osbs: use no-cdn registry

Signed-off-by: Clement Verna <cverna@tutanota.com>

files/osbs/fix-docker-iptables.production

@@ -29,15 +29,11 @@ iptables -A FILTER_FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 iptables -A FILTER_FORWARD --src 10.1.0.0/16 --dst 10.1.0.0/16 -j ACCEPT
 
 # Now insert access to allowed boxes
-# docker-registry aws cdn
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 54.230.74.34 --dport 80 -j ACCEPT
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 54.230.74.23 --dport 80 -j ACCEPT
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 54.230.74.73 --dport 80 -j ACCEPT
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 54.230.74.88 --dport 80 -j ACCEPT
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 54.230.74.34 --dport 443 -j ACCEPT
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 54.230.74.23 --dport 443 -j ACCEPT
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 54.230.74.73 --dport 443 -j ACCEPT
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 54.230.74.88 --dport 443 -j ACCEPT
+# docker-registry no cdn
+iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.169.119 --dport 80 -j ACCEPT
+iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.169.127 --dport 80 -j ACCEPT
+iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.169.119 --dport 443 -j ACCEPT
+iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.169.127 --dport 443 -j ACCEPT
 
 # Candidate registry
 iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.169.102 --dport 80 -j ACCEPT

inventory/group_vars/osbs_masters

@@ -10,7 +10,7 @@ fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran,s
 sudoers: "{{ private }}/files/sudo/osbs-sudoers"
 
 docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org"
-source_registry: "registry.fedoraproject.org"
+source_registry: "registry-no-cdn.fedoraproject.org"
 docker_registry: "candidate-registry.fedoraproject.org"
 
 osbs_url: "osbs.fedoraproject.org"