From 5613ca9e80824a7947b80f0e705d36c25c7b7ba7 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Thu, 16 May 2019 16:46:55 +0200
Subject: [PATCH] Revert "os-proxies don't do keepalive anymore"

This reverts commit a2acf4532167cf57fa429fc3cda603e7b7dad7c5.
---
 inventory/group_vars/os-proxies | 12 ++++++++++--
 playbooks/groups/os-proxies.yml |  2 +-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/inventory/group_vars/os-proxies b/inventory/group_vars/os-proxies
index a4b8e7a335..4221d5cdfd 100644
--- a/inventory/group_vars/os-proxies
+++ b/inventory/group_vars/os-proxies
@@ -9,10 +9,18 @@ tcp_ports: [
     # For os routers
     80,
     443,
-    # For haproxy status
-    8080,
     # For ks8 api
     6443,
+    # For haproxy status
+    8080,
     # For machinectl api
     22623,
+    # 9941 is closed generally, is for the inbound fedmsg and is covered in
+    # custom_rules
+]
+
+custom_rules: [
+    # Needed for keepalived
+    '-A INPUT -d 224.0.0.0/8 -j ACCEPT',
+    '-A INPUT -p vrrp -j ACCEPT',
 ]
diff --git a/playbooks/groups/os-proxies.yml b/playbooks/groups/os-proxies.yml
index 96bbe693bf..ca32ce08b0 100644
--- a/playbooks/groups/os-proxies.yml
+++ b/playbooks/groups/os-proxies.yml
@@ -18,12 +18,12 @@
 
   roles:
   - base
-  - basessh
   - fas_client
   - rkhunter
   - nagios_client
   - collectd/base
   - sudo
+  - keepalived
 
   tasks:
   - import_tasks: "{{ tasks_path }}/2fa_client.yml"