From a196d70bbfccf1c36a3e557b5acff82c74fad9d6 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 5 Oct 2016 19:38:22 +0000
Subject: [PATCH] adjust firewall rules for replication

---
 inventory/host_vars/db-koji01.stg.phx2.fedoraproject.org | 4 ++--
 inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/inventory/host_vars/db-koji01.stg.phx2.fedoraproject.org b/inventory/host_vars/db-koji01.stg.phx2.fedoraproject.org
index e3f2173a7f..436f2fbd2b 100644
--- a/inventory/host_vars/db-koji01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/db-koji01.stg.phx2.fedoraproject.org
@@ -25,9 +25,9 @@ fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran
 kernel_shmmax: 68719476736
 
 #
-# Only allow postgresql access from the frontend node.
+# Only allow postgresql access from the frontend node and other db nodes
 #
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.86 --dport 5432 -j ACCEPT' ]
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.86 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.188 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.189 --dport 5432 -j ACCEPT' ]
 
 #
 # Large updates pushes cause lots of db threads doing the tag moves, so up this from default. 
diff --git a/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org b/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org
index 6ea788e2a8..a044d7d7d4 100644
--- a/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org
@@ -27,7 +27,7 @@ kernel_shmmax: 68719476736
 #
 # Only allow postgresql access from the frontend node.
 #
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.86 --dport 5432 -j ACCEPT' ]
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.86 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.188 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.189 --dport 5432 -j ACCEPT' ]
 
 #
 # Large updates pushes cause lots of db threads doing the tag moves, so up this from default.