Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

iptables / nagios_client/server: clean up more phx2 ips for iad2

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2020-06-30 14:51:07 -07:00
parent 79efdbc2ca
commit 5a7245bf26
7 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

2
inventory/group_vars/value_stg
View file

@ -19,7 +19,7 @@ custom_rules: [
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
# Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here
'-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.5.128.38 --dport 5050 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT',
# batcave01 also needs access to announce commits.

2
roles/base/templates/iptables/iptables.osuosl
View file

@ -33,7 +33,7 @@
# FIXME - this is the global nat-ip and we need the noc01-specific ip
-A INPUT -p tcp -m tcp --dport 5666 -s 38.145.60.16 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 38.145.60.15 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.3.163.10 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT
# if the host/group defines incoming tcp_ports - allow them

2
roles/base/templates/iptables/iptables.staging
View file

@ -44,7 +44,7 @@ COMMIT
# FIXME - this is the global nat-ip and we need the noc01-specific ip
-A INPUT -p tcp -m tcp --dport 5666 -s 38.145.60.16 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 38.145.60.15 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.3.163.10 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.128.38 -j ACCEPT

2
roles/base/templates/iptables/iptables.torrent02.fedoraproject.org
View file

@ -30,7 +30,7 @@
# FIXME - this is the global nat-ip and we need the noc01-specific ip
-A INPUT -p tcp -m tcp --dport 5666 -s 38.145.60.16 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 38.145.60.15 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.3.163.10 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT
{% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging_friendly'] %}

4
roles/nagios_client/templates/nrpe.cfg.j2
View file

@ -80,9 +80,9 @@ nrpe_group=nrpe
{% if env == "staging" %}
allowed_hosts=10.5.126.2,10.5.126.41,10.5.126.241,192.168.1.10,192.168.1.20,209.132.181.35,192.168.1.166,209.132.181.102
allowed_hosts=10.5.126.2,10.3.163.10,10.5.126.241,192.168.1.10,192.168.1.20,38.145.60.15,192.168.1.166,38.145.60.16
{% else %}
allowed_hosts=10.5.126.41,192.168.1.10,192.168.1.20,209.132.181.35,10.5.126.241,192.168.1.166,209.132.181.102
allowed_hosts=10.3.163.10,192.168.1.10,192.168.1.20,38.145.60.15,10.5.126.241,192.168.1.166,38.145.60.16
{% endif %}

2
roles/nagios_server/templates/httpd/nagios.conf.j2
View file

@ -42,7 +42,7 @@ Alias /robots.txt /var/www/robots.txt
{% if vars['nagios_location'] == 'external' %}
Require ip 2610:28:3090:3001:dead:beef:cafe:fed9
{% else %}
Require ip 10.5.126.41
Require ip 10.3.163.10
{% endif %}
Require ip 127.0.0.1
Require ip ::1

2
roles/nagios_server/templates/nrpe/nrpe.cfg.j2
View file

@ -96,7 +96,7 @@ nrpe_group=nrpe
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
#allowed_hosts=127.0.0.1,192.168.0.2
allowed_hosts=10.5.126.2,10.5.126.41,10.5.126.241,127.0.0.1,192.168.1.10,192.168.1.20,192.168.1.166,209.132.181.35
allowed_hosts=10.5.126.2,10.3.163.10,10.5.126.241,127.0.0.1,192.168.1.10,192.168.1.20,192.168.1.166,38.145.60.15