From f1f854f7bf272dc518472e9ad82892188ec958e4 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Thu, 7 May 2015 20:43:59 +0000
Subject: [PATCH] Open up iptables for koschei+fedmsg.

---
 inventory/group_vars/koschei     | 7 ++++++-
 inventory/group_vars/koschei-stg | 6 +++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/inventory/group_vars/koschei b/inventory/group_vars/koschei
index ecdb848391..2d5ee80bcb 100644
--- a/inventory/group_vars/koschei
+++ b/inventory/group_vars/koschei
@@ -13,7 +13,12 @@ koschei_kojipkgs: kojipkgs.fedoraproject.org
 koschei_koji_tag: f23
 koschei_openid_provider: id.fedoraproject.org
 
-tcp_ports: [ 80, 443 ]
+
+tcp_ports: [ 80, 443,
+    # These 9 are for fedmsg right now, but we need to check with the koschei
+    # devs if this is enough or too much.  See also /etc/fedmsg.d/endpoints.py
+    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008,
+]
 
 custom_rules: [
     # Need for rsync from log01 for logs.
diff --git a/inventory/group_vars/koschei-stg b/inventory/group_vars/koschei-stg
index 86b9ec0f3c..5278da7d6d 100644
--- a/inventory/group_vars/koschei-stg
+++ b/inventory/group_vars/koschei-stg
@@ -13,7 +13,11 @@ koschei_kojipkgs: koji01.stg.phx2.fedoraproject.org
 koschei_koji_tag: f23
 koschei_openid_provider: id.fedoraproject.org
 
-tcp_ports: [ 80, 443 ]
+tcp_ports: [ 80, 443,
+    # These 9 are for fedmsg right now, but we need to check with the koschei
+    # devs if this is enough or too much.  See also /etc/fedmsg.d/endpoints.py
+    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008,
+]
 
 custom_rules: [
     # Need for rsync from log01 for logs.