Merge "Update logstash gearman client firewall rules"
This commit is contained in:
Zuul
Gerrit Code Review
commit
e18299d605
|
|
@ -28,39 +28,39 @@ elasticsearch_clients:
|
|||
- logstash-worker18.openstack.org
|
||||
- logstash-worker19.openstack.org
|
||||
- logstash-worker20.openstack.org
|
||||
logstash_gearman_clients:
|
||||
- logstash-worker01.openstack.org
|
||||
- logstash-worker02.openstack.org
|
||||
- logstash-worker03.openstack.org
|
||||
- logstash-worker04.openstack.org
|
||||
- logstash-worker05.openstack.org
|
||||
- logstash-worker06.openstack.org
|
||||
- logstash-worker07.openstack.org
|
||||
- logstash-worker08.openstack.org
|
||||
- logstash-worker09.openstack.org
|
||||
- logstash-worker10.openstack.org
|
||||
- logstash-worker11.openstack.org
|
||||
- logstash-worker12.openstack.org
|
||||
- logstash-worker13.openstack.org
|
||||
- logstash-worker14.openstack.org
|
||||
- logstash-worker15.openstack.org
|
||||
- logstash-worker16.openstack.org
|
||||
- logstash-worker17.openstack.org
|
||||
- logstash-worker18.openstack.org
|
||||
- logstash-worker19.openstack.org
|
||||
- logstash-worker20.openstack.org
|
||||
- subunit-worker01.openstack.org
|
||||
- subunit-worker02.openstack.org
|
||||
- ze01.openstack.org
|
||||
- ze02.openstack.org
|
||||
- ze03.openstack.org
|
||||
- ze04.openstack.org
|
||||
- ze05.openstack.org
|
||||
- ze06.openstack.org
|
||||
- ze07.openstack.org
|
||||
- ze08.openstack.org
|
||||
- ze09.openstack.org
|
||||
- ze10.openstack.org
|
||||
logstash_iptables_rule_data:
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker01.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker02.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker03.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker04.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker05.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker06.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker07.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker08.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker09.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker10.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker11.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker12.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker13.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker14.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker15.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker16.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker17.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker18.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker19.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'logstash-worker20.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'subunit-worker01.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'subunit-worker02.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'ze01.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'ze02.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'ze03.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'ze04.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'ze05.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'ze06.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'ze07.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'ze08.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'ze09.openstack.org'}
|
||||
- {protocol: 'tcp', port: '4730', hostname: 'ze10.openstack.org'}
|
||||
infra_apache_serveradmin: noc@openstack.org
|
||||
statusbot_channels:
|
||||
- ara
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@
|
|||
#
|
||||
$elasticsearch_nodes = hiera_array('elasticsearch_nodes')
|
||||
$elasticsearch_clients = hiera_array('elasticsearch_clients')
|
||||
$logstash_gearman_clients = hiera_array('logstash_gearman_clients')
|
||||
|
||||
#
|
||||
# Default: should at least behave like an openstack server
|
||||
|
|
@ -463,13 +462,9 @@ node /^wiki-dev\d+\.openstack\.org$/ {
|
|||
# Node-OS: trusty
|
||||
# Node-OS: xenial
|
||||
node /^logstash\d*\.openstack\.org$/ {
|
||||
$logstash_iptables_rule = regsubst($logstash_gearman_clients,
|
||||
'^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 3306],
|
||||
iptables_rules6 => $logstash_iptables_rule,
|
||||
iptables_rules4 => $logstash_iptables_rule,
|
||||
iptables_allowed_hosts => hiera_array('logstash_iptables_rule_data'),
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue