diff --git a/inventory/group_vars/ask b/inventory/group_vars/ask index de54c8d9fb..32a9c645c9 100644 --- a/inventory/group_vars/ask +++ b/inventory/group_vars/ask @@ -8,8 +8,8 @@ tcp_ports: [ 80, 443, # These 8 ports are used by fedmsg. One for each wsgi thread. 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-ask,fi-apprentice diff --git a/inventory/group_vars/ask-stg b/inventory/group_vars/ask-stg index de54c8d9fb..32a9c645c9 100644 --- a/inventory/group_vars/ask-stg +++ b/inventory/group_vars/ask-stg @@ -8,8 +8,8 @@ tcp_ports: [ 80, 443, # These 8 ports are used by fedmsg. One for each wsgi thread. 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-ask,fi-apprentice diff --git a/inventory/group_vars/badges-web b/inventory/group_vars/badges-web index e9d1b847f1..c69bf1575c 100644 --- a/inventory/group_vars/badges-web +++ b/inventory/group_vars/badges-web @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-badges diff --git a/inventory/group_vars/badges-web-stg b/inventory/group_vars/badges-web-stg index 224a6ee089..5f58d9c780 100644 --- a/inventory/group_vars/badges-web-stg +++ b/inventory/group_vars/badges-web-stg @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-badges diff --git a/inventory/group_vars/bodhi b/inventory/group_vars/bodhi index 8d8c0bef57..9909650ff8 100644 --- a/inventory/group_vars/bodhi +++ b/inventory/group_vars/bodhi @@ -15,8 +15,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc diff --git a/inventory/group_vars/bodhi-stg b/inventory/group_vars/bodhi-stg index 8d8c0bef57..9909650ff8 100644 --- a/inventory/group_vars/bodhi-stg +++ b/inventory/group_vars/bodhi-stg @@ -15,8 +15,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc diff --git a/inventory/group_vars/datagrepper b/inventory/group_vars/datagrepper index c9cc392c8f..3788ee6b20 100644 --- a/inventory/group_vars/datagrepper +++ b/inventory/group_vars/datagrepper @@ -8,8 +8,8 @@ num_cpus: 2 # the host_vars/$hostname file tcp_ports: [ 80, 443, 6996 ] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-datanommer,fi-apprentice diff --git a/inventory/group_vars/datagrepper-stg b/inventory/group_vars/datagrepper-stg index e00f08a7b7..c5d3090734 100644 --- a/inventory/group_vars/datagrepper-stg +++ b/inventory/group_vars/datagrepper-stg @@ -8,8 +8,8 @@ num_cpus: 1 # the host_vars/$hostname file tcp_ports: [ 80, 443, 6996 ] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-datanommer,fi-apprentice diff --git a/inventory/group_vars/elections b/inventory/group_vars/elections index b88bf1f866..f8692f3da3 100644 --- a/inventory/group_vars/elections +++ b/inventory/group_vars/elections @@ -10,8 +10,8 @@ tcp_ports: [ 80, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-web,fi-apprentice diff --git a/inventory/group_vars/elections-stg b/inventory/group_vars/elections-stg index 0556a03620..5e9d939964 100644 --- a/inventory/group_vars/elections-stg +++ b/inventory/group_vars/elections-stg @@ -9,8 +9,8 @@ tcp_ports: [ 80, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-web,fi-apprentice diff --git a/inventory/group_vars/fedoauth b/inventory/group_vars/fedoauth index ac6d9dad1c..828c0859ff 100644 --- a/inventory/group_vars/fedoauth +++ b/inventory/group_vars/fedoauth @@ -9,7 +9,7 @@ num_cpus: 2 tcp_ports: [ 80, 443 ] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-main,sysadmin-accounts diff --git a/inventory/group_vars/fedoauth-stg b/inventory/group_vars/fedoauth-stg index ac6d9dad1c..828c0859ff 100644 --- a/inventory/group_vars/fedoauth-stg +++ b/inventory/group_vars/fedoauth-stg @@ -9,7 +9,7 @@ num_cpus: 2 tcp_ports: [ 80, 443 ] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-main,sysadmin-accounts diff --git a/inventory/group_vars/fedocal b/inventory/group_vars/fedocal index d2fe2f40f0..a160ea27e2 100644 --- a/inventory/group_vars/fedocal +++ b/inventory/group_vars/fedocal @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-web diff --git a/inventory/group_vars/fedocal-stg b/inventory/group_vars/fedocal-stg index 1b2ad118c1..f11a49b63b 100644 --- a/inventory/group_vars/fedocal-stg +++ b/inventory/group_vars/fedocal-stg @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-web diff --git a/inventory/group_vars/github2fedmsg b/inventory/group_vars/github2fedmsg index f6d1dd716d..133ea41526 100644 --- a/inventory/group_vars/github2fedmsg +++ b/inventory/group_vars/github2fedmsg @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc diff --git a/inventory/group_vars/github2fedmsg-stg b/inventory/group_vars/github2fedmsg-stg index 134f14551e..3c0756a371 100644 --- a/inventory/group_vars/github2fedmsg-stg +++ b/inventory/group_vars/github2fedmsg-stg @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc diff --git a/inventory/group_vars/kerneltest b/inventory/group_vars/kerneltest index 478b6ad4cf..064983b7ae 100644 --- a/inventory/group_vars/kerneltest +++ b/inventory/group_vars/kerneltest @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc diff --git a/inventory/group_vars/kerneltest-stg b/inventory/group_vars/kerneltest-stg index 478b6ad4cf..064983b7ae 100644 --- a/inventory/group_vars/kerneltest-stg +++ b/inventory/group_vars/kerneltest-stg @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc diff --git a/inventory/group_vars/packages b/inventory/group_vars/packages index b9d744d55e..6a058c0730 100644 --- a/inventory/group_vars/packages +++ b/inventory/group_vars/packages @@ -14,8 +14,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-web diff --git a/inventory/group_vars/packages-stg b/inventory/group_vars/packages-stg index 2fc962abac..26676f13cc 100644 --- a/inventory/group_vars/packages-stg +++ b/inventory/group_vars/packages-stg @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-web diff --git a/inventory/group_vars/paste b/inventory/group_vars/paste index 64ccef9663..a336a39ca0 100644 --- a/inventory/group_vars/paste +++ b/inventory/group_vars/paste @@ -8,8 +8,8 @@ num_cpus: 2 # the host_vars/$hostname file tcp_ports: [ 80, 443, 8888 ] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-paste,fi-apprentice # This host doesn't freeze diff --git a/inventory/group_vars/paste-stg b/inventory/group_vars/paste-stg index 64ccef9663..a336a39ca0 100644 --- a/inventory/group_vars/paste-stg +++ b/inventory/group_vars/paste-stg @@ -8,8 +8,8 @@ num_cpus: 2 # the host_vars/$hostname file tcp_ports: [ 80, 443, 8888 ] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,sysadmin-paste,fi-apprentice # This host doesn't freeze diff --git a/inventory/group_vars/tagger b/inventory/group_vars/tagger index c930b04f7a..ba48bc3a00 100644 --- a/inventory/group_vars/tagger +++ b/inventory/group_vars/tagger @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc diff --git a/inventory/group_vars/tagger-stg b/inventory/group_vars/tagger-stg index d0a10c1904..a15d7cb41b 100644 --- a/inventory/group_vars/tagger-stg +++ b/inventory/group_vars/tagger-stg @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc diff --git a/inventory/group_vars/value b/inventory/group_vars/value index d3583198e0..72d949a66b 100644 --- a/inventory/group_vars/value +++ b/inventory/group_vars/value @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 5050, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,fi-apprentice diff --git a/inventory/group_vars/value-stg b/inventory/group_vars/value-stg index d3583198e0..72d949a66b 100644 --- a/inventory/group_vars/value-stg +++ b/inventory/group_vars/value-stg @@ -12,8 +12,8 @@ tcp_ports: [ 80, 443, 5050, 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] -# Neeed for rsync from log02 for logs. -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.29 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.56 --dport 873 -j ACCEPT' ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] fas_client_groups: sysadmin-noc,fi-apprentice diff --git a/master.yml b/master.yml index 0246c8e0ff..8d24909329 100644 --- a/master.yml +++ b/master.yml @@ -27,7 +27,10 @@ - include: /srv/web/infra/ansible/playbooks/groups/bugzilla2fedmsg.yml - include: /srv/web/infra/ansible/playbooks/groups/buildhw.yml - include: /srv/web/infra/ansible/playbooks/groups/buildvm.yml +- include: /srv/web/infra/ansible/playbooks/groups/busgateway.yml - include: /srv/web/infra/ansible/playbooks/groups/composers.yml +- include: /srv/web/infra/ansible/playbooks/groups/datagrepper.yml +- include: /srv/web/infra/ansible/playbooks/groups/dhcp.yml - include: /srv/web/infra/ansible/playbooks/groups/docs-backend.yml - include: /srv/web/infra/ansible/playbooks/groups/download.yml - include: /srv/web/infra/ansible/playbooks/groups/elections.yml @@ -44,6 +47,7 @@ - include: /srv/web/infra/ansible/playbooks/groups/mailman.yml - include: /srv/web/infra/ansible/playbooks/groups/mirrorlist.yml - include: /srv/web/infra/ansible/playbooks/groups/memcached.yml +- include: /srv/web/infra/ansible/playbooks/groups/noc.yml - include: /srv/web/infra/ansible/playbooks/groups/notifs-backend.yml - include: /srv/web/infra/ansible/playbooks/groups/notifs-web.yml - include: /srv/web/infra/ansible/playbooks/groups/nuancier.yml @@ -51,16 +55,17 @@ - include: /srv/web/infra/ansible/playbooks/groups/paste.yml - include: /srv/web/infra/ansible/playbooks/groups/pkgdb.yml - include: /srv/web/infra/ansible/playbooks/groups/postgresl-server.yml +- include: /srv/web/infra/ansible/playbooks/groups/resultsdb-prod.yml - include: /srv/web/infra/ansible/playbooks/groups/resultsdb-dev.yml - include: /srv/web/infra/ansible/playbooks/groups/resultsdb-stg.yml - include: /srv/web/infra/ansible/playbooks/groups/smtp-mm.yml - include: /srv/web/infra/ansible/playbooks/groups/summershum.yml - include: /srv/web/infra/ansible/playbooks/groups/sundries.yml - include: /srv/web/infra/ansible/playbooks/groups/tagger.yml +- include: /srv/web/infra/ansible/playbooks/groups/taskotron-prod.yml - include: /srv/web/infra/ansible/playbooks/groups/taskotron-dev.yml - include: /srv/web/infra/ansible/playbooks/groups/taskotron-dev-clients.yml - include: /srv/web/infra/ansible/playbooks/groups/taskotron-stg-clients.yml -- include: /srv/web/infra/ansible/playbooks/groups/taskotron.yml - include: /srv/web/infra/ansible/playbooks/groups/unbound.yml - include: /srv/web/infra/ansible/playbooks/groups/value.yml - include: /srv/web/infra/ansible/playbooks/groups/virthost.yml @@ -81,5 +86,6 @@ - include: /srv/web/infra/ansible/playbooks/hosts/fedocal.dev.fedoraproject.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/hrf.cloud.fedoraproject.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/logserver.yml - include: /srv/web/infra/ansible/playbooks/hosts/logstash-dev.cloud.fedoraproject.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/shogun-ca.cloud.fedoraproject.org.yml diff --git a/roles/base/files/rsyslog/rsyslog-audit.conf b/roles/base/files/rsyslog/rsyslog-audit.conf index 8e6c2f5b18..b13627bb40 100644 --- a/roles/base/files/rsyslog/rsyslog-audit.conf +++ b/roles/base/files/rsyslog/rsyslog-audit.conf @@ -10,4 +10,4 @@ $InputFileFacility local6 $InputRunFileMonitor :msg, !contains, "type=AVC" -local6.