From 4b1f1d0581122773a360c035a52c905d20cecb6f Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Thu, 9 May 2019 16:06:44 +0200
Subject: [PATCH] Allow openshift into db-fas01.phx2

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
 inventory/host_vars/db-fas01.phx2.fedoraproject.org | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/inventory/host_vars/db-fas01.phx2.fedoraproject.org b/inventory/host_vars/db-fas01.phx2.fedoraproject.org
index 14dc0b4dec..e3df19fe75 100644
--- a/inventory/host_vars/db-fas01.phx2.fedoraproject.org
+++ b/inventory/host_vars/db-fas01.phx2.fedoraproject.org
@@ -43,6 +43,13 @@ custom_rules: [
     # sundries ??? but this is noc01?
     '-A INPUT -p tcp -m tcp -s 10.5.126.41   --dport 5432 -j ACCEPT',
     '-A INPUT -p tcp -m tcp -s 10.5.126.241   --dport 5432 -j ACCEPT',
+
+    # Openshift nodes (egress policy will block connection from non-authorized projects)
+    '-A INPUT -p tcp -m tcp -s 10.5.126.248   --dport 5432 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.126.164   --dport 5432 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.126.165   --dport 5432 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.126.166   --dport 5432 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.126.167   --dport 5432 -j ACCEPT',
 ]
 #
 # Large updates pushes cause lots of db threads doing the tag moves, so up this from default.