Muehlenhoff has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/332457 )
Change subject: Grant temporary access to labsdb replica from Hadoop cluster
......................................................................
Grant temporary access to labsdb replica from Hadoop cluster
With Hadoop the connections may originate from arbitrary nodes
of the Hadoop cluster, so allow the entire analytics network.
Bug: T155487
Change-Id: Ieee723309890be5c67ed98d1952f93adc8462282
---
M modules/role/manifests/labs/db/replica.pp
1 file changed, 9 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/57/332457/1
diff --git a/modules/role/manifests/labs/db/replica.pp
b/modules/role/manifests/labs/db/replica.pp
index 4408d3e..8340e1a 100644
--- a/modules/role/manifests/labs/db/replica.pp
+++ b/modules/role/manifests/labs/db/replica.pp
@@ -23,6 +23,15 @@
@resolve((dbproxy1010.eqiad.wmnet)) @resolve((dbproxy1011.eqiad.wmnet)) \
@resolve((labstore1004.eqiad.wmnet)) @resolve((labstore1005.eqiad.wmnet)))",
}
+
+ # Temporary access for Hadoop cluster, see T155487
+ ferm::service{ 'mariadb_hadoop_access':
+ proto => 'tcp',
+ port => '3306',
+ notrack => true,
+ srange => '$ANALYTICS_NETWORKS',
+ }
+
ferm::rule { 'mariadb_dba':
rule => 'saddr @resolve((db1011.eqiad.wmnet)) proto tcp dport (3307)
ACCEPT;',
}
--
To view, visit https://gerrit.wikimedia.org/r/332457
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ieee723309890be5c67ed98d1952f93adc8462282
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
