Muehlenhoff has submitted this change and it was merged.
Change subject: Restrict access to analytics network for Hadoop master/standby
......................................................................
Restrict access to analytics network for Hadoop master/standby
Change-Id: I76239efcb36b3982df55ff0d25a63068c8d9def2
---
M manifests/role/analytics/hadoop.pp
1 file changed, 13 insertions(+), 0 deletions(-)
Approvals:
Ottomata: Looks good to me, but someone else must approve
Muehlenhoff: Verified; Looks good to me, approved
diff --git a/manifests/role/analytics/hadoop.pp
b/manifests/role/analytics/hadoop.pp
index 5c5ab72..100390a 100644
--- a/manifests/role/analytics/hadoop.pp
+++ b/manifests/role/analytics/hadoop.pp
@@ -510,6 +510,12 @@
require => Class['cdh::hadoop::master'],
}
+ # T111433
+ ferm::service{ 'hadoop-access':
+ proto => 'tcp',
+ port => '1024:65535',
+ srange => '$ANALYTICS_NETWORKS',
+ }
# Include icinga alerts if production realm.
if $::realm == 'production' {
@@ -684,6 +690,13 @@
}
}
+ # T111433
+ ferm::service{ 'hadoop-access':
+ proto => 'tcp',
+ port => '1024:65535',
+ srange => '$ANALYTICS_NETWORKS',
+ }
+
# Open up port for debugging
ferm::service{ 'jmxtrans-jmx':
proto => 'tcp',
--
To view, visit https://gerrit.wikimedia.org/r/235983
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I76239efcb36b3982df55ff0d25a63068c8d9def2
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: Ottomata <o...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
