copr-keygen-aws: better protect against typos

2020-02-22 12:47:12 +01:00 · 2020-02-22 12:47:12 +01:00 · 595c8803fd
commit 595c8803fd
parent 47560e8426
4 changed files with 12 additions and 15 deletions
--- a/inventory/group_vars/copr_keygen_aws
+++ b/inventory/group_vars/copr_keygen_aws
@ -1,11 +1,13 @@
 ---
+copr_hostbase: copr-keygen
+
 tcp_ports: [22]

 # http + signd dest ports
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 34.227.76.72 --dport   80 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 34.227.76.72 --dport 5167 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 172.30.2.166 --dport   80 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 172.30.2.166 --dport 5167 -j ACCEPT']
+custom_rules: [ '-A INPUT -p tcp -m tcp -s {{ backend_ips[0] }} --dport   80 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s {{ backend_ips[0] }} --dport 5167 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s {{ backend_ips[1] }} --dport   80 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s {{ backend_ips[1] }} --dport 5167 -j ACCEPT']

 datacenter: aws

--- a/inventory/group_vars/copr_keygen_dev_aws
+++ b/inventory/group_vars/copr_keygen_dev_aws
@ -1,12 +1,13 @@
 ---
 copr_hostbase: copr-keygen-dev
-tcp_ports: []
+
+tcp_ports: [22]

 # http + signd dest ports
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 54.174.143.212  --dport   80 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 54.174.143.212  --dport 5167 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 172.30.2.128    --dport   80 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 172.30.2.128    --dport 5167 -j ACCEPT']
+custom_rules: [ '-A INPUT -p tcp -m tcp -s {{ backend_ips[0] }} --dport   80 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s {{ backend_ips[0] }} --dport 5167 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s {{ backend_ips[1] }} --dport   80 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s {{ backend_ips[1] }} --dport 5167 -j ACCEPT']

 datacenter: aws

--- a/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org
+++ b/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org
@ -17,9 +17,6 @@ root_auth_users: msuchy frostyx dturecek praiskup schlupov thrnciar
 #volumes: [ {volume_id: '9e2b4c55-9ec3-4508-af46-a40f3a5bd982', device: '/dev/vdc'} ]
 description: copr key gen and sign host - dev instance

-# Copr vars
-copr_hostbase: copr-keygen-dev
-
 nagios_Check_Services:
  mail: false
  nrpe: false
--- a/inventory/host_vars/copr-keygen.aws.fedoraproject.org
+++ b/inventory/host_vars/copr-keygen.aws.fedoraproject.org
@ -16,9 +16,6 @@ public_ip: 52.202.64.55
 root_auth_users: msuchy frostyx dturecek praiskup schlupov thrnciar
 description: copr key gen and sign host - prod instance

-# Copr vars
-copr_hostbase: copr-keygen
-
 nagios_Check_Services:
  mail: false
  nrpe: false