diff --git a/inventory/group_vars/copr b/inventory/group_vars/copr index b4faf362da..a9c83aa697 100644 --- a/inventory/group_vars/copr +++ b/inventory/group_vars/copr @@ -1,6 +1,8 @@ --- devel: false _forward_src: "forward" + +# don't forget to update ip in ./copr-keygen, due to custom firewall rules copr_backend_ips: "172.16.5.5 209.132.184.142" keygen_host: "172.16.5.25" resolvconf: "resolv.conf/cloud" diff --git a/inventory/group_vars/copr-keygen b/inventory/group_vars/copr-keygen index 9b8c97687b..1495d74bc8 100644 --- a/inventory/group_vars/copr-keygen +++ b/inventory/group_vars/copr-keygen @@ -1,6 +1,10 @@ --- -tcp_ports: [22, 5167] +tcp_ports: [22] -custom_rules: [ '-A INPUT -p tcp -m tcp -s 172.16.5.5 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 209.132.184.142 --dport 80 -j ACCEPT'] +# http + signd dest ports +custom_rules: [ '-A INPUT -p tcp -m tcp -s 172.16.5.5 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 209.132.184.142 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 172.16.5.5 --dport 5167 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 209.132.184.142 --dport 5167 -j ACCEPT'] datacenter: cloud diff --git a/inventory/group_vars/copr-keygen-stg b/inventory/group_vars/copr-keygen-stg index 9cf86bb66e..343b571daf 100644 --- a/inventory/group_vars/copr-keygen-stg +++ b/inventory/group_vars/copr-keygen-stg @@ -1,7 +1,11 @@ --- copr_hostbase: copr-keygen-dev -tcp_ports: [5167] +tcp_ports: [] -custom_rules: [ '-A INPUT -p tcp -m tcp -s 172.16.5.24 --dport 80 -j ACCEPT' ] +# http + signd dest ports +custom_rules: [ '-A INPUT -p tcp -m tcp -s 172.16.5.24 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 209.132.184.179 --dport 80 -j ACCEPT' + '-A INPUT -p tcp -m tcp -s 172.16.5.24 --dport 5167 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 209.132.184.179 --dport 5167 -j ACCEPT'] datacenter: cloud diff --git a/inventory/group_vars/copr-stg b/inventory/group_vars/copr-stg index 6e7132ec38..002e678bcd 100644 --- a/inventory/group_vars/copr-stg +++ b/inventory/group_vars/copr-stg @@ -3,6 +3,7 @@ devel: true #_forward-src: "{{ files }}/copr/forward-dev" _forward_src: "forward_dev" +# don't forget to update ip in ./copr-keygen-stg, due to custom firewall rules copr_backend_ips: "172.16.5.24 209.132.184.179" keygen_host: "172.16.1.6" resolvconf: "resolv.conf/cloud" diff --git a/playbooks/groups/copr-keygen.yml b/playbooks/groups/copr-keygen.yml index 376b2a8aa0..b6fb5312a8 100644 --- a/playbooks/groups/copr-keygen.yml +++ b/playbooks/groups/copr-keygen.yml @@ -1,6 +1,6 @@ - name: check/create instance - hosts: copr-keygen:copr-keygen-stg - #hosts: copr-keygen-stg + #hosts: copr-keygen:copr-keygen-stg + hosts: copr-keygen-stg user: root gather_facts: False @@ -13,8 +13,8 @@ - include: "{{ tasks }}/growroot_cloud.yml" - name: cloud basic setup - hosts: copr-keygen:copr-keygen-stg - #hosts: copr-keygen-stg + #hosts: copr-keygen:copr-keygen-stg + hosts: copr-keygen-stg vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" @@ -23,8 +23,8 @@ - include: "{{ tasks }}/cloud_setup_basic.yml" - name: provision instance - hosts: copr-keygen:copr-keygen-stg - #hosts: copr-keygen-stg + #hosts: copr-keygen:copr-keygen-stg + hosts: copr-keygen-stg gather_facts: False user: root vars_files: