[MediaWiki-commits] [Gerrit] Move ldap ferm rules to the ldap module - change (operations/puppet)

[Andrew Bogott (Code Review)]

Andrew Bogott has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/163623

Change subject: Move ldap ferm rules to the ldap module
......................................................................

Move ldap ferm rules to the ldap module

Change-Id: Id8d2c4900289a806f582dbd7cfeb08fffe0aed8e
---
M manifests/openstack.pp
M modules/ldap/manifests/server.pp
M modules/mariadb
3 files changed, 8 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/23/163623/1

diff --git a/manifests/openstack.pp b/manifests/openstack.pp
index 082c854..2bd43cd 100644
--- a/manifests/openstack.pp
+++ b/manifests/openstack.pp
@@ -28,17 +28,6 @@
         rule => 'saddr (0.0.0.0/0) proto (udp tcp) dport 53 ACCEPT;',
     }
 
-    # LDAP
-    ferm::rule { 'ldap_private_labs':
-        rule => 'saddr (10.0.0.0/8 208.80.152.0/22) proto tcp dport (ldap 
ldaps) ACCEPT;',
-    }
-    ferm::rule { 'ldap_backend_private_labs':
-        rule => 'saddr (10.0.0.0/8 208.80.152.0/22) proto tcp dport (1389 
1636) ACCEPT;',
-    }
-    ferm::rule { 'ldap_admin_replication':
-        rule => "saddr (10.0.0.244 $other_master) proto tcp dport (4444 8989) 
ACCEPT;",
-    }
-
     # Redis replication for keystone
     ferm::rule { 'redis_replication':
         rule => "saddr ($other_master) proto tcp dport (6379) ACCEPT;",
diff --git a/modules/ldap/manifests/server.pp b/modules/ldap/manifests/server.pp
index 02ee0a3..51e8358 100644
--- a/modules/ldap/manifests/server.pp
+++ b/modules/ldap/manifests/server.pp
@@ -16,6 +16,14 @@
         port   => '8989',
         srange => inline_template('(<%= @server_list.map{|x| "@resolve(#{x})" 
}.join(" ") %>)'),
     }
+
+    ferm::rule { 'ldap_private_labs':
+        rule => 'saddr (10.0.0.0/8 208.80.152.0/22) proto tcp dport (ldap 
ldaps) ACCEPT;',
+    }
+
+    ferm::rule { 'ldap_backend_private_labs':
+        rule => 'saddr (10.0.0.0/8 208.80.152.0/22) proto tcp dport (1389 
1636) ACCEPT;',
+    }
 }
 
 class ldap::server( $certificate_location, $certificate, $ca_name, $cert_pass, 
$base_dn, $proxyagent, $proxyagent_pass, $server_bind_ips, $initial_password, 
$first_master=false ) {
diff --git a/modules/mariadb b/modules/mariadb
index 88152df..82d7d31 160000
--- a/modules/mariadb
+++ b/modules/mariadb
-Subproject commit 88152dffdb3245571871364dbad5bc577ba48971
+Subproject commit 82d7d31f4e5dcdcccee07712ed676351f25da1cc

-- 
To view, visit https://gerrit.wikimedia.org/r/163623
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id8d2c4900289a806f582dbd7cfeb08fffe0aed8e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits