[MediaWiki-commits] [Gerrit] operations/puppet[production]: Kafka brokers: Limit access to production and fundraising ne...

Mon, 22 Aug 2016 02:21:52 -0700 

Muehlenhoff has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/305969

Change subject: Kafka brokers: Limit access to production and fundraising 
networks
......................................................................

Kafka brokers: Limit access to production and fundraising networks

We're removing ALL_NETWORKS, replace it with the more explicit
PRODUCTION_NETWORKS and FRACK_NETWORKS.

Change-Id: I19a45289f1e6cc11b8ac45b2da1979250eaa0e31
---
M modules/role/manifests/kafka/analytics/broker.pp
M modules/role/manifests/kafka/main/broker.pp
2 files changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/69/305969/1

diff --git a/modules/role/manifests/kafka/analytics/broker.pp 
b/modules/role/manifests/kafka/analytics/broker.pp
index 972c5d2..45e6cd5 100644
--- a/modules/role/manifests/kafka/analytics/broker.pp
+++ b/modules/role/manifests/kafka/analytics/broker.pp
@@ -119,7 +119,7 @@
         # TODO: $::confluent::kafka::broker::port doesn't
         # seem to work as expected.  Hardcoding this for now.
         port   => 9092,
-        srange => '$ALL_NETWORKS',
+        srange => '($PRODUCTION_NETWORKS $FRACK_NETWORKS)',
     }
 
     include ::ferm::ipsec_allow
diff --git a/modules/role/manifests/kafka/main/broker.pp 
b/modules/role/manifests/kafka/main/broker.pp
index 40b262e..e73c740 100644
--- a/modules/role/manifests/kafka/main/broker.pp
+++ b/modules/role/manifests/kafka/main/broker.pp
@@ -69,7 +69,7 @@
         # TODO: $::confluent::kafka::broker::port doesn't
         # seem to work as expected.  Hardcoding this for now.
         port   => 9092,
-        srange => '$ALL_NETWORKS',
+        srange => '($PRODUCTION_NETWORKS $FRACK_NETWORKS)',
     }
 
 

-- 
To view, visit https://gerrit.wikimedia.org/r/305969
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I19a45289f1e6cc11b8ac45b2da1979250eaa0e31
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to