* @@log02:514 +local6.* @@log01:514 diff --git a/roles/base/files/rsyslog/rsyslog-log01 b/roles/base/files/rsyslog/rsyslog-log01 new file mode 100644 index 0000000000..370468a480 --- /dev/null +++ b/roles/base/files/rsyslog/rsyslog-log01 @@ -0,0 +1,4 @@ +# +# Send everything on to central log01 logger machines +# +cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none;local4.* @@log01:514 diff --git a/roles/base/files/rsyslog/rsyslog-log01-nolocal4 b/roles/base/files/rsyslog/rsyslog-log01-nolocal4 new file mode 100644 index 0000000000..b340d3c258 --- /dev/null +++ b/roles/base/files/rsyslog/rsyslog-log01-nolocal4 @@ -0,0 +1,4 @@ +# +# Send everything on to central log01 logger machines +# +cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log01:514 diff --git a/roles/base/files/rsyslog/rsyslog-log02 b/roles/base/files/rsyslog/rsyslog-log02 index f9b17ef71a..370468a480 100644 --- a/roles/base/files/rsyslog/rsyslog-log02 +++ b/roles/base/files/rsyslog/rsyslog-log02 @@ -1,4 +1,4 @@ # -# Send everything on to central log02 logger machines +# Send everything on to central log01 logger machines # -cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none;local4.* @@log02:514 +cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none;local4.* @@log01:514 diff --git a/roles/base/files/rsyslog/rsyslog-log02-nolocal4 b/roles/base/files/rsyslog/rsyslog-log02-nolocal4 index 8338bfed72..b340d3c258 100644 --- a/roles/base/files/rsyslog/rsyslog-log02-nolocal4 +++ b/roles/base/files/rsyslog/rsyslog-log02-nolocal4 @@ -1,4 +1,4 @@ # -# Send everything on to central log02 logger machines +# Send everything on to central log01 logger machines # -cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 +cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log01:514 diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index a461a0927e..ff70d4f7d2 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -166,7 +166,23 @@ tags: - rsyslogd - config + +- name: log everything to log01 except on mirrorlist, do not log local4 there. + copy: src=rsyslog/rsyslog-log01 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644 + when: not inventory_hostname.startswith('mirrorlist') + tags: + - rsyslogd + - config - base + +- name: log everything to log01 except on mirrorlist, do not log local4 there. + copy: src=rsyslog/rsyslog-log01-nolocal4 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644 + when: inventory_hostname.startswith('mirrorlist') + tags: + - rsyslogd + - config + - base + - base - name: /etc/postfix/main.cf copy: src={{ item }} dest=/etc/postfix/main.cf diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder index b64e116551..1d8e865fa1 100644 --- a/roles/base/templates/iptables/iptables.kojibuilder +++ b/roles/base/templates/iptables/iptables.kojibuilder @@ -40,7 +40,7 @@ -A OUTPUT -p tcp -m tcp -d 10.5.126.23 --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp -d 10.5.126.23 --dport 443 -j ACCEPT -# rsyslog out to log02 +# rsyslog out to log01 -A OUTPUT -p tcp -m tcp -d 10.5.126.29 --dport 514 -j ACCEPT # SSH diff --git a/roles/collectd/base/files/network-client.conf b/roles/collectd/base/files/network-client.conf index c2b0030c9e..a6bd125de9 100644 --- a/roles/collectd/base/files/network-client.conf +++ b/roles/collectd/base/files/network-client.conf @@ -1,5 +1,5 @@ LoadPlugin network - Server "log02" + Server "log01" diff --git a/roles/epylog/files/merged/modules.d/rsyncd.conf