From cda54c7804af00e2c9b8c88ede552821eb4528c9 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Mon, 27 Jul 2015 19:20:22 +0000 Subject: [PATCH] Setup a convenience group to describe what qa-network boxes can send fedmsg messages to the prod bus. --- inventory/inventory | 12 ++++++++++++ roles/fedmsg/base/templates/relay.py.j2 | 6 +++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/inventory/inventory b/inventory/inventory index 8e9ed31ed5..05a4ba729d 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -695,6 +695,18 @@ wiki01.stg.phx2.fedoraproject.org wiki01.phx2.fedoraproject.org wiki02.phx2.fedoraproject.org + +# This is a convenience group listing the hosts that live on the QA network that +# are allowed to send inbound fedmsg messages to our production fedmsg bus. +# See also: +# - inventory/group_vars/proxies for the iptables custom_rules list +# - roles/fedmsg/base/templates/relay.py.j2 +[fedmsg-qa-network] +retrace01.qa.fedoraproject.org +retrace02.qa.fedoraproject.org +s390-koji01.qa.fedoraproject.org + + # assorted categories of fedmsg services, for convenience [fedmsg-hubs:children] badges-backend diff --git a/roles/fedmsg/base/templates/relay.py.j2 b/roles/fedmsg/base/templates/relay.py.j2 index 2821c72812..1671da6628 100644 --- a/roles/fedmsg/base/templates/relay.py.j2 +++ b/roles/fedmsg/base/templates/relay.py.j2 @@ -33,10 +33,10 @@ config = dict( # not getting messages in from proxies across the vpn. So, only use # proxy01 for now. "tcp://209.132.181.16:9941", - {% elif 'retrace' in group_names %} + {% elif 'fedmsg-qa-network' in group_names %} - # We want the retrace boxes to talk to the *internal* IP of proxy01, - # because otherwise the RHIT firewall blocks them. + # We want the retrace (and other) boxes to talk to the *internal* IP of + # proxy01, because otherwise the RHIT firewall blocks them. "tcp://proxy01.phx2.fedoraproject.org:9941", {% else %}