[MediaWiki-commits] [Gerrit] operations/puppet[production]: gerrit: sshd listen on specific IP, v4 and v6

Fri, 27 Oct 2017 04:40:15 -0700 

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/386793 )

Change subject: gerrit: sshd listen on specific IP, v4 and v6
......................................................................


gerrit: sshd listen on specific IP, v4 and v6

The Gerrit SSHd should only listen on the specific
IPs of gerrit.wimedia.org, IPv4 and IPv6, but not on *.

It should not also listen on cobalt.wikimedia.org.

We tried before to use the DNS name itself with listenAddress
which Gerrit does support, but apparently in that case it decides
to look up the name and use the A record for it, not the AAAA record
or both, breaking IPv6.

So instead we need to listen both explicitly and to have these
variables accesible in the template we need to add the existing
ipv4 and ipv6 parameters from Hiera/profile class also to gerrit
and gerrit::jetty and pass them through.

Change-Id: I2ce69f02258954db2b5a189bb36b659379190d62
---
M modules/gerrit/manifests/init.pp
M modules/gerrit/manifests/jetty.pp
M modules/gerrit/templates/gerrit.config.erb
M modules/profile/manifests/gerrit/server.pp
4 files changed, 10 insertions(+), 1 deletion(-)

Approvals:
  Paladox: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp
index 61f64c8..7d1fd4f 100644
--- a/modules/gerrit/manifests/init.pp
+++ b/modules/gerrit/manifests/init.pp
@@ -2,12 +2,16 @@
 class gerrit(
     $config,
     $host,
+    $ipv4,
+    $ipv6,
     $slave_hosts = [],
     $slave = false,
 ) {
 
     class { '::gerrit::jetty':
         host   => $host,
+        ipv4   => $ipv4,
+        ipv6   => $ipv6,
         slave  => $slave,
         config => $config,
     }
diff --git a/modules/gerrit/manifests/jetty.pp 
b/modules/gerrit/manifests/jetty.pp
index 10cea92..40ec81a 100644
--- a/modules/gerrit/manifests/jetty.pp
+++ b/modules/gerrit/manifests/jetty.pp
@@ -2,6 +2,8 @@
 # https://projects.eclipse.org/projects/rt.jetty/developer
 class gerrit::jetty(
     $host,
+    $ipv4,
+    $ipv6,
     $db_host = 'localhost',
     $replication = '',
     $url = "https://${::gerrit::host}/r";,
diff --git a/modules/gerrit/templates/gerrit.config.erb 
b/modules/gerrit/templates/gerrit.config.erb
index bd85289..2c02ca8 100644
--- a/modules/gerrit/templates/gerrit.config.erb
+++ b/modules/gerrit/templates/gerrit.config.erb
@@ -172,7 +172,8 @@
     <%- if @slave %>
     listenAddress = off
     <%- else -%>
-    listenAddress = *:29418
+    listenAddress = <%= @host %>:29418
+    listenAddress = [<%= @ipv6 %>]:29418
     <%- end -%>
 
     threads = 8
diff --git a/modules/profile/manifests/gerrit/server.pp 
b/modules/profile/manifests/gerrit/server.pp
index 1c64147..2f06f8b 100644
--- a/modules/profile/manifests/gerrit/server.pp
+++ b/modules/profile/manifests/gerrit/server.pp
@@ -68,6 +68,8 @@
 
     class { '::gerrit':
         host        => $host,
+        ipv4        => $ipv4,
+        ipv6        => $ipv6,
         slave       => $slave,
         slave_hosts => $slave_hosts,
         config      => $config,

-- 
To view, visit https://gerrit.wikimedia.org/r/386793
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2ce69f02258954db2b5a189bb36b659379190d62
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Hashar <has...@free.fr>
Gerrit-Reviewer: Paladox <thomasmulhall...@yahoo.com>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to