make another set of stg ip changes

2017-09-29 15:24:54 +00:00 · 2017-09-29 15:24:54 +00:00 · e3c0199dad
commit e3c0199dad
parent 9cb94d7550
36 changed files with 77 additions and 77 deletions
--- a/files/osbs/fix-docker-iptables.staging
+++ b/files/osbs/fix-docker-iptables.staging
@ -30,20 +30,20 @@ iptables -A FILTER_FORWARD --src 10.1.0.0/16 --dst 10.1.0.0/16 -j ACCEPT

 # Now insert access to allowed boxes
 # osbs
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.88 --dport 443 -j ACCEPT
+iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.177 --dport 443 -j ACCEPT

 # docker-registry
 iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.123 --dport 443 -j ACCEPT
 iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.124 --dport 443 -j ACCEPT

 #koji.fp.o
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.87 --dport 80 -j ACCEPT
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.87 --dport 443 -j ACCEPT
+iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.139 --dport 80 -j ACCEPT
+iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.139 --dport 443 -j ACCEPT

 # pkgs.stg
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.83 --dport 80 -j ACCEPT
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.83 --dport 443 -j ACCEPT
-iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.83 --dport 9418 -j ACCEPT
+iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.175 --dport 80 -j ACCEPT
+iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.175 --dport 443 -j ACCEPT
+iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.175 --dport 9418 -j ACCEPT

 # DNS
 iptables -A FILTER_FORWARD -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
@ -71,10 +71,10 @@ iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
 iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT

 # proxy
-iptables -A FILTER_FORWARD -p tcp --dst 10.5.126.88 --dport 443 -j ACCEPT
+iptables -A FILTER_FORWARD -p tcp --dst 10.5.128.177 --dport 443 -j ACCEPT

 # Kerberos
-iptables -A FILTER_FORWARD -p tcp --dst 10.5.126.88 --dport 1088 -j ACCEPT
+iptables -A FILTER_FORWARD -p tcp --dst 10.5.128.177 --dport 1088 -j ACCEPT


 iptables -A FILTER_FORWARD -j REJECT --reject-with icmp-host-prohibited
--- a/inventory/group_vars/value-stg
+++ b/inventory/group_vars/value-stg
@ -18,7 +18,7 @@ custom_rules: [
    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
    # Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here
    '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT',
-    '-A INPUT -p tcp -m tcp -s 10.5.126.2 --dport 5050 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.128.38 --dport 5050 -j ACCEPT',
    '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT',
    # batcave01 also needs access to announce commits.
    '-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 5050 -j ACCEPT',
--- a/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org
@ -31,7 +31,7 @@ fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran
 custom_rules:
 - '-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 5432 -j ACCEPT'
 - '-A INPUT -p tcp -m tcp -s 10.5.128.137 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.126.130 --dport 5432 -j ACCEPT'
+- '-A INPUT -p tcp -m tcp -s 10.5.128.82 --dport 5432 -j ACCEPT'

 #
 # Large updates pushes cause lots of db threads doing the tag moves, so up this from default. 
--- a/inventory/host_vars/db-koji01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/db-koji01.stg.phx2.fedoraproject.org
@ -28,9 +28,9 @@ kernel_shmmax: 68719476736
 # Only allow postgresql access from the frontend node and other db nodes
 #
 custom_rules: [ 
-   '-A INPUT -p tcp -m tcp -s 10.5.126.87 --dport 5432 -j ACCEPT',
-   '-A INPUT -p tcp -m tcp -s 10.5.126.188 --dport 5432 -j ACCEPT',
-   '-A INPUT -p tcp -m tcp -s 10.5.126.189 --dport 5432 -j ACCEPT', 
+   '-A INPUT -p tcp -m tcp -s 10.5.128.139 --dport 5432 -j ACCEPT',
+   '-A INPUT -p tcp -m tcp -s 10.5.128.98 --dport 5432 -j ACCEPT',
+   '-A INPUT -p tcp -m tcp -s 10.5.128.99 --dport 5432 -j ACCEPT', 
   '-A INPUT -d 224.0.0.0/8 -j ACCEPT',
   '-A INPUT -p vrrp -j ACCEPT',
 ]
@ -46,5 +46,5 @@ effective_cache_size: "24GB"
 # Keepalived variables
 keepalived_interface: eth0
 keepalived_priority: 100
-keepalived_ipaddress: 10.5.126.190/24
+keepalived_ipaddress: 10.5.128.97/24
 keepalived_routerid: 18
--- a/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org
@ -28,9 +28,9 @@ kernel_shmmax: 68719476736
 # Only allow postgresql access from the frontend node.
 #
 custom_rules: [
-   '-A INPUT -p tcp -m tcp -s 10.5.126.87 --dport 5432 -j ACCEPT',
-   '-A INPUT -p tcp -m tcp -s 10.5.126.188 --dport 5432 -j ACCEPT',
-   '-A INPUT -p tcp -m tcp -s 10.5.126.189 --dport 5432 -j ACCEPT',
+   '-A INPUT -p tcp -m tcp -s 10.5.128.139 --dport 5432 -j ACCEPT',
+   '-A INPUT -p tcp -m tcp -s 10.5.128.98 --dport 5432 -j ACCEPT',
+   '-A INPUT -p tcp -m tcp -s 10.5.128.99 --dport 5432 -j ACCEPT',
   '-A INPUT -d 224.0.0.0/8 -j ACCEPT',
   '-A INPUT -p vrrp -j ACCEPT',
 ]
@ -46,6 +46,6 @@ effective_cache_size: "24GB"
 # Keepalived variables
 keepalived_interface: eth0
 keepalived_priority: 50
-keepalived_ipaddress: 10.5.126.190/24
+keepalived_ipaddress: 10.5.128.97/24
 keepalived_routerid: 18

--- a/inventory/host_vars/pkgs02.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/pkgs02.stg.phx2.fedoraproject.org
@ -1,8 +1,8 @@
 ---
-eth0_ip: 10.5.126.201
+eth0_ip: 10.5.128.176
 eth1_ip: 10.5.127.224
 nm: 255.255.255.0
-gw: 10.5.126.254
+gw: 10.5.128.254
 dns: 10.5.126.21
 ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
 ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
--- a/playbooks/groups/osbs-orchestrator-cluster.yml
+++ b/playbooks/groups/osbs-orchestrator-cluster.yml
@ -836,4 +836,4 @@
      iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT

    - name: enable nrpe for monitoring (noc01.stg)
-      iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.2 state=present jump=ACCEPT
+      iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.128.38 state=present jump=ACCEPT
--- a/roles/anitya/backend/files/pg_hba.conf
+++ b/roles/anitya/backend/files/pg_hba.conf
@ -71,7 +71,7 @@
 #host    all         all         ::1/128               @authmethod@

 local  all    all             ident
-host koji koji 10.5.126.61 255.255.255.255 md5
+host koji koji 10.5.128.166 255.255.255.255 md5
 host all all 0.0.0.0 0.0.0.0 md5
 # Note, I can't think of a reason to make this more restrictive than ipv4 but
 # only fakefas needs it so far
--- a/roles/base/templates/iptables/iptables.pgbdr01.stg.phx2.fedoraproject.org
+++ b/roles/base/templates/iptables/iptables.pgbdr01.stg.phx2.fedoraproject.org
@ -7,7 +7,7 @@
 # Redirect staging attempts to talk to the external proxy to an internal ip.
 # This is primarily for openid in staging which needs to get around proxy
 # redirects.
-A OUTPUT -d 209.132.181.5 -j DNAT --to-destination 10.5.126.88
+-A OUTPUT -d 209.132.181.5 -j DNAT --to-destination 10.5.128.177

 COMMIT

@ -44,7 +44,7 @@ COMMIT
 -A INPUT -p tcp -m tcp --dport 5666  -s 209.132.181.35 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.2 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.128.38 -j ACCEPT

