[MediaWiki-commits] [Gerrit] Enable base::firewall on tungsten - change (operations/puppet)

Thu, 14 Apr 2016 23:50:50 -0700 

Muehlenhoff has submitted this change and it was merged.

Change subject: Enable base::firewall on tungsten
......................................................................


Enable base::firewall on tungsten

port 80 is granted via ferm service xhgui_http
port 27017 is granted via ferm service xhgui_mongodb (port 28017 provides the
web status page, which isn't needed. It could still be access from localhost)

The other services are covered by the base rules in base::firewall (like
sshd, ntpd) or unwanted (like rpc.statd)

Change-Id: Ic4d60cda9eefda349cbcb6f41485b3f6454e97d2
---
M manifests/site.pp
1 file changed, 1 insertion(+), 0 deletions(-)

Approvals:
  Muehlenhoff: Verified; Looks good to me, approved
  jenkins-bot: Verified



diff --git a/manifests/site.pp b/manifests/site.pp
index 5f118f2..98a7d84 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2616,6 +2616,7 @@
 # test system for performance team (T117888)
 node 'tungsten.eqiad.wmnet' {
     role testsystem, xhgui
+    include base::firewall
 }
 
 node 'uranium.wikimedia.org' {

-- 
To view, visit https://gerrit.wikimedia.org/r/283441
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ic4d60cda9eefda349cbcb6f41485b3f6454e97d2
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to