Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

went looking for 10.5.12 firewall entries in case firewall blockage on mbs. These are different ones.

Browse source
This commit is contained in:
Stephen Smoogen 2020-07-22 11:07:46 -04:00
parent 74a4ea6a4b
commit 39cdb85c09
2 changed files with 3 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

13
inventory/group_vars/proxies
View file

@ -51,20 +51,13 @@ custom_rules: [
# also allow varnish from internal for purge requests
'-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 6081 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.3.163.0/24 --dport 6081 -j ACCEPT',
# Allow happinesspackets.fedorainfracloud.org to talk to inbound fedmsg relay.
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.58 -j ACCEPT',
# Allow retrace/faf to talk to the inbound fedmsg relay.
# retrace01.qa.fedoraproject.org
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.171 -j ACCEPT',
# retrace02.qa.fedoraproject.org
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.172 -j ACCEPT',
# Allow resultsdb talk to the inbound fedmsg relay.
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.207 -j ACCEPT',
# Allow openqa01 to talk to the inbound fedmsg relay.
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.71 -j ACCEPT',
# Allow openqa01 to talk to the inbound fedmsg relay.
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.3.174.0/24 -j ACCEPT',
# For Zanata
# See files/httpd/website_id_fp_o_zanata.conf for info

4
inventory/group_vars/rabbitmq
View file

@ -24,13 +24,9 @@ tcp_ports: [
custom_rules: [
# Neeed for rsync from log01 for logs.
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
# Inter-node traffic
'-A INPUT -p tcp -m tcp -s 10.5.126.74 --dport 25672 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.5.126.75 --dport 25672 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.5.126.76 --dport 25672 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.3.163.78 --dport 25672 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.3.163.79 --dport 25672 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.3.163.80 --dport 25672 -j ACCEPT',