From 3667001df1cd38ed4ad9b0e897728efc1d648f97 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 25 Nov 2013 18:48:47 +0000
Subject: [PATCH] Update base playbook to not set rootpw on releng and add
 accel stuff in iptables for releng.

---
 roles/base/tasks/main.yml                     | 2 +-
 roles/base/templates/iptables/iptables.releng | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index f8fe543713..6f6e8844bb 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -30,7 +30,7 @@
   user: name=root password={{ rootpw }} state=present
   tags:
   - rootpw
-  when: not inventory_hostname.startswith('build')
+  when: not inventory_hostname.startswith('build') or not inventory_hostname.startswith('releng')
 
 - name: add ansible root key 
   authorized_key: user=root key="{{ item }}"
diff --git a/roles/base/templates/iptables/iptables.releng b/roles/base/templates/iptables/iptables.releng
index 7048429360..b835d15c56 100644
--- a/roles/base/templates/iptables/iptables.releng
+++ b/roles/base/templates/iptables/iptables.releng
@@ -42,6 +42,10 @@ COMMIT
 -A INPUT -p tcp -m tcp -s 192.168.100.0/24 --dport 22 -j REJECT --reject-with tcp-reset
 -A INPUT -p tcp -m tcp  --dport 22 -j ACCEPT 
 
+# for fireball mode - allow port 5099 from lockbox and it's ips
+-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.126.23 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.127.51 -j ACCEPT
+
 # Allow all netapp traffic
 -A INPUT -p udp -m udp -s 10.5.88.36 -j ACCEPT
 -A INPUT -p tcp -m tcp -s 10.5.88.36 -j ACCEPT