From 89093c894a2a3d36b4c77862f8db522f1d174446 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= <jakub@status.im>
Date: Thu, 3 Mar 2022 11:15:04 +0100
Subject: [PATCH] logs.nimbus: firewall for ElasticSearch exporter port
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Sokołowski <jakub@status.im>
---
 ansible/group_vars/logs.nimbus.yml | 13 +++++++------
 ansible/requirements.yml           |  8 ++++----
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/ansible/group_vars/logs.nimbus.yml b/ansible/group_vars/logs.nimbus.yml
index 7f31004..347c184 100644
--- a/ansible/group_vars/logs.nimbus.yml
+++ b/ansible/group_vars/logs.nimbus.yml
@@ -28,6 +28,7 @@ es_master_nodes: |
 es_image: 'elasticsearch:7.14.2'
 es_api_port: 9200
 es_node_port: 9300
+es_exp_cont_port: 9114
 
 # Since Logstash stores 1 index per day this is fine.
 # See: https://www.elastic.co/blog/how-many-shards-should-i-have-in-my-elasticsearch-cluster
@@ -63,12 +64,12 @@ open_ports_default_chain: 'VPN'
 open_ports_list:
   - { port: 80,  protocol: 'tcp', chain: 'SERVICES' }
   - { port: 443, protocol: 'tcp', chain: 'SERVICES' }
-  - { port: '{{ es_api_port }}',          ipset: 'logs.nimbus' }
-  - { port: '{{ es_api_port  }}',         ipset: 'dash.nimbus' }
-  - { port: '{{ es_api_port  }}',         ipset: 'log-aggr.hq' }
-  - { port: '{{ es_node_port }}',         ipset: 'logs.nimbus' }
-  - { port: '{{ es_node_port }}',         ipset: 'dash.nimbus' }
-  - { port: '{{ es_metrics_cont_port }}', ipset: 'metrics.hq' }
+  - { port: '{{ es_api_port }}',      ipset: 'logs.nimbus' }
+  - { port: '{{ es_api_port  }}',     ipset: 'dash.nimbus' }
+  - { port: '{{ es_api_port  }}',     ipset: 'log-aggr.hq' }
+  - { port: '{{ es_node_port }}',     ipset: 'logs.nimbus' }
+  - { port: '{{ es_node_port }}',     ipset: 'dash.nimbus' }
+  - { port: '{{ es_exp_cont_port }}', ipset: 'metrics.hq' }
 
 # Proxy for ES HQ
 nginx_sites:
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
index b49d92c..529884e 100644
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -16,22 +16,22 @@
 
 - name: infra-role-bootstrap-linux
   src: git@github.com:status-im/infra-role-bootstrap-linux.git
-  version: 63998e7c92ed2db1dc1522e0bd5ca398c5434e5c
+  version: 0125727cae15f3dacf9e12ff0dcd13d891961463
   scm: git
 
 - name: infra-role-bootstrap-windows
   src: git@github.com:status-im/infra-role-bootstrap-windows.git
-  version: 99df39348d557ecb527c53dd2dbc4742eec99d74
+  version: 4b50db834b9fe628a65202eea1301e44237d47e1
   scm: git
 
 - name: infra-role-bootstrap-macos
   src: git@github.com:status-im/infra-role-bootstrap-macos.git
-  version: f2dda03c8a88b5bf7151ef518ed375b185dd67d7
+  version: 41f4a434b214a1f2dfbdd0c7c81076a77472c0a4
   scm: git
 
 - name: infra-role-wireguard
   src: git@github.com:status-im/infra-role-wireguard.git
-  version: 56d92683bda23f75228cc4ac93b5fae47adbabeb
+  version: 6cc6472e32b6dc53d7d854ab5a34d554451bec15
   scm: git
 
 - name: oauth-proxy