From d900232d892e5bfe4dbf70bef509b2cec1b5f351 Mon Sep 17 00:00:00 2001 From: Mark O'Brien Date: Fri, 18 Dec 2020 11:33:50 +0000 Subject: [PATCH] osbs: staging ip tables --- files/osbs/fedora-dnsmasq.conf.staging | 4 +-- files/osbs/fix-docker-iptables.staging | 50 +++++++++++++------------- inventory/group_vars/osbs_masters_stg | 4 +-- 3 files changed, 29 insertions(+), 29 deletions(-) diff --git a/files/osbs/fedora-dnsmasq.conf.staging b/files/osbs/fedora-dnsmasq.conf.staging index bf361767e5..6f72e5cd7f 100644 --- a/files/osbs/fedora-dnsmasq.conf.staging +++ b/files/osbs/fedora-dnsmasq.conf.staging @@ -1,2 +1,2 @@ -server=/fedoraproject.org/10.5.126.21 -server=/fedoraproject.org/10.5.126.22 +server=/fedoraproject.org/10.3.163.33 +server=/fedoraproject.org/10.3.163.34 diff --git a/files/osbs/fix-docker-iptables.staging b/files/osbs/fix-docker-iptables.staging index 9b4987a8b4..ccd82b1ec5 100644 --- a/files/osbs/fix-docker-iptables.staging +++ b/files/osbs/fix-docker-iptables.staging @@ -30,45 +30,45 @@ iptables -A FILTER_FORWARD --src 10.1.0.0/16 --dst 10.1.0.0/16 -j ACCEPT # Now insert access to allowed boxes # osbs -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.177 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.166.74 --dport 443 -j ACCEPT # docker-registry iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.123 --dport 443 -j ACCEPT iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.124 --dport 443 -j ACCEPT #koji.fp.o -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.139 --dport 80 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.139 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.167.64 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.167.64 --dport 443 -j ACCEPT # pkgs.stg -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.175 --dport 80 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.175 --dport 443 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.175 --dport 9418 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.167.74 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.167.74 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.167.74 --dport 9418 -j ACCEPT # DNS -iptables -A FILTER_FORWARD -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT -iptables -A FILTER_FORWARD -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT +iptables -A FILTER_FORWARD -p udp -m udp -d 10.3.163.33 --dport 53 -j ACCEPT +iptables -A FILTER_FORWARD -p udp -m udp -d 10.3.163.34 --dport 53 -j ACCEPT # mirrors.fp.o -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.8 --dport 443 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.9 --dport 443 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.76 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.77 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.75 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.167.74 --dport 443 -j ACCEPT # infrastructure.fp.o (infra repos) -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.23 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.35 --dport 443 -j ACCEPT # dl.phx2 -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.94 --dport 80 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.94 --dport 443 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.95 --dport 80 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.95 --dport 443 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.96 --dport 80 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.96 --dport 443 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.97 --dport 80 -j ACCEPT -iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.49 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.49 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.50 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.50 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.51 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.51 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.85 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.85 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.84 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.84 --dport 443 -j ACCEPT # Docker is CRAZY and forces Google DNS upon us..... @@ -76,10 +76,10 @@ iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT # proxy -iptables -A FILTER_FORWARD -p tcp --dst 10.5.128.177 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp --dst 10.3.166.74 --dport 443 -j ACCEPT # Kerberos -iptables -A FILTER_FORWARD -p tcp --dst 10.5.128.177 --dport 1088 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp --dst 10.3.166.74 --dport 1088 -j ACCEPT iptables -A FILTER_FORWARD -j REJECT --reject-with icmp-host-prohibited diff --git a/inventory/group_vars/osbs_masters_stg b/inventory/group_vars/osbs_masters_stg index 14e0270d62..9a4951ac03 100644 --- a/inventory/group_vars/osbs_masters_stg +++ b/inventory/group_vars/osbs_masters_stg @@ -47,13 +47,13 @@ osbs_conf_worker_clusters: x86_64: - name: x86_64 max_concurrent_builds: 2 - openshift_url: "https://osbs-master01.stg.phx2.fedoraproject.org:8443" + openshift_url: "https://osbs-master01.stg.iad2.fedoraproject.org:8443" verify_ssl: 'false' aarch64: - name: aarch64 max_concurrent_builds: 1 - openshift_url: "https://osbs-aarch64-master01.stg.phx2.fedoraproject.org:8443/" + openshift_url: "https://osbs-aarch64-master01.stg.iad2.fedoraproject.org:8443/" verify_ssl: 'false' osbs_platform_descriptors: