Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add custom sigul rule to bodhi backends to prevent iptables messing with long running connections

Browse source
This commit is contained in:
Kevin Fenzi 2016-01-20 23:39:20 +00:00
parent f8cf784ffb
commit 12af7acc4b
2 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
inventory/group_vars/bodhi-backend
View file

@ -29,6 +29,9 @@ tcp_ports: [
3010, 3011, 3012, 3013, 3014,
3015, 3016, 3017, 3018, 3019,
]
# Make connections from signing bridges stateless, they break sigul connections
# https://bugzilla.redhat.com/show_bug.cgi?id=1283364
custom_rules: ['-A INPUT --proto tcp --sport 44334 --source sign-bridge01.phx2.fedoraproject.org -j ACCEPT']
# With 16 cpus, theres a bunch more kernel threads
nrpe_procs_warn: 900

4
inventory/group_vars/bodhi-backend-stg
View file

@ -29,6 +29,10 @@ tcp_ports: [
3015, 3016, 3017, 3018, 3019,
]
# Make connections from signing bridges stateless, they break sigul connections
# https://bugzilla.redhat.com/show_bug.cgi?id=1283364
custom_rules: ['-A INPUT --proto tcp --sport 44334 --source sign-bridge01.phx2.fedoraproject.org -j ACCEPT']
# With 16 cpus, theres a bunch more kernel threads
nrpe_procs_warn: 900
nrpe_procs_crit: 1000