 # if the host declares a fedmsg-enabled wsgi app, open ports for it
 {% if wsgi_fedmsg_service is defined %}
--- a/roles/base/templates/iptables/iptables.pgbdr02.stg.phx2.fedoraproject.org
+++ b/roles/base/templates/iptables/iptables.pgbdr02.stg.phx2.fedoraproject.org
@ -7,7 +7,7 @@
 # Redirect staging attempts to talk to the external proxy to an internal ip.
 # This is primarily for openid in staging which needs to get around proxy
 # redirects.
-A OUTPUT -d 209.132.181.5 -j DNAT --to-destination 10.5.126.88
+-A OUTPUT -d 209.132.181.5 -j DNAT --to-destination 10.5.128.177

 COMMIT

@ -44,7 +44,7 @@ COMMIT
 -A INPUT -p tcp -m tcp --dport 5666  -s 209.132.181.35 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.2 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.128.38 -j ACCEPT

 # if the host declares a fedmsg-enabled wsgi app, open ports for it
 {% if wsgi_fedmsg_service is defined %}
--- a/roles/base/templates/iptables/iptables.staging
+++ b/roles/base/templates/iptables/iptables.staging
@ -8,7 +8,7 @@
 # This is primarily for openid in staging which needs to get around proxy
 # redirects.
 {% if 'cloud.' not in inventory_hostname %}
-A OUTPUT -d 209.132.181.5 -j DNAT --to-destination 10.5.126.88
+-A OUTPUT -d 209.132.181.5 -j DNAT --to-destination 10.5.128.177
 {% endif %}

 COMMIT
@ -46,7 +46,7 @@ COMMIT
 -A INPUT -p tcp -m tcp --dport 5666  -s 209.132.181.35 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.2 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.128.38 -j ACCEPT

