metrics-for-apps: Renamed tag, added firewall rules for proxies

Signed-off-by: David Kirwan <dkirwan@redhat.com>

inventory/group_vars/proxies

@@ -62,6 +62,24 @@ custom_rules: [
     # For Zanata
     # See files/httpd/website_id_fp_o_zanata.conf for info
     '-A INPUT -p tcp -m tcp --dport 44342 -s 209.132.183.252 -j ACCEPT',
+
+    # Allow ocp control plane hosts
+    '-A INPUT -p tcp -m tcp --dport 6443 -s 10.3.163.120 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 6443 -s 10.3.163.121 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 6443 -s 10.3.163.122 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 6443 -s 10.3.163.123 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 6443 -s 10.3.163.124 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 6443 -s 10.3.163.125 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 6443 -s 10.3.163.126 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 6443 -s 10.3.163.65 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.120 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.121 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.122 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.123 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.124 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.125 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.126 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.65 -j ACCEPT',
 ]
 
 nat_rules: [

playbooks/include/proxies-reverseproxy.yml

@@ -637,7 +637,7 @@
     balancer_members: "{{ ocp_nodes_stg }}"
     keephost: true
     tags:
-    - ocp.fedoraproject.org
+    - ocp.stg.fedoraproject.org
     when: env == "staging"
 
   - role: httpd/reverseproxy
@@ -649,7 +649,7 @@
     balancer_members: "{{ ocp_nodes_stg }}"
     keephost: true
     tags:
-    - apps.ocp.fedoraproject.org
+    - apps.ocp.stg.fedoraproject.org
     when: env == "staging"
 
   - role: httpd/reverseproxy