From 8ecfe20ae306433e23449022c377bd664e86d524 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Thu, 18 Jul 2019 10:57:34 +0200
Subject: [PATCH] copr: production: keygen <-> backend IP connection

---
 inventory/group_vars/copr        | 5 +++--
 inventory/group_vars/copr_dev    | 1 +
 inventory/group_vars/copr_keygen | 8 ++++----
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/inventory/group_vars/copr b/inventory/group_vars/copr
index f7d773a1fc..cbf790dcbb 100644
--- a/inventory/group_vars/copr
+++ b/inventory/group_vars/copr
@@ -4,8 +4,9 @@ _forward_src: "forward"
 
 # don't forget to update ip in ./copr-keygen, due to custom firewall rules
 
-copr_backend_ips: ["172.25.33.43", "209.132.184.48"]
-keygen_host: "172.25.33.41"
+# eth0, eth1
+copr_backend_ips: ["172.25.33.79", "172.25.82.25"]
+keygen_host: "172.25.33.75"
 
 resolvconf: "resolv.conf/cloud"
 
diff --git a/inventory/group_vars/copr_dev b/inventory/group_vars/copr_dev
index 2dbeaeaeb8..1d050089f3 100644
--- a/inventory/group_vars/copr_dev
+++ b/inventory/group_vars/copr_dev
@@ -5,6 +5,7 @@ _forward_src: "forward_dev"
 
 # don't forget to update ip in ./copr-keygen-stg, due to custom firewall rules
 
+# eth0, eth1
 copr_backend_ips: ["172.25.33.74", "172.25.155.6"]
 keygen_host: "172.25.33.73"
 
diff --git a/inventory/group_vars/copr_keygen b/inventory/group_vars/copr_keygen
index 2db660708f..514c8cc333 100644
--- a/inventory/group_vars/copr_keygen
+++ b/inventory/group_vars/copr_keygen
@@ -2,10 +2,10 @@
 tcp_ports: [22]
 
 # http + signd dest ports
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 172.25.33.43 --dport 80 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 209.132.184.48 --dport 80 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 172.25.33.43 --dport 5167 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 209.132.184.48 --dport 5167 -j ACCEPT']
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 172.25.33.79 --dport 80 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s 172.25.82.25 --dport 80 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s 172.25.33.79 --dport 5167 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -s 172.25.82.25 --dport 5167 -j ACCEPT']
 
 datacenter: cloud