Temporarily block port 80 and port 8080 on firehose

We're able to pretty reliably crash firehose with multiple websocket connections at once. So to prevent us from DOS ourselves lets block off the websocket ports for now. We can revert this when we have a remedy in place. Change-Id: I909ad4b160a152ae9b909a9e9a1e5d63afa39345
2016-09-27 18:04:23 -04:00 · 2016-09-27 18:04:23 -04:00 · c023e89f64
commit c023e89f64
parent e4f95a7e8f
1 changed files with 4 additions and 1 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -501,7 +501,10 @@ node /^elasticsearch0[1-7]\.openstack\.org$/ {
 # Node-OS: xenial
 node /^firehose\d+\.openstack\.org$/ {
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [22, 25, 80, 1883, 8080, 8883],
+    # NOTE(mtreinish) Port 80 and 8080 are disabled because websocket
+    # connections seem to crash mosquitto. Once this is fixed we should add
+    # them back
+    iptables_public_tcp_ports => [22, 25, 1883, 8883],
    sysadmins                 => hiera('sysadmins', []),
    manage_exim               => false,
  }