diff --git a/inventory/group_vars/value_stg b/inventory/group_vars/value_stg index e0f1d76c35..57753046aa 100644 --- a/inventory/group_vars/value_stg +++ b/inventory/group_vars/value_stg @@ -19,7 +19,7 @@ custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', # Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here - '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.128.38 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT', # batcave01 also needs access to announce commits. diff --git a/roles/base/templates/iptables/iptables.osuosl b/roles/base/templates/iptables/iptables.osuosl index 460da51356..217426081d 100644 --- a/roles/base/templates/iptables/iptables.osuosl +++ b/roles/base/templates/iptables/iptables.osuosl @@ -33,7 +33,7 @@ # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 38.145.60.16 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 38.145.60.15 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.3.163.10 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT # if the host/group defines incoming tcp_ports - allow them diff --git a/roles/base/templates/iptables/iptables.staging b/roles/base/templates/iptables/iptables.staging index 4ed85ae762..1410f826ad 100644 --- a/roles/base/templates/iptables/iptables.staging +++ b/roles/base/templates/iptables/iptables.staging @@ -44,7 +44,7 @@ COMMIT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 38.145.60.16 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 38.145.60.15 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.3.163.10 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.128.38 -j ACCEPT diff --git a/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org b/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org index 60dcbd3e29..08bb60b922 100644 --- a/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org @@ -30,7 +30,7 @@ # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 38.145.60.16 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 38.145.60.15 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.3.163.10 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging_friendly'] %} diff --git a/roles/nagios_client/templates/nrpe.cfg.j2 b/roles/nagios_client/templates/nrpe.cfg.j2 index 102f5290f7..c9275cab1a 100644 --- a/roles/nagios_client/templates/nrpe.cfg.j2 +++ b/roles/nagios_client/templates/nrpe.cfg.j2 @@ -80,9 +80,9 @@ nrpe_group=nrpe {% if env == "staging" %} -allowed_hosts=10.5.126.2,10.5.126.41,10.5.126.241,192.168.1.10,192.168.1.20,209.132.181.35,192.168.1.166,209.132.181.102 +allowed_hosts=10.5.126.2,10.3.163.10,10.5.126.241,192.168.1.10,192.168.1.20,38.145.60.15,192.168.1.166,38.145.60.16 {% else %} -allowed_hosts=10.5.126.41,192.168.1.10,192.168.1.20,209.132.181.35,10.5.126.241,192.168.1.166,209.132.181.102 +allowed_hosts=10.3.163.10,192.168.1.10,192.168.1.20,38.145.60.15,10.5.126.241,192.168.1.166,38.145.60.16 {% endif %} diff --git a/roles/nagios_server/templates/httpd/nagios.conf.j2 b/roles/nagios_server/templates/httpd/nagios.conf.j2 index 08735c6bbf..610fe915d8 100644 --- a/roles/nagios_server/templates/httpd/nagios.conf.j2 +++ b/roles/nagios_server/templates/httpd/nagios.conf.j2 @@ -42,7 +42,7 @@ Alias /robots.txt /var/www/robots.txt {% if vars['nagios_location'] == 'external' %} Require ip 2610:28:3090:3001:dead:beef:cafe:fed9 {% else %} - Require ip 10.5.126.41 + Require ip 10.3.163.10 {% endif %} Require ip 127.0.0.1 Require ip ::1 diff --git a/roles/nagios_server/templates/nrpe/nrpe.cfg.j2 b/roles/nagios_server/templates/nrpe/nrpe.cfg.j2 index 9dd7609f79..ba87e7cfd0 100644 --- a/roles/nagios_server/templates/nrpe/nrpe.cfg.j2 +++ b/roles/nagios_server/templates/nrpe/nrpe.cfg.j2 @@ -96,7 +96,7 @@ nrpe_group=nrpe # NOTE: This option is ignored if NRPE is running under either inetd or xinetd #allowed_hosts=127.0.0.1,192.168.0.2 -allowed_hosts=10.5.126.2,10.5.126.41,10.5.126.241,127.0.0.1,192.168.1.10,192.168.1.20,192.168.1.166,209.132.181.35 +allowed_hosts=10.5.126.2,10.3.163.10,10.5.126.241,127.0.0.1,192.168.1.10,192.168.1.20,192.168.1.166,38.145.60.15