Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Use IP address for sign bridge IPs in iptables rules

Browse source 
If we use hostnames here, the firewall won't come up on boot since the
firewall is started before name resolution works.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2016-02-21 08:39:28 +00:00
parent 0c956fabaa
commit 4f62f83899
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
inventory/group_vars/bodhi-backend
View file

@ -23,7 +23,7 @@ tcp_ports: [
]
# Make connections from signing bridges stateless, they break sigul connections
# https://bugzilla.redhat.com/show_bug.cgi?id=1283364
custom_rules: ['-A INPUT --proto tcp --sport 44334 --source sign-bridge01.phx2.fedoraproject.org -j ACCEPT']
custom_rules: ['-A INPUT --proto tcp --sport 44334 --source 10.5.125.71 -j ACCEPT']
# With 16 cpus, theres a bunch more kernel threads
nrpe_procs_warn: 900