#33143: ferm: convert BASE_SSH_ALLOWED rules into puppet exported rules -------------------------------------------------+------------------------- Reporter: anarcat | Owner: tpa Type: task | Status: new Priority: Medium | Milestone: Component: Internal Services/Tor Sysadmin | Version: Team | Keywords: tpa- Severity: Normal | roadmap-february Actual Points: | Parent ID: #31239 Points: | Reviewer: Sponsor: | -------------------------------------------------+------------------------- right now a new node technically doesn't get the "jumphost" functionality ("has SSH access everywhere else") out of the box. for that to work, the network the box is on needs to be added to `tor- puppet/modules/ferm/templates/defs.conf.erb` by hand. this is okay-ish for instances of IP ranges that already exist, but is a pain for new (say) ganeti nodes themselves which are usually not in those ranges (as opposed to their instances, using the vswitch range).
so those magic IP addresses should be turned into exported resources that follow our policy. maybe that exported resource should be part of a "jumphost" class that get included where we want, or just everywhere, but in any case, it should be moved into puppet to make installs more consistent and faster. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33143> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs