ArielGlenn has submitted this change and it was merged.
Change subject: beta: ferm on appservers must allow port 80
......................................................................
beta: ferm on appservers must allow port 80
When adding role::beta::natfixup on beta Apache, they started refusing
connection on port 80. The reason being that the ferm rules come with a
default policy of DROP.
bug: 45868
Change-Id: I170d5e9b0f530086b93589295dd88018e274782c
---
M manifests/role/applicationserver.pp
1 file changed, 8 insertions(+), 0 deletions(-)
Approvals:
ArielGlenn: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/applicationserver.pp
b/manifests/role/applicationserver.pp
index ea5c523..3520a77 100644
--- a/manifests/role/applicationserver.pp
+++ b/manifests/role/applicationserver.pp
@@ -169,6 +169,14 @@
include imagescaler::cron,
imagescaler::packages,
imagescaler::files
+
+ # Beta application servers have some ferm DNAT rewriting rules
(bug
+ # 45868) so we have to explicitly allow http (port 80)
+ ferm::service { 'http':
+ proto => 'tcp',
+ port => 'http'
+ }
+
}
class appserver::api{
system::role { "role::applicationserver::appserver::api":
description => "Api Apache Application server" }
--
To view, visit https://gerrit.wikimedia.org/r/101209
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I170d5e9b0f530086b93589295dd88018e274782c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Hashar <has...@free.fr>
Gerrit-Reviewer: ArielGlenn <ar...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
