Volans has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/339206 )
Change subject: Cumin: enable ferm service only in production realm
......................................................................
Cumin: enable ferm service only in production realm
Bug: T158773
Change-Id: Iab9fe50b430ec68d9351436350823695ec065d5a
---
M modules/base/manifests/firewall.pp
1 file changed, 7 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/06/339206/1
diff --git a/modules/base/manifests/firewall.pp
b/modules/base/manifests/firewall.pp
index 4b0592c..b0da5e2 100644
--- a/modules/base/manifests/firewall.pp
+++ b/modules/base/manifests/firewall.pp
@@ -47,11 +47,13 @@
rule => 'saddr $MONITORING_HOSTS ACCEPT;',
}
- ::ferm::service { 'ssh-from-cumin-masters':
- ensure => $ensure,
- proto => 'tcp',
- port => '22',
- srange => '$CUMIN_MASTERS',
+ if $::realm == 'production' {
+ ::ferm::service { 'ssh-from-cumin-masters':
+ ensure => $ensure,
+ proto => 'tcp',
+ port => '22',
+ srange => '$CUMIN_MASTERS',
+ }
}
file { '/usr/lib/nagios/plugins/check_conntrack':
--
To view, visit https://gerrit.wikimedia.org/r/339206
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iab9fe50b430ec68d9351436350823695ec065d5a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Volans <rcocci...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
