Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Allow -db-fas01.stg from openshift for ipsilon

Browse source 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
Patrick Uiterwijk 2019-05-09 13:19:49 +02:00
parent 3f243e2112
commit 06307a788a
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org
View file

@ -26,12 +26,16 @@ fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran
#
# Only allow postgresql access from the frontend node and ipsilon01.stg and
# fas3-01.stg
# fas3-01.stg and openshift
#
custom_rules:
- '-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.128.137 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.128.82 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.128.104 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.128.105 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.128.106 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.128.107 --dport 5432 -j ACCEPT'
#
# Large updates pushes cause lots of db threads doing the tag moves, so up this from default.