Rush has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/361860 )
Change subject: labnet: SSH listen only on administrative IP
......................................................................
labnet: SSH listen only on administrative IP
Bug: T169068
Change-Id: I0febbd73b5e259927dfcad7f5cf27c0b56dae5ec
---
A hieradata/role/eqiad/labs/openstack/nova/network.yaml
1 file changed, 4 insertions(+), 0 deletions(-)
Approvals:
Andrew Bogott: Looks good to me, but someone else must approve
Rush: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/role/eqiad/labs/openstack/nova/network.yaml
b/hieradata/role/eqiad/labs/openstack/nova/network.yaml
new file mode 100644
index 0000000..7391c13
--- /dev/null
+++ b/hieradata/role/eqiad/labs/openstack/nova/network.yaml
@@ -0,0 +1,4 @@
+# routing and nat host with lots of addresses
+# lock down SSH to administrative IP only
+profile::base::ssh_server_settings:
+ listen_address: "%{::ipaddress}"
--
To view, visit https://gerrit.wikimedia.org/r/361860
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0febbd73b5e259927dfcad7f5cf27c0b56dae5ec
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <r...@wikimedia.org>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Ayounsi <ayou...@wikimedia.org>
Gerrit-Reviewer: Rush <r...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
