Muehlenhoff has uploaded a new change for review.
https://gerrit.wikimedia.org/r/316359
Change subject: Tighten access to oozie server
......................................................................
Tighten access to oozie server
We're getting rid of $INTERNAL, since it's needlessly broad. Instead limit
access to stat1002/stat1004.
Change-Id: If240f6d68d91410ded6f2d59cbd1e8e9a0d193ac
---
M modules/role/manifests/analytics_cluster/oozie/server.pp
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/59/316359/1
diff --git a/modules/role/manifests/analytics_cluster/oozie/server.pp
b/modules/role/manifests/analytics_cluster/oozie/server.pp
index fa070c6..6e49cee 100644
--- a/modules/role/manifests/analytics_cluster/oozie/server.pp
+++ b/modules/role/manifests/analytics_cluster/oozie/server.pp
@@ -42,7 +42,7 @@
ferm::service{ 'oozie_server':
proto => 'tcp',
port => '11000',
- srange => '$INTERNAL',
+ srange => '@resolve((stat1002.eqiad.wmnet stat1004.eqiad.wmnet))',
}
# Include icinga alerts if production realm.
--
To view, visit https://gerrit.wikimedia.org/r/316359
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If240f6d68d91410ded6f2d59cbd1e8e9a0d193ac
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
