Springle has submitted this change and it was merged.
Change subject: Poke mysql holes in virt1000 firewall for iron and monitoring.
......................................................................
Poke mysql holes in virt1000 firewall for iron and monitoring.
Change-Id: I207f48319a73f94672632b74fba3392f96491f2e
---
M modules/openstack/manifests/firewall.pp
1 file changed, 13 insertions(+), 0 deletions(-)
Approvals:
Andrew Bogott: Looks good to me, but someone else must approve
Springle: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/openstack/manifests/firewall.pp
b/modules/openstack/manifests/firewall.pp
index 73dd2d4..ab743b1 100644
--- a/modules/openstack/manifests/firewall.pp
+++ b/modules/openstack/manifests/firewall.pp
@@ -14,6 +14,9 @@
$other_master = '208.80.153.14'
}
+ $iron = '208.80.154.151'
+ $tendril = '10.64.0.15'
+
# Wikitech ssh
ferm::rule { 'ssh_public':
rule => 'saddr (0.0.0.0/0) proto tcp dport (ssh) ACCEPT;',
@@ -60,4 +63,14 @@
ferm::rule { 'salt':
rule => "saddr ${labs_private_net} proto tcp dport (4505 4506)
ACCEPT;",
}
+
+ # mysql access from iron
+ ferm::rule { 'mysql_iron':
+ rule => "saddr ${iron} proto tcp dport (3306) ACCEPT;",
+ }
+
+ # mysql monitoring access from tendril (db1011)
+ ferm::rule { 'mysql_tendril':
+ rule => "saddr ${tendril} proto tcp dport (3306) ACCEPT;",
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/190146
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I207f48319a73f94672632b74fba3392f96491f2e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Springle <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Springle <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
