diff --git a/inventory/group_vars/copr_aws b/inventory/group_vars/copr_aws index 8edfe8640d..8f036ef7a7 100644 --- a/inventory/group_vars/copr_aws +++ b/inventory/group_vars/copr_aws @@ -9,8 +9,8 @@ _forward_src: "forward" # don't forget to update ip in ./copr-keygen, due to custom firewall rules # eth0, eth1 -copr_backend_ips: ["34.227.76.72", "172.30.2.166"] -keygen_host: "52.202.64.55" +copr_backend_ips: ["52.44.175.77", "172.30.2.203"] +keygen_host: "54.83.48.73" backend_base_url: "https://download.copr.fedorainfracloud.org" postfix_group: copr diff --git a/inventory/group_vars/copr_keygen_aws b/inventory/group_vars/copr_keygen_aws index 4b50d2ce68..58dc2400c1 100644 --- a/inventory/group_vars/copr_keygen_aws +++ b/inventory/group_vars/copr_keygen_aws @@ -4,10 +4,10 @@ copr_hostbase: copr-keygen tcp_ports: [22] # http + signd dest ports -custom_rules: [ '-A INPUT -p tcp -m tcp -s 34.227.76.72 --dport 80 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 34.227.76.72 --dport 5167 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 172.30.2.166 --dport 80 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 172.30.2.166 --dport 5167 -j ACCEPT'] +custom_rules: [ '-A INPUT -p tcp -m tcp -s 52.44.175.77 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 52.44.175.77 --dport 5167 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 172.30.2.203 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 172.30.2.203 --dport 5167 -j ACCEPT'] datacenter: aws diff --git a/inventory/host_vars/copr-be.aws.fedoraproject.org b/inventory/host_vars/copr-be.aws.fedoraproject.org index cc1b4543c6..9f3265cd16 100644 --- a/inventory/host_vars/copr-be.aws.fedoraproject.org +++ b/inventory/host_vars/copr-be.aws.fedoraproject.org @@ -2,7 +2,7 @@ swap_file_size_mb: 16384 swap_file_path: /swap hostbase: copr-be- -public_ip: 34.227.76.72 +public_ip: 52.44.175.77 nagios_Check_Services: mail: false diff --git a/inventory/host_vars/copr-fe.aws.fedoraproject.org b/inventory/host_vars/copr-fe.aws.fedoraproject.org index 5fb20fe005..e9ce2d88a3 100644 --- a/inventory/host_vars/copr-fe.aws.fedoraproject.org +++ b/inventory/host_vars/copr-fe.aws.fedoraproject.org @@ -10,7 +10,7 @@ swap_file_size_mb: 8192 swap_file_path: /swap hostbase: copr-fe- -public_ip: 3.81.0.123 +public_ip: 3.225.109.36 root_auth_users: msuchy frostyx praiskup schlupov description: copr frontend server - prod instance diff --git a/inventory/host_vars/copr-keygen.aws.fedoraproject.org b/inventory/host_vars/copr-keygen.aws.fedoraproject.org index 88fff14107..dcec9185f6 100644 --- a/inventory/host_vars/copr-keygen.aws.fedoraproject.org +++ b/inventory/host_vars/copr-keygen.aws.fedoraproject.org @@ -13,7 +13,7 @@ db_backup_dir: ['/backup'] #image: "{{ fedora31_x86_64 }}" #keypair: fedora-admin-20130801 hostbase: copr-keygen-dev- -public_ip: 52.202.64.55 +public_ip: 54.83.48.73 root_auth_users: msuchy frostyx praiskup schlupov description: copr key gen and sign host - prod instance diff --git a/roles/base/files/postfix/main.cf/main.cf.gateway b/roles/base/files/postfix/main.cf/main.cf.gateway index dd31ab42df..539c55b286 100644 --- a/roles/base/files/postfix/main.cf/main.cf.gateway +++ b/roles/base/files/postfix/main.cf/main.cf.gateway @@ -296,7 +296,7 @@ unknown_local_recipient_reject_code = 550 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table -mynetworks = localhost.localdomain, localhost, 127.0.0.1, 10.3.160.0/19, 192.168.0.0/16, 54.162.233.242, 3.81.0.123 +mynetworks = localhost.localdomain, localhost, 127.0.0.1, 10.3.160.0/19, 192.168.0.0/16, 54.162.233.242, 3.225.109.36 # The relay_domains parameter restricts what destinations this system will # relay mail to. See the smtpd_recipient_restrictions description in diff --git a/roles/opendkim/files/TrustedHosts b/roles/opendkim/files/TrustedHosts index acedb69370..eaa51aa98f 100644 --- a/roles/opendkim/files/TrustedHosts +++ b/roles/opendkim/files/TrustedHosts @@ -7,7 +7,7 @@ ::1 10.3.160.0/19 192.168.0.0/16 -3.81.0.123 +3.225.109.36 54.162.233.242 #host.example.com