[MediaWiki-commits] [Gerrit] Labs: Include public IPs in ferm's $INTERNAL - change (operations/puppet)

Wed, 13 May 2015 21:30:21 -0700 

Tim Landscheidt has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/210853

Change subject: Labs: Include public IPs in ferm's $INTERNAL
......................................................................

Labs: Include public IPs in ferm's $INTERNAL

If an instance has a public IP and accesses another instance, the
traffic does not appear to come from an "internal" network.  To work
around this, this change includes the public IPs for Labs instances in
$INTERNAL.

Bug: T96924
Change-Id: Iecba73b3f4f03c93f4c0a8021e845dd96a6da68f
---
M manifests/network.pp
M modules/base/templates/firewall/defs.labs.erb
2 files changed, 6 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/53/210853/1

diff --git a/manifests/network.pp b/manifests/network.pp
index c8f352b..33e7449 100644
--- a/manifests/network.pp
+++ b/manifests/network.pp
@@ -71,6 +71,7 @@
             'deployment_hosts' => [
                 '10.68.16.58', # deployment-bastion.eqiad.wmflabs
             ],
+            'public_ip_range' => '208.80.155.128/25',
         }
     }
 
diff --git a/modules/base/templates/firewall/defs.labs.erb 
b/modules/base/templates/firewall/defs.labs.erb
index e69de29..e7f3947 100644
--- a/modules/base/templates/firewall/defs.labs.erb
+++ b/modules/base/templates/firewall/defs.labs.erb
@@ -0,0 +1,5 @@
+# If an instance has a public IP and accesses another instance, the
+# traffic does not appear to come from an "internal" network.  To work
+# around this, we define $INTERNAL to include the public IPs for Labs
+# instances (cf. https://phabricator.wikimedia.org/T96924).
+@def $INTERNAL = ($INTERNAL $PUBLIC_IP_RANGE);

-- 
To view, visit https://gerrit.wikimedia.org/r/210853
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iecba73b3f4f03c93f4c0a8021e845dd96a6da68f
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to