Launchpad Mojo Specs

Merge ~cjwatson/launchpad-mojo-specs:codeimport-update-puller-secgroups into launchpad-mojo-specs:master

  1. Git
  2. lp:~cjwatson/launchpad-mojo-specs
  3. codeimport-update-puller-secgroups
  4. Merge into master
Proposed by Colin Watson
Status: Merged
Merged at revision: b7f91903c4369811def303969412342c44d156ed
Proposed branch: ~cjwatson/launchpad-mojo-specs:codeimport-update-puller-secgroups
Merge into: launchpad-mojo-specs:master
Diff against target: 48 lines (+17/-0)
3 files modified
lp-codeimport/configs/custom-secgroups-production.yaml (+3/-0)
lp-codeimport/configs/custom-secgroups-qastaging.yaml (+11/-0)
lp-codeimport/configs/custom-secgroups-staging.yaml (+3/-0)
Reviewer Review Type Date Requested Status
Guruprasad Approve
Review via email: mp+456108@code.launchpad.net

Commit message

codeimport: Update secgroups for new codehosting deployments

To post a comment you must log in.
Revision history for this message
Guruprasad (lgp171188) wrote :

LGTM 👍

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/lp-codeimport/configs/custom-secgroups-production.yaml b/lp-codeimport/configs/custom-secgroups-production.yaml
2index 1a60ee0..796d4d0 100644
3--- a/lp-codeimport/configs/custom-secgroups-production.yaml
4+++ b/lp-codeimport/configs/custom-secgroups-production.yaml
5@@ -28,3 +28,6 @@ rules:
6 # codehost-ps5.lp.internal / bazaar.launchpad.net
7 - {"protocol": "tcp", "family": "IPv4", "port": 22, "cidr": "10.131.66.217/32"}
8 - {"protocol": "tcp", "family": "IPv4", "port": 22, "cidr": "185.125.189.232/32"}
9+ # prod-launchpad@is-bastion-ps5 (firewall rules apply finer-grained
10+ # ACLs)
11+ - {"protocol": "tcp", "family": "IPv4", "port": 22, "cidr": "10.131.215.0/24"}
12diff --git a/lp-codeimport/configs/custom-secgroups-qastaging.yaml b/lp-codeimport/configs/custom-secgroups-qastaging.yaml
13index ad442af..c939bad 100644
14--- a/lp-codeimport/configs/custom-secgroups-qastaging.yaml
15+++ b/lp-codeimport/configs/custom-secgroups-qastaging.yaml
16@@ -7,6 +7,10 @@ applications:
17 type: neutron
18 rules:
19 - rsync-logs
20+ lp-codeimport-storage:
21+ type: neutron
22+ rules:
23+ - puller
24 rules:
25 nagios-monitored:
26 # Allow monitoring from wendigo.
27@@ -18,3 +22,10 @@ rules:
28 # Allow carob and launchpad-bastion-ps5 to fetch logs.
29 - {"protocol": "tcp", "family": "IPv4", "port": 873, "cidr": "91.189.90.14/32"}
30 - {"protocol": "tcp", "family": "IPv4", "port": 873, "cidr": "10.131.10.100/32"}
31+ puller:
32+ # Bazaar imports aren't pushed directly to
33+ # bazaar.qastaging.launchpad.net, but instead pulled from the code
34+ # import storage unit.
35+ # stg-launchpad@launchpad-bastion-ps5 (firewall rules apply
36+ # finer-grained ACLs)
37+ - {"protocol": "tcp", "family": "IPv4", "port": 22, "cidr": "10.132.54.0/24"}
38diff --git a/lp-codeimport/configs/custom-secgroups-staging.yaml b/lp-codeimport/configs/custom-secgroups-staging.yaml
39index a5e149a..17118ea 100644
40--- a/lp-codeimport/configs/custom-secgroups-staging.yaml
41+++ b/lp-codeimport/configs/custom-secgroups-staging.yaml
42@@ -28,3 +28,6 @@ rules:
43 # import storage unit.
44 # tellurium.canonical.com
45 - {"protocol": "tcp", "family": "IPv4", "port": 22, "cidr": "91.189.94.53/32"}
46+ # stg-launchpad@launchpad-bastion-ps5 (firewall rules apply
47+ # finer-grained ACLs)
48+ - {"protocol": "tcp", "family": "IPv4", "port": 22, "cidr": "10.132.54.0/24"}

Subscribers

People subscribed via source and target branches