Allow staging network to request internal dns (!80) · Merge requests · Platform / Infrastructure / Puppet / puppet-swh-site

Vincent Sellier requested to merge generated-differential-D4693-source into generated-differential-D4693-target Dec 09, 2020

A removal of a too inclusive NAT rule on the firewall now exposes the real ip of the staging servers (they were seen as the gateway). They must be explicitly allowed to request the dns.

Test Plan

octocatalog-diff on pergamon

diff origin/production/pergamon.softwareheritage.org current/pergamon.softwareheritage.org
*******************************************
  Bind::View[private] =>
   parameters =>
     match_clients =>
      - ["192.168.100.0/24", "192.168.101.0/24", "192.168.200.0/21", "127.0.0.0/8", "::1/128"]
      + ["192.168.100.0/24", "192.168.101.0/24", "192.168.130.0/24", "192.168.200.0/21", "127.0.0.0/8", "::1/128"]
*******************************************
  Concat::Fragment[bind-view-private] =>
   parameters =>
     content =>
      @@ -4,4 +4,5 @@
                192.168.100.0/24;
                192.168.101.0/24;
      +         192.168.130.0/24;
                192.168.200.0/21;
                127.0.0.0/8;
*******************************************
  Concat_fragment[bind-view-private] =>
   parameters =>
     content =>
      @@ -4,4 +4,5 @@
                192.168.100.0/24;
                192.168.101.0/24;
      +         192.168.130.0/24;
                192.168.200.0/21;
                127.0.0.0/8;
*******************************************
*** End octocatalog-diff on pergamon.softwareheritage.org

Migrated from D4693 (view on Phabricator)

Silent mode is enabled

Allow staging network to request internal dns

Test Plan

Merge request reports