Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Lock down postgresql access to koji03/04. Nothing else should need it.

Browse source
This commit is contained in:
Kevin Fenzi 2014-10-01 20:36:14 +00:00
parent 111bb8ba62
commit 71a350daca
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
inventory/host_vars/db-koji01.phx2.fedoraproject.org
View file

@ -24,8 +24,12 @@ host_backup_targets: ['/backups']
lvm_size: 300000
mem_size: 25165
num_cpus: 8
tcp_ports: [ 5432, 443 ]
fas_client_groups: sysadmin-dba,sysadmin-noc
# kernel SHMMAX value
kernel_shmmax: 68719476736
#
# Only allow postgresql access from the frontend node.
#
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.125.59 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.125.60 --dport 5432 -j ACCEPT' ]