diff --git a/inventory/group_vars/repospanner b/inventory/group_vars/repospanner index efdbc1f980..8b8bc9aee1 100644 --- a/inventory/group_vars/repospanner +++ b/inventory/group_vars/repospanner @@ -10,4 +10,14 @@ csi_security_category: High csi_primary_contact: admin@fedoraproject.org / sysadmin-main-members csi_purpose: repospanner git syncing host -tcp_ports: [ 8443, 8444] +custom_rules: [ '-A INPUT -p tcp -m tcp -s 8.43.84.211 --dport 8443:8445 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 8.43.84.212 --dport 8443:8445 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 8.43.85.76 --dport 8443:8445 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 140.211.169.210 --dport 8443:8445 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 209.132.181.20 --dport 8443:8445 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.180 --dport 8443:8445 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.184 --dport 8443:8445 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.185 --dport 8443:8445 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 8443:8445 -j ACCEPT'] + +## End of file diff --git a/playbooks/groups/repospanner.yml b/playbooks/groups/repospanner.yml index 10e5c4623b..6d1fac2660 100644 --- a/playbooks/groups/repospanner.yml +++ b/playbooks/groups/repospanner.yml @@ -21,6 +21,9 @@ - collectd/base - sudo - openvpn/client +## +## The ansible region is an attempt to share certain zones in batcave +## with pagure. - { role: repospanner/server, node: repospanner01, region: ansible, @@ -46,10 +49,13 @@ when: inventory_hostname == 'repospanner-osuosl01.phx2.fedoraproject.org' } +## The RPMs region is used to sync up pkgs from Fedora and CentOS. The +## CentOS nodes are the spawn leaders for this as they are getting data +## first. - { role: repospanner/server, node: fedora01, region: rpms, - spawn_repospanner_node: true, + spawn_repospanner_node: false, rpc_port: 8444, http_port: 8445, when: inventory_hostname == 'repospanner-cc-rdu01.phx2.fedoraproject.org'