 # if the host declares a fedmsg-enabled wsgi app, open ports for it
 {% if wsgi_fedmsg_service is defined %}
--- a/roles/hosts/files/arm01-builder22.arm.fedoraproject.org-hosts
+++ b/roles/hosts/files/arm01-builder22.arm.fedoraproject.org-hosts
@ -4,10 +4,10 @@
 # Use admin.fedoraproject.org so we can get a fresh CRL from prod - it isn't
 # synced to staging in a meaningful way.  See /usr/local/bin/updatecrl.sh
 209.132.181.16  admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95   db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir db-notifs nuancier_db db-kerneltest
 10.5.128.129     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
--- a/roles/hosts/files/arm01-builder23.arm.fedoraproject.org-hosts
+++ b/roles/hosts/files/arm01-builder23.arm.fedoraproject.org-hosts
@ -4,10 +4,10 @@
 # Use admin.fedoraproject.org so we can get a fresh CRL from prod - it isn't
 # synced to staging in a meaningful way.  See /usr/local/bin/updatecrl.sh
 209.132.181.16  admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir db-notifs nuancier_db db-kerneltest
 10.5.128.129     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.83     pkgs.fedoraproject.org pkgs.stg.fedoraproject.org pkgs01.stg.phx2.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org pkgs.stg.fedoraproject.org pkgs01.stg.phx2.fedoraproject.org
--- a/roles/hosts/files/buildvm-01.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/buildvm-01.stg.phx2.fedoraproject.org-hosts
@ -4,9 +4,9 @@
 # Use admin.fedoraproject.org so we can get a fresh CRL from prod - it isn't
 # synced to staging in a meaningful way.  See /usr/local/bin/updatecrl.sh
 209.132.181.16  admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir db-notifs nuancier_db db-kerneltest
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
--- a/roles/hosts/files/buildvm-02.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/buildvm-02.stg.phx2.fedoraproject.org-hosts
@ -4,10 +4,10 @@
 # Use admin.fedoraproject.org so we can get a fresh CRL from prod - it isn't
 # synced to staging in a meaningful way.  See /usr/local/bin/updatecrl.sh
 209.132.181.16  admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir db-notifs nuancier_db db-kerneltest
 10.5.128.129     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
--- a/roles/hosts/files/buildvm-03.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/buildvm-03.stg.phx2.fedoraproject.org-hosts
@ -4,10 +4,10 @@
 # Use admin.fedoraproject.org so we can get a fresh CRL from prod - it isn't
 # synced to staging in a meaningful way.  See /usr/local/bin/updatecrl.sh
 209.132.181.16  admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120   db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir db-notifs nuancier_db db-kerneltest
 10.5.128.129     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
--- a/roles/hosts/files/buildvm-04.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/buildvm-04.stg.phx2.fedoraproject.org-hosts
@ -4,10 +4,10 @@
 # Use admin.fedoraproject.org so we can get a fresh CRL from prod - it isn't
 # synced to staging in a meaningful way.  See /usr/local/bin/updatecrl.sh
 209.132.181.16  admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir db-notifs nuancier_db db-kerneltest
 10.5.128.129     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
--- a/roles/hosts/files/buildvm-05.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/buildvm-05.stg.phx2.fedoraproject.org-hosts
@ -4,10 +4,10 @@
 # Use admin.fedoraproject.org so we can get a fresh CRL from prod - it isn't
 # synced to staging in a meaningful way.  See /usr/local/bin/updatecrl.sh
 209.132.181.16  admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir db-notifs nuancier_db db-kerneltest
 10.5.128.129     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
--- a/roles/hosts/files/composer.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/composer.stg.phx2.fedoraproject.org-hosts
@ -1,9 +1,9 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir db-notifs nuancier_db db-blockerbugs db-kerneltest
--- a/roles/hosts/files/darkserver-backend01.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/darkserver-backend01.stg.phx2.fedoraproject.org-hosts
@ -1,9 +1,9 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.fedoraproject.org apps.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.fedoraproject.org apps.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir nuancier_db db-notifs db-blockerbugs db-kerneltest
--- a/roles/hosts/files/db-koji01.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/db-koji01.stg.phx2.fedoraproject.org-hosts
@ -1,9 +1,9 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.fedoraproject.org apps.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.fedoraproject.org apps.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir nuancier_db db-notifs db-blockerbugs db-kerneltest db-pps
--- a/roles/hosts/files/db-koji02.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/db-koji02.stg.phx2.fedoraproject.org-hosts
@ -1,9 +1,9 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.fedoraproject.org apps.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.fedoraproject.org apps.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir nuancier_db db-notifs db-blockerbugs db-kerneltest db-pps
--- a/roles/hosts/files/fedimg01.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/fedimg01.stg.phx2.fedoraproject.org-hosts
@ -1,7 +1,7 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.125.44     pkgs.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
--- a/roles/hosts/files/hotness01.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/hotness01.stg.phx2.fedoraproject.org-hosts
@ -1,7 +1,7 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09  proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09  proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.125.44     pkgs.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
--- a/roles/hosts/files/packages03.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/packages03.stg.phx2.fedoraproject.org-hosts
@ -2,8 +2,8 @@
 ::1 localhost   localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.23 infrastructure.fedoraproject.org
 10.5.126.23 puppet.fedoraproject.org    puppet puppet01 puppet01.phx2.fedoraproject.org
-10.5.126.88 proxy01.phx2.fedoraproject.org  proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org
-10.5.126.83 pkgs.fedoraproject.org  pkgs pkgs01
+10.5.128.177 proxy01.phx2.fedoraproject.org  proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org
+10.5.128.175 pkgs.fedoraproject.org  pkgs pkgs01
 10.5.126.81 app01.phx2.fedoraproject.org    app1 app3 app5 bapp1 app01 app03 app05 bapp01 bapp02
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.187 value03.phx2.fedoraproject.org  value3 value03
@ -11,7 +11,7 @@
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-koji01
 10.5.126.23 lockbox01.phx2.fedoraproject.org    infrastructure.fedoraproject.org
-10.5.126.87 koji.fedoraproject.org  koji.stg.fedoraproject.org koji1 koji01 s390.koji.fedoraproject.org sparc.koji.fedoraproject.org arm.koji.fedoraproject.org ppc.koji.fedoraproject.org
+10.5.128.139 koji.fedoraproject.org  koji.stg.fedoraproject.org koji1 koji01 s390.koji.fedoraproject.org sparc.koji.fedoraproject.org arm.koji.fedoraproject.org ppc.koji.fedoraproject.org
 10.5.126.27 archives.fedoraproject.org
 10.5.128.129 fas01.phx2.fedoraproject.org    fas1 fas2 fas01 fas02 fas03
 10.5.125.36 kojipkgs.fedoraproject.org
@ -19,4 +19,4 @@
 10.5.128.188 wiki01.fedoraproject.org wiki01 wiki
 10.5.128.60 ask01.phx2.fedoraproject.org    ask ask01
 209.132.183.72  bugzilla.redhat.com
-10.5.126.61 paste01.phx2.fedoraproject.org  paste01 paste02
+10.5.128.166 paste01.phx2.fedoraproject.org  paste01 paste02
--- a/roles/hosts/files/staging-hosts
+++ b/roles/hosts/files/staging-hosts
@ -1,9 +1,9 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

