if should_restrict then
- ssh4allowed << %w{$DSA_IPS $HOST_NAGIOS_V4 $HOST_MUNIN_V4 $HOST_DB_V4}
- ssh6allowed << %w{$DSA_V6_IPS $HOST_NAGIOS_V6 $HOST_MUNIN_V6 $HOST_DB_V6}
+ # draghi makes for a nice jumphost
+ ssh4allowed << %w{$DSA_IPS $HOST_NAGIOS_V4 $HOST_MUNIN_V4 82.195.75.106}
+ ssh6allowed << %w{$DSA_V6_IPS $HOST_NAGIOS_V6 $HOST_MUNIN_V6 2001:41b8:202:deb:1a1a:0:52c3:4b6a}
if %w{draghi}.include?(@hostname) then
ssh4allowed << '$HOST_DEBIAN_V4'
if scope.function_has_role(['debian_mirror']) or
scope.function_has_role(['security_mirror']) or
+ scope.function_has_role(['ports_mirror']) or
scope.function_has_role(['debug_mirror']) or
scope.function_has_role(['historical_mirror']) or
scope.function_has_role(['syncproxy']) then