Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Of course db-fas01 doesn't connect to itself over the VPN

Browse source
This commit is contained in:
Patrick Uiterwijk 2014-12-18 11:06:09 +00:00
parent e82af3ee59
commit 9ababec817
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
inventory/host_vars/db-fas01.phx2.fedoraproject.org
View file

@ -27,7 +27,7 @@ fas_client_groups: sysadmin-dba,sysadmin-noc
#
# Only allow postgresql access from the frontend nodes and hosted.
#
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.25 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.26 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.30 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.240 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5432 -j ACCEPT' , '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.92 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.102 --dport 5432 -j ACCEPT']
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.25 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.26 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.30 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.240 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5432 -j ACCEPT' , '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.16 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.102 --dport 5432 -j ACCEPT']
#
# Large updates pushes cause lots of db threads doing the tag moves, so up this from default.