Muehlenhoff has uploaded a new change for review.
https://gerrit.wikimedia.org/r/276413
Change subject: Add ferm rules for local carbon relay
......................................................................
Add ferm rules for local carbon relay
After enabling base::firewall on graphite2001, traffic towards port
1903 from graphite1001 was dropped. This patch adds the necessary
ferm access rules.
Change-Id: Iace95f62d2416e314a05070eb589901ff6aa06ed
---
M modules/role/manifests/graphite/production.pp
1 file changed, 12 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/13/276413/1
diff --git a/modules/role/manifests/graphite/production.pp
b/modules/role/manifests/graphite/production.pp
index 27aad08..e62c8aa 100644
--- a/modules/role/manifests/graphite/production.pp
+++ b/modules/role/manifests/graphite/production.pp
@@ -15,5 +15,17 @@
],
}
}
+
+ ferm::service { 'carbon_c_relay-local_relay_udp':
+ proto => 'udp',
+ port => '1903',
+ srange => '@resolve((graphite1001.eqiad.wmnet
graphite2001.codfw.wmnet:1903))',
+ }
+
+ ferm::service { 'carbon_c_relay-local_relay_tcp':
+ proto => 'tcp',
+ port => '1903',
+ srange => '@resolve((graphite1001.eqiad.wmnet
graphite2001.codfw.wmnet:1903))',
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/276413
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iace95f62d2416e314a05070eb589901ff6aa06ed
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
