From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 1 Oct 2019 13:24:17 +0000 (+0200)
Subject: retire manual firewalling on bmdb1 for dak replica access
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-puppet.git;a=commitdiff_plain;h=47df1304ad8067cd1a220f80c910b61097f3a3e7

retire manual firewalling on bmdb1 for dak replica access
---

diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index 50fe60741..49c7baacf 100644
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -53,27 +53,6 @@ class ferm::per_host {
     default: {}
   }
 
-  # postgres stuff
-  case $::hostname {
-    bmdb1: {
-      ferm::rule { 'dsa-postgres-dak':
-        description => 'Allow postgress access to cluster: dak',
-        domain      => '(ip ip6)',
-        rule        => @("EOF"/$)
-          &SERVICE_RANGE(tcp, 5434, (
-            ${ join(getfromhash($deprecated::allnodeinfo, 'coccia.debian.org', 'ipHostNumber'), " ") }
-            ${ join(getfromhash($deprecated::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") }
-            ${ join(getfromhash($deprecated::allnodeinfo, 'nono.debian.org', 'ipHostNumber'), " ") }
-            ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
-            ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
-            ${ join(getfromhash($deprecated::allnodeinfo, 'usper.debian.org', 'ipHostNumber'), " ") }
-            ${ join(getfromhash($deprecated::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
-          ))
-          | EOF
-      }
-    }
-    default: {}
-  }
   # vpn fu
   case $::hostname {
     draghi: {