From f7debffa6ce5423db18f68d14a571613e0e2e5bc Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 11 May 2019 20:35:20 +0000
Subject: [PATCH] communishift: Add keepalived iptables rules, and fix
 interface name in config

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/os-proxies               | 8 +++++++-
 roles/keepalived/templates/keepalived.conf.j2 | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/inventory/group_vars/os-proxies b/inventory/group_vars/os-proxies
index 56ba6d05cf..17a19316ad 100644
--- a/inventory/group_vars/os-proxies
+++ b/inventory/group_vars/os-proxies
@@ -14,4 +14,10 @@ tcp_ports: [
     22623,
     # 9941 is closed generally, is for the inbound fedmsg and is covered in
     # custom_rules
- ]
+]
+
+custom_rules: [
+    # Needed for keepalived
+    '-A INPUT -d 224.0.0.0/8 -j ACCEPT',
+    '-A INPUT -p vrrp -j ACCEPT',
+]
diff --git a/roles/keepalived/templates/keepalived.conf.j2 b/roles/keepalived/templates/keepalived.conf.j2
index e2626c7ccf..b747dd2a8c 100644
--- a/roles/keepalived/templates/keepalived.conf.j2
+++ b/roles/keepalived/templates/keepalived.conf.j2
@@ -31,7 +31,7 @@ vrrp_instance VI_1 {
 }
 
 {% if keepalived2_ipaddress %}
-vrrp_instance VI_1 {
+vrrp_instance VI_2 {
   # initial state
   state MASTER
   interface {{ keepalived2_interface }}