Merge "Limit Gerrit SSH API connections to 100 per addr"

2018-02-03 13:52:09 +00:00 · 2018-02-03 13:52:09 +00:00 · 02a7605b27
commit 02a7605b27
parent a21fde83ca c5db057901
1 changed files with 8 additions and 0 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -21,8 +21,12 @@ node default {
 #
 # Node-OS: trusty
 node 'review.openstack.org' {
+  $iptables_rules =
+    ['-p tcp --syn --dport 29418 -m connlimit --connlimit-above 100 -j REJECT']
  class { 'openstack_project::server':
    iptables_public_tcp_ports => [80, 443, 29418],
+    iptables_rules6           => $iptables_rules,
+    iptables_rules4           => $iptables_rules,
    sysadmins                 => hiera('sysadmins', []),
    extra_aliases             => { 'gerrit2' => 'root' },
  }
@ -63,8 +67,12 @@ node 'review.openstack.org' {

 # Node-OS: trusty
 node 'review-dev.openstack.org' {
+  $iptables_rules =
+    ['-p tcp --syn --dport 29418 -m connlimit --connlimit-above 100 -j REJECT']
  class { 'openstack_project::server':
    iptables_public_tcp_ports => [80, 443, 29418],
+    iptables_rules6           => $iptables_rules,
+    iptables_rules4           => $iptables_rules,
    sysadmins                 => hiera('sysadmins', []),
    extra_aliases             => { 'gerrit2' => 'root' },
    afs                       => true,