: ntp: Update neon specific ACLs to be more generic
..


ntp: Update neon specific ACLs to be more generic

Use network::constants monitoring_hosts instead if the specific neon ACL

Change-Id: I07565ad25cf58f462baa74225cdb28a334c78e7e
---
M manifests/role/ntp.pp
M modules/standard/manifests/ntp.pp
M modules/standard/manifests/ntp/client.pp
3 files changed, 7 insertions(+), 7 deletions(-)

Approvals:
  Alexandros Kosiaris: Verified; Looks good to me, approved



diff --git a/manifests/role/ntp.pp b/manifests/role/ntp.pp
index 74dd8dd..ffd9a5e 100644
--- a/manifests/role/ntp.pp
+++ b/manifests/role/ntp.pp
@@ -78,7 +78,7 @@
 servers   => $peer_upstreams[$::fqdn],
 peers => delete($wmf_all_peers, $::fqdn),
 time_acl  => $our_networks_acl,
-query_acl => $::standard::ntp::neon_acl,
+query_acl => $::standard::ntp::monitoring_acl,
 }
 
 ferm::service { 'ntp':
diff --git a/modules/standard/manifests/ntp.pp 
b/modules/standard/manifests/ntp.pp
index 0ed1c96..29ddcdd 100644
--- a/modules/standard/manifests/ntp.pp
+++ b/modules/standard/manifests/ntp.pp
@@ -2,6 +2,8 @@
 #
 # Basic common definitons used for NTP service configuration.
 class standard::ntp {
+include network::constants
+
 # These are our servers - they all peer to each other
 #   and sync to upstream NTP pool servers.
 $wmf_peers = {
@@ -20,11 +22,9 @@
 ulsfo => [],
 }
 
-# neon for ntp monitoring queries
-$neon_acl = [
-'208.80.154.14 mask 255.255.255.255',
-]
-
+# ntp monitoring queries
+# TODO: Make this realm independent
+$monitoring_acl = 
$network::constants::special_hosts['production']['monitoring_hosts']
 # Required for race-free ntpd startup, see 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436029 :
 require_package('lockfile-progs')
 }
diff --git a/modules/standard/manifests/ntp/client.pp 
b/modules/standard/manifests/ntp/client.pp
index 6c29ee6..8691708 100644
--- a/modules/standard/manifests/ntp/client.pp
+++ b/modules/standard/manifests/ntp/client.pp
@@ -16,7 +16,7 @@
 
 ntp::daemon { 'client':
 servers   => $client_upstreams[$::site],
-query_acl => $::standard::ntp::neon_acl,
+query_acl => $::standard::ntp::monitoring_acl,
 }
 
 monitoring::service { 'ntp':

-- 
To view, visit https://gerrit.wikimedia.org/r/315255
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I07565ad25cf58f462baa74225cdb28a334c78e7e
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris 
Gerrit-Reviewer: Alexandros Kosiaris 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: ntp: Update neon specific ACLs to be more generic

2016-10-11 Thread Alexandros Kosiaris (Code Review) 
Alexandros Kosiaris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/315255

Change subject: ntp: Update neon specific ACLs to be more generic
..

ntp: Update neon specific ACLs to be more generic

Use network::constants monitoring_hosts instead if the specific neon ACL

Change-Id: I07565ad25cf58f462baa74225cdb28a334c78e7e
---
M manifests/role/ntp.pp
M modules/standard/manifests/ntp.pp
M modules/standard/manifests/ntp/client.pp
3 files changed, 7 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/55/315255/1

diff --git a/manifests/role/ntp.pp b/manifests/role/ntp.pp
index 74dd8dd..ffd9a5e 100644
--- a/manifests/role/ntp.pp
+++ b/manifests/role/ntp.pp
@@ -78,7 +78,7 @@
 servers   => $peer_upstreams[$::fqdn],
 peers => delete($wmf_all_peers, $::fqdn),
 time_acl  => $our_networks_acl,
-query_acl => $::standard::ntp::neon_acl,
+query_acl => $::standard::ntp::monitoring_acl,
 }
 
 ferm::service { 'ntp':
diff --git a/modules/standard/manifests/ntp.pp 
b/modules/standard/manifests/ntp.pp
index 0ed1c96..29ddcdd 100644
--- a/modules/standard/manifests/ntp.pp
+++ b/modules/standard/manifests/ntp.pp
@@ -2,6 +2,8 @@
 #
 # Basic common definitons used for NTP service configuration.
 class standard::ntp {
+include network::constants
+
 # These are our servers - they all peer to each other
 #   and sync to upstream NTP pool servers.
 $wmf_peers = {
@@ -20,11 +22,9 @@
 ulsfo => [],
 }
 
-# neon for ntp monitoring queries
-$neon_acl = [
-'208.80.154.14 mask 255.255.255.255',
-]
-
+# ntp monitoring queries
+# TODO: Make this realm independent
+$monitoring_acl = 
$network::constants::special_hosts['production']['monitoring_hosts']
 # Required for race-free ntpd startup, see 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436029 :
 require_package('lockfile-progs')
 }
diff --git a/modules/standard/manifests/ntp/client.pp 
b/modules/standard/manifests/ntp/client.pp
index 6c29ee6..8691708 100644
--- a/modules/standard/manifests/ntp/client.pp
+++ b/modules/standard/manifests/ntp/client.pp
@@ -16,7 +16,7 @@
 
 ntp::daemon { 'client':
 servers   => $client_upstreams[$::site],
-query_acl => $::standard::ntp::neon_acl,
+query_acl => $::standard::ntp::monitoring_acl,
 }
 
 monitoring::service { 'ntp':

-- 
To view, visit https://gerrit.wikimedia.org/r/315255
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I07565ad25cf58f462baa74225cdb28a334c78e7e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits