Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

adjust firewall rules for replication

Browse source
This commit is contained in:
Kevin Fenzi 2016-10-05 19:38:22 +00:00
parent b3fce63ae7
commit a196d70bbf
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
inventory/host_vars/db-koji01.stg.phx2.fedoraproject.org
View file

@ -25,9 +25,9 @@ fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran
kernel_shmmax: 68719476736
#
# Only allow postgresql access from the frontend node.
# Only allow postgresql access from the frontend node and other db nodes
#
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.86 --dport 5432 -j ACCEPT' ]
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.86 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.188 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.189 --dport 5432 -j ACCEPT' ]
#
# Large updates pushes cause lots of db threads doing the tag moves, so up this from default.

2
inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org
View file

@ -27,7 +27,7 @@ kernel_shmmax: 68719476736
#
# Only allow postgresql access from the frontend node.
#
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.86 --dport 5432 -j ACCEPT' ]
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.86 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.188 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.189 --dport 5432 -j ACCEPT' ]
#
# Large updates pushes cause lots of db threads doing the tag moves, so up this from default.