projects / mirror / dsa-puppet.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9fe2655) | patch
One of the last changes broke dbmaster role based ferm rules
authorPeter Palfrader <peter@palfrader.org>
Sun, 15 Sep 2019 13:11:28 +0000 (15:11 +0200)
committerPeter Palfrader <peter@palfrader.org>
Sun, 15 Sep 2019 13:11:32 +0000 (15:11 +0200)
commit0ef1653e16e2302442e4eae47cd22a2f9954facb
tree82e477453e8ffd9cac2679dea518135dbe972cf3tree | snapshot
parent9fe2655faaa89deb0815a58141936e1c22424709commit | diff
One of the last changes broke dbmaster role based ferm rules

In particular, we allowed HOST_DB ssh to all our hosts.  That does not
make semantic sense, since the db host does not need to ssh to all the
other hosts (the reverse is true).

However, since draghi makes for a useful fallback jumphost, we now
explictly allow it.  We need to figure something out for the other role
based ferm rules.
modules/ferm/templates/defs.conf.erb diff | blob | history
modules/ferm/templates/me.conf.erb diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.