Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/197840
Change subject: cassandra: add ferm rules
......................................................................
cassandra: add ferm rules
Adding ferm rules for the cassandra ports to allow connections
only from (other) restbase servers. Depends on Icd5cd19bbc8125.
Bug:T92680
Change-Id: I7d077c92641f356d51f59c5749427e53ab1ef453
---
M manifests/role/cassandra.pp
1 file changed, 16 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/40/197840/1
diff --git a/manifests/role/cassandra.pp b/manifests/role/cassandra.pp
index 758c504..8c893c4 100644
--- a/manifests/role/cassandra.pp
+++ b/manifests/role/cassandra.pp
@@ -15,4 +15,20 @@
description => 'Cassandra database',
nrpe_command => '/usr/lib/nagios/plugins/check_procs -c 1:1 -u
cassandra -C java -a CassandraDaemon',
}
+
+ # Cassandra intra-node messaging
+ ferm::rule { 'cassandra-intra-node':
+ ensure => present,
+ rule => 'proto tcp dport 7000 saddr $RESTBASE_HOSTS ACCEPT',
+ }
+ # Cassandra JMX/RMI
+ ferm::rule { 'cassandra-jmx-rmi':
+ ensure => present,
+ rule => 'proto tcp dport 7199 saddr $RESTBASE_HOSTS ACCEPT',
+ }
+ # Cassandra CQL query interface
+ ferm::rule { 'cassandra-cql':
+ ensure => present,
+ rule => 'proto tcp dport 9042 saddr $RESTBASE_HOSTS ACCEPT',
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/197840
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7d077c92641f356d51f59c5749427e53ab1ef453
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
