opendev/system-config
Code Issues Proposed changes

Merge "Limit Gerrit SSH API connections to 100 per addr"

Browse Source
This commit is contained in:
Zuul 2018-02-03 13:52:09 +00:00 committed by Gerrit Code Review
commit 02a7605b27
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
manifests/site.pp
View File

@ -21,8 +21,12 @@ node default {
# #
# Node-OS: trusty # Node-OS: trusty
node 'review.openstack.org' { node 'review.openstack.org' {
$iptables_rules =
['-p tcp --syn --dport 29418 -m connlimit --connlimit-above 100 -j REJECT']
class { 'openstack_project::server': class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 29418], iptables_public_tcp_ports => [80, 443, 29418],
iptables_rules6 => $iptables_rules,
iptables_rules4 => $iptables_rules,
sysadmins => hiera('sysadmins', []), sysadmins => hiera('sysadmins', []),
extra_aliases => { 'gerrit2' => 'root' }, extra_aliases => { 'gerrit2' => 'root' },
} }
@ -63,8 +67,12 @@ node 'review.openstack.org' {
# Node-OS: trusty # Node-OS: trusty
node 'review-dev.openstack.org' { node 'review-dev.openstack.org' {
$iptables_rules =
['-p tcp --syn --dport 29418 -m connlimit --connlimit-above 100 -j REJECT']
class { 'openstack_project::server': class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 29418], iptables_public_tcp_ports => [80, 443, 29418],
iptables_rules6 => $iptables_rules,
iptables_rules4 => $iptables_rules,
sysadmins => hiera('sysadmins', []), sysadmins => hiera('sysadmins', []),
extra_aliases => { 'gerrit2' => 'root' }, extra_aliases => { 'gerrit2' => 'root' },
afs => true, afs => true,