Alexandros Kosiaris has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/320556 )
Change subject: ssh_pybal: Restrict to production networks
......................................................................
ssh_pybal: Restrict to production networks
SSH health checks are only coming from production hosts, restrict to
production networks.
Change-Id: I439c36f001df4a785aac73635349c2c8a77fb749
---
M modules/role/manifests/mediawiki/common.pp
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
Alexandros Kosiaris: Verified; Looks good to me, approved
Dzahn: Looks good to me, but someone else must approve
diff --git a/modules/role/manifests/mediawiki/common.pp
b/modules/role/manifests/mediawiki/common.pp
index 26dec47..10f46c1 100644
--- a/modules/role/manifests/mediawiki/common.pp
+++ b/modules/role/manifests/mediawiki/common.pp
@@ -22,7 +22,7 @@
ferm::service{ 'ssh_pybal':
proto => 'tcp',
port => '22',
- srange => '$INTERNAL',
+ srange => '$PRODUCTION_NETWORKS',
desc => 'Allow incoming SSH for pybal health checks',
}
--
To view, visit https://gerrit.wikimedia.org/r/320556
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I439c36f001df4a785aac73635349c2c8a77fb749
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
