opendev/system-config
Code Issues Proposed changes

Merge "Simplify elasticsearch firewall rules"

Browse Source
This commit is contained in:
Zuul 2017-12-14 23:07:10 +00:00 committed by Gerrit Code Review
commit 759c3db50a
1 changed files with 1 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
manifests/site.pp
View File

@ -463,11 +463,8 @@ node /^wiki-dev\d+\.openstack\.org$/ {
# Node-OS: trusty # Node-OS: trusty
# Node-OS: xenial # Node-OS: xenial
node /^logstash\d*\.openstack\.org$/ { node /^logstash\d*\.openstack\.org$/ {
$iptables_es_rule = regsubst($elasticsearch_nodes, $logstash_iptables_rule = regsubst($logstash_gearman_clients,
'^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
$iptables_gm_rule = regsubst($logstash_gearman_clients,
'^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT') '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
$logstash_iptables_rule = flatten([$iptables_es_rule, $iptables_gm_rule])
class { 'openstack_project::server': class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 3306], iptables_public_tcp_ports => [22, 80, 3306],
@ -493,14 +490,10 @@ node /^logstash\d*\.openstack\.org$/ {
# Node-OS: trusty # Node-OS: trusty
# Node-OS: xenial # Node-OS: xenial
node /^logstash-worker\d+\.openstack\.org$/ { node /^logstash-worker\d+\.openstack\.org$/ {
$logstash_worker_iptables_rule = regsubst(flatten([$elasticsearch_nodes, $elasticsearch_clients]),
'^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
$group = 'logstash-worker' $group = 'logstash-worker'
class { 'openstack_project::server': class { 'openstack_project::server':
iptables_public_tcp_ports => [22], iptables_public_tcp_ports => [22],
iptables_rules6 => $logstash_worker_iptables_rule,
iptables_rules4 => $logstash_worker_iptables_rule,
sysadmins => hiera('sysadmins', []), sysadmins => hiera('sysadmins', []),
} }