Alexandros Kosiaris has submitted this change and it was merged.
Change subject: add base::firewall on cassandra test hosts
......................................................................
add base::firewall on cassandra test hosts
base::firewall will add a default drop policy but allow
some defaults like ssh from bastions and icmp from monitoring hosts.
additional holes for the service would be added with ferm rules
in the role class
Bug:T92680
Change-Id: I265d3c3c75c7cb6e47ec5a38047c4175f8ffdb81
---
M manifests/site.pp
1 file changed, 1 insertion(+), 0 deletions(-)
Approvals:
Alexandros Kosiaris: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/site.pp b/manifests/site.pp
index 42e43e1..98f3904 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -406,6 +406,7 @@
# cerium, praseodymium and xenon are Cassandra test hosts
node /^(cerium|praseodymium|xenon)\.eqiad\.wmnet$/ {
role restbase, cassandra
+ include base::firewall
include standard
include admin
}
--
To view, visit https://gerrit.wikimedia.org/r/197822
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I265d3c3c75c7cb6e47ec5a38047c4175f8ffdb81
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: BBlack <[email protected]>
Gerrit-Reviewer: Eevans <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Filippo Giunchedi <[email protected]>
Gerrit-Reviewer: GWicke <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
