Dzahn has submitted this change and it was merged.
Change subject: switch ferm rule in releases to use network.pp
......................................................................
switch ferm rule in releases to use network.pp
Do not use the IP of tin here, also use the newly added variable from
network.pp.
We recently added $DEPLOYMENT_HOSTS for T92843 so using it here as well.
Change-Id: Id0808b5abaacc4dd8c1c6842d2ec81f1023001b6
---
M manifests/role/releases.pp
1 file changed, 4 insertions(+), 5 deletions(-)
Approvals:
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/manifests/role/releases.pp b/manifests/role/releases.pp
index ffada1b..e0fe27b 100644
--- a/manifests/role/releases.pp
+++ b/manifests/role/releases.pp
@@ -13,11 +13,10 @@
class { '::releases::reprepro': }
- # ssh-based uploads from tin
- ferm::service { 'tin_package_upload':
- proto => 'tcp',
- port => '22',
- srange => '10.64.0.196/32',
+ # ssh-based uploads from deployment servers
+ ferm::rule { 'deployment_package_upload':
+ ensure => present,
+ rule => 'proto tcp dport ssh saddr $DEPLOYMENT_HOSTS ACCEPT',
}
ferm::service { 'releases_http':
--
To view, visit https://gerrit.wikimedia.org/r/197062
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id0808b5abaacc4dd8c1c6842d2ec81f1023001b6
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: ArielGlenn <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
