BBlack has submitted this change and it was merged.
Change subject: kafka::server - fix ESP ferm rule
......................................................................
kafka::server - fix ESP ferm rule
Change-Id: Ief814205411ba7b7c56410d72159661133f562ba
---
M manifests/role/analytics/kafka.pp
1 file changed, 2 insertions(+), 3 deletions(-)
Approvals:
BBlack: Verified; Looks good to me, approved
diff --git a/manifests/role/analytics/kafka.pp
b/manifests/role/analytics/kafka.pp
index cc62087..d54dfac 100644
--- a/manifests/role/analytics/kafka.pp
+++ b/manifests/role/analytics/kafka.pp
@@ -223,9 +223,8 @@
}
#firewall allow ipsec esp
- ferm::service { 'kafka-ipsec-esp':
- proto => 'esp',
- srange => '$ALL_NETWORKS',
+ ferm::rule { 'kafka-ipsec-esp':
+ rule => 'proto esp { saddr $ALL_NETWORKS ACCEPT; }'
}
#firewall allow ipsec ike udp 500
--
To view, visit https://gerrit.wikimedia.org/r/259293
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ief814205411ba7b7c56410d72159661133f562ba
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>
Gerrit-Reviewer: BBlack <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
