Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/197053
Change subject: mediawiki: allow ssh from tin for deployment
......................................................................
mediawiki: allow ssh from tin for deployment
Recently silver got base::firewall and deployment errors popped up
because silver will only allow ssh from bastion hosts but tin is not one.
We are doing the same thing we do here already in role::releases.
Change-Id: I8b196ae9927379ca0b978b6d8cc061c176e78a49
---
M manifests/role/mediawiki.pp
1 file changed, 8 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/53/197053/1
diff --git a/manifests/role/mediawiki.pp b/manifests/role/mediawiki.pp
index 6eb69c5..1165beb 100644
--- a/manifests/role/mediawiki.pp
+++ b/manifests/role/mediawiki.pp
@@ -83,7 +83,14 @@
ferm::service { 'mediawiki-http':
proto => 'tcp',
- port => 'http',
+ port => 'http',
+ }
+
+ # allow ssh from tin for deployment
+ ferm::service { 'deployment-ssh':
+ proto => 'tcp',
+ port => '22',
+ srange => '10.64.0.196/32',
}
monitoring::service { 'appserver http':
--
To view, visit https://gerrit.wikimedia.org/r/197053
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8b196ae9927379ca0b978b6d8cc061c176e78a49
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
