Andrew Bogott has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/369959 )
Change subject: labs puppetmaster: allow ssh through firewall from designate
......................................................................
labs puppetmaster: allow ssh through firewall from designate
This is for the cert cleanup calls after an instance is deleted.
Change-Id: Ib2daeb39ac9b81495cccfa3269ab9c1da251bf74
---
M modules/role/manifests/labs/puppetmaster/frontend.pp
1 file changed, 3 insertions(+), 0 deletions(-)
Approvals:
Andrew Bogott: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/role/manifests/labs/puppetmaster/frontend.pp
b/modules/role/manifests/labs/puppetmaster/frontend.pp
index f494198..d97dde4 100644
--- a/modules/role/manifests/labs/puppetmaster/frontend.pp
+++ b/modules/role/manifests/labs/puppetmaster/frontend.pp
@@ -87,6 +87,9 @@
puppetbackend => {
rule => "saddr (${horizon_host_ip} ${designate_host_ip}) proto tcp
dport 8101 ACCEPT;",
},
+ puppetcertcleaning => {
+ rule => "saddr (${designate_host_ip}) proto tcp dport 22 ACCEPT;",
+ },
puppetbackendgetter => {
rule => "saddr (${labs_vms} ${labs_metal} ${monitoring}
${horizon_host_ip} @resolve((${all_puppetmasters}))
@resolve((${all_puppetmasters}), AAAA)) proto tcp dport 8100 ACCEPT;",
},
--
To view, visit https://gerrit.wikimedia.org/r/369959
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib2daeb39ac9b81495cccfa3269ab9c1da251bf74
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
