Allow openshift into db-fas01.phx2

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-09 16:06:44 +02:00 · 2019-05-09 16:06:44 +02:00 · 4b1f1d0581
commit 4b1f1d0581
parent 433270afac
1 changed files with 7 additions and 0 deletions
--- a/inventory/host_vars/db-fas01.phx2.fedoraproject.org
+++ b/inventory/host_vars/db-fas01.phx2.fedoraproject.org
@ -43,6 +43,13 @@ custom_rules: [
    # sundries ??? but this is noc01?
    '-A INPUT -p tcp -m tcp -s 10.5.126.41   --dport 5432 -j ACCEPT',
    '-A INPUT -p tcp -m tcp -s 10.5.126.241   --dport 5432 -j ACCEPT',
+
+    # Openshift nodes (egress policy will block connection from non-authorized projects)
+    '-A INPUT -p tcp -m tcp -s 10.5.126.248   --dport 5432 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.126.164   --dport 5432 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.126.165   --dport 5432 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.126.166   --dport 5432 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.126.167   --dport 5432 -j ACCEPT',
 ]
 #
 # Large updates pushes cause lots of db threads doing the tag moves, so up this from default.