Skip to content

Remove monit permit access and NATS firewall setup #470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rkoster wants to merge 2 commits into
base: ubuntu-jammy
Choose a base branch
from
Open

Remove monit permit access and NATS firewall setup #470

rkoster wants to merge 2 commits into from
+0 −61

Conversation

@rkoster
Copy link
Contributor

@rkoster rkoster commented Feb 9, 2026

Summary

  • Remove cgroup v1 net_cls-based monit API access control mechanism
  • Remove monit wrapper script, helper functions, and iptables rules
  • Remove permit_monit_access call from agent startup

The monit binary now runs directly without a wrapper. Access control will be managed by the bosh-agent's internal firewall implementation.

This prepares the stemcell builder for the bosh-agent changes that move firewall management into the agent itself.

Related

@rkoster
Remove monit access control wrapper and iptables firewall
9a23dd9 
Remove the cgroup v1 net_cls-based monit API access control mechanism
including the monit wrapper script, helper functions, and iptables rules.

The monit binary now runs directly without a wrapper. Access control
will be managed by the bosh-agent's internal firewall implementation.

Related to cloudfoundry/bosh-agent#399
@rkoster
Remove permit_monit_access call from agent startup
728436b 
Stop sourcing monit-access-helper.sh and calling permit_monit_access
when starting the bosh-agent. The agent will manage its own firewall
access internally instead of using the cgroup-based helper.

This completes the removal of the permit_monit_access functionality
now that pxc-release (the only consumer) no longer uses it.

Related to cloudfoundry/bosh-agent#399
Related to cloudfoundry/pxc-release#97
@rkoster rkoster mentioned this pull request Feb 9, 2026
Open
@github-project-automation github-project-automation bot moved this from Inbox to Pending Merge | Prioritized in Foundational Infrastructure Working Group Feb 9, 2026
@rkoster
Copy link
Contributor Author

rkoster commented Feb 12, 2026

Don't merge before: cloudfoundry/bosh-agent#399

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aramprice aramprice aramprice approved these changes

@mariash mariash mariash approved these changes

@beyhan beyhan Awaiting requested review from beyhan

Assignees

No one assigned

Labels

None yet

Projects

Foundational Infrastructure Working Group
Status: Pending Merge | Prioritized

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rkoster @aramprice @mariash