inventory /group_vars: clean up a bunch of old phx2 networks for iad2
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
parent
984fba841c
commit
463439136b
11 changed files with 11 additions and 44 deletions
|
@ -24,7 +24,7 @@ csi_relationship: |
|
|||
# For the MOTD
|
||||
csi_security_category: Low
|
||||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
|
||||
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
- can_send:
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
# Define resources for this group of hosts here.
|
||||
custom_rules: [
|
||||
# fas01, fas02
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.126.25 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.26 --dport 80 -j ACCEPT',
|
||||
# wiki01, wiki02
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.126.63 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.73 --dport 80 -j ACCEPT',
|
||||
# os-node*
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.126.248 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.164 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.165 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.166 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.167 --dport 80 -j ACCEPT']
|
||||
lvm_size: 30000
|
||||
mem_size: 4096
|
||||
num_cpus: 2
|
||||
primary_auth_source: ipa
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
# Define resources for this group of hosts here.
|
||||
custom_rules: [
|
||||
# fas01.stg
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 80 -j ACCEPT',
|
||||
# wiki01.stg
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.128.188 --dport 80 -j ACCEPT',
|
||||
# os-node*.stg
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.128.104 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.105 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.106 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.107 --dport 80 -j ACCEPT']
|
||||
lvm_size: 20000
|
||||
mem_size: 4096
|
||||
num_cpus: 2
|
|
@ -16,8 +16,6 @@ ipa_client_sudo_groups:
|
|||
- sysadmin-releng
|
||||
ipa_host_group: bodhi
|
||||
ipa_host_group_desc: Bodhi update service
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
lvm_size: 100000
|
||||
mem_size: 16384
|
||||
## XXX -- note that the fedmsg_certs declaration does not happen here, but
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
# Define resources for this group of hosts here.
|
||||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
|
||||
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
|
||||
deployment_type: stg
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
|
|
|
@ -13,7 +13,7 @@ csi_relationship: |
|
|||
# For the MOTD
|
||||
csi_security_category: Moderate
|
||||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
|
||||
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
- can_send:
|
||||
|
|
|
@ -15,7 +15,7 @@ csi_relationship: |
|
|||
# For the MOTD
|
||||
csi_security_category: Low
|
||||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
|
||||
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
|
||||
datacenter: iad2
|
||||
# These people get told when something goes wrong.
|
||||
fedmsg_error_recipients:
|
||||
|
|
|
@ -13,7 +13,7 @@ csi_relationship: |
|
|||
# For the MOTD
|
||||
csi_security_category: Low
|
||||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
|
||||
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
|
||||
# Set this to True for the F28 release and onwards.
|
||||
freezes: false
|
||||
lvm_size: 20000
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
# Define resources for this group of hosts here.
|
||||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
|
||||
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
- can_send:
|
||||
|
|
|
@ -12,21 +12,15 @@ csi_relationship: |
|
|||
csi_security_category: Moderate
|
||||
custom_rules: [
|
||||
# Need for rsync from log01 for logs.
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
|
||||
# allow varnish from localhost
|
||||
'-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6082 -j ACCEPT',
|
||||
# also allow varnish from internal for purge requests
|
||||
'-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 6081 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.0/24 --dport 6081 -j ACCEPT',
|
||||
# Allow stg.fedoramagazine.org running at vultr.com to talk inbound fedmsg
|
||||
# Contact cydrobolt about the status of this. It hasn't hit prod status
|
||||
# yet as of 2015-04-27 (threebean).
|
||||
'-A INPUT -p tcp -m tcp --dport 9941 -s 104.207.133.220 -j ACCEPT',
|
||||
# Allow resultsdb talk to the inbound fedmsg relay.
|
||||
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.147 -j ACCEPT',
|
||||
# Allow openqa to talk to the inbound fedmsg relay.
|
||||
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.72 -j ACCEPT',
|
||||
# Allow happinesspackets-stg.fedorainfracloud.org to talk to the inbound fedmsg relay
|
||||
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.123 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.115 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.116 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.117 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.118 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.119 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.120 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.121 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.122 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.123 -j ACCEPT']
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
|
|
|
@ -12,11 +12,11 @@ csi_relationship: |
|
|||
csi_security_category: Moderate
|
||||
custom_rules: [
|
||||
# Neeed for rsync from log01 for logs.
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
|
||||
# Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here
|
||||
'-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.38 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT',
|
||||
# batcave01 also needs access to announce commits.
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 5050 -j ACCEPT']
|
||||
'-A INPUT -p tcp -m tcp -s 10.3.163.35 --dport 5050 -j ACCEPT']
|
||||
deployment_type: stg
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue