[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #33143 [Internal Services/Tor Sysadmin Team]: ferm: convert BASE_SSH_ALLOWED rules into puppet exported rules

To: undisclosed-recipients: ;
Subject: [tor-bugs] #33143 [Internal Services/Tor Sysadmin Team]: ferm: convert BASE_SSH_ALLOWED rules into puppet exported rules
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 03 Feb 2020 20:11:31 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 03 Feb 2020 15:11:40 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#33143: ferm: convert BASE_SSH_ALLOWED rules into puppet exported rules
-------------------------------------------------+-------------------------
     Reporter:  anarcat                          |      Owner:  tpa
         Type:  task                             |     Status:  new
     Priority:  Medium                           |  Milestone:
    Component:  Internal Services/Tor Sysadmin   |    Version:
  Team                                           |   Keywords:  tpa-
     Severity:  Normal                           |  roadmap-february
Actual Points:                                   |  Parent ID:  #31239
       Points:                                   |   Reviewer:
      Sponsor:                                   |
-------------------------------------------------+-------------------------
 right now a new node technically doesn't get the "jumphost" functionality
 ("has SSH access everywhere else") out of the box. for that to work, the
 network the box is on needs to be added to `tor-
 puppet/modules/ferm/templates/defs.conf.erb` by hand. this is okay-ish for
 instances of IP ranges that already exist, but is a pain for new (say)
 ganeti nodes themselves which are usually not in those ranges (as opposed
 to their instances, using the vswitch range).

 so those magic IP addresses should be turned into exported resources that
 follow our policy. maybe that exported resource should be part of a
 "jumphost" class that get included where we want, or just everywhere, but
 in any case, it should be moved into puppet to make installs more
 consistent and faster.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33143>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #33143 [Internal Services/Tor Sysadmin Team]: ferm: convert BASE_SSH_ALLOWED rules into puppet exported rules
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #33143 [Internal Services/Tor Sysadmin Team]: ferm: convert BASE_SSH_ALLOWED rules into puppet exported rules
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #33177 [Applications/Tor Browser]: Build of tbb-9.0.5-build1 fails for Android
Next by Author: Re: [tor-bugs] #31069 [Webpages/Support]: Create onion auth entry in support.torproject.org
Previous by thread: Re: [tor-bugs] #33114 [Applications/Orbot]: Crash after update to 16.1.4-BETA-1-tor-0.4.2.5-rc (from f-droid)
Next by thread: Re: [tor-bugs] #33143 [Internal Services/Tor Sysadmin Team]: ferm: convert BASE_SSH_ALLOWED rules into puppet exported rules
Index(es):
- Author
- Thread