-10.5.126.88     proxy01.phx2.fedoraproject.org proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.fedoraproject.org apps.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.fedoraproject.org apps.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-koji01 db-github2fedmsg tagger_db db-pkgdb2 db-summershum nuancier_db db-notifs db-kerneltest db-pps
--- a/roles/hosts/files/statscache-backend01.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/statscache-backend01.stg.phx2.fedoraproject.org-hosts
@ -1,12 +1,12 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.stg.fedoraproject.org
 10.5.126.51     apps.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir nuancier_db db-notifs db-blockerbugs db-kerneltest
 10.5.128.129    fas01.stg.phx2.fedoraproject.org fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.87     koji01.stg.phx2.fedoraproject.org koji.stg.fedoraproject.org koji01 kojipkgs kojipkgs.stg.phx2.fedoraproject.org kojipkgs.stg.fedoraproject.org
+10.5.128.139     koji01.stg.phx2.fedoraproject.org koji.stg.fedoraproject.org koji01 kojipkgs kojipkgs.stg.phx2.fedoraproject.org kojipkgs.stg.fedoraproject.org
--- a/roles/hosts/files/sundries01.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/sundries01.stg.phx2.fedoraproject.org-hosts
@ -1,14 +1,14 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.stg.fedoraproject.org
+10.5.128.177     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 proxy12 proxy13 proxy14 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.stg.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
-10.5.126.83     pkgs.fedoraproject.org
+10.5.128.175     pkgs.fedoraproject.org
 10.5.128.148    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.128.95    db05
 10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir nuancier_db db-notifs db-blockerbugs db-kerneltest
 10.5.128.129    fas01.stg.phx2.fedoraproject.org fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.87     koji01.stg.phx2.fedoraproject.org koji.stg.fedoraproject.org koji01 kojipkgs.stg.phx2.fedoraproject.org kojipkgs.stg.fedoraproject.org
+10.5.128.139     koji01.stg.phx2.fedoraproject.org koji.stg.fedoraproject.org koji01 kojipkgs.stg.phx2.fedoraproject.org kojipkgs.stg.fedoraproject.org

 # For translations
 209.132.182.79	fedora.zanata.org
--- a/roles/httpd/proxy/templates/00-namevirtualhost.conf
+++ b/roles/httpd/proxy/templates/00-namevirtualhost.conf
@ -74,5 +74,5 @@ NameVirtualHost 8.43.85.67:443


