Elukey has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/402323 )
Change subject: profile::hadoop::*: include labs firewall use case ...................................................................... profile::hadoop::*: include labs firewall use case This change is needed to allow to bootstrap and deploy properly Hadoop clusters in labs. Bug: T167790 Change-Id: I67ad4e3b2b3b8c706685cf96f845d506a61fc69c --- M modules/profile/manifests/hadoop/firewall/master.pp M modules/profile/manifests/hadoop/worker.pp 2 files changed, 28 insertions(+), 14 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/23/402323/1 diff --git a/modules/profile/manifests/hadoop/firewall/master.pp b/modules/profile/manifests/hadoop/firewall/master.pp index 90501e2..e285caa 100644 --- a/modules/profile/manifests/hadoop/firewall/master.pp +++ b/modules/profile/manifests/hadoop/firewall/master.pp @@ -4,82 +4,90 @@ # class profile::hadoop::firewall::master { + if $::realm == 'production' { + $analytics_druid_srange = '(($ANALYTICS_NETWORKS $DRUID_PUBLIC_HOSTS))' + $analytics_only_srange = '$ANALYTICS_NETWORKS' + } else { + $analytics_druid_srange = '$DOMAIN_NETWORKS' + $analytics_only_srange = '$DOMAIN_NETWORKS' + } + ferm::service{ 'hadoop-hdfs-namenode': proto => 'tcp', port => '8020', - srange => '(($ANALYTICS_NETWORKS $DRUID_PUBLIC_HOSTS))', + srange => $analytics_druid_srange, } ferm::service{ 'hadoop-hdfs-zkfc': proto => 'tcp', port => '8019', - srange => '$ANALYTICS_NETWORKS', + srange => $analytics_only_srange, } ferm::service{ 'hadoop-hdfs-namenode-http-ui': proto => 'tcp', port => '50070', - srange => '$ANALYTICS_NETWORKS', + srange => $analytics_only_srange, } ferm::service{ 'hadoop-hdfs-namenode-jmx': proto => 'tcp', port => '9980', - srange => '$ANALYTICS_NETWORKS', + srange => $analytics_only_srange, } ferm::service{ 'hadoop-yarn-resourcemanager-scheduler': proto => 'tcp', port => '8030', - srange => '$ANALYTICS_NETWORKS', + srange => $analytics_only_srange, } ferm::service{ 'hadoop-yarn-resourcemanager-tracker': proto => 'tcp', port => '8031', - srange => '$ANALYTICS_NETWORKS', + srange => $analytics_only_srange, } ferm::service{ 'hadoop-yarn-resourcemanager': proto => 'tcp', port => '8032', - srange => '(($ANALYTICS_NETWORKS $DRUID_PUBLIC_HOSTS))', + srange => $analytics_druid_srange, } ferm::service{ 'hadoop-yarn-resourcemanager-admin': proto => 'tcp', port => '8033', - srange => '$ANALYTICS_NETWORKS', + srange => $analytics_only_srange, } ferm::service{ 'hadoop-yarn-resourcemanager-http-ui': proto => 'tcp', port => '8088', - srange => '$ANALYTICS_NETWORKS', + srange => $analytics_only_srange, } ferm::service{ 'hadoop-mapreduce-historyserver': proto => 'tcp', port => '10020', - srange => '$ANALYTICS_NETWORKS', + srange => $analytics_only_srange, } ferm::service{ 'hadoop-mapreduce-historyserver-admin': proto => 'tcp', port => '10033', - srange => '$ANALYTICS_NETWORKS', + srange => $analytics_only_srange, } ferm::service{ 'hadoop-mapreduce-historyserver-http-ui': proto => 'tcp', port => '19888', - srange => '$ANALYTICS_NETWORKS', + srange => $analytics_only_srange, } ferm::service{ 'hadoop-yarn-resourcemanager-jmx': proto => 'tcp', port => '9983', - srange => '$ANALYTICS_NETWORKS', + srange => $analytics_only_srange, } } diff --git a/modules/profile/manifests/hadoop/worker.pp b/modules/profile/manifests/hadoop/worker.pp index 6af651b..52d024b 100644 --- a/modules/profile/manifests/hadoop/worker.pp +++ b/modules/profile/manifests/hadoop/worker.pp @@ -89,11 +89,17 @@ require => Package['python3-numpy'], } + if $::realm == 'production' { + $analytics_srange = '(($ANALYTICS_NETWORKS $DRUID_PUBLIC_HOSTS))' + } else { + $analytics_srange = '$DOMAIN_NETWORKS' + } + # This allows Hadoop daemons to talk to each other. ferm::service{ 'hadoop-access': proto => 'tcp', port => '1024:65535', - srange => '(($ANALYTICS_NETWORKS $DRUID_PUBLIC_HOSTS))', + srange => $analytics_srange, } if $monitoring_enabled { -- To view, visit https://gerrit.wikimedia.org/r/402323 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I67ad4e3b2b3b8c706685cf96f845d506a61fc69c Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Elukey <ltosc...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits