Ottomata has submitted this change and it was merged.
Change subject: Include IPSec ferm rules for analytics kafka broker role
......................................................................
Include IPSec ferm rules for analytics kafka broker role
Change-Id: I61fedc883256728f12a1ff819a5001be98cefb6b
---
M modules/role/manifests/kafka/analytics/broker.pp
1 file changed, 12 insertions(+), 0 deletions(-)
Approvals:
Ottomata: Verified; Looks good to me, approved
diff --git a/modules/role/manifests/kafka/analytics/broker.pp
b/modules/role/manifests/kafka/analytics/broker.pp
index 2279dd8..ac187e7 100644
--- a/modules/role/manifests/kafka/analytics/broker.pp
+++ b/modules/role/manifests/kafka/analytics/broker.pp
@@ -113,6 +113,18 @@
srange => '$ALL_NETWORKS',
}
+ #firewall allow ipsec esp
+ ferm::rule { 'kafka-ipsec-esp':
+ rule => 'proto esp { saddr $ALL_NETWORKS ACCEPT; }'
+ }
+
+ #firewall allow ipsec ike udp 500
+ ferm::service { 'kafka-ipsec-ike':
+ proto => 'udp',
+ port => '500',
+ srange => '$ALL_NETWORKS',
+ }
+
# Include Kafka Server Jmxtrans class
# to send Kafka Broker metrics to Ganglia and statsd.
class { '::kafka::server::jmxtrans':
--
To view, visit https://gerrit.wikimedia.org/r/260093
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I61fedc883256728f12a1ff819a5001be98cefb6b
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ottomata <[email protected]>
Gerrit-Reviewer: Ottomata <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
