20after4 has uploaded a new change for review.
https://gerrit.wikimedia.org/r/274905
Change subject: Ferm rule: allow deployment hosts to connect to iridium ssh
(for scap)
......................................................................
Ferm rule: allow deployment hosts to connect to iridium ssh (for scap)
Bug: T114363
Change-Id: I2a590b813631ccb0cbc97736356de49a4d3c01b3
---
M modules/role/manifests/phabricator/main.pp
1 file changed, 5 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/05/274905/1
diff --git a/modules/role/manifests/phabricator/main.pp
b/modules/role/manifests/phabricator/main.pp
index 0d383ce..06bc015 100644
--- a/modules/role/manifests/phabricator/main.pp
+++ b/modules/role/manifests/phabricator/main.pp
@@ -161,6 +161,11 @@
rule => 'saddr (0.0.0.0/0 ::/0) daddr (10.64.32.186/32
208.80.154.250/32 2620:0:861:103:10:64:32:186/128 2620:0:861:ed1a::3:16/128)
proto tcp dport (22) ACCEPT;',
}
+ # Allow SSH from deployment hosts
+ ferm::rule { 'deployment-ssh':
+ rule => 'proto tcp dport ssh saddr $DEPLOYMENT_HOSTS ACCEPT;',
+ }
+
# redirect bugzilla URL patterns to phabricator
# handles translation of bug numbers to maniphest task ids
phabricator::redirector { "redirector.${domain}":
--
To view, visit https://gerrit.wikimedia.org/r/274905
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2a590b813631ccb0cbc97736356de49a4d3c01b3
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: 20after4 <mmod...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
