From 3c981269ffd0796930572f38b2358b13c8243d6b Mon Sep 17 00:00:00 2001
From: Sam Thursfield <sam.thursfield@codethink.co.uk>
Date: Thu, 13 Jul 2017 16:51:15 +0100
Subject: firewall.yml: Open morph-cache-server port on git-server security
 group

This is used by YBD for resolving remote Git commit SHA1s to tree SHA1s.
Previously the port was opened by the shared-artifact-cache security
group, but it no longer is.
---
 firewall.yaml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'firewall.yaml')

diff --git a/firewall.yaml b/firewall.yaml
index c468755b..5b5b7166 100644
--- a/firewall.yaml
+++ b/firewall.yaml
@@ -173,7 +173,7 @@
     - name: git-server security group
       os_security_group:
         name: git-server
-        description: Allow inbound SSH, HTTP, HTTPS and Git.
+        description: Allow inbound SSH, HTTP, HTTPS, Git, and morph-cache-server requests.
         state: present
 
     - name: git-server security group -- allow incoming TCP on port 22 for Git-over-SSH
@@ -206,6 +206,16 @@
         protocol: tcp
         remote_ip_prefix: 0.0.0.0/0
 
+    - name: git-server security group -- allow incoming TCP on port 8080 for morph-cache-server protocol
+      os_security_group_rule:
+        security_group: git-server
+        direction: ingress
+        port_range_min: 8080
+        port_range_max: 8080
+        ethertype: IPv4
+        protocol: tcp
+        remote_ip_prefix: 0.0.0.0/0
+
     - name: git-server security group -- allow incoming TCP on port 9418 for git protocol
       os_security_group_rule:
         security_group: git-server
-- 
cgit v1.2.1