[MediaWiki-commits] [Gerrit] Move ldap ferm rules to the ldap module - change (operations/puppet)

Andrew Bogott (Code Review) Mon, 29 Sep 2014 11:05:39 -0700

Andrew Bogott has submitted this change and it was merged.

Change subject: Move ldap ferm rules to the ldap module
......................................................................



Move ldap ferm rules to the ldap module

Change-Id: Id8d2c4900289a806f582dbd7cfeb08fffe0aed8e
---
M manifests/openstack.pp
M modules/ldap/manifests/server.pp
2 files changed, 8 insertions(+), 11 deletions(-)

Approvals:
  Andrew Bogott: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/manifests/openstack.pp b/manifests/openstack.pp
index 082c854..2bd43cd 100644
--- a/manifests/openstack.pp
+++ b/manifests/openstack.pp
@@ -28,17 +28,6 @@
         rule => 'saddr (0.0.0.0/0) proto (udp tcp) dport 53 ACCEPT;',
     }
 
-    # LDAP
-    ferm::rule { 'ldap_private_labs':
-        rule => 'saddr (10.0.0.0/8 208.80.152.0/22) proto tcp dport (ldap 
ldaps) ACCEPT;',
-    }
-    ferm::rule { 'ldap_backend_private_labs':
-        rule => 'saddr (10.0.0.0/8 208.80.152.0/22) proto tcp dport (1389 
1636) ACCEPT;',
-    }
-    ferm::rule { 'ldap_admin_replication':
-        rule => "saddr (10.0.0.244 $other_master) proto tcp dport (4444 8989) 
ACCEPT;",
-    }
-
     # Redis replication for keystone
     ferm::rule { 'redis_replication':
         rule => "saddr ($other_master) proto tcp dport (6379) ACCEPT;",
diff --git a/modules/ldap/manifests/server.pp b/modules/ldap/manifests/server.pp
index 02ee0a3..51e8358 100644
--- a/modules/ldap/manifests/server.pp
+++ b/modules/ldap/manifests/server.pp
@@ -16,6 +16,14 @@
         port   => '8989',
         srange => inline_template('(<%= @server_list.map{|x| "@resolve(#{x})" 
}.join(" ") %>)'),
     }
+
+    ferm::rule { 'ldap_private_labs':
+        rule => 'saddr (10.0.0.0/8 208.80.152.0/22) proto tcp dport (ldap 
ldaps) ACCEPT;',
+    }
+
+    ferm::rule { 'ldap_backend_private_labs':
+        rule => 'saddr (10.0.0.0/8 208.80.152.0/22) proto tcp dport (1389 
1636) ACCEPT;',
+    }
 }
 
 class ldap::server( $certificate_location, $certificate, $ca_name, $cert_pass, 
$base_dn, $proxyagent, $proxyagent_pass, $server_bind_ips, $initial_password, 
$first_master=false ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/163623
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id8d2c4900289a806f582dbd7cfeb08fffe0aed8e
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Move ldap ferm rules to the ldap module - change (operations/puppet)

Reply via email to