From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 19 Jul 2019 10:06:13 +0000 (+0200)
Subject: Allow DC19 access to the PG on vittoria, re: RT#7845
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=97d3bb4262e808c728c0a19dcbbad3a12c0748e5;p=mirror%2Fdsa-puppet.git

Allow DC19 access to the PG on vittoria, re: RT#7845
---

diff --git a/modules/roles/manifests/veyepar.pp b/modules/roles/manifests/veyepar.pp
index a60247551..4f8aa2198 100644
--- a/modules/roles/manifests/veyepar.pp
+++ b/modules/roles/manifests/veyepar.pp
@@ -1,3 +1,16 @@
 class roles::veyepar {
 	ssl::service { 'veyepar.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+
+	$now = Timestamp()
+	$date = $now.strftime('%F')
+
+	if versioncmp($date, '2019-08-15') <= 0 {
+		@ferm::rule { 'temporary-dc19-access':
+			description     => 'temporarily allow DC19 access, cf. RT#7845',
+			rule            => '&SERVICE_RANGE(tcp, 5432, ( 200.134.17.48/28 ))',
+		}
+	} else {
+		notify {"Temporary DC19 ferm rule expired, cf. RT#7845":
+			loglevel => warning, }
+	}
 }