status-im
/
infra-nimbus
mirror of https://github.com/status-im/infra-nimbus.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

logs.nimbus: firewall for ElasticSearch exporter port 

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2022-03-03 11:15:04 +01:00
parent 6488efd4e9
commit 89093c894a
No known key found for this signature in database
GPG Key ID: 09AA5403E54D9931
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ansible/group_vars/logs.nimbus.yml
View File

@ -28,6 +28,7 @@ es_master_nodes: |
es_image: 'elasticsearch:7.14.2'
es_api_port: 9200
es_node_port: 9300
es_exp_cont_port: 9114
# Since Logstash stores 1 index per day this is fine.
# See: https://www.elastic.co/blog/how-many-shards-should-i-have-in-my-elasticsearch-cluster
@ -63,12 +64,12 @@ open_ports_default_chain: 'VPN'
open_ports_list:
- { port: 80, protocol: 'tcp', chain: 'SERVICES' }
- { port: 443, protocol: 'tcp', chain: 'SERVICES' }
- { port: '{{ es_api_port }}', ipset: 'logs.nimbus' }
- { port: '{{ es_api_port }}', ipset: 'dash.nimbus' }
- { port: '{{ es_api_port }}', ipset: 'log-aggr.hq' }
- { port: '{{ es_node_port }}', ipset: 'logs.nimbus' }
- { port: '{{ es_node_port }}', ipset: 'dash.nimbus' }
- { port: '{{ es_metrics_cont_port }}', ipset: 'metrics.hq' }
- { port: '{{ es_api_port }}', ipset: 'logs.nimbus' }
- { port: '{{ es_api_port }}', ipset: 'dash.nimbus' }
- { port: '{{ es_api_port }}', ipset: 'log-aggr.hq' }
- { port: '{{ es_node_port }}', ipset: 'logs.nimbus' }
- { port: '{{ es_node_port }}', ipset: 'dash.nimbus' }
- { port: '{{ es_exp_cont_port }}', ipset: 'metrics.hq' }
# Proxy for ES HQ
nginx_sites:

8
ansible/requirements.yml
View File

@ -16,22 +16,22 @@
- name: infra-role-bootstrap-linux
src: git@github.com:status-im/infra-role-bootstrap-linux.git
version: 63998e7c92ed2db1dc1522e0bd5ca398c5434e5c
version: 0125727cae15f3dacf9e12ff0dcd13d891961463
scm: git
- name: infra-role-bootstrap-windows
src: git@github.com:status-im/infra-role-bootstrap-windows.git
version: 99df39348d557ecb527c53dd2dbc4742eec99d74
version: 4b50db834b9fe628a65202eea1301e44237d47e1
scm: git
- name: infra-role-bootstrap-macos
src: git@github.com:status-im/infra-role-bootstrap-macos.git
version: f2dda03c8a88b5bf7151ef518ed375b185dd67d7
version: 41f4a434b214a1f2dfbdd0c7c81076a77472c0a4
scm: git
- name: infra-role-wireguard
src: git@github.com:status-im/infra-role-wireguard.git
version: 56d92683bda23f75228cc4ac93b5fae47adbabeb
version: 6cc6472e32b6dc53d7d854ab5a34d554451bec15
scm: git
- name: oauth-proxy