 #proxy01.stg
-NameVirtualHost 10.5.126.88:80
-NameVirtualHost 10.5.126.88:443
+NameVirtualHost 10.5.128.177:80
+NameVirtualHost 10.5.128.177:443
--- a/roles/mediawiki/templates/LocalSettings.php.fp.j2
+++ b/roles/mediawiki/templates/LocalSettings.php.fp.j2
@ -388,7 +388,7 @@ $wgSquidServersNoPurge = array(
    "::1",
 {% if env == "staging" %}
    # proxy01.stg
-    "10.5.126.88",
+    "10.5.128.177",
 {% else %}
    # proxy01
    "10.5.126.52",
@ -457,7 +457,7 @@ $wgSquidServersNoPurge = array(
 $wgSquidServers = array(
 {% if env == "staging" %}
    # proxy01.stg
-    "10.5.126.88:6081",
+    "10.5.128.177:6081",
 {% else %}
    # proxy01
    "10.5.126.52:6081",
--- a/roles/mediawiki123/templates/LocalSettings.php.fp.j2
+++ b/roles/mediawiki123/templates/LocalSettings.php.fp.j2
@ -328,7 +328,7 @@ $wgUseSquid = true;
 $wgSquidServersNoPurge = array(
 {% if environment == "staging" %}
    # proxy01.stg
-    "10.5.126.88",
+    "10.5.128.177",
 {% else %}
    # proxy01
    "10.5.126.52",
@ -397,7 +397,7 @@ $wgSquidServersNoPurge = array(
 $wgSquidServers = array(
 {% if environment == "staging" %}
    # proxy01.stg
-    "10.5.126.88:6081",
+    "10.5.128.177:6081",
 {% else %}
    # proxy01
    "10.5.126.52:6081",
--- a/roles/nfs/client/tasks/main.yml
+++ b/roles/nfs/client/tasks/main.yml
@ -102,7 +102,7 @@
 - name: nfs mount points (stg) staging koji
  mount: >
        name=/mnt/fedora_koji
-        src=10.5.126.87:/mnt/fedora_koji
+        src=10.5.128.139:/mnt/fedora_koji
        fstype=nfs4
        opts={{nfs_mount_opts}}
        passno=0
--- a/roles/pagure/frontend/files/pg_hba.conf
+++ b/roles/pagure/frontend/files/pg_hba.conf
@ -71,7 +71,7 @@
 #host    all         all         ::1/128               @authmethod@

 local  all    all             ident
-host koji koji 10.5.126.61 255.255.255.255 md5
+host koji koji 10.5.128.166 255.255.255.255 md5
 host all all 0.0.0.0 0.0.0.0 md5
 # Note, I can't think of a reason to make this more restrictive than ipv4 but
 # only fakefas needs it so far
--- a/roles/pagure/upstreamfirst-frontend/files/pg_hba.conf
+++ b/roles/pagure/upstreamfirst-frontend/files/pg_hba.conf
@ -71,7 +71,7 @@
 #host    all         all         ::1/128               @authmethod@

 local  all    all             ident
-host koji koji 10.5.126.61 255.255.255.255 md5
+host koji koji 10.5.128.166 255.255.255.255 md5
 host all all 0.0.0.0 0.0.0.0 md5
 # Note, I can't think of a reason to make this more restrictive than ipv4 but
 # only fakefas needs it so far
--- a/roles/postgresql_server/files/pg_hba.conf
+++ b/roles/postgresql_server/files/pg_hba.conf
@ -71,7 +71,7 @@
 #host    all         all         ::1/128               @authmethod@

 local  all    all             ident
-host koji koji 10.5.126.61 255.255.255.255 md5
+host koji koji 10.5.128.166 255.255.255.255 md5
 host all all 0.0.0.0 0.0.0.0 md5
 # Note, I can't think of a reason to make this more restrictive than ipv4 but
 # only fakefas needs it so far
--- a/roles/postgresql_server_bdr/templates/pg_hba.conf
+++ b/roles/postgresql_server_bdr/templates/pg_hba.conf
@ -71,14 +71,14 @@
 #host    all         all         ::1/128               @authmethod@

 local  all    all             ident
-host koji koji 10.5.126.61 255.255.255.255 md5
+host koji koji 10.5.128.166 255.255.255.255 md5
 host all all 0.0.0.0 0.0.0.0 md5
 # Note, I can't think of a reason to make this more restrictive than ipv4 but
 # only fakefas needs it so far
 host all all ::1/128 md5
-host     all             all             10.5.126.188/32      trust
+host     all             all             10.5.128.98/32      trust
 host     all             all             10.5.128.99/32      trust
-host     replication     all             10.5.126.188/32      trust
+host     replication     all             10.5.128.98/32      trust
 host     replication     all             10.5.128.99/32      trust
 # staging replication hosts
 {% for host in groups['pgbdr-stg']|sort %}