inventory /group_vars: clean up a bunch of old phx2 networks for iad2

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2022-06-08 10:34:01 -07:00
parent 984fba841c
commit 463439136b
11 changed files with 11 additions and 44 deletions

View file

@ -24,7 +24,7 @@ csi_relationship: |
# For the MOTD
csi_security_category: Low
# Neeed for rsync from log01 for logs.
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:

View file

@ -1,13 +0,0 @@
---
# Define resources for this group of hosts here.
custom_rules: [
# fas01, fas02
'-A INPUT -p tcp -m tcp -s 10.5.126.25 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.26 --dport 80 -j ACCEPT',
# wiki01, wiki02
'-A INPUT -p tcp -m tcp -s 10.5.126.63 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.73 --dport 80 -j ACCEPT',
# os-node*
'-A INPUT -p tcp -m tcp -s 10.5.126.248 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.164 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.165 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.166 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.167 --dport 80 -j ACCEPT']
lvm_size: 30000
mem_size: 4096
num_cpus: 2
primary_auth_source: ipa

View file

@ -1,12 +0,0 @@
---
# Define resources for this group of hosts here.
custom_rules: [
# fas01.stg
'-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 80 -j ACCEPT',
# wiki01.stg
'-A INPUT -p tcp -m tcp -s 10.5.128.188 --dport 80 -j ACCEPT',
# os-node*.stg
'-A INPUT -p tcp -m tcp -s 10.5.128.104 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.105 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.106 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.107 --dport 80 -j ACCEPT']
lvm_size: 20000
mem_size: 4096
num_cpus: 2

View file

@ -16,8 +16,6 @@ ipa_client_sudo_groups:
- sysadmin-releng
ipa_host_group: bodhi
ipa_host_group_desc: Bodhi update service
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
lvm_size: 100000
mem_size: 16384
## XXX -- note that the fedmsg_certs declaration does not happen here, but

View file

@ -1,7 +1,7 @@
---
# Define resources for this group of hosts here.
# Neeed for rsync from log01 for logs.
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
deployment_type: stg
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:

View file

@ -13,7 +13,7 @@ csi_relationship: |
# For the MOTD
csi_security_category: Moderate
# Neeed for rsync from log01 for logs.
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:

View file

@ -15,7 +15,7 @@ csi_relationship: |
# For the MOTD
csi_security_category: Low
# Neeed for rsync from log01 for logs.
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
datacenter: iad2
# These people get told when something goes wrong.
fedmsg_error_recipients:

View file

@ -13,7 +13,7 @@ csi_relationship: |
# For the MOTD
csi_security_category: Low
# Neeed for rsync from log01 for logs.
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
# Set this to True for the F28 release and onwards.
freezes: false
lvm_size: 20000

View file

@ -1,7 +1,7 @@
---
# Define resources for this group of hosts here.
# Neeed for rsync from log01 for logs.
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:

View file

@ -12,21 +12,15 @@ csi_relationship: |
csi_security_category: Moderate
custom_rules: [
# Need for rsync from log01 for logs.
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
# allow varnish from localhost
'-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6082 -j ACCEPT',
# also allow varnish from internal for purge requests
'-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 6081 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.0/24 --dport 6081 -j ACCEPT',
# Allow stg.fedoramagazine.org running at vultr.com to talk inbound fedmsg
# Contact cydrobolt about the status of this. It hasn't hit prod status
# yet as of 2015-04-27 (threebean).
'-A INPUT -p tcp -m tcp --dport 9941 -s 104.207.133.220 -j ACCEPT',
# Allow resultsdb talk to the inbound fedmsg relay.
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.147 -j ACCEPT',
# Allow openqa to talk to the inbound fedmsg relay.
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.72 -j ACCEPT',
# Allow happinesspackets-stg.fedorainfracloud.org to talk to the inbound fedmsg relay
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.123 -j ACCEPT',
'-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.115 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.116 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.117 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.118 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.119 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.120 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.121 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.122 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.123 -j ACCEPT']
ipa_client_shell_groups:
- fi-apprentice

View file

@ -12,11 +12,11 @@ csi_relationship: |
csi_security_category: Moderate
custom_rules: [
# Neeed for rsync from log01 for logs.
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
# Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here
'-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.38 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT',
# batcave01 also needs access to announce commits.
'-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 5050 -j ACCEPT']
'-A INPUT -p tcp -m tcp -s 10.3.163.35 --dport 5050 -j ACCEPT']
deployment_type: stg
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs: