opendev/system-config
Code Issues Proposed changes

Temporarily block port 80 and port 8080 on firehose

Browse Source 
We're able to pretty reliably crash firehose with multiple websocket
connections at once. So to prevent us from DOS ourselves lets block off
the websocket ports for now. We can revert this when we have a remedy
in place.

Change-Id: I909ad4b160a152ae9b909a9e9a1e5d63afa39345
This commit is contained in:
Matthew Treinish 2016-09-27 18:04:23 -04:00
parent e4f95a7e8f
commit c023e89f64
No known key found for this signature in database
GPG Key ID: FD12A0F214C9E177
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
manifests/site.pp
View File

@ -501,7 +501,10 @@ node /^elasticsearch0[1-7]\.openstack\.org$/ {
# Node-OS: xenial # Node-OS: xenial
node /^firehose\d+\.openstack\.org$/ { node /^firehose\d+\.openstack\.org$/ {
class { 'openstack_project::server': class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 25, 80, 1883, 8080, 8883], # NOTE(mtreinish) Port 80 and 8080 are disabled because websocket
# connections seem to crash mosquitto. Once this is fixed we should add
# them back
iptables_public_tcp_ports => [22, 25, 1883, 8883],
sysadmins => hiera('sysadmins', []), sysadmins => hiera('sysadmins', []),
manage_exim => false, manage_exim => false,
} }