Springle has uploaded a new change for review.
https://gerrit.wikimedia.org/r/190146
Change subject: Poke mysql holes in virt1000 firewall for iron and monitoring.
......................................................................
Poke mysql holes in virt1000 firewall for iron and monitoring.
Change-Id: I207f48319a73f94672632b74fba3392f96491f2e
---
M modules/openstack/manifests/firewall.pp
1 file changed, 13 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/46/190146/1
diff --git a/modules/openstack/manifests/firewall.pp
b/modules/openstack/manifests/firewall.pp
index 73dd2d4..ab743b1 100644
--- a/modules/openstack/manifests/firewall.pp
+++ b/modules/openstack/manifests/firewall.pp
@@ -14,6 +14,9 @@
$other_master = '208.80.153.14'
}
+ $iron = '208.80.154.151'
+ $tendril = '10.64.0.15'
+
# Wikitech ssh
ferm::rule { 'ssh_public':
rule => 'saddr (0.0.0.0/0) proto tcp dport (ssh) ACCEPT;',
@@ -60,4 +63,14 @@
ferm::rule { 'salt':
rule => "saddr ${labs_private_net} proto tcp dport (4505 4506)
ACCEPT;",
}
+
+ # mysql access from iron
+ ferm::rule { 'mysql_iron':
+ rule => "saddr ${iron} proto tcp dport (3306) ACCEPT;",
+ }
+
+ # mysql monitoring access from tendril (db1011)
+ ferm::rule { 'mysql_tendril':
+ rule => "saddr ${tendril} proto tcp dport (3306) ACCEPT;",
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/190146
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I207f48319a73f94672632b74fba3392f96491f2e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Springle <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