b/roles/epylog/files/merged/modules.d/rsyncd.conf index 147133b3ed..2c8e4c3b12 100644 --- a/roles/epylog/files/merged/modules.d/rsyncd.conf +++ b/roles/epylog/files/merged/modules.d/rsyncd.conf @@ -12,5 +12,5 @@ priority = 7 # Report this many "top ranking hosts" # report_top = 10 -ignore_hosts = log02.vpn.fedoraproject.org log02.phx2.fedoraproject.org proxy3.vpn.fedoraproject.org proxy04.vpn.fedoraproject.org proxy6.vpn.fedoraproject.org proxy01.phx2.fedoraproject.org proxy07.vpn.fedoraproject.org proxy02.vpn.fedoraproject.org proxy03.vpn.fedoraproject.org proxy06.vpn.fedoraproject.org collab04.fedoraproject.org hosted04.fedoraproject.org admin.fedoraproject.org proxy01.stg.phx2.fedoraproject.org proxy08.vpn.fedoraproject.org proxy09.vpn.fedoraproject.org +ignore_hosts = log01.vpn.fedoraproject.org log01.phx2.fedoraproject.org proxy3.vpn.fedoraproject.org proxy04.vpn.fedoraproject.org proxy6.vpn.fedoraproject.org proxy01.phx2.fedoraproject.org proxy07.vpn.fedoraproject.org proxy02.vpn.fedoraproject.org proxy03.vpn.fedoraproject.org proxy06.vpn.fedoraproject.org collab04.fedoraproject.org hosted04.fedoraproject.org admin.fedoraproject.org proxy01.stg.phx2.fedoraproject.org proxy08.vpn.fedoraproject.org proxy09.vpn.fedoraproject.org diff --git a/roles/rsyncd/README b/roles/rsyncd/README index f91678ffcd..7eb7c9fd21 100644 --- a/roles/rsyncd/README +++ b/roles/rsyncd/README @@ -1,3 +1,3 @@ This role is for servers that have httpd access and error logs -that we wish to sync to log02 to be able to review and backup. +that we wish to sync to log01 to be able to review and backup. diff --git a/roles/rsyncd/files/rsyncd.conf.default b/roles/rsyncd/files/rsyncd.conf.default index 8e8ac27318..a25f437793 100644 --- a/roles/rsyncd/files/rsyncd.conf.default +++ b/roles/rsyncd/files/rsyncd.conf.default @@ -13,4 +13,4 @@ path = /var/log uid = root gid = root read only = yes -hosts allow = 10.5.126.29 192.168.1.56 +hosts allow = 10.5.126.13 192.168.1.59 diff --git a/roles/rsyncd/files/rsyncd.conf.download-ibiblio b/roles/rsyncd/files/rsyncd.conf.download-ibiblio index ac4e5e0b03..591775515b 100644 --- a/roles/rsyncd/files/rsyncd.conf.download-ibiblio +++ b/roles/rsyncd/files/rsyncd.conf.download-ibiblio @@ -101,5 +101,5 @@ refuse options = checksum uid = root gid = root read only = yes - hosts allow = 10.5.126.29 192.168.1.56 + hosts allow = 10.5.126.13 192.168.1.59 list = no diff --git a/roles/rsyncd/files/rsyncd.conf.download-phx2 b/roles/rsyncd/files/rsyncd.conf.download-phx2 index 9a835d8d15..0b27a5ff51 100644 --- a/roles/rsyncd/files/rsyncd.conf.download-phx2 +++ b/roles/rsyncd/files/rsyncd.conf.download-phx2 @@ -105,5 +105,5 @@ refuse options = checksum uid = root gid = root read only = yes - hosts allow = 10.5.126.29 + hosts allow = 10.5.126.13 list = no diff --git a/roles/rsyncd/files/rsyncd.conf.download-rdu b/roles/rsyncd/files/rsyncd.conf.download-rdu index 1c27580502..423b3601c5 100644 --- a/roles/rsyncd/files/rsyncd.conf.download-rdu +++ b/roles/rsyncd/files/rsyncd.conf.download-rdu @@ -101,5 +101,5 @@ refuse options = checksum uid = root gid = root read only = yes - hosts allow = 10.5.126.29 192.168.1.56 + hosts allow = 10.5.126.13 192.168.1.59 list = no diff --git a/roles/rsyncd/files/rsyncd.conf.sundries b/roles/rsyncd/files/rsyncd.conf.sundries index 10c19ab234..daf91e6874 100644 --- a/roles/rsyncd/files/rsyncd.conf.sundries +++ b/roles/rsyncd/files/rsyncd.conf.sundries @@ -13,7 +13,7 @@ path = /var/log uid = root gid = root read only = yes -hosts allow = 10.5.126.29 192.168.1.56 +hosts allow = 10.5.126.13 192.168.1.59 [gather-easyfix] comment = Gather easyfix available